Guardian VC revocation architecture

[anvabr]

Problem description

At present numerous VCs and VPs issued in the normal Guardian operation are 'permanent' in a sense that end-users have no standard/practical way of 'recalling' them, or determining if they are still valid or have since been revoked, and no support from Guardian in doing so.

Requirements

• Introduce a generic revocation workflow into the Guardian Policy Engine, where each of the actors signing/authorising anything should be able to revoke that authorisation/submission. This action should result in the re-invalidation of the entire trust chain following the step, generating revocation messages along the way.
• All tokens which were minted on the basis of invalid VC etc and which are owned by the issuer need to be invalidated (how exactly is TBD, probably burned).
• The rest of the tokens (owned by other entities) are invalidated (TBD - this process is described in a separate ticket).
• Revocation messages must be placed into the same topics as the corresponding original messages announcing the creation of VCs (see Policies, Projects and Topics mapping #387 for details on the latter)
• For all Guardian workflows, at any point in the workflow where an action is taken or a decision is made on the basis of validity of a VC/VP the system must check for VC revocation and error if the VC/VP is invalid.
• Trust chain view should check for revocation and correctly display the validity of the artefacts and the process.

Practical use-case example

A sensor submitted invalid MRV data as a result of a malfunction. It was established, and the installer needs the revoke credentials for the sensor starting from a certain date.

Definition of done

• UI allows for manual revocation of artefacts which works as describe in the Requirements section.
• This functionality is also exposed via the API
• Guardian operates with the knowledge of VC/artefacts validity, verifying it where necessary and informing user/changing it's operation accordingly when the artefacts have been revoked.

Acceptance criteria

• All VCs/VPs and other artefacts (such as tokens) produced by Guardian can be revoked, and the revocation is handled correctly.

[anvabr]

See useful guide here.

[Mpinnola]

For some context:

One of the main pathways to becoming an accredited VVB for Verra projects is through the ANSI National Accreditation Board (ANAB). They publish the following lists in the link below:

https://anab.ansi.org/greenhouse-gas-validation-verification/directory

All Accredited Bodies
Current Suspension List
Past Suspension List
Voluntary Withdraws
Withdraws

There are also some other considerations regarding VVB eligibility, which I have summarized below:

VVB Rotation: After initial validation and verification, subsequent verifications shall be undertaken by different VVBs. A VVB may not verify more than six consecutive years of a project’s GHG emission reductions or removals.
VVB Scopes: VVBs shall hold such accreditation or approval for validation or verification (as applicable) for the specific sectoral scope(s) applicable to the methodology applied to the project.
Reassessment: VVB accreditation is normally valid for five years, after which they must be reassessed.
Right to Complete Service Provider Contracts: Verra may allow the VVB to complete Service Provider Contracts entered into between the VVB and Project Proponents prior to the end of the Service Period.

Other pathways (besides ANAB) to become a VVB:

Approval under a VCS-approved GHG program such as the United Nations Clean Development Mechanism (CDM) as a Designated Operational Entity (DOE). VVBs may use their DOE accreditation through the end of June 2023.
Organismo Nacional de Acreditación de Colombia (ONAC)
South African National Accreditation System (SANAS)
Standards Council of Canada (SCC)