Suspension and revocation of Digital Credentials

[Denisthemalice]

The end of section 1.1 states:

To support revocation of Verifiable Credentials, revocation information can optionally be retrieved from a Status Provider. The
role of a Status Provider can be fulfilled by either a fourth party or by the Issuer.

Both suspension and revocation of Digital Credentials should be mentioned. It should also be observed that the suspension or the revocation of Digital Credentials does not need necessarily involve a Status Provider.

Since Digital Credentials are hosted by a Holder which is an application, that application can contact the Issuer of the Digital Credential and be instructed by the Issuer to suspend or to stop (i.e. revoke) the use of a Digital Credential.

It is proposed to change the end of this section into:

If the suspension or the revocation of a Digital Credential is supported, an information SHALL be included into the Digital
Credential.

If Token Status Lists are used, then a specific claim (i.e., status) shall be included into the Digital Credential to indicate that this
mechanism is supported.

If a "Digital Credential Policy", analogous to a "Certificate Policy" for X.509 certificate, is included into the Digital Credential, then
in some cases, the characteristics of the Holder can be known by the Verifier. In this way, the Verifier can be able to know that the
Holder will contact the Issuer of the Digital Credential from time to time and can be instructed by the Issuer to suspend or to stop
(i.e. revoke) the use of a Digital Credential, when necessary.

If the Holder is unable to contact an Issuer during a defined period of time, e.g. 24 hours, the Holder will suspend all the Digital
Credentials issued by that issuer. When a Digital Credential has been suspended, the process can be reversed. However, when a
Digital Credential has been invalidated (e.g., revoked), the process cannot be reversed.