Docs
Credential Profiles
Web Credentials
Revocation

Revocation

You can use MATTR VII to change the status of issued Web Credentials if you ever need to revoke them for any reason. Verifiers can then obtain the revocation status of presented credentials in a way that preserves holders’ privacy.

We have used a W3C specification known as Revocation List 2020 (opens in a new tab) to achieve this in a simple, transparent, and interoperable way.

A revocable Web Credential points to a revocation list which is managed by the credential`s issuer. The list contains the revocation status of many credentials, and the credential references the index of its status within a specific revocation list.

Revocation lists are automatically created and managed when you use your MATTR VII tenant to issue revocable credentials. They are publicly available and mainly consumed by external verifiers.

When a verifier requests a revocation list, the issuer cannot tell what credential they are checking the status for. This means the issuer does not know how often or to whom a credential is being presented, maintaining holder`s privacy.

credentialStatus object

When a Web Credential is set as revocable, it results in the following:

  • https://w3id.org/vc-revocation-list-2020/v1 is injected into their @context object. This references the JSON-LD definition of the credentialStatus object.
  • The credentialStatus object is added to the credential:
JSON
    "credentialStatus": {
        "id": "/v2/revocation-lists/cc641396-3750-43c8-b8b8-f30d74eb3fb3#4",
        "type": "RevocationList2020Status",
        "revocationListIndex": "4",
        "revocationListCredential": "https://tenant.vii.mattr.global/v2/revocation-lists/cc641396-3750-43c8-b8b8-f30d74eb3fb3"
    }
  • id : This is a unique identifier of this credential's status. It is the concatenation of the revocationListIndex and revocationListCredential fields.
  • type : Indicates the credential status type. This example uses RevocationList2020Status.
  • revocationListIndex : References the index of this specific credential status in the revocation List.
  • revocationListCredential : Every revocable credential will reference a revocation List that is automatically created and held on the issuer's tenant. This list can be used by external verifiers to validate the credential status. This field references the revocation list which holds the revocation status for this specific credential.

Additional resources

Guides

Issue a Web CredentialCreate a Web Credential ConfigurationRevoke a Web Credential

API Reference

Sign a Web CredentialCreate a Web Credential ConfigurationSet Web Credential Revocation status
Web semanticsSelective disclosure