esdb_revocation (reckon_db v1.2.7)

View Source

Token revocation management for reckon-db.

Manages revocation of capability tokens. Tokens can be revoked before their expiration when:

  • A key is compromised
  • An identity is removed from the system
  • Permissions need to be immediately revoked

This module supports multiple revocation strategies:

  • Local ETS (current): Fast local lookups, no distribution
  • Gossip (planned): Eventually consistent, partition tolerant
  • Epoch-based (planned): Revoke all tokens before a timestamp

Summary

Functions

clear()

Clear all revocations (for testing)

get_revocations()

Get all active revocations (for debugging/monitoring)

is_issuer_revoked(IssuerDID)

Check if an issuer DID is revoked

is_revoked(TokenCID)

Check if a token CID is revoked

revoke(TokenCID)

Revoke a token by its CID

revoke(TokenCID, Reason)

Revoke a token with a reason

revoke_issuer(IssuerDID)

Revoke all tokens from an issuer

start_link()

Start the revocation server

Functions

clear()

-spec clear() -> ok.

Clear all revocations (for testing)

get_revocations()

-spec get_revocations() -> #{tokens := [binary()], issuers := [binary()]}.

Get all active revocations (for debugging/monitoring)

is_issuer_revoked(IssuerDID)

-spec is_issuer_revoked(binary()) -> boolean().

Check if an issuer DID is revoked

is_revoked(TokenCID)

-spec is_revoked(binary()) -> boolean().

Check if a token CID is revoked

revoke(TokenCID)

-spec revoke(binary()) -> ok.

Revoke a token by its CID

revoke(TokenCID, Reason)

-spec revoke(binary(), binary() | undefined) -> ok.

Revoke a token with a reason

revoke_issuer(IssuerDID)

-spec revoke_issuer(binary()) -> ok.

Revoke all tokens from an issuer

This is useful when an identity is compromised or removed. All tokens with this issuer DID will be considered revoked.

start_link()

-spec start_link() -> {ok, pid()} | {error, term()}.

Start the revocation server