Credential lifecycle

The Community Stack Issuer API enables you to issue credentials that support lifecycle management by embedding status references and validity timestamps. You can issue credentials that reference status lists for revocation or suspension (using standards like TokenStatusList, Bitstring Status List v1.0), and include validity windows via validFrom and validUntil fields. The actual hosting and management of status credentials is handled by your own infrastructure.

What's included

  • Embed status references in credentials

The Community Stack can sign and issue credentials that include status field references pointing to external status lists. Supports standard formats (Bitstring Status List v1.0, TokenStatusList, StatusList2021) for tracking revocation, suspension, or custom states across credential types (W3C VC, SD-JWT VC, ISO mdoc). You provide the status list URL and bit position during issuance.

  • Set validity timestamps during issuance
    Configure validFrom and validUntil per credential—statically or via data functions—to control when a credential becomes valid and when it expires. These timestamps are embedded directly in the issued credential, requiring no external status infrastructure.

Important: The Community Stack can issue credentials with status information, but does not provide built-in hosting, management, or automatic updates of status credentials. You are responsible for hosting the status credential (status list) on your own infrastructure, updating it when credentials need to be revoked or suspended, re-signing after updates, and publishing the updated version so verifiers can access it. This differs from the Enterprise Stack, which includes a dedicated Credential Status Service that automatically handles all of these operations.

Status Management in the Community Stack

When you issue a credential with a status field in the Community Stack:

  1. During issuance: You specify the status credential URL and the bit position in the status list where this credential's status is tracked.
  2. After issuance: You must implement your own system to:
    • Host and serve the status credential (status list) at the URL you referenced
    • Update the status list when credentials need to be revoked or suspended
    • Re-sign the updated status list
    • Publish the new version so verifiers can fetch it

The Issuer API handles signing the credential with the status reference, but lifecycle management is your responsibility.

FAQs

  • Do verifiers need online connectivity? — They typically fetch or cache the referenced status list. Offline verification works as long as the verifier has a fresh copy of the list; otherwise, it should treat status as unknown until it can refresh.
  • Can I use the Community Stack for production credential revocation? — Yes, but you need to build the status credential hosting and management infrastructure yourself. For production deployments that need turnkey status management, consider the Enterprise Stack's Credential Status Service.
  • What status list formats are supported? — The Community Stack can issue credentials that reference any of the major status list standards: Bitstring Status List v1.0, TokenStatusList, StatusList2021, and RevocationList2020.

Get Started

Last updated on December 15, 2025
Credential BrandingCredential Templates, Types, and Schemas