Credential revocation journey pattern

This journey pattern is used to to change the status of issued credentials. Verifiers can obtain this status of a presented credential in a way that preserves the privacy of its holder.

Overview

• Formats: mDocs, CWT, JSON

Journey flow

Architecture

Credential issuance

The issuer uses MATTR VII capabilities to issue a credential in a way that enables it to be revoked or suspended at a later date. Revocable credentials include a reference to a revocation list that reflects the most up-to-date status of credentials included in it.

This does not affect the issuance workflow or how would the credential look like to the holder.

Credential revocation

When required, the issuer can use MATTR VII capabilities to revoke or suspend the issued credential. This will affect the status of the credential in the referenced revocation list.

Revocation notification

The issuer can use MATTR VII capabilities or their existing communication channels to notify the holder that the credential has been revoked or suspended.

Verifying a revoked credential

When a relying party attempts to verify a revoked credential, they can use MATTR VII or MATTR Pi capabilities that check the revocation and suspension status of the credential as part of the verification process.

If the credential is found to be revoked or suspended, verification will fail and the verifier will be notified of the relevant failure reason.

MATTR platforms check the revocation and suspension status in a privacy preserving manner by checking the publicly accessible revocation lists which hold the revocation and suspension status for multiple credentials. This way the issuer cannot tell what credentials were actually checked by the relying party and for what purpose.

Additional resources

Docs

Tutorial

Guides