diff --git a/features/0721-revocation-notification-v2/README.md b/features/0721-revocation-notification-v2/README.md index 585e073c..3b3af4e2 100644 --- a/features/0721-revocation-notification-v2/README.md +++ b/features/0721-revocation-notification-v2/README.md @@ -17,7 +17,7 @@ This RFC defines the message format which an issuer uses to notify a holder that ## Motivation -We need a standard protocol for an issuer to notify a holder that a previously issued credential has been revoked. +We need a standard protocol for an issuer to notify a holder that a previously issued credential has been revoked or unrevoked. For example, suppose a passport agency revokes Alice's passport. The passport agency (an issuer) may want to notify Alice (a holder) that her passport has been revoked so that she @@ -25,28 +25,55 @@ knows that she will be unable to use her passport to travel. ## Tutorial -The Revocation Notification protocol is a very simple protocol consisting of a single message: +The Revocation Notification protocol is a very simple protocol consisting of two messages: * Revoke - issuer to holder +* Unrevoke - issuer to holder -This simple protocol allows an issuer to choose to notify a holder that a previously issued credential has been revoked. +This simple protocol allows an issuer to choose to notify a holder that a previously issued credential has been revoked or unrevoked. -It is the issuer's prerogative whether or not to notify the holder that a credential has been revoked. It is not a security risk if the issuer does not notify the holder that the credential has been revoked, nor if the message is lost. The holder will still be unable to use a revoked credential without this notification. +It is the issuer's prerogative whether or not to notify the holder that a credential has been (un)revoked. It is not a security risk if the issuer does not notify the holder that the credential has been (un)revoked, nor if the message is lost. The holder will still be unable to use a revoked credential without this notification. ### Roles There are two parties involved in a Revocation Notification: `issuer` and `holder`. -The `issuer` sends the `revoke` message to the `holder`. +The `issuer` sends the `revoke` or `unrevoke` message to the `holder`. ### Messages +#### Revoke + The `revoke` message sent by the `issuer` to the `holder`. The holder should verify that the `revoke` message came from the connection that was originally used to issue the credential. Message format: ```JSON { - "@type": "https://didcomm.org/revocation_notification/2.0/revoke", + "@type": "https://didcomm.org/revocation_notification/2.1/revoke", + "@id": "", + "revocation_format": "", + "credential_id": "", + "comment": "Some comment" +} +``` + +Description of fields: + +* `revocation_format` (required) -- the format of the credential revocation. Accepted values for the revocation format are provided in the "Revocation Credential Identification Formats" section immediately below. + +* `credential_id` (required) -- the individual credential identifier of a credential issued using the [issue-credential-v2](https://github.com/hyperledger/aries-rfcs/tree/main/features/0453-issue-credential-v2) protocol that has been revoked by the issuer. Accepted values for the credential id format are provided in the "Revocation Credential Identification Formats" section immediately below. + +* `comment` (optional) -- a field that provides some human readable information about the revocation notification. This is typically the reason for the revocation as deemed appropriate by the issuer. + +#### Unrevoke + +The `unrevoke` message sent by the `issuer` to the `holder`. The holder should verify that the `unrevoke` message came from the connection that was originally used to issue the credential. + +Message format: + +```JSON +{ + "@type": "https://didcomm.org/revocation_notification/2.1/unrevoke", "@id": "", "revocation_format": "", "credential_id": "",