Credential Status VC Schemas

The Credential Status VC is a type of VC that contains the Status List or CRL content. The VC is signed by the Issuer and compressed, allowing it to be transport medium agnostic. The receiver of the VC can validate the information using the same method as any other VCs.

StatusList2021

Property	StatusList2021
id	Id property that defines the credential status identity. Can be the same as the credential URL used in the corresponding Entry.
type	MUST contain "StatusList2021Credential"
credentialStubject.type	MUST be StatusList2021
credentialSubject.statusPurpose	MUST be revocation or suspension.
credentialSubject.encodedList	First GZIP-compressed, then base64 encoded values of a bitstring

StatusList2021 - Non-normative example

Payload
{
  "@context": ["https://www.w3.org/2018/credentials/v1"],
  "id": "https://api.preprod.ebsi.eu/trusted-issuers-registry/v3/issuers/did:ebsi:zyrMG8T9xYbNoSwyQa4SGMJ/proxies/6cc5fcc621d8098977d378ec7bf63f9ad0b204d56bb604f75bc9290e7033ac84/credentials/status/5",
  "type": [
    "VerifiableCredential",
    "VerifiableAttestation",
    "StatusList2021Credential"
  ],
  "issuer": "did:ebsi:zvHWX359A3CvfJnCYaAiAde",
  "issuanceDate": "2022-08-04T10:01:00Z",
  "validFrom": "2022-08-04T11:00:00Z",
  "expirationDate": "2026-08-04T11:00:00Z",
  "issued": "2022-08-04T10:01:00Z",
  "credentialSubject": {
    "id": "https://api.preprod.ebsi.eu/trusted-issuers-registry/v3/issuers/did:ebsi:zyrMG8T9xYbNoSwyQa4SGMJ/proxies/6cc5fcc621d8098977d378ec7bf63f9ad0b204d56bb604f75bc9290e7033ac84/credentials/status/5#list",
    "type": "StatusList2021",
    "statusPurpose": "revocation",
    "encodedList": "H4sIAAAAAAAAE+3BMQEAAADCoPVPbQwfoAAAAAAAAAAAAAAAAAAAAIC3AYbSVKsAQAAA"
  },
  "credentialSchema": {
    "id": "https://api.preprod.ebsi.eu/trusted-schemas-registry/v1/schemas/0x64396ad493808613f5ff09ad137eeaa45c26146f986b526179b54cd894b3587e",
    "type": "FullJsonSchemaValidator2021"
  }
}

JWT

eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6ImRpZDplYnNpOnp2SFdYMzU5QTNDdmZKbkNZYUFpQWRlI0YwcjVPeXRfbGFodnZ6Nk1XbFlzM21jWU5LWmlpUWRVZnF2OHRzaEhOOXcifQ.eyJpc3MiOiJkaWQ6ZWJzaTp6dkhXWDM1OUEzQ3ZmSm5DWWFBaUFkZSIsInN1YiI6ImRpZDplYnNpOnp2SFdYMzU5QTNDdmZKbkNZYUFpQWRlL2NyZWRlbnRpYWxzL3N0YXR1c2VzLzUiLCJpYXQiOiIyMDIyLTA4LTA0VDEwOjAxOjAwWiIsIm5iZiI6IjIwMjItMDgtMDRUMTE6MDA6MDBaIiwianRpIjoidXJuOnV1aWQ6MDAzYTFkZDgtYTVkMi00MmVmLTgxODItZTkyMWMwYTlmMmNkIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiXSwiaWQiOiJ1cm46dXVpZDowMDNhMWRkOC1hNWQyLTQyZWYtODE4Mi1lOTIxYzBhOWYyY2QiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVmVyaWZpYWJsZUF0dGVzdGF0aW9uIiwiU3RhdHVzTGlzdDIwMjFDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDplYnNpOnp2SFdYMzU5QTNDdmZKbkNZYUFpQWRlIiwiaXNzdWFuY2VEYXRlIjoiMjAyMi0wOC0wNFQxMDowMTowMFoiLCJ2YWxpZEZyb20iOiIyMDIyLTA4LTA0VDExOjAwOjAwWiIsImV4cGlyYXRpb25EYXRlIjoiMjAyNi0wOC0wNFQxMTowMDowMFoiLCJpc3N1ZWQiOiIyMDIyLTA4LTA0VDEwOjAxOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOmVic2k6enZIV1gzNTlBM0N2ZkpuQ1lhQWlBZGUvY3JlZGVudGlhbHMvc3RhdHVzZXMvNSIsInR5cGUiOiJTdGF0dXNMaXN0MjAyMSIsInN0YXR1c1B1cnBvc2UiOiJyZXZvY2F0aW9uIiwiZW5jb2RlZExpc3QiOiJINHNJQUFBQUFBQUFFKzNCTVFFQUFBRENvUFZQYlF3Zm9BQUFBQUFBQUFBQUFBQUFBQUFBQUlDM0FZYlNWS3NBUUFBQSJ9LCJjcmVkZW50aWFsU2NoZW1hIjp7ImlkIjoiaHR0cHM6Ly9hcGkucHJlcHJvZC5lYnNpLmV1L3RydXN0ZWQtc2NoZW1hcy1yZWdpc3RyeS92MS9zY2hlbWFzLzB4NjQzOTZhZDQ5MzgwODYxM2Y1ZmYwOWFkMTM3ZWVhYTQ1YzI2MTQ2Zjk4NmI1MjYxNzliNTRjZDg5NGIzNTg3ZSIsInR5cGUiOiJGdWxsSnNvblNjaGVtYVZhbGlkYXRvcjIwMjEifX19.ihdnrq_yIbEnPOLW8C5L_rsvAZchK8z7bqNvVEcy4qQlnXui_1D7b1lQt2d6fDbJd_ZVVU5UgAnq1Nhbzh0OHw

