Credential revocation is the process by which an issuer marks a credential as no longer valid. Unlike physical IDs, which must be physically surrendered or destroyed, verifiable digital credentials can be invalidated remotely through cryptographic mechanisms that allow verifiers to check status at the time of use.
Why are credentials revoked?
Credentials may be revoked for several reasons. Identity fraud (discovery that the credential was issued under false pretenses) typically triggers full revocation. Compromise of cryptographic keys, such as stolen device keys or breached private keys, requires revocation and re-issuance with new keys. Court orders may direct revocation of someone’s digital identity credentials. Holders themselves may request revocation if they suspect fraudulent usage.
How revocation works technically
Issuers publish status information that verifiers can check. Privacy-preserving approaches utilize compressed, non-personal status lists that aggregate tens of thousands of credentials, and these credentials are represented in privacy-preserving status mechanisms that enable verifiers to determine validity without disclosing unnecessary identifying information. This allows verifiers to check validity locally without revealing which individual credential is being verified.
When a holder presents a credential, the verifier checks both the cryptographic signature (confirming authenticity) and the status mechanism (confirming the credential hasn't been revoked). This dual check occurs either in real-time for online verification or through periodically updated status lists for offline verification.
Distinguishing identity from entitlement
Well-designed systems distinguish between revoking identity and suspending privileges. A person's core identity credential should remain valid even when specific entitlements are suspended or revoked. For example, if your driver’s license is suspended because of unpaid tickets, you don’t stop being you. You should still be able to prove your identity to open a bank account, access benefits, or verify your age – just not drive. The system needs to reflect that difference.
This approach ensures revocation remains an exceptional event, applied only when necessary to preserve system integrity while safeguarding individual rights.
Status mechanisms should enable verifiers to distinguish between different states, including active, suspended, expired, and revoked. This provides relying parties with the information they need to make informed decisions without forcing binary all-or-nothing outcomes.
Want to keep learning?
Subscribe to our blog.
