Status list checking should only show relevant statuses #621
Description
I create a credential and set revocable to true
curl -X PUT loccurl -X PUT localhost:3000/v1/credentials -d '{
"issuer": "did:key:z6Mkm1TmRWRPK6n21QncUZnk1tdYkje896mYCzhMfQ67assD",
"verificationMethodId": "did:key:z6Mkm1TmRWRPK6n21QncUZnk1tdYkje896mYCzhMfQ67assD#z6Mkm1TmRWRPK6n21QncUZnk1tdYkje896mYCzhMfQ67assD",
"subject": "did:key:z6MkmNnvnfzW3nLiePweN3niGLnvp2BjKx3NM186vJ2yRg2z",
"schemaId": "aed6f4f0-5ed7-4d7a-a3df-56430e1b2a88",
"data": {
"firstName": "Satoshi",
"lastName": "Nakamoto"
},
"revocable": true
}'I check the credentials status
curl http://localhost:3000/v1/credentials/status/b7a8bd19-f20d-4132-ac2e-137ff4d1511aand see
{"revoked":false,"suspended":false}but the credential can never be suspended since I've only enabled it to be revocable. It should not include suspended in the response.
More broadly with #476 we should reconsider the response returned.
One possible option would be to make a query directly against the status list credential you're interested in and get a boolean value back.
I will also note that the the method we're currently using is not privacy preserving since we're accepting queries for a specific credential which erases the herd privacy benefits of status list. An alternative would be to not support this feature, but provide a separate utility that helps a verifier compute the status of a given credential.