Credential Status
Credential status enables dynamic trust management for verifiable credentials. Unlike physical credentials, digital credentials require mechanisms to check validity without constant issuer involvement while preserving privacy and preventing correlation.
Core Concepts
Section titled “Core Concepts”Status Types
Section titled “Status Types”The W3C specifications define four status purposes:
- Revocation: Permanent invalidation
- Suspension: Temporary invalidation
- Refresh: Signals availability of updated credential
- Message: Arbitrary status information
Status in Credentials
Section titled “Status in Credentials”The credentialStatus property includes a reference to the status list, the status type, and an index identifying this credential’s position in the list:
{ "@context": ["https://www.w3.org/ns/credentials/v2", "https://www.w3.org/ns/credentials/examples/v2"], "id": "https://example.com/credentials/3732", "type": ["VerifiableCredential", "ExampleCredential"], "issuer": "did:example:12345", "validFrom": "2023-01-01T00:00:00Z", "credentialStatus": { "id": "https://example.com/credentials/status/3#94567", "type": "BitstringStatusListEntry", "statusPurpose": "revocation", "statusListIndex": "94567", "statusListCredential": "https://example.com/credentials/status/3" }, "credentialSubject": { "id": "did:example:6789", "name": "Example Subject" }}Status Lists as Verifiable Credentials
Section titled “Status Lists as Verifiable Credentials”Status lists are themselves verifiable credentials, enabling cryptographic verification and allowing status to be checked even when the issuer is offline.
Privacy Considerations
Section titled “Privacy Considerations”Correlation Risks
Section titled “Correlation Risks”Direct status checks with issuers create correlation points that reveal when and where credentials are used. This violates the principle that issuers shouldn’t track credential usage.
Group Privacy through Bitstring Status Lists
Section titled “Group Privacy through Bitstring Status Lists”Bitstring status lists bundle many credentials into compressed bitstrings where each bit represents one credential. This provides group privacy by preventing identification of which credential is being checked.
Implementation Approaches
Section titled “Implementation Approaches”Bitstring Status Lists
Section titled “Bitstring Status Lists”The W3C Bitstring Status List specification provides space-efficient, privacy-preserving status checking with support for content distribution networks.
How It Works
Section titled “How It Works”- Issuer assigns a random position in a status list
- Credential references the list and position
- Issuer maintains a bitstring where each bit represents credential status
- Verifiers check the bit at the specified position
Compression reduces sparse status lists to a few hundred bytes.
Integration with Vidos
Section titled “Integration with Vidos”The Vidos verifier service handles credential status verification by extracting status information, retrieving status lists, and performing cryptographic verification according to policies.