1 of 1

ADR 007: Revocation registry

Status

Summary

Issued credentials need to be revocable by their issuers. Revocation needs to be straightforward and fast. Testing of revocation needs to preserve privacy (be non-correlating), and it should be possible to do without contacting the issuer.

Context

This has obvious use cases for professional credentials being revoked for fraud or misconduct, e.g., a driver’s license could be revoked for criminal activity. However, it’s also important if a credential gets issued in error (e.g., has a typo in it that misidentifies the subject). The latter case is important even for immutable and permanent credentials such as a birth certificate.

In addition, it seems likely that the data inside credentials will change over time (e.g., a person’s mailing address or phone number updates). This is likely to be quite common, revocation can be used to guarantee currency of credential data when it happens. In other words, revocation may be used to force updated data, not just to revoke authorization.

Decision

REVOC_REG_DEF

Adds a Revocation Registry Definition, that Issuer creates and publishes for a particular Credential Definition. It contains public keys, maximum number of credentials the registry may contain, reference to the Credential Definition, plus some revocation registry specific data.

value (dict):
Dictionary with Revocation Registry Definition's data:
- max_cred_num (integer): The maximum number of credentials the Revocation Registry can handle

Note: REVOC_REG_DEF can be updated.

State format

(owner, cred_def_id, revoc_def_type, tag) -> {data, tx_hash, tx_timestamp }

Request Example:

Reply Example:

REVOC_REG_ENTRY

The Revocation Registry Entry contains the new accumulator value and issued/revoked indices. This is just a delta of indices, not the whole list. It can be sent each time a new credential is issued/revoked.

value (dict):
Dictionary with revocation registry's data:
- accum (string): The current accumulator value

Note: REVOC_REG_ENTRY can be updated.

State format

MARKER_REVOC_REG_ENTRY_ACCUM:revoc_reg_def_id -> {data, tx_hash, tx_timestamp }
MARKER_REVOC_REG_ENTRY:revoc_reg_def_id -> {data, tx_hash, tx_timestamp }

Request Example:

Reply Example:

References

ADR 007: Revocation registry

Status

Summary

Context

Decision

REVOC_REG_DEF

value (dict):
Dictionary with Revocation Registry Definition's data:
- max_cred_num (integer): The maximum number of credentials the Revocation Registry can handle

Note: REVOC_REG_DEF can be updated.

State format

(owner, cred_def_id, revoc_def_type, tag) -> {data, tx_hash, tx_timestamp }

Request Example:

Reply Example:

REVOC_REG_ENTRY

value (dict):
Dictionary with revocation registry's data:
- accum (string): The current accumulator value

Note: REVOC_REG_ENTRY can be updated.

State format

MARKER_REVOC_REG_ENTRY_ACCUM:revoc_reg_def_id -> {data, tx_hash, tx_timestamp }
MARKER_REVOC_REG_ENTRY:revoc_reg_def_id -> {data, tx_hash, tx_timestamp }

Request Example:

Reply Example:

References

issuance_type (string enum): Defines credential revocation strategy. Can have the following values:

ISSUANCE_BY_DEFAULT: All credentials are assumed to be issued and active initially, so that Revocation Registry needs to be updated (REVOC_REG_ENTRY transaction sent) only when revoking. Revocation Registry stores only revoked credentials indices in this case. Recommended to use if expected number of revocation actions is less than expected number of issuance actions.
ISSUANCE_ON_DEMAND: No credentials are issued initially, so that Revocation Registry needs to be updated (REVOC_REG_ENTRY transaction sent) on every issuance and revocation. Revocation Registry stores only issued credentials indices in this case. Recommended to use if expected number of issuance actions is less than expected number of revocation actions.

ADR 007: Revocation registry

hashtagStatus

hashtagSummary

hashtagContext

hashtagDecision

hashtagREVOC_REG_DEF

hashtagState format

hashtagREVOC_REG_ENTRY

hashtagState format

hashtagReferences

ADR 007: Revocation registry

hashtagStatus

hashtagSummary

hashtagContext

hashtagDecision

hashtagREVOC_REG_DEF

hashtagState format

hashtagREVOC_REG_ENTRY

hashtagState format

hashtagReferences

Status

Summary

Context

Decision

REVOC_REG_DEF

State format

REVOC_REG_ENTRY

State format

References

Status

Summary

Context

Decision

REVOC_REG_DEF

State format

REVOC_REG_ENTRY

State format

References