The Verifiable Credential Status List v2021 Specification is a working document from the W3C to support a privacy-preserving, space-efficient, and high-performance mechanism for publishing status information such as suspension or revocation of JSON and JSON-LD Verifiable Credentials.
Using DID-Linked Resources, we have been able to natively support Status List 2021 on cheqd directly.
The Status List 2021 Specification utilises bitstrings to represent whether a Verifiable Credential has been suspended/revoked or not. A bitstring can be thought of as a long list of 1s and 0s, where, if the binary value of the position in the list is 1 (one), the verifiable credential is revoked, if it is 0 (zero) it is not revoked.
Figure 1: Graphic showing the StatusList2021 bitstring
Each issued Credential correlates with a position and index on the bitstring, so that a verifier will be able to correlate the value within the Credential against the public bitstring to ascertain whether the Credential has been revoked or not, using a validate algorithm as well as a bitstring expansion algorithm.
The issuer keeps a bitstring list of all Verifiable Credentials it has issued. The StatusList is usually published by the issuer in the format of its own Verifiable Credential. This Verifiable Credential is generally hosted publicly on a centralised server or domain to enable third-party read-access.
cheqd stores each Status List and subsequent entries on-ledger as DID-Linked Resource versions. This has notable benefits, including the provenance, legitimacy and security of the Status List. For a full list of benefits, see the context for creating DID-Linked Resources.
Below are a list of alternatives for creating cheqd Status Lists.
cheqd Studio
Our API product enables users to use cheqd's functionality with minimal complexity and easily integrate APIs into existing apps.
DID Registrar
Simple setup for building cheqd DIDs into existing applications using REST APIs, building into the Universal Registrar.
Create Status List
Create a Status List on-ledger as a DID-Linked Resource using Veramo
Status List within a Verifiable Credential
Issue a Verifiable Credential with a cheqd Status List within the body.
Follow the , including the credentialStatus information, as shown in the example below:
Where the values within the credentialSubject field are as follows:
The following process, or one generating the exact output, MUST be followed when validating a verifiable credential that is contained in a cheqd StatusList Resource.
Let credentialToValidate be a verifiable credentials containing a credentialStatus entry that is a StatusList2021Entry, associated with an entry in a bitstring.
Let status purpose be the value of statusPurpose in the credentialStatus entry in the credentialToValidate.
Verify all proofs associated with the credentialToValidate. If a proof fails, return a validation error.
Verify that the status purpose matches the resourceType value in the StatusList2021 Resource.
Let compressed bitstring be the value of the encodedList property of the StatusList2021 Resource.
Let credentialIndex be the value of the statusListIndex property of the bitstring in the StatusList2021 Resource.
Let status be the value of the bit at position credentialIndex in the revocation bitstring.
Return true if status is 1, false otherwise.
| Property | Description |
|---|
Generate a revocation bitstring by passing compressed bitstring to the .
| A specific DID URL dereferencing to the actual status of the Credential |
type | The |
| The purpose of the status entry MUST be a string. While the value of the string is arbitrary, the following values MUST be used for their intended purpose: revocation or suspension |
| The |
| The |
Create Verifiable Credential Status List v2021 on cheqd
The Status List 2021 Specification indicates that it may be desirable to store the actual StatusList using something like a Content Distribution Network to lessen the load on the server maintained by the issuer to return a result in real-time.
Using cheqd's Resource Module, the same benefits may be achieved. In fact, storing a StatusList as an on-ledger Resource is a much better application of technology than using a Verifiable Credential for the same purpose.
By storing a StatusList on the cheqd Network as a Resource, it creates a much more resilient and decentralised mechanism for storing and maintaining the revocation/suspension status of Verifiable Credentials. The benefits of using the cheqd Resource module over traditional centralised architecture are detailed here.
Moreover, cheqd's Resource Module enables individual Resources to be referenced and retrieved using a DID URL in conformance with DID Core. This is being standardized at the Trust over IP Foundation within a specification called DID URLs for Digital Resources.
Using the cheqd Resource module, the same content and semantics of StatusList2021 can be replicated, with additional benefits of enabling DID Resolvers to fetch the contents of the StatusList.
You can follow the tutorial to create a DID and DID Document here.
Let's assume that the following DID is created.
Prepare a file with the StatusList2021 bitstring encodedList and encode it into base64, following the same generate algorithm as in the Status List2021 Specification.
Note: The uncompressed bitstring MUST be at least 16KB in size to maintain herd privacy for the holder.
UUIDs are used to identify Resources. On Unix systems, the uuidgen tool can be used to generate a new UUID.
Where the fields within the payload have the following meaning:
Note: If an issuer wants to create multiple StatusLists within the same Collection, they must have unique and distinct names.
Once created, the StatusList2021 Resource will be associated with the parent DID, and referenced in the DID Document Metadata as follows:
An issuer may want to regularly update the bitstring whenever there is a certain amount of revocation status updates. The issuer will therefore need to create a new version for the initial StatusList2021 Resource.
Resources with the same Collection ID and name are grouped into version sets. Each resource in such a set has a link to the previous version (except the first version) and the next version (if it's not the most recent version).
To create a resource and mark it as a new version within a particular group, it is necessary to use the same collection-id, name and type as in the previous version. Links between versions will be created automatically.
New versions have dedicated unique IDs and can be referenced and retrieved as any other resources.
For example:
Resulting in the following metadata syntax:
| Parameter | Description |
|---|---|
collectionId
The unique identifier of the parent DID, to link the Resource to a particular DID
id
A UUID for the resource, to enable it to be specifically referenced and fetched
name
This must be a unique name indicating the type of Status List, but also a qualifying name for the List. For example: ExampleStatusList2021
resourceType
This must indicate the statusPurpose. This value should be either: StatusList2021Revocation or StatusList2021Suspension
data
Base 64 encoded file containing the full bitstring for the StatusList