Difference between revisions of "Expiry"

From MgmtWiki
Jump to: navigation, search
(Context)
(Context)
Line 6: Line 6:
 
* Many digital documents include a nonce or serial number which typically is used to ensure that the document is only processed on time, and then expires.
 
* Many digital documents include a nonce or serial number which typically is used to ensure that the document is only processed on time, and then expires.
 
* Liicense is a grant of a right.
 
* Liicense is a grant of a right.
* Identification is the use of document to infer some set of attributes to a subject.
+
* Identification is the use of document to infer some set of attributes or behaviors to a subject.
 
There are two concepts that are NOT addressed in the document in the holder's possession.
 
There are two concepts that are NOT addressed in the document in the holder's possession.
 
* Purpose is the reason why the relying party requests access to a document.
 
* Purpose is the reason why the relying party requests access to a document.

Revision as of 06:32, 22 June 2022

Full Title or Meme

Certificates and Credentials typically include an Expiry date-time or event, such as "on first use".

Context

  • Many digital documents include a start data and an Expiry date.
  • Many digital documents include a nonce or serial number which typically is used to ensure that the document is only processed on time, and then expires.
  • Liicense is a grant of a right.
  • Identification is the use of document to infer some set of attributes or behaviors to a subject.

There are two concepts that are NOT addressed in the document in the holder's possession.

  • Purpose is the reason why the relying party requests access to a document.
  • Policy is used to determine whether a relying party will accept the document presented. Policy may be determines by regulation or by business rules.

Problems

Expiry can be devilishly difficult to determine.

  • Typically, a Certificate will expire on a give data and time, which seems very clear.
  • When a key with a certificate is used to sign a document, should the data of validation or the date of signing be operative?
  • License plates for vehicles expire every year, primarily to ensure that access taxes are collectable.

State Issued IDs

Four kinds of Identity documents are considered here among the many issued by states all over the world.

  1. Passports seem to be the simplest in that they have an Expiry date but cannot be used for travel starting up to 6 months before that date and are eligible for renewal up to 12 months after the expiry date.
  2. Social Insurance cards typically have no expiry date other than death.
  3. EID or electronic smart cards issued to state residents.
  4. Driver's Licenses started out with a simple expiry date used to assure person was still qualified and able to pay.

The following Expiry dates and events can apply to a driver's license. Complications arise because the license card is also used as an ID card.

  1. Driving with an expired license is a crime, but any judge can revoke a license at any time. That order can likewise be removed.
  2. When a new license is issued, the old one typically has a hole punched in the card, a receipt for the new card is printed and the new card is mailed to the licensee. Now the card is revoked for driving, but is explicitly still valid for ID, although that may, or may not, be honored by a verifier.

For a Digital Driver's License thing get even more complex. Note in particular that the license is a grant of a right to use the public roads. Calling the card a license is conflating the idea of license to drive with a card expressing that license.

  1. The Issuer of the license has a certificate with a finite expiry date.
  2. The "mDL" is represented as a bag of bits which is typically called an mdoc and which has an Expiry date which may be significantly shorter than the license.
  3. When the mdoc Expiry date triggers, it is not the mDL that expires, but the mdoc.
  4. The value of the expired mdoc after Expiry for identification is not clear at this point.
  5. A refreshed mdoc (current mDL data) may be send to the mDL in the user's phone by some method not yet clear.
  6. Recall that the license ID number is based on the mDL, not on the mdoc. So the mdoc is what is evaluated, but the mDL is a legal right to drive and most states continue to require a physical card to be present when driving.

References