Revocation

From MgmtWiki

Revision as of 10:03, 2 October 2018 by Tom (talk | contribs) (→‎Context)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Contents

1 Full Title or Meme
2 Context
3 Problems
4 Solutions
5 References

Full Title or Meme

The problem of revoking a grant previously issued on behalf of a Subject which is a requirement of several privacy regulations.

Context

The collection of User Private Information by a Data Controller now necessitates the ability Authenticate the User under a wide range of challenges, like:

Simplest of all the User needs to Authenticate from time to time and on a variety of devices under less than ideal conditions where passwords are mistyped and Alternate Authentication factors are lost or fail.

Problems

Once a Bearer Token has been issued to a Relying Party by a Identifier or Attribute Provider there is no practical way to issue a Revocation that will guarantee success.

Solutions

Issue a Refresh Token that can be used by the Relying Party to acquire an access token with a short life time. Revocation would not be possible during that short life time.
Require the Authorization endpoint to verify liveness of the token before it authorizes actual access to the Resource.

References

Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=Revocation&oldid=3684"

Glossary