CRLBloomFilter2023 and DynamicSLBLoomFilter2023

Property	CRL	Dynamic SL
id	Id property that defines the credential status identity. Can be the same as the credential URL used in the corresponding Entry.	Id property that defines the credential status identity. Can be the same as the credential URL used in the corresponding Entry.
type	MUST contain "CRLBloomFilter2023"	MUST contain "DynamicSLBloomFilter2023"
validFrom	As in Verifiable Attestation	MUST define the beginning of the associated duration
validUntil	As in Verifiable Attestation	MUST define the end of the associated duration
credentialSubject.purpose	MUST be revocation or suspension	Must be revocation or suspension
credentialSubject.content	First, GZIP-compressed, then base64 encoded values of a Bloom Filter.	First, GZIP-compressed, then base64 encoded values of a Bloom Filter.

DynamicSLBloomFilter2023 – Non-normative example

{
  "@context": ["https://www.w3.org/2018/credentials/v1"],
  "id": "https://api.preprod.ebsi.eu/trusted-issuers-registry/v3/issuers/did:ebsi:zyrMG8T9xYbNoSwyQa4SGMJ/proxies/6cc5fcc621d8098977d378ec7bf63f9ad0b204d56bb604f75bc9290e7033ac84/credentials/status/5",
  "type": [
    "VerifiableCredential",
    "VerifiableAttestation",
    "DynamicSLBloomFilter2023"
  ],
  "issuer": "did:ebsi:zvHWX359A3CvfJnCYaAiAde",
  "issuanceDate": "2022-08-04T10:01:00Z",
  "validFrom": "2022-08-04T11:00:00Z",
  "expirationDate": "2026-08-04T11:00:00Z",
  "issued": "2022-08-04T10:01:00Z",
  "credentialSubject": {
    "id": "https://api.preprod.ebsi.eu/trusted-issuers-registry/v3/issuers/did:ebsi:zyrMG8T9xYbNoSwyQa4SGMJ/proxies/6cc5fcc621d8098977d378ec7bf63f9ad0b204d56bb604f75bc9290e7033ac84/credentials/status/5#list",
    "purpose": "revocation",
    "content": "H4sIAAAAAAAAE+3B....SVKsAQAAA"
  },
  "credentialSchema": {
    "id": "https://api.preprod.ebsi.eu/trusted-schemas-registry/v1/schemas/0x64396ad493808613f5ff09ad137eeaa45c26146f986b526179b54cd894b3587e",
    "type": "FullJsonSchemaValidator2021"
  }
}

CRLPlain2023

Attribute	Description
id	Id property that defines the credential status identity. Can be the same as the credential URL used in the corresponding Entry.
type	MUST contain "CRLPlain2023"
validFrom	The validity of the VC
validUntil	The validity of the VC
credentialSubject.purpose	MUST be revocation or suspension.
credentialSubject.content	First GZIP-compressed, then base64 encoded values of a bitstring

CredentialStatusSecret

The Credential Status Secret carries a secret, which the issuer shares with the Holder, who transforms it into a token. DynamicSLBloomFilter2023 strategy uses the secret as a seed.

Property	CredentialStatusSecret
id	A unique identifier for this VC
type	MUST contain “CredentialStatusSecret”
validFrom	Date and time from which the VC is valid. It is used to compute the starting period of the validity of the secret
credentialSubject.id	MUST match the ID property of the associated Verifiable Credential
credentialSubject.secret	MUST be a base64 encoded seed secret used to compute the time-based password token. This must not be shared with anyone and decoded before use.
credentialSubject.duration	Duration the token is valid at maximum, used in the algorithm to calculate new tokens. Default is 3600 (1 hour)

