As in title: two new endpoints are needed, to control status of a credential (removal, invalidation) and also 2nd factor opt-in status of a user.
