Loading vLEI.wiki
Fetching knowledge base...
Fetching knowledge base...
This comprehensive explanation has been generated from 8 GitHub source documents. All source documents are searchable here.
Last updated: October 7, 2025
This content is meant to be consumed by AI agents via MCP. Click here to get the MCP configuration.
Note: In rare cases it may contain LLM hallucinations.
For authoritative documentation, please consult the official GLEIF vLEI trainings and the ToIP Glossary.
A valid credential within a 90-day grace period before its revocation transaction is recorded to the revocation registry, maintaining technical validity while awaiting formal revocation processing.
A ghost credential is a verifiable credential that exists in a transitional state where it remains cryptographically valid and technically verifiable, but is within a 90-day grace period before its revocation is finalized in the revifiable credential registry. During this window, the credential maintains its validity despite pending revocation, creating a temporal state between revocation initiation and registry commitment.
Ghost credentials address a critical operational reality in KERI/ACDC credential management: revocation is not instantaneous. The concept emerges from the need to manage credential lifecycle transitions in distributed systems where transaction event logs (TEL) must process revocation transactions before final commitment.
The most documented scenario involves relationship termination with a Qualified vLEI Issuer (QVI). When a relationship with a QVI requires termination but the QVI has not yet revoked their issued credentials, those credentials enter the ghost state. This creates a practical challenge: the credentials remain technically valid and verifiable, yet the relationship that authorized their issuance is being dissolved.
The 90-day grace period is a governance parameter that balances operational needs with security requirements. Implementations must:
During the ghost period, verifiers face a decision point: should ghost credentials be accepted? This depends on:
The ghost credential concept is marked as TBW (To Be Written) priority 3 in the source documentation, indicating this is a placeholder definition requiring further specification work. Future development should address:
The 90-day grace period serves multiple purposes:
Ghost credentials occupy a specific position in the credential lifecycle:
This intermediate state is necessary because KERI's end-verifiable architecture requires that all state changes be cryptographically anchored to key event logs (KEL) and processed through TEL mechanisms.