CredentialStatusSecret - Non-normative example

{
  "@context": ["https://www.w3.org/2018/credentials/v1"],
  "id": "urn:uuid:012a1dd8-a5d2-42ef-8182-e921c0a9e5DA",
  "type": [
    "VerifiableCredential",
    "VerifiableAttestation",
    "CredentialStatusSecret"
  ],
  "issuer": "did:ebsi:00001234",
  "issuanceDate": "2021-11-01T00:00:00Z",
  "validFrom": "2021-11-01T00:00:00Z",
  "validUntil": "2050-11-01T00:00:00Z",
  "expirationDate": "2050-11-01T00:00:00Z",
  "issued": "2020-06-22T14:11:44Z",
  "credentialSubject": {
    "id": "urn:uuid:003a1dd8-a5d2-42ef-8182-e921c0a9e5av",
    "secret": "MzBjMmNiNDhkMzYzZGI4ZGZjY2Q3ZmI4MjhlYTNkNzczZDJmNGU4OGU4MjZhMTQ2MmQ5ZTE1MDJjOWMyODU4NQ====",
    "duration": 3600
  },
  "credentialSchema": {
    "id": "https://api-test.ebsi.eu/trusted-schemas-registry/v2/schemas/<schema id>",
    "type": "FullJsonSchemaValidator2021"
  }
}

CredentialStatusToken

Credential Status Tokens are used to carry the token generated by the holders. The Holder self-signs and shares the VC with the Verifier.

Property	CredentialStatusToken
id	Random unique identifier for this VC
type	MUST contain "CredentialStatusToken"
validFrom	MUST define the beginning of the secret validity period
validUntil	MUST define the end of the secret validity period
credentialSubject.id	MUST match the ID property of the Verifiable Credential the status is meant for
credentialSubject.token	MUST be a base64 encoded token valid at the time of issuance (iat) – the secret is computed at the time specified in the validFrom property

CredentialStatusToken - Non-normative example

{
  "@context": ["https://www.w3.org/2018/credentials/v1"],
  "id": "urn:uuid:004a1dd8-a5d2-42ef-8182-e921c0a9e5FA",
  "type": [
    "VerifiableCredential",
    "VerifiableAttestation",
    "CredentialStatusToken"
  ],
  "issuer": "did:ebsi:00001234",
  "issuanceDate": "2021-11-01T00:00:00Z",
  "validFrom": "2021-11-01T00:00:00Z",
  "validUntil": "2050-11-01T00:00:00Z",
  "expirationDate": "2050-11-01T00:00:00Z",
  "issued": "2020-06-22T14:11:44Z",
  "credentialSubject": {
    "id": "urn:uuid:003a1dd8-a5d2-42ef-8182-e921c0a9e5av",
    "token": "YWQ5MmE1YmZmYTgxZTVlYjljYmUwODBkMDMxMDMyYzQ0ZjZiYmJmNDg1NDY4ZTQyMWJiNTkzNzY3NmU2MTM4OA=="
  },
  "credentialSchema": {
    "id": "https://api-test.ebsi.eu/trusted-schemas-registry/v2/schemas/<schema id>",
    "type": "FullJsonSchemaValidator2021"
  }
}

OneTimeStatus2023

One Time Status 2023 is used to carry time ranged status information for another VC. Issuer's issue this through normal VCI processes, on request of a holder. The credential validity duration must not be greater than the expected revocation reaction time. The OneTimeStatus2023 issuer should equal to the referred Verifiable Credential issuer.

Property	OneTimeStatus2023
id	Random unique identifier for this VC
type	MUST contain "OneTimeStatus2023"
validFrom	The validity of the VC
validUntil	The validity of the VC, Duration between `validFrom` and `validUntil` should not be greater than revocation reaction time.
credentialSubject.id	MUST match the ID property of the Verifiable Credential the status is meant for
credentialSubject.isActive	JSON Boolean for the binary status, where "false" equals to revoked or suspended

CredentialStatusToken - Non-normative example

{
  "@context": ["https://www.w3.org/2018/credentials/v1"],
  "id": "urn:uuid:004a1dd8-a5d2-42ef-8182-e921c0a9e5FA",
  "type": [
    "VerifiableCredential",
    "VerifiableAttestation",
    "OneTimeStatus2023"
  ],
  "issuer": "did:ebsi:00001234",
  "validFrom": "2021-11-01T00:00:00Z",
  "validUntil": "2050-11-01T00:00:00Z",
  "credentialSubject": {
    "id": "urn:uuid:003a1dd8-a5d2-42ef-8182-e921c0a9e5av",
    "isActive": true
  },
  "credentialSchema": {
    "id": "https://api-test.ebsi.eu/trusted-schemas-registry/v2/schemas/<schema id>",
    "type": "FullJsonSchemaValidator2021"
  }
}

StatusList2021​

CRLBloomFilter2023 and DynamicSLBLoomFilter2023​

CRLPlain2023​

CredentialStatusSecret​

CredentialStatusToken​

OneTimeStatus2023​