The Credential Status VC is a type of VC that contains the Status List or CRL content. The VC is signed by the Issuer and compressed, allowing it to be transport medium agnostic. The receiver of the VC can validate the information using the same method as any other VCs.
StatusList2021
| Property | StatusList2021 |
|---|---|
id | Id property that defines the credential status identity. Can be the same as the credential URL used in the corresponding Entry. |
type | MUST contain "StatusList2021Credential" |
credentialStubject.type | MUST be StatusList2021 |
credentialSubject.statusPurpose | MUST be revocation or suspension. |
credentialSubject.encodedList | First GZIP-compressed, then base64 encoded values of a bitstring |
StatusList2021 - Non-normative example
Payload
{
"@context": ["https://www.w3.org/2018/credentials/v1"],
"id": "https://api-pilot.ebsi.eu/trusted-issuers-registry/v5/issuers/did:ebsi:zyrMG8T9xYbNoSwyQa4SGMJ/proxies/0x6cc5fcc621d8098977d378ec7bf63f9ad0b204d56bb604f75bc9290e7033ac84/credentials/status/5",
"type": [
"VerifiableCredential",
"VerifiableAttestation",
"StatusList2021Credential"
],
"issuer": "did:ebsi:zvHWX359A3CvfJnCYaAiAde",
"issuanceDate": "2022-08-04T10:01:00Z",
"validFrom": "2022-08-04T11:00:00Z",
"expirationDate": "2026-08-04T11:00:00Z",
"issued": "2022-08-04T10:01:00Z",
"credentialSubject": {
"id": "https://api-pilot.ebsi.eu/trusted-issuers-registry/v5/issuers/did:ebsi:zyrMG8T9xYbNoSwyQa4SGMJ/proxies/0x6cc5fcc621d8098977d378ec7bf63f9ad0b204d56bb604f75bc9290e7033ac84/credentials/status/5#list",
"type": "StatusList2021",
"statusPurpose": "revocation",
"encodedList": "H4sIAAAAAAAAE+3BMQEAAADCoPVPbQwfoAAAAAAAAAAAAAAAAAAAAIC3AYbSVKsAQAAA"
},
"credentialSchema": {
"id": "https://api-pilot.ebsi.eu/trusted-schemas-registry/v3/schemas/z7DmpwC9doRxZrtQ9PBjz8qQgGWqojkGExELnrw1x8qdi",
"type": "FullJsonSchemaValidator2021"
}
}
JWT
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6ImRpZDplYnNpOnp2SFdYMzU5QTNDdmZKbkNZYUFpQWRlI0YwcjVPeXRfbGFodnZ6Nk1XbFlzM21jWU5LWmlpUWRVZnF2OHRzaEhOOXcifQ.eyJpc3MiOiJkaWQ6ZWJzaTp6dkhXWDM1OUEzQ3ZmSm5DWWFBaUFkZSIsInN1YiI6ImRpZDplYnNpOnp2SFdYMzU5QTNDdmZKbkNZYUFpQWRlL2NyZWRlbnRpYWxzL3N0YXR1c2VzLzUiLCJpYXQiOiIyMDIyLTA4LTA0VDEwOjAxOjAwWiIsIm5iZiI6IjIwMjItMDgtMDRUMTE6MDA6MDBaIiwianRpIjoidXJuOnV1aWQ6MDAzYTFkZDgtYTVkMi00MmVmLTgxODItZTkyMWMwYTlmMmNkIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiXSwiaWQiOiJ1cm46dXVpZDowMDNhMWRkOC1hNWQyLTQyZWYtODE4Mi1lOTIxYzBhOWYyY2QiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVmVyaWZpYWJsZUF0dGVzdGF0aW9uIiwiU3RhdHVzTGlzdDIwMjFDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDplYnNpOnp2SFdYMzU5QTNDdmZKbkNZYUFpQWRlIiwiaXNzdWFuY2VEYXRlIjoiMjAyMi0wOC0wNFQxMDowMTowMFoiLCJ2YWxpZEZyb20iOiIyMDIyLTA4LTA0VDExOjAwOjAwWiIsImV4cGlyYXRpb25EYXRlIjoiMjAyNi0wOC0wNFQxMTowMDowMFoiLCJpc3N1ZWQiOiIyMDIyLTA4LTA0VDEwOjAxOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOmVic2k6enZIV1gzNTlBM0N2ZkpuQ1lhQWlBZGUvY3JlZGVudGlhbHMvc3RhdHVzZXMvNSIsInR5cGUiOiJTdGF0dXNMaXN0MjAyMSIsInN0YXR1c1B1cnBvc2UiOiJyZXZvY2F0aW9uIiwiZW5jb2RlZExpc3QiOiJINHNJQUFBQUFBQUFFKzNCTVFFQUFBRENvUFZQYlF3Zm9BQUFBQUFBQUFBQUFBQUFBQUFBQUlDM0FZYlNWS3NBUUFBQSJ9LCJjcmVkZW50aWFsU2NoZW1hIjp7ImlkIjoiaHR0cHM6Ly9hcGkucHJlcHJvZC5lYnNpLmV1L3RydXN0ZWQtc2NoZW1hcy1yZWdpc3RyeS92MS9zY2hlbWFzLzB4NjQzOTZhZDQ5MzgwODYxM2Y1ZmYwOWFkMTM3ZWVhYTQ1YzI2MTQ2Zjk4NmI1MjYxNzliNTRjZDg5NGIzNTg3ZSIsInR5cGUiOiJGdWxsSnNvblNjaGVtYVZhbGlkYXRvcjIwMjEifX19.ihdnrq_yIbEnPOLW8C5L_rsvAZchK8z7bqNvVEcy4qQlnXui_1D7b1lQt2d6fDbJd_ZVVU5UgAnq1Nhbzh0OHw
