Revocation Methods - Summary & Questions from nivas.cool@gmail.com on 2025-03-27 (public-credentials@w3.org from March 2025)

From: <nivas.cool@gmail.com>
Date: Thu, 27 Mar 2025 14:40:15 +0530
To: <public-credentials@w3.org>
Message-ID: <003401db9ef8$0e57e180$2b07a480$@gmail.com>

Hi Everyone,

 

Over the past couple of days, I've been trying to deeply understand the
different revocation strategies used in SSI systems, especially from the
perspective of building censorship-resistant, globally inclusive personhood
credentials. I've done my best to map out the five main revocation methods,
and I'd be very grateful if anyone here could help validate or correct my
understanding.

 

To keep things compact, I've structured my notes into a simple table below:

 


Method

Pros

Cons


Status Lists

Scalable, simple, supports batching

Public bitmasks may reveal revocation status visibility


Cryptographic Accumulators

Compact proofs, privacy-preserving  

Global updates required on change, complex to implement


Witness-based

Strong privacy, decentralized      

Availability issues if witnesses are offline   


Hash Trees / Graph-based

Good scalability, supports evolving relationships   

Still experimental, needs careful access control design  


Centralized Registries

Easy to deploy, minimal infra overhead     

High censorship risk, misaligned with SSI ethos    

 

If anything, here is inaccurate, I'd truly appreciate corrections.

 

And here are some open questions I'm still exploring:

 

1.	Which of these methods are seeing real-world adoption in national or
regional personhood credential systems?
2.	Is Status List v2021 the most promising in terms of balancing
decentralization and reliability, or are there practical advantages of
Cryptographic Accumulators I've missed?
3.	Are there examples where issuers have used revocation methods to
censor specific verifiers (Example: blocking certain apps or organizations)?
4.	Is it possible to implement revocation in a way that's
censorship-resistant for verifiers, yet still allows recovery for holders
who lose their wallet?
5.	Who are the go-to contributors or working groups leading development
or standardization efforts for each of these methods?

 

Thank you so much in advance for your time and guidance. I'm eager to
contribute meaningfully and align my work with the community's best
practices.

 

Warm regards,
Nivas

Received on Thursday, 27 March 2025 09:10:22 UTC