This specification describes a mechanism for publishing the revocation status of Verifiable Credentials that leverages directory service (e.g. Active Directory), where respective records are publicly accessible via LDAP.
This document is experimental and is undergoing heavy development. It is inadvisable to implement the specification in its current form. An experimental implementation is available.
Comments regarding all aspects of this document are welcome. Please file issues directly on GitHub
In the majority of cases, businesses already implement some known revocation
approaches.
One of these "known" options is the usage of directory services such
as Active Directory that provides the access to records via
Lightweight Directory Access Protocol (LDAP).
An issuer of verifiable credentials in such a system
[[VC-DATA-MODEL]] can use a pointer to a particular location at
directory service inside of verifiable credential, that
a verifier can check to see if a credential has been revoked.
The Data Model section covers each vocabulary item, its properties, other attributes for each item.
The following terms are used to describe concepts in this specification.
The following sections outlines the data model for this document.
You may view the latest json-ld vocabulary at:
https://spherity.github.io/vc-status-2021-ldap/contexts/vc-status-2021-ldap/v1.jsonld
When an issuer desires to enable revocation for a
verifiable credential, they MAY add a status
property that uses the data model described in this specification.
Term | RevocationStatus2021LDAP |
Full IRI | https://spherity.github.io/vc-status-2021-ldap#RevocationStatus2021LDAP |
{ "@context": [ "https://www.w3.org/2018/credentials/v1" ], "id": "https://example.com/credentials/23894672367", "type": ["VerifiableCredential"], "issuer": "did:example:12345", "issued": "2021-01-11T00:35:00Z", "credentialStatus": { "id": "ldaps://62.242.203.212:636/o=dolor,cn=ipsum,ou=lorem,dc=example,dc=com", "type": "RevocationStatus2021LDAP", "ssl": true, "host": "62.242.203.212:636", "query": "o={{0}},cn={{1}},ou={{2}},dc={{3}},dc={{4}}", "params": [ "dolor", "ipsum", "lorem", "example", "com" ] }, "credentialSubject": { "id": "did:example:6789", "type": "Person" }, "proof": { ... } }
{ "@context": [ "https://www.w3.org/2018/credentials/v1" ], "id": "https://example.com/credentials/23894672367", "type": ["VerifiableCredential"], "issuer": "did:example:12345", "issued": "2021-01-11T00:35:00Z", "credentialStatus": { "id": "ldaps://example.com/o=dolor,cn=ipsum,ou=lorem,dc=example,dc=com", "type": "RevocationStatus2021LDAP", "ssl": true, "host": "example.com", "query": "o={{0}},cn={{1}},ou={{2}},dc={{3}},dc={{4}}", "params": [ "dolor", "ipsum", "lorem", "example", "com" ] }, "credentialSubject": { "id": "did:example:6789", "type": "Person" }, "proof": { ... } }
The ssl
property MUST be a boolean value if
present or it MAY be skipped that should be treated the
same as like false
value was provided.
In case true
value is provided then
ldaps protocol will be applied, otherwise - ldap.
Term | ssl |
Full IRI | https://spherity.github.io/vc-status-2021-ldap#ssl |
The host
property MUST be a valid domain address,
or host ip address with port address concatenated using
:
.
Term | host |
Full IRI | https://spherity.github.io/vc-status-2021-ldap#host |
The query
property MUST a be a valid LDAP search
query for the verifiable credential revocation status
location. Numbers that are present inside brackets identify
indexes of respective values from credentialStatus.params
params array.
Term | query |
Full IRI | https://spherity.github.io/vc-status-2021-ldap#query |
The params
property MUST be input params for
credentialStatus.params query.
Term | params |
Full IRI | https://spherity.github.io/vc-status-2021-ldap#params |
The following section outlines the algorithms that are used to initialize, revoke and validate revocation status as described by this document.
This process MUST be followed to define LDAP URL parts for identifying a location for a potential revocation status record per each verifiable credential that includes RevocationStatus2021LDAP method as value for its credentialStatus.type property, and thus relies on an underlying directory service to store revocation information.
This process MUST be followed to execute revocation per each verifiable credential that includes RevocationStatus2021LDAP method as value for its credentialStatus.type property, and thus relies on an underlying directory service to store revocation information.
This process MUST be followed to identify revocation status of verifiable credential that includes RevocationStatus2021LDAP method as value for its credentialStatus.type property. This identifies it as relying on underlying LDAP directory service.
This section details the general privacy considerations and specific privacy implications of deploying this specification into production environments.
This method is best suited for fully public or semi-public credentials; potentially leaking status information is assumed to be an acceptable risk, and recent, signed data about current status of a verifiable credential is assumed to be "authoritative" over other or older records, which this method is not optimized to minimize.
Referencing the verifiable credential's unique ID in the LDAP query string adds additional correlation risk, which may be an anti-pattern in some use cases.
There are a number of security considerations that implementers should be aware of when processing data described by this specification. Ignoring or not understanding the implications of this section can result in security vulnerabilities.
While this section attempts to highlight a broad set of security considerations, it is not a complete list. Implementers are urged to seek the advice of security and cryptography professionals when implementing mission critical systems using the technology outlined in this specification.
Our architecture assumes keys are managed in common across both issuance and status-publication infrastructure. The latter is assumed to be secured by LDAPS; LDAP-specific security is assumed and largely out of scope of this specification, although LDAP queries are stored in the credential in both composed and decomposed form to assure validation and comparison to better secure queries.
Further research would be needed on how (or whether it is worthwhile) to sign the specific status object and how to verify the relationship between signing key of same and issuance key of original VC. A signed envelope around the status object returned (or even a fully-formed credential issued against a published schema) is definitely one possibility, for use-cases where metadata passed along with status would be complex, or need to be secured additionally.
There are a number of accessibility considerations implementers should be aware of when processing data described in this specification. As with any web standards or protocols implementation, ignoring accessibility issues makes this information unusable to a large subset of the population. It is important to follow accessibility guidelines and standards, such as [[WCAG21]], to ensure all people, regardless of ability, can make use of this data. This is especially important when establishing systems utilizing cryptography, which have historically created problems for assistive technologies.
This section details the general accessibility considerations to take into account when utilizing this data model.
Write accessibility considerations.
There are a number of internationalization considerations implementers should be aware of when publishing data described in this specification. As with any web standards or protocols implementation, ignoring internationalization makes it difficult for data to be produced and consumed across a disparate set of languages and societies, which would limit the applicability of the specification and significantly diminish its value as a standard.
This section outlines general internationalization considerations to take into account when utilizing this data model.
Write i18n considerations.