Revoke/Revocation
Short Description
Revocation (of a credential) is the act, by or on behalf of the party that has issued the credential, of no longer vouching for the correctness or any other qualification of (arbitrary parts of) that credential.
Purpose
The purpose of revocation is to enable parties that intend to use (data from) a credential, to learn whether or not that data is still considered to be correct (and truthful) according to the party that has issued it.
Notes
There is a wealth of revocation mechanisms that can be used for this, each with its pro's and con's regarding implementation difficulty, privacy, and other characteristics. Some well-known mechanisms are
- CRLs (now used for credentials rather than (PKI) certificates)
- OCSP (now used for credentials rather than (PKI) certificates)
- accumulator based revocation mechanisms
- forward-looking consistency revocation mechaism and likely many others