This file has been truncated. show original
# A Decentralized Approach to Blockcerts Credential Revocation
By João Santos (Instituto Superior Técnico) and Kim Hamilton Duffy (Learning Machine)
Blockcerts are blockchain-anchored credentials with a verification process designed to be decentralized and trustless. While the Blockcerts standard itself is extensible, the revocation method used in the reference implementation is an issuer-hosted revocation list, which is a known centralization point.
This proposal describes an alternate method of issuing Blockcerts using Ethereum, which allows for a new form of revocation by either the issuer or the recipient.
## Introduction & Motivation
The Blockcerts standard specifies a record for accomplishments compliant with the [Open Badges v2.0 specification](https://www.imsglobal.org/sites/default/files/Badges/OBv2p0/index.html) -- and soon, [Verifiable Credentials](https://w3c.github.io/vc-data-model/). A distinguishing part of the [Blockcerts](http://www.blockcerts.org/) standard is the verification process, which checks the integrity and authenticity of the credential via its presence in a (timestamped) blockchain transaction.
The initial release of the Blockcerts standard and reference implementation described only one revocation mechanism, the issuer-hosted revocation list approach also used by Open Badges. This has known limitations, including: centralization, single point of failure, and inability for a recipient to revoke. Other approaches to revocation were considered, but none were technically or economically feasible at the time given the project goals, including Bitcoin blockchain anchoring, low overhead, and minimal cost.
For example, one approach included spending a transaction output. This had the advantage that revocations were on-chain, and that either issuer or recipient could revoke. But the approach caused transaction cost to scale with the number of recipients for a batch of certificates, which became too expensive.
Revocation is one of the most difficult and incomplete aspects of any verification process, and therefore -- as outlined in [Goals and Non-Goals](#Goals-and-non-goals) -- a general solution is outside the scope of this paper. In this paper we revisit the revocation aspect of Blockcerts and consider other, decentralized approaches to revocation using smart contracts.