Loading vLEI.wiki
Fetching knowledge base...
Fetching knowledge base...
This comprehensive explanation has been generated from 171 GitHub source documents. All source documents are searchable here.
Last updated: October 7, 2025
This content is meant to be consumed by AI agents via MCP. Click here to get the MCP configuration.
Note: In rare cases it may contain LLM hallucinations.
For authoritative documentation, please consult the official GLEIF vLEI trainings and the ToIP Glossary.
A shorthand notation in KERI's Transaction Event Log (TEL) representing 'vc revoke' (verifiable credential revoke), which is an operation that cryptographically revokes a previously issued verifiable credential by recording the revocation event in the TEL.
rev is a compact operational notation used within KERI's Transaction Event Log (TEL) system to represent the verifiable credential revocation operation. It serves as the standardized event type identifier for recording credential revocation actions in the TEL, enabling cryptographically verifiable and tamper-evident revocation of ACDC credentials.
Within the KERI ecosystem, credential lifecycle management follows the RUN model (Read, Update, Nullify) rather than traditional CRUD operations. The rev operation implements the "Nullify" aspect of this model, providing a mechanism for credential issuers to formally withdraw their vouching for credential assertions.
The rev operation is recorded as an event in a credential's Transaction Event Log, which tracks the issuance and revocation state of each verifiable credential. Unlike traditional revocation lists that require centralized infrastructure, TEL-based revocation:
While the source documents do not provide explicit event structure details, TEL revocation events follow KERI's event serialization patterns using CESR encoding. The event includes:
rev)Verifiers checking credential status must:
ri fieldThe source documents reference a 90-day grace period concept for "ghost credentials"—credentials that are valid but within a revocation transaction timeframe before being recorded to the revocation registry. This suggests revocation may not be instantaneous and implementations should account for temporal considerations.
Implementations must distinguish between:
The rev operation occurs in the VC TEL, which references its corresponding management TEL.
The rev operation functions within public verifiable credential registries, where revocation state is publicly observable. For credentials requiring privacy, blinded revocation registries can hide the current state until the controller chooses to disclose it.
When an issuer executes a rev operation:
It's critical to distinguish credential revocation (rev) from key revocation. In KERI, key revocation is handled through rotation events in the KEL, while credential revocation is a separate operation in the TEL. A key rotation does not automatically revoke credentials issued under previous keys—explicit rev operations are required.