version 0.12



Revoke a published resource.

A revocation is a resource which revokes a previously published resource. Revoked resources replace existing resources. When a resource is requested, if the resource has been revoked the proper response is the revocation resource.


Since this protocol is a synchronized system and does not use a central authority, please note that revoking a resource is not an instantaneous action–revoking a resource may take a very long time, and in fact there is no guarantee that the resource will ever be fully removed from the network.

Revoke an Identity

An identity may publish a revocation of its own identity resource. Doing so indicates that the private key of the identity should be considered invalid after the the revocation has been published. Any data originating from the identity after the revocation should be considered invalid.

It is left as an implementation decision whether data prior to the revocation should be treated as invalid after the revocation is published.


This object contains the following property:

revoke (object, required)

Holds the properties used to revoke the resource.

This contains the following reserved properties:

revoke.resource (string, required)

The resource identifier of the resource being revoked.

revoke.authorization (string, optional)

If the revocation is being published by an identity other than the identity used to publish the original resource, this value must be present.

This value is the resource identifier of the trust resource giving this identity authorization to revoke the resource.


  "$schema": "",
  "type": "object",
  "properties": {
    "revoke": {
      "type": "object",
      "properties": {
        "resource": {
          "type": "string"
        "authorization": {
          "type": "string"
      "required": [ "resource" ]
  "required": [ "revoke" ]