Credential Lifecycle Guide

From NIEF Wiki

Revision as of 20:39, 9 April 2019 by Jeff.Krug (talk | contribs) (Created page with "==About== Covers basic lifecycle management for authenticators. FIDO specifics TBD. ==Issuance== Address initial issuance. ===Enrollment=== * Credential issuance happens as f...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

About

Covers basic lifecycle management for authenticators. FIDO specifics TBD.

Issuance

Address initial issuance.

Enrollment

Credential issuance happens as final part of identity proofing process.
Authenticator is bound at this time.

Redundancy

Should issue multiple and back-up credentials.

Add-on

Allow user to add new authenticators of equal or lesser strength than the authenticator used for current session; useful for generating back-up credentials.

Use Cases

Lost Authenticator

Other login methods (potentially for reissuance).
Reporting loss (potentially trigger revocation).

Reissuance

Replace credential
In-person
Necessitate new enrollment?
Viable via redundant credentials.

Expiration

Trigger reissuance before expiration
Credential no longer valid

Revocation

Mark credential as no longer valid.

Retrieved from "https://wiki.nief.org/index.php?title=Credential_Lifecycle_Guide&oldid=155"