--- abstract This specification defines a new status mechanism according to {{StatusList}} to convey information about tokens after their issuance. The Identifier List links the status to a unique identifier in the referenced token, similar to the Certificate Revocation List {{RFC5280}} but secured by JOSE {{IANA.JOSE}} and COSE {{IANA.COSE}}. --- middle Token formats secured by JOSE {{IANA.JOSE}} or COSE {{RFC9052}}, such as JSON Web Tokens (JWTs) {{RFC7519}}, CBOR Web Tokens (CWTs) {{RFC8392}} and ISO mdoc {{ISO.mdoc}}, have vast possible applications. Some of these applications can involve issuing a token whereby certain semantics about the token can change over time, which are important to be able to communicate to relying parties in an interoperable manner, such as whether the token is considered invalidated or suspended by its issuer. This document defines a new status mechanism using the framework that is given by the Status List {{StatusList}}, thus registering a new mechanism in it's registry.

Contenders short-lived Credentials (no status) Deny-List (CRL, Idenitfier List for JSON/CBOR) StatusList (bitarray/bitstring, IETF Token Status List, W3C StatusList 2021) OCSP OCSP stapling / Status Attestations / Validity VCs / Non-Revocation Token Accumulator (e.g. Indy) TOTP + Bloom Filter (DynamicSLBloomFilter2023) status_mechanisms

inital thoughts from Christian and Paul Requirements configurable state definitionsconfigurable bits per entry offline capability holder caches status list presentes during openid4vp (e.g., as additional proof in the array)

Paul Bastian(Bundesdruckerei), Christian Bormann(Bosch), Michael Schäfer(Bosch) only talking about the indy network (indy-node/indy-plenum) Anoncreds/DIDComm are independant from indy (misconception!) this document does not discuss AnonCreds/DIDComm (out of scope) Requirements and needs? regulatory safeness

Authors: Paul Bastian Status: PROPOSED Since: 2022-02-21 Start Date: 2022-02-21 Tags: feature, protocol Summary Describe a standard way for issuers and holders to perform a device binding preliminary to the issuance process. Motivation