CRLBloomFilter2023 and DynamicSLBLoomFilter2023
| Property | CRL | Dynamic SL |
|---|---|---|
id | Id property that defines the credential status identity. Can be the same as the credential URL used in the corresponding Entry. | Id property that defines the credential status identity. Can be the same as the credential URL used in the corresponding Entry. |
type | MUST contain "CRLBloomFilter2023" | MUST contain "DynamicSLBloomFilter2023" |
validFrom | As in Verifiable Attestation | MUST define the beginning of the associated duration |
validUntil | As in Verifiable Attestation | MUST define the end of the associated duration |
credentialSubject.purpose | MUST be revocation or suspension | Must be revocation or suspension |
credentialSubject.content | First, GZIP-compressed, then base64 encoded values of a Bloom Filter. | First, GZIP-compressed, then base64 encoded values of a Bloom Filter. |
DynamicSLBloomFilter2023 – Non-normative example
{
"@context": ["https://www.w3.org/2018/credentials/v1"],
"id": "https://api-pilot.ebsi.eu/trusted-issuers-registry/v5/issuers/did:ebsi:zyrMG8T9xYbNoSwyQa4SGMJ/proxies/0x6cc5fcc621d8098977d378ec7bf63f9ad0b204d56bb604f75bc9290e7033ac84/credentials/status/5",
"type": [
"VerifiableCredential",
"VerifiableAttestation",
"DynamicSLBloomFilter2023"
],
"issuer": "did:ebsi:zvHWX359A3CvfJnCYaAiAde",
"issuanceDate": "2022-08-04T10:01:00Z",
"validFrom": "2022-08-04T11:00:00Z",
"expirationDate": "2026-08-04T11:00:00Z",
"issued": "2022-08-04T10:01:00Z",
"credentialSubject": {
"id": "https://api-pilot.ebsi.eu/trusted-issuers-registry/v5/issuers/did:ebsi:zyrMG8T9xYbNoSwyQa4SGMJ/proxies/0x6cc5fcc621d8098977d378ec7bf63f9ad0b204d56bb604f75bc9290e7033ac84/credentials/status/5#list",
"purpose": "revocation",
"content": "H4sIAAAAAAAAE+3B....SVKsAQAAA"
},
"credentialSchema": {
"id": "https://api-pilot.ebsi.eu/trusted-schemas-registry/v3/schemas/z7DmpwC9doRxZrtQ9PBjz8qQgGWqojkGExELnrw1x8qdi",
"type": "FullJsonSchemaValidator2021"
}
}
CRLPlain2023
| Attribute | Description |
|---|---|
id | Id property that defines the credential status identity. Can be the same as the credential URL used in the corresponding Entry. |
type | MUST contain "CRLPlain2023" |
validFrom | The validity of the VC |
validUntil | The validity of the VC |
credentialSubject.purpose | MUST be revocation or suspension. |
credentialSubject.content | First GZIP-compressed, then base64 encoded values of a bitstring |
CredentialStatusSecret
The Credential Status Secret carries a secret, which the issuer shares with the Holder, who transforms it into a token. DynamicSLBloomFilter2023 strategy uses the secret as a seed.
