Skip to content

Commit

Permalink
Merge pull request #851 from thiagoromanos/unrevoke-notification
Browse files Browse the repository at this point in the history
Adding unrevoke messages to revocation-notification protocol
  • Loading branch information
swcurran authored Sep 26, 2024
2 parents 04802ff + e456903 commit b707b6a
Showing 1 changed file with 33 additions and 6 deletions.
39 changes: 33 additions & 6 deletions features/0721-revocation-notification-v2/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,36 +17,63 @@ This RFC defines the message format which an issuer uses to notify a holder that

## Motivation

We need a standard protocol for an issuer to notify a holder that a previously issued credential has been revoked.
We need a standard protocol for an issuer to notify a holder that a previously issued credential has been revoked or unrevoked.

For example, suppose a passport agency revokes Alice's passport.
The passport agency (an issuer) may want to notify Alice (a holder) that her passport has been revoked so that she
knows that she will be unable to use her passport to travel.

## Tutorial

The Revocation Notification protocol is a very simple protocol consisting of a single message:
The Revocation Notification protocol is a very simple protocol consisting of two messages:

* Revoke - issuer to holder
* Unrevoke - issuer to holder

This simple protocol allows an issuer to choose to notify a holder that a previously issued credential has been revoked.
This simple protocol allows an issuer to choose to notify a holder that a previously issued credential has been revoked or unrevoked.

It is the issuer's prerogative whether or not to notify the holder that a credential has been revoked. It is not a security risk if the issuer does not notify the holder that the credential has been revoked, nor if the message is lost. The holder will still be unable to use a revoked credential without this notification.
It is the issuer's prerogative whether or not to notify the holder that a credential has been (un)revoked. It is not a security risk if the issuer does not notify the holder that the credential has been (un)revoked, nor if the message is lost. The holder will still be unable to use a revoked credential without this notification.

### Roles

There are two parties involved in a Revocation Notification: `issuer` and `holder`.
The `issuer` sends the `revoke` message to the `holder`.
The `issuer` sends the `revoke` or `unrevoke` message to the `holder`.

### Messages

#### Revoke

The `revoke` message sent by the `issuer` to the `holder`. The holder should verify that the `revoke` message came from the connection that was originally used to issue the credential.

Message format:

```JSON
{
"@type": "https://didcomm.org/revocation_notification/2.0/revoke",
"@type": "https://didcomm.org/revocation_notification/2.1/revoke",
"@id": "<uuid-revocation-notification>",
"revocation_format": "<revocation_format>",
"credential_id": "<credential_id>",
"comment": "Some comment"
}
```

Description of fields:

* `revocation_format` (required) -- the format of the credential revocation. Accepted values for the revocation format are provided in the "Revocation Credential Identification Formats" section immediately below.

* `credential_id` (required) -- the individual credential identifier of a credential issued using the [issue-credential-v2](https://github.com/hyperledger/aries-rfcs/tree/main/features/0453-issue-credential-v2) protocol that has been revoked by the issuer. Accepted values for the credential id format are provided in the "Revocation Credential Identification Formats" section immediately below.

* `comment` (optional) -- a field that provides some human readable information about the revocation notification. This is typically the reason for the revocation as deemed appropriate by the issuer.

#### Unrevoke

The `unrevoke` message sent by the `issuer` to the `holder`. The holder should verify that the `unrevoke` message came from the connection that was originally used to issue the credential.

Message format:

```JSON
{
"@type": "https://didcomm.org/revocation_notification/2.1/unrevoke",
"@id": "<uuid-revocation-notification>",
"revocation_format": "<revocation_format>",
"credential_id": "<credential_id>",
Expand Down

0 comments on commit b707b6a

Please sign in to comment.