API for VID revocation

[rakhimosip]

As an Inji user
I would like to be able to revoke a VC VID
So that I can prevent it from being used and shared
So that I can prevent it from being used to generate VCs

API:s needed on the MOSIP side

• revokeCredential(VID)
• getRevocationStatus(verifiable_credential)
• revokeCredential(verifiable_credential)

Business process questions
The questions were answered during a call on 2022-07-27 and the outcome is that:

• VID revocation only affects future VC requests from this VID
• Existing VC:s will not be affected, thus there is no need to check for revocation status on the VC level

How should the revocation status be propagated to parties with which a VC has been shared?
I.e I share my VC with a bank, then I revoke it 2 days later. When/how will the bank understand that my VC has been revoked?

Is there any hierarchy/dependency between UIN/VID/VC? I.e could revocation of one VC affect other VC:s?

Dependencies
idpass#210

[rakhimosip]

@kneckinator the details for revoke VID API are given below

Sample request is given below:

{
  "id": "mosip.resident.vidstatus",
  "version": "v1",
  "requesttime": "2020-06-06T08:41:21.178Z",
  "request": {
  "transactionID": "0123456789",
  "individualId": "6396413495",
  "otp": "111111",
  "vidStatus": "REVOKED"
  }
}

[kneckinator]

Noting from above posted by @rakhimosip and from previous discussions that it is only possible to revoke a VID.
From previous discussions, there is no need to update any existing verifiable credentials (VC:s) derived from the VID that is being revoked.

After a VID has been revoked, it should no longer be possible to request a VC for it.

[kneckinator]

Updated issue description.

[kneckinator]

Updated issue title (VC->VID)

[kneckinator]

@rakhimosip when and where will the above API go live so that we can test it?
The documentation https://docs.mosip.io/1.1.5/apis/resident-service-apis#patch-resident-v1-vid-vid points to a different way of doing it, still.

CC @danicaerediano

[rakhimosip]

@kneckinator the above API is available in the qa4 environment. We have removed the individualIdType parameter from the request body in the latest version.

The swagger link to the api is available here

[kneckinator]

@rakhimosip which version of the MOSIP platform is it targeting?

[rakhimosip]

@kneckinator qa4 is on 1.2.1 version of the platform. This version is a WIP and has not yet been released.

I just checked and this change was NOT part of the 1.2.0 version. API link here

I will check about 1.2.0.1 version and update it here.

[kneckinator]

@rakhimosip Ok, so for the VID revocation for 1.1.5, should the https://docs.mosip.io/1.1.5/apis/resident-service-apis#patch-resident-v1-vid-vid API be used?

[rakhimosip]

@kneckinator Yes, you are right. If the app is being used on top of the 1.1.5 platform version then we need to use the old API

[rakhimosip]

@kneckinator I have an update on this.
In 1.2.0 and onwards the individualIdType was made an optional paramt. in the API. This means that we can still pass it as a paramt. from Mimoto and depending on the platform version it may be used (1.1.5) or ignored (1.2.0 onwards)

Your thoughts on this?