[Credential Lifecycle - Status Attestation ] - Functional Requirements - Issuer

[pietroACN]

The text states: " The issuer Must .... revoke a Digital Credential when ....the Wallet Instance that holds the Digital Credential was issued is revoked;"

It is not clear where is the relation between the Wallet Istance (that may have been revoked and replaced with another version) and the Digital Credential as the credential validity should be independent from the wallet: the credential is bound to the user Key that may be generated by an external WCSD or remote signing device.

It would be preferable to change the text with the following one: " The issuer Must .... revoke a Digital Credential when ....the cryptographic key material to which the issued Digital Credential is bound is lost or replaced;"

In case also the following statement should be replaced with: "Loss of cryptographic key material to which the issued Digital Credential is bound"

[peppelinux]

we must introduce actionable items that brings the evidence about how this "loss" can be evaluated from the credential issuer.

checking a revocation of a wallet instance is possibile since the wallet instance attestation would not be valid anymore, making this item explicit, while the "loss of something" doesnt bring any evidence about how it could be evaluated from the issuer side

[pietroACN]

I would therefore replace the original text with the following: "The issuer Must .... revoke a Digital Credential when ....the holder request such revocation due to loss or replacement of cryptographic key material which the issued Digital Credential is bound to".

As loss of crypto key/s is something that only holder would be aware of, he has to officially perform the request.