Revocation list
Need to implement globally-distributed service for revocation.
Designing revocation APIs that do not depend on submitting the ID of the credential. For example, use a revocation list instead of a query.
It is often useful for an [issuer] [VC-DATA-MODEL] to link to a location where a verifier can check to see if a credential has been revoked.
There are a variety of privacy and performance considerations that are made when designing, publishing, and processing revocation lists. One such privacy consideration happens when there is a one-to-one mapping between a verifiable credential and a URL where the revocation status is published. This type of mapping enables the website that publishes the URL to correlate the holder, time, and verifier when the status is checked.
This could enable the issuer to discover the type of interaction the holder is having with the verifier, such as providing an age verification credential when entering a bar. Being tracked by the issuer of a driver's license when entering an establishment violates a privacy expectation that many people have today.
How to implement Revocation list?
At the most basic level, revocation information for all verifiable credentials issued by an issuer are expressed as simple binary values. The issuer keeps a bitstring list of all verifiable credentials it has issued. Each verifiable credential is associated with a position in the list. If the binary value of the position in the list is 1 (one), the verifiable credential is revoked, if it is 0 (zero) it is not revoked. More https://w3c-ccg.github.io/vc-status-rl-2020/#core-concept
Revocation List 2020 spec by credential community group : https://w3c-ccg.github.io/vc-status-rl-2020/ & https://w3c-ccg.github.io/vc-status-list-2021/
Sample implementation in js is here : https://github.com/digitalbazaar/vc-revocation-list
Sample
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://www.w3.org/2018/credentials/examples/v1"
],
"id": "https://example.com/VP/0987654321",
"type": ["VerifiablePresentation"],
"verifiableCredential": [
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://www.w3.org/2018/credentials/examples/v1"
],
"id": "http://pharma.example.com/credentials/3732",
"type": ["VerifiableCredential", "PrescriptionCredential"],
"issuer": "https://pharma.example.com/issuer/4",
"issuanceDate": "2010-01-01T19:23:24Z",
"credentialSubject": {
"id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
"prescription": {....}
},
"credentialStatus": {
"id": "https://pharma.example.com/credentials/status/3#94567",
"type": "RevocationList2020Status",
"revocationListIndex": "94567",
"revocationListCredential": "https://pharma.example.com/credentials/status/3"
},
"proof": {....}
},
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://www.w3.org/2018/credentials/examples/v1"
],
"id": "https://example.com/VC/123456789",
"type": ["VerifiableCredential", "PrescriptionCredential"],
"issuer": "did:example:ebfeb1f712ebc6f1c276e12ec21",
"issuanceDate": "2010-01-03T19:53:24Z",
"credentialSubject": {
"id": "did:example:76e12ec21ebhyu1f712ebc6f1z2",
"prescription": {....}
},
"proof": {
"type": "RsaSignature2018",
"created": "2018-06-17T10:03:48Z",
"proofPurpose": "assertionMethod",
"jws": "pYw8XNi1..Cky6Ed=",
"verificationMethod": "did:example:ebfeb1f712ebc6f1c276e12ec21/keys/234"
}
}
],
"proof": [{
"type": "RsaSignature2018",
"created": "2018-06-18T21:19:10Z",
"proofPurpose": "authentication",
"verificationMethod": "did:example:76e12ec21ebhyu1f712ebc6f1z2/keys/2",
"challenge": "c0ae1c8e-c7e7-469f-b252-86e6a0e7387e",
"jws": "BavEll0/I1..W3JT24="
}]
}
Note revocationListIndex
and revocationListCredential
fields
Sample revocation implemetaation in solidity : https://github.com/uport-project/eip712-claims-experiments/blob/master/contracts/RevocationRegistry.sol
sample of Ontology
notice how credential Hash are being stored on the blockchain network. this is called on-chain
attestation.
https://docs.ont.io/decentralized-identity-and-data/ontid/trust-mechanism
![image](https://user-images.githubusercontent.com/15328561/153411650-ffef1a35-b62e-404d-b3b0-e2f5f5169446.png)
A verifiable credential includes the contents of the credential (that would vary depending upon the system), the digital signatures, and blockchain attestation records
![image](https://user-images.githubusercontent.com/15328561/153412486-9be5ab45-e7bd-42ee-93d0-2134ff3573b5.png)
How revocation is done?
https://docs.ont.io/decentralized-identity-and-data/ontid/trust-mechanism#revoking-verification
for some reason ontology guys have nnot followeed w3c credentail spec. look at their sample VC here