From 30a2694a149fbb79d482dbfb7715103339f259cf Mon Sep 17 00:00:00 2001 From: Thiago Romano Date: Sun, 25 Aug 2024 10:55:35 -0300 Subject: [PATCH 1/2] Adding unrevoke messages to revocation notification protocol Signed-off-by: Thiago Romano --- .../0183-revocation-notification/README.md | 35 +++++++++++++++--- .../0721-revocation-notification-v2/README.md | 37 ++++++++++++++++--- 2 files changed, 61 insertions(+), 11 deletions(-) diff --git a/features/0183-revocation-notification/README.md b/features/0183-revocation-notification/README.md index dab004c3..ef939ee0 100644 --- a/features/0183-revocation-notification/README.md +++ b/features/0183-revocation-notification/README.md @@ -9,7 +9,7 @@ ## Summary -This RFC defines the message format which an issuer uses to notify a holder that a previously issued credential has been revoked. +This RFC defines the message format which an issuer uses to notify a holder that a previously issued credential has been revoked or unrevoked. ## Change Log @@ -17,7 +17,7 @@ This RFC defines the message format which an issuer uses to notify a holder that ## Motivation -We need a standard protocol for an issuer to notify a holder that a previously issued credential has been revoked. +We need a standard protocol for an issuer to notify a holder that a previously issued credential has been revoked or unrevoked. For example, suppose a passport agency revokes Alice's passport. The passport agency (an issuer) may want to notify Alice (a holder) that her passport has been revoked so that she @@ -25,21 +25,24 @@ knows that she will be unable to use her passport to travel. ## Tutorial -The Revocation Notification protocol is a very simple protocol consisting of a single message: +The Revocation Notification protocol is a very simple protocol consisting of two messages: * Revoke - issuer to holder +* Unrevoke - issuer to holder -This simple protocol allows an issuer to choose to notify a holder that a previously issued credential has been revoked. +This simple protocol allows an issuer to choose to notify a holder that a previously issued credential has been revoked or unrevoked. -It is the issuer's prerogative whether or not to notify the holder that a credential has been revoked. It is not a security risk if the issuer does not notify the holder that the credential has been revoked, nor if the message is lost. The holder will still be unable to use a revoked credential without this notification. +It is the issuer's prerogative whether or not to notify the holder that a credential has been (un)revoked. It is not a security risk if the issuer does not notify the holder that the credential has been (un)revoked, nor if the message is lost. The holder will still be unable to use a revoked credential without this notification. ### Roles There are two parties involved in a Revocation Notification: `issuer` and `holder`. -The `issuer` sends the `revoke` message to the `holder`. +The `issuer` sends the `revoke` or `unrevoke` message to the `holder`. ### Messages +#### Revoke + The `revoke` message sent by the `issuer` to the `holder` is as follows: ```JSON @@ -57,6 +60,26 @@ Description of fields: * `comment` (optional) -- a field that provides some human readable information about the revocation notification. This is typically the reason for the revocation as deemed appropriate by the issuer. +#### Unrevoke + +The `unrevoke` message sent by the `issuer` to the `holder` is as follows: + +```JSON +{ + "@type": "https://didcomm.org/revocation_notification/1.0/unrevoke", + "@id": "", + "thread_id": "", + "comment": "Some comment" +} +``` + +Description of fields: + +* `thread_id` (required) -- the [thread ID](https://github.com/hyperledger/aries-rfcs/tree/main/concepts/0008-message-id-and-threading#thread-id-thid) of the [issue-credential-v2](https://github.com/hyperledger/aries-rfcs/tree/main/features/0453-issue-credential-v2) protocol which was used to issue one or more credentials that have been revoked by the issuer. If multiple credentials were issued, each credential has a different credential format but contains the same claims as described [here](https://github.com/hyperledger/aries-rfcs/tree/b982c24b9083dd5dddff6343dbf534cd1cfe36a6/features/0453-issue-credential-v2#message-attachments); therefore, this message notifies the holder that all of these credentials have been revoked. + +* `comment` (optional) -- a field that provides some human readable information about the revocation notification. This is typically the reason for the revocation as deemed appropriate by the issuer. + + ## Reference * See the [issue-credential-v2](https://github.com/hyperledger/aries-rfcs/tree/main/features/0453-issue-credential-v2) protocol. diff --git a/features/0721-revocation-notification-v2/README.md b/features/0721-revocation-notification-v2/README.md