Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Page Properties

Contexts

Computer Science, IAM

Term

Revocation

Alternative Forms

N/A

Definitions

The temporary or permanent invalidation (e.g. through removal, cancellation or deactivation) of identities, principals, credentials and/or authorizations.

Example: an account lockout policy that temporarily deactivate an account is a temporary revocation.

Related Terms

  • Deactivation

  • Deprovisioning

Quotes

2.2.4 Revocation

Identities and credentials should be revoked if they become obsolete and/or invalid. Revocation is very important for ensuring the validity of authentication and authorization based on identity data. For example, employee identities should be revoked if the subjects cease to be employed. Credentials should be revoked if they expire or are stolen or compromised. There are technical standards for revocation, such as the Online Certificate Status Protocol (OCSP) [19], to manage the revocation status of digital certificates. The revocation status should be shared among recipients of identity data in a timely manner.

Key Design and Implementation Points

- Revocation of credentials and identities should be notified to those who use them, such as identity providers, in a timely manner so that the validity of the identity data is ensured.

- Revocation history should be thoroughly recorded so that it can be included and used in audit trails.

(Bertino and Takahashi, 2010, p. 35)

Revocation: The process of permanently ending the binding between a certificate and the identity asserted in the certificate from a specified time forward.

...

...

...