Versions Compared

Old Version 11

changes.mady.by.user David Doret

Saved on

compared with

New Version Current

changes.mady.by.user David Doret

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Page Properties
IAMSources

Contexts

Computer Science, IAM

Term

Revocation

Context

Alternative Forms

N/A

Definitions

The temporary or permanent invalidation (e.g. through removal, cancellation or deactivation) of identities, principals, credentials and/or authorizations.

QuestionExample: should account lockout policies be considered as revocations? Strictly speaking, yes.

an account lockout policy that temporarily deactivate an account is a temporary revocation.

Related Terms

  • Deactivation

  • Deprovisioning

Quotes

2.2.4 Revocation

Identities and credentials should be revoked if they become obsolete and/or invalid. Revocation is very important for ensuring the validity of authentication and authorization based on identity data. For example, employee identities should be revoked if the subjects cease to be employed. Credentials should be revoked if they expire or are stolen or compromised. There are technical standards for revocation, such as the Online Certificate Status Protocol (OCSP) [19], to manage the revocation status of digital certificates. The revocation status should be shared among recipients of identity data in a timely manner.

Key Design and Implementation Points

- Revocation of credentials and identities should be notified to those who use them, such as identity providers, in a timely manner so that the validity of the identity data is ensured.

- Revocation history should be thoroughly recorded so that it can be included and used in audit trails.

(Bertino and Takahashi, 2010, p. 35)

Revocation: The process of permanently ending the binding between a certificate and the identity asserted in the certificate from a specified time forward.

(World Bank Group and GPFI, 2018, p. viii)

Bibliography

...

See Also

...