Page Properties | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Quotes
2.2.4 Revocation
Identities and credentials should be revoked if they become obsolete and/or invalid. Revocation is very important for ensuring the validity of authentication and authorization based on identity data. For example, employee identities should be revoked if the subjects cease to be employed. Credentials should be revoked if they expire or are stolen or compromised. There are technical standards for revocation, such as the Online Certificate Status Protocol (OCSP) [19], to manage the revocation status of digital certificates. The revocation status should be shared among recipients of identity data in a timely manner.
Key Design and Implementation Points
- Revocation of credentials and identities should be notified to those who use them, such as identity providers, in a timely manner so that the validity of the identity data is ensured.
- Revocation history should be thoroughly recorded so that it can be included and used in audit trails.
(Bertino and Takahashi, 2010, p. 35)
Revocation: The process of permanently ending the binding between a certificate and the identity asserted in the certificate from a specified time forward.
(World Bank Group and GPFI, 2018, p. viii)
Bibliography
...
See Also
...
...
/wiki/spaces/QUOT/pages/67600460