veramo
veramo copied to clipboard
add a local (example) credential revocation plugin
@italobb please add details
The plugin will implement the ICredentialStatusManager
interface, allowing the revocation of credentials using a simple centralized revocation method, which we'll call SimpleStatus
. The credentialStatus
field of a credential using the SimpleStatus
will have the following format:
"credentialStatus": {
"id": "https://example.com/credential/status/74636220-fd6c-49ba-bcbf-fe858bcc2729",
"type": "SimpleStatus"
}
-
How will the
credentialStatus
field of a VC be generated using this plugin? The plugin MUST receive an URL prefix (in our examplehttps://example.com/credential/status/
) as parameter during its instantiation. The plugin will generate a random UUID for the credential and simply append it to the URL prefix. This new URL will be thecredentialStatus.id
. -
How the credential status will be served? This plugin must be instantiated by an agent in a
remote-server
which will pass it's server URL as a parameter for the plugin instantiation. The plugin will offer a method which can be used by the server to serve the credential status response. -
Where will the revocation information be stored? The plugin will receive a storage provider as parameter and a simple storage provider will be implemented in the
remote-server
module. -
How secure is this credential status method? It's really a demonstration of a credential status plugin which shouldn't be used in production. Some important issues in this example:
- It won't check if the one generating the
credentialStatus
is the same who will issue the credential. - There's no strong linkage between the credential itself and the
credentialStatus.id
. Anyone can use that same reference in another VC without any check. - The URL which respond by the status won't return a signed payload or VC. It`ll simply return if that VC was revoked or not without confirming the authorship of the VC.
- It won't check if the one generating the
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.