| Property | CredentialStatusSecret |
|---|---|
id | A unique identifier for this VC |
type | MUST contain “CredentialStatusSecret” |
validFrom | Date and time from which the VC is valid. It is used to compute the starting period of the validity of the secret |
credentialSubject.id | MUST match the ID property of the associated Verifiable Credential |
credentialSubject.secret | MUST be a base64 encoded seed secret used to compute the time-based password token. This must not be shared with anyone and decoded before use. |
credentialSubject.duration | Duration the token is valid at maximum, used in the algorithm to calculate new tokens. Default is 3600 (1 hour) |
CredentialStatusSecret - Non-normative example
{
"@context": ["https://www.w3.org/2018/credentials/v1"],
"id": "urn:uuid:012a1dd8-a5d2-42ef-8182-e921c0a9e5DA",
"type": [
"VerifiableCredential",
"VerifiableAttestation",
"CredentialStatusSecret"
],
"issuer": "did:ebsi:00001234",
"issuanceDate": "2021-11-01T00:00:00Z",
"validFrom": "2021-11-01T00:00:00Z",
"validUntil": "2050-11-01T00:00:00Z",
"expirationDate": "2050-11-01T00:00:00Z",
"issued": "2020-06-22T14:11:44Z",
"credentialSubject": {
"id": "urn:uuid:003a1dd8-a5d2-42ef-8182-e921c0a9e5av",
"secret": "MzBjMmNiNDhkMzYzZGI4ZGZjY2Q3ZmI4MjhlYTNkNzczZDJmNGU4OGU4MjZhMTQ2MmQ5ZTE1MDJjOWMyODU4NQ====",
"duration": 3600
},
"credentialSchema": {
"id": "https://api-test.ebsi.eu/trusted-schemas-registry/v3/schemas/<schema id>",
"type": "FullJsonSchemaValidator2021"
}
}
CredentialStatusToken
Credential Status Tokens are used to carry the token generated by the holders. The Holder self-signs and shares the VC with the Verifier.
| Property | CredentialStatusToken |
|---|---|
id | Random unique identifier for this VC |
type | MUST contain "CredentialStatusToken" |
validFrom | MUST define the beginning of the secret validity period |
validUntil | MUST define the end of the secret validity period |
credentialSubject.id | MUST match the ID property of the Verifiable Credential the status is meant for |
credentialSubject.token | MUST be a base64 encoded token valid at the time of issuance (iat) – the secret is computed at the time specified in the validFrom property |
CredentialStatusToken - Non-normative example
{
"@context": ["https://www.w3.org/2018/credentials/v1"],
"id": "urn:uuid:004a1dd8-a5d2-42ef-8182-e921c0a9e5FA",
"type": [
"VerifiableCredential",
"VerifiableAttestation",
"CredentialStatusToken"
],
"issuer": "did:ebsi:00001234",
"issuanceDate": "2021-11-01T00:00:00Z",
"validFrom": "2021-11-01T00:00:00Z",
"validUntil": "2050-11-01T00:00:00Z",
"expirationDate": "2050-11-01T00:00:00Z",
"issued": "2020-06-22T14:11:44Z",
"credentialSubject": {
"id": "urn:uuid:003a1dd8-a5d2-42ef-8182-e921c0a9e5av",
"token": "YWQ5MmE1YmZmYTgxZTVlYjljYmUwODBkMDMxMDMyYzQ0ZjZiYmJmNDg1NDY4ZTQyMWJiNTkzNzY3NmU2MTM4OA=="
},
"credentialSchema": {
"id": "https://api-test.ebsi.eu/trusted-schemas-registry/v3/schemas/<schema id>",
"type": "FullJsonSchemaValidator2021"
}
}
OneTimeStatus2023
One Time Status 2023 is used to carry time ranged status information for another VC. Issuer's issue this through normal VCI processes, on request of a holder. The credential validity duration must not be greater than the expected revocation reaction time. The OneTimeStatus2023 issuer should equal to the referred Verifiable Credential issuer.
| Property | OneTimeStatus2023 |
|---|---|
id | Random unique identifier for this VC |
type | MUST contain "OneTimeStatus2023" |
validFrom | The validity of the VC |
validUntil | The validity of the VC, Duration between validFrom and validUntil should not be greater than revocation reaction time. |
credentialSubject.id | MUST match the ID property of the Verifiable Credential the status is meant for |
credentialSubject.isActive | JSON Boolean for the binary status, where "false" equals to revoked or suspended |
CredentialStatusToken - Non-normative example
{
"@context": ["https://www.w3.org/2018/credentials/v1"],
"id": "urn:uuid:004a1dd8-a5d2-42ef-8182-e921c0a9e5FA",
"type": [
"VerifiableCredential",
"VerifiableAttestation",
"OneTimeStatus2023"
],
"issuer": "did:ebsi:00001234",
"validFrom": "2021-11-01T00:00:00Z",
"validUntil": "2050-11-01T00:00:00Z",
"credentialSubject": {
"id": "urn:uuid:003a1dd8-a5d2-42ef-8182-e921c0a9e5av",
"isActive": true
},
"credentialSchema": {
"id": "https://api-test.ebsi.eu/trusted-schemas-registry/v3/schemas/<schema id>",
"type": "FullJsonSchemaValidator2021"
}
}