@SignOfficial
I expected this revoke to go through.
It didn’t.
No error.
Just... no change.
Same credential.
Still valid.
Exactly as if nothing had been called.
For a second I thought I hit the wrong record.
Ran it again.
Nothing moved.
So I checked the attester.
Matched.
Then I checked the schema.
Different address.
That didn’t sit right.
I tried from the attester side again.
Still nothing.
Didn’t even look like it tried.
Switched it.
Called from the schema side.
This time it went through.
That’s where it flipped.
The attester could issue it.
But couldn’t undo it.
The registrant could.
I ran another one.
Different credential.
Same behavior.
Issued in one place.
Controlled in another.
I stayed on it longer than I planned.
Because nothing was failing.
Everything was just... ignoring the wrong caller.
I keep coming back to this as split authority.
The entity creating the credential...
isn’t the one that can turn it off.
From the outside, it looks like issuer control.
Inside, control sits somewhere else entirely.
Two authorities.
Only one visible when the credential is created.
$SIGN only matters if the same entity that issues a credential is also the one that can revoke it under real usage...
not just the one that defined the schema it lives under.
Because once those split...
revocation stops being an action.
And becomes a dependency.
So the real question becomes this.
When something needs to be turned off fast...
who are you actually waiting on?