Credentials
Revocation
An issuer's explicit withdrawal of a credential they previously issued — distinct from (and independent of) recipient-requested erasure.
Revocation is an issuer's assertion: "I no longer endorse this credential." It's orthogonal to GDPR erasure, which is a recipient's assertion: "remove my PII." A credential can be revoked without being erased, erased without being revoked, both, or neither.
LearnCoin models revocation and erasure as independent state transitions stored in separate database rows. The public verification page renders a four-state matrix depending on the (revoked, erased) tuple: normal, erased (name redacted), revoked (full tombstone with reason), or both (minimal tombstone honoring both assertions).
Revocation reasons are drawn from a closed enum (per ADR-007) so reasons are machine-readable and consistent across tenants. ISSUER_ERROR has a long correction window; policy violations are a separate reason with different downstream semantics.
Standards-discoverable revocation — via Bitstring Status List embedded in the signed credential — is on the roadmap. Today, revocation is resolvable via LearnCoin's verification API and the public verify page; that's reliable but requires LearnCoin's infrastructure to be reachable.