Skip to main content

LVVC

One method of handling credential revocation in a privacy-preserving manner is to give the credential a short lifespan, requiring the holder's agent to update the credential on a regular basis. This means the verifier is able to determine validity without coming into contact with the issuer via an issuer- hosted list.

LVVC is based on this method of updating credentials with one key difference: when a credential with LVVC revocation is first issued, an extra credential is issued, the "LVVC".

The LVVC is linked to the original credential and is small, containing only basic information about the issuer and the issuance time. This LVVC has a short lifespan, and the holder's agent (that is, wallet) must request a new LVVC when it needs one. When the issuer revokes the credential, the LVVC is updated to revoked status and no further LVVCs are created for that credential. This process eliminates the need for the verifier to connect to the issuer in any way to check revocation status, preserving privacy for the holder.

For more information on the LVVC revocation method, see the initial draft.

Verify LVVC credentials

The verifier can specify the age of the LVVC which they still consider to be valid at the proof schema level. When creating a proof schema, specify the duration (in seconds) in the validityConstraint field of the proofInputSchemas object.

Each LVVC credential has an lvvcIssuanceDate; if the time since a credential lvvcIssuanceDate exceeds the validityConstraint of the proof request, the credential will not be validated.

Issue LVVC credentials

The issuer's system configuration determines the "expiration" of credentials issued with LVVC revocation method. If the holder's wallet checks the revocation status after the credential has expired, assuming the credential has not been revoked, the system issues a new LVVC with a new lvvcIssuanceDate.

Example configuration:

LVVC:
  display: 'revocation.lvvc'
  order: 2
  type: 'LVVC'
  params:
    private:
      credentialExpiry: 3600  // Time, in seconds, after which an issued LVVC expires

Hold LVVC credentials

Check the revocation status via the /api/credential/v1/revocation-check endpoint.