#Understanding Credential Status

Credential status is a core mechanism in verifiable credentials that enables dynamic trust management over time. This document explains how credential status works, why it's important, and the approaches for implementing it effectively and securely within the Vidos ecosystem.

#The Need for Credential Status

Physical credentials like driver's licenses and passports can be physically confiscated, damaged, or marked invalid. Digital credentials need similar capabilities, but implemented in a way that maintains their digital properties:

• A credential might need to be revoked if it was issued in error
• A credential might need to be temporarily suspended during an investigation
• The validity of a credential might need to be checked without contacting the original issuer
• Status checks should preserve privacy and minimize correlation risks

Credential status solves these challenges by providing mechanisms to check whether a credential remains valid, without requiring direct communication between the verifier and issuer during verification.

#Core Concepts

#Status Types

The W3C Verifiable Credentials specifications define several status purposes:

• Revocation: Permanently invalidating a credential (not reversible)
• Suspension: Temporarily invalidating a credential (reversible)
• Refresh: Signaling that an updated credential is available
• Message: Conveying arbitrary status information

These status types allow issuers to manage credential validity throughout its lifecycle while maintaining security and privacy.

#How Status Works in Verifiable Credentials

Status information is implemented through the credentialStatus property in a verifiable credential. This property includes:

• A reference to where status information can be found
• Information about how to interpret the status
• An identifier (typically an index) that associates the credential with its status information

Here's a simplified example:

{
    "@context": ["https://www.w3.org/ns/credentials/v2", "https://www.w3.org/ns/credentials/examples/v2"],
    "id": "https://example.com/credentials/3732",
    "type": ["VerifiableCredential", "ExampleCredential"],
    "issuer": "did:example:12345",
    "validFrom": "2023-01-01T00:00:00Z",
    "credentialStatus": {
        "id": "https://example.com/credentials/status/3#94567",
        "type": "BitstringStatusListEntry",
        "statusPurpose": "revocation",
        "statusListIndex": "94567",
        "statusListCredential": "https://example.com/credentials/status/3"
    },
    "credentialSubject": {
        "id": "did:example:6789",
        "name": "Example Subject"
    }
}

#Status Lists as Verifiable Credentials

Status information is often managed in lists that are themselves expressed as verifiable credentials. This design:

1. Provides cryptographic verification of the status information
2. Allows the status list to be delivered directly from holder to verifier (known as "stapling")
3. Maintains trust in the status information even when the issuer is offline

#Privacy Considerations

Status checking comes with significant privacy considerations:

#Correlation Risks

When a verifier checks a credential's status directly with the issuer, this creates a potential correlation point, revealing:

• When the credential is being used
• Which verifiers are accepting the credential
• Patterns of credential usage

This violates a key privacy principle where issuers shouldn't know how or when credentials they've issued are being used.

#Group Privacy through Bitstring Status Lists

The W3C Bitstring Status List specification addresses privacy concerns by:

1. Bundling status information for many credentials in a single list
2. Using compact, compressible bitstrings that can efficiently represent status for thousands of credentials
3. Enabling status checks without revealing which specific credential is being checked

A bitstring status list uses a single bit to represent each credential's status, with the position in the list serving as a privacy-preserving lookup mechanism.

#Implementation Approaches

#Bitstring Status Lists

The W3C Bitstring Status List specification defines a privacy-preserving status mechanism that:

• Uses compressed bitstrings to represent status for many credentials
• Ensures the status checking mechanism is highly space-efficient
• Provides strong group privacy protections
• Supports delivery through content distribution networks

#How Bitstring Status Works

1. When issuing a credential, the issuer assigns a random position in a status list
2. The credential includes a reference to the status list and its position
3. The issuer maintains the status list as a bitstring where each bit represents a credential's status
4. Verifiers check the bit at the specified position to determine status

Bitstrings can be highly compressed (often to a few hundred bytes) when only a small percentage of credentials are revoked, making them efficient for large-scale deployments.

#Integration with Vidos

In the Vidos ecosystem, credential status verification is handled by the verifier service, which:

1. Extracts status information from credentials
2. Retrieves status lists when needed
3. Performs the cryptographic verification of status lists
4. Interprets the status according to verification policies

The resolver service may also interact with status information when resolving credential metadata, ensuring that status is checked as part of the credential resolution process.

#Conclusion

Credential status is a critical component of the verifiable credentials ecosystem, enabling dynamic trust management while preserving privacy. The Bitstring Status List approach recommended by the W3C offers an optimal balance of privacy, efficiency, and security for most applications.

Within Vidos, understanding credential status mechanisms helps you build more robust and privacy-preserving verification workflows.