Revocation (Dictionary Entry)
Contexts | Computer Science, IAM |
|---|---|
Term | Revocation |
Alternative Forms | N/A |
Definitions | The temporary or permanent invalidation (e.g. through removal, cancellation or deactivation) of identities, principals, credentials and/or authorizations. Example: an account lockout policy that temporarily deactivate an account is a temporary revocation. |
Related Terms |
|
Quotes
2.2.4 Revocation
Identities and credentials should be revoked if they become obsolete and/or invalid. Revocation is very important for ensuring the validity of authentication and authorization based on identity data. For example, employee identities should be revoked if the subjects cease to be employed. Credentials should be revoked if they expire or are stolen or compromised. There are technical standards for revocation, such as the Online Certificate Status Protocol (OCSP) [19], to manage the revocation status of digital certificates. The revocation status should be shared among recipients of identity data in a timely manner.
Key Design and Implementation Points
- Revocation of credentials and identities should be notified to those who use them, such as identity providers, in a timely manner so that the validity of the identity data is ensured.
- Revocation history should be thoroughly recorded so that it can be included and used in audit trails.
Revocation: The process of permanently ending the binding between a certificate and the identity asserted in the certificate from a specified time forward.
Bibliography
See Also
Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.
This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.
