Skip to main content

EAA ConformanceETSI TS 119 472-1 (v1.2.1) clause 5.2.10.1

EAA-5.2.10.2-01:status URI must resolve to a parseable Token Status List

  • shall
  • Ordinary EAA
  • QEAA
  • PuB-EAA
  • SD-JWT VC
  • Issuer
  • Verifier

Spec text

Runtime resolver check (IETF draft-ietf-oauth-status-list-13). When the EAA carries a status component, the URI must dereference to a Token Status List in the JWT or CWT serialisation, and the credential's index must read out a registered status value.

ETSI TS 119 472-1 (v1.2.1), clause 5.2.10.1, page 32.

In plain English

The link the credential gives for revocation lookups must actually work and return a valid status entry for the credential.

Why it matters

Verifiers cannot make trust decisions if the revocation list is unreachable or unparseable; this gate confirms the resolver path is live end to end.

Common mistakes

  • Publishing a status list behind authentication or with the wrong content-type.
  • Index pointing past the end of the list.

Conformance check

Auto-tested. Use the action in the sidebar to run a Self-Assessment for this control.

Last reviewed against ETSI TS 119 472-1 v1.2.1 on 2026-05-01.

iGrant.io’s EAA Issuer SDK handles this control out of the box. Talk to our team about closing your conformance gaps.

Chat on WhatsAppEmail support