index 585e073c..070afdef 100644 --- a/features/0721-revocation-notification-v2/README.md +++ b/features/0721-revocation-notification-v2/README.md @@ -17,7 +17,7 @@ This RFC defines the message format which an issuer uses to notify a holder that ## Motivation -We need a standard protocol for an issuer to notify a holder that a previously issued credential has been revoked. +We need a standard protocol for an issuer to notify a holder that a previously issued credential has been revoked or unrevoked. For example, suppose a passport agency revokes Alice's passport. The passport agency (an issuer) may want to notify Alice (a holder) that her passport has been revoked so that she @@ -25,21 +25,24 @@ knows that she will be unable to use her passport to travel. ## Tutorial -The Revocation Notification protocol is a very simple protocol consisting of a single message: +The Revocation Notification protocol is a very simple protocol consisting of two messages: * Revoke - issuer to holder +* Unrevoke - issuer to holder -This simple protocol allows an issuer to choose to notify a holder that a previously issued credential has been revoked. +This simple protocol allows an issuer to choose to notify a holder that a previously issued credential has been revoked or unrevoked. -It is the issuer's prerogative whether or not to notify the holder that a credential has been revoked. It is not a security risk if the issuer does not notify the holder that the credential has been revoked, nor if the message is lost. The holder will still be unable to use a revoked credential without this notification. +It is the issuer's prerogative whether or not to notify the holder that a credential has been (un)revoked. It is not a security risk if the issuer does not notify the holder that the credential has been (un)revoked, nor if the message is lost. The holder will still be unable to use a revoked credential without this notification. ### Roles There are two parties involved in a Revocation Notification: `issuer` and `holder`. -The `issuer` sends the `revoke` message to the `holder`. +The `issuer` sends the `revoke` or `unrevoke` message to the `holder`. ### Messages +#### Revoke + The `revoke` message sent by the `issuer` to the `holder`. The holder should verify that the `revoke` message came from the connection that was originally used to issue the credential. Message format: @@ -62,6 +65,30 @@ Description of fields: * `comment` (optional) -- a field that provides some human readable information about the revocation notification. This is typically the reason for the revocation as deemed appropriate by the issuer. +#### Unrevoke + +The `unrevoke` message sent by the `issuer` to the `holder`. The holder should verify that the `unrevoke` message came from the connection that was originally used to issue the credential. + +Message format: + +```JSON +{ + "@type": "https://didcomm.org/revocation_notification/2.0/unrevoke", + "@id": "", + "revocation_format": "", + "credential_id": "", + "comment": "Some comment" +} +``` + +Description of fields: + +* `revocation_format` (required) -- the format of the credential revocation. Accepted values for the revocation format are provided in the "Revocation Credential Identification Formats" section immediately below. + +* `credential_id` (required) -- the individual credential identifier of a credential issued using the [issue-credential-v2](https://github.com/hyperledger/aries-rfcs/tree/main/features/0453-issue-credential-v2) protocol that has been revoked by the issuer. Accepted values for the credential id format are provided in the "Revocation Credential Identification Formats" section immediately below. + +* `comment` (optional) -- a field that provides some human readable information about the revocation notification. This is typically the reason for the revocation as deemed appropriate by the issuer. + #### Revocation Credential Identification Formats In order to support multiple credential revocation formats, the following dictates the format of revocation formats and their credential ids. As additional credential revocation formats are determined their credential id formats should be added. From e45690347d942a8e41ed61ccac728ed26bd63fa9 Mon Sep 17 00:00:00 2001 From: Thiago Romano Date: Wed, 18 Sep 2024 20:12:00 -0300 Subject: [PATCH 2/2] Reverting changes to v1 protocol and upgrading v2 version to 2.1 Signed-off-by: Thiago Romano --- .../0183-revocation-notification/README.md | 35 ++++--------------- .../0721-revocation-notification-v2/README.md | 4 +-- 2 files changed, 8 insertions(+), 31 deletions(-) diff --git a/features/0183-revocation-notification/README.md b/features/0183-revocation-notification/README.md index ef939ee0..dab004c3 100644 --- a/features/0183-revocation-notification/README.md +++ b/features/0183-revocation-notification/README.md @@ -9,7 +9,7 @@ ## Summary -This RFC defines the message format which an issuer uses to notify a holder that a previously issued credential has been revoked or unrevoked. +This RFC defines the message format which an issuer uses to notify a holder that a previously issued credential has been revoked. ## Change Log @@ -17,7 +17,7 @@ This RFC defines the message format which an issuer uses to notify a holder that ## Motivation -We need a standard protocol for an issuer to notify a holder that a previously issued credential has been revoked or unrevoked. +We need a standard protocol for an issuer to notify a holder that a previously issued credential has been revoked. For example, suppose a passport agency revokes Alice's passport. The passport agency (an issuer) may want to notify Alice (a holder) that her passport has been revoked so that she @@ -25,24 +25,21 @@ knows that she will be unable to use her passport to travel. ## Tutorial -The Revocation Notification protocol is a very simple protocol consisting of two messages: +The Revocation Notification protocol is a very simple protocol consisting of a single message: * Revoke - issuer to holder -* Unrevoke - issuer to holder -This simple protocol allows an issuer to choose to notify a holder that a previously issued credential has been revoked or unrevoked. +This simple protocol allows an issuer to choose to notify a holder that a previously issued credential has been revoked. -It is the issuer's prerogative whether or not to notify the holder that a credential has been (un)revoked. It is not a security risk if the issuer does not notify the holder that the credential has been (un)revoked, nor if the message is lost. The holder will still be unable to use a revoked credential without this notification. +It is the issuer's prerogative whether or not to notify the holder that a credential has been revoked. It is not a security risk if the issuer does not notify the holder that the credential has been revoked, nor if the message is lost. The holder will still be unable to use a revoked credential without this notification. ### Roles There are two parties involved in a Revocation Notification: `issuer` and `holder`. -The `issuer` sends the `revoke` or `unrevoke` message to the `holder`. +The `issuer` sends the `revoke` message to the `holder`. ### Messages -#### Revoke - The `revoke` message sent by the `issuer` to the `holder` is as follows: ```JSON @@ -60,26 +57,6 @@ Description of fields: * `comment` (optional) -- a field that provides some human readable information about the revocation notification. This is typically the reason for the revocation as deemed appropriate by the issuer. -#### Unrevoke - -The `unrevoke` message sent by the `issuer` to the `holder` is as follows: - -```JSON -{ - "@type": "https://didcomm.org/revocation_notification/1.0/unrevoke", - "@id": "", - "thread_id": "", - "comment": "Some comment" -} -``` - -Description of fields: - -* `thread_id` (required) -- the [thread ID](https://github.com/hyperledger/aries-rfcs/tree/main/concepts/0008-message-id-and-threading#thread-id-thid) of the [issue-credential-v2](https://github.com/hyperledger/aries-rfcs/tree/main/features/0453-issue-credential-v2) protocol which was used to issue one or more credentials that have been revoked by the issuer. If multiple credentials were issued, each credential has a different credential format but contains the same claims as described [here](https://github.com/hyperledger/aries-rfcs/tree/b982c24b9083dd5dddff6343dbf534cd1cfe36a6/features/0453-issue-credential-v2#message-attachments); therefore, this message notifies the holder that all of these credentials have been revoked. - -* `comment` (optional) -- a field that provides some human readable information about the revocation notification. This is typically the reason for the revocation as deemed appropriate by the issuer. - - ## Reference * See the [issue-credential-v2](https://github.com/hyperledger/aries-rfcs/tree/main/features/0453-issue-credential-v2) protocol. diff --git a/features/0721-revocation-notification-v2/README.md b/features/0721-revocation-notification-v2/README.md index 070afdef..3b3af4e2 100644 --- a/features/0721-revocation-notification-v2/README.md +++ b/features/0721-revocation-notification-v2/README.md @@ -49,7 +49,7 @@ Message format: ```JSON { - "@type": "https://didcomm.org/revocation_notification/2.0/revoke", + "@type": "https://didcomm.org/revocation_notification/2.1/revoke", "@id": "", "revocation_format": "", "credential_id": "", @@ -73,7 +73,7 @@ Message format: ```JSON { - "@type": "https://didcomm.org/revocation_notification/2.0/unrevoke", + "@type": "https://didcomm.org/revocation_notification/2.1/unrevoke", "@id": "", "revocation_format": "", "credential_id": "",