Learn

Revoke a credential

Overview

A key part of our digital identity model is that Issuers can provide subjects with credentials containing verifiable claims, those subjects can hold their data and present it to verifiers without the Issuer being aware of how or when the holder is using their data.

Credentials issued on the MATTR Platform can be created as revocable, this allows verifiers to obtain the revocation status of a credential as it is being presented. This is done in a way that preserves the privacy of the credential holder.

This tutorial will demonstrate how to issue credentials that are revocable using the Revocation List 2020 standard, and how an Issuer is able to revoke/un-revoke the issued credential.

Check out the video:

A revocable credential

A revocable credential contains a credentialStatus property that points to a revocation list that contains the revocation status (revoked/not-revoked) of many credentials, (up to 131,072!) this ensures that when a Verifier requests a revocation list, the privacy of exactly which credential they are validating the revocation status for remains private i.e. the Issuer will not know who to or how often a credential is being presented.

json
Copy to clipboard. 
1 {
2  "@context": [
3    "https://www.w3.org/2018/credentials/v1",
4    "https://schema.org",
5    "https://w3id.org/vc-revocation-list-2020/v1"
6  ],
7  "type": [ ... ],
8  "credentialStatus": {
9    "id": "https://YOUR_TENANT_URL/core/v1/revocation-lists/cc641396-3750-43c8-b8b8-f30d74eb3fb3#4",
10    "type": "RevocationList2020Status",
11    "revocationListIndex": "4",
12    "revocationListCredential": "https://tenant.vii.mattr.global/core/v1/revocation-lists/cc641396-3750-43c8-b8b8-f30d74eb3fb3"
13  },
14  "issuer": {
15    "id": "did:web:organization.com",
16    "name": "Organisation"
17  },
18  "credentialSubject": { ... },
19  "issuanceDate": "...",
20  "proof": { ... }
21}

The revocationListCredential value contains the location where the revocation list can be obtained, generally it is stored on the Platform owned by the Issuer.

In order to find the revocation status within the list, the revocationListIndex points to the location that indicates if the credential is revoked or not.

The revocation list credential

Every revocable credential issued will reference a Revocation List, this is automatically created and held on the tenant for the Issuer.

The revocation list can be obtained from a public endpoint as defined in the subject holder's credential.

http
Copy to clipboard. 
1GET https://YOUR_TENANT_URL/v1/revocation-lists/cc641396-3750-43c8-b8b8-f30d74eb3fb3

The retrieved Revocation List is in the form of a JSON-LD based verifiable credential. This allows a verifier to ensure that the credential issuer and the issuer of the Revocation List are the same.

json
Copy to clipboard. 
1{
2  "id": "https://YOUR_TENANT_URL/core/v1/revocation-lists/cc641396-3750-43c8-b8b8-f30d74eb3fb3",
3  "@context": [
4    "https://www.w3.org/2018/credentials/v1",
5    "https://w3id.org/vc-revocation-list-2020/v1"
6  ],
7  "type": [
8    "VerifiableCredential",
9    "RevocationList2020Credential"
10  ],
11  "issuer": "did:web:organization.com",
12  "credentialSubject": {
13    "type": "RevocationList2020",
14    "encodedList": "H4sIAAAAAAAAA-3BMQEAAADCoPVPbQwfoAAAAAAAAAAAAAAAAAAAAIC3AYbSVKsAQAAA"
15  },
16  "issuanceDate": "...",
17  "proof": { ... }
18
19}