Difference between revisions of "Expiry"

From MgmtWiki
Jump to: navigation, search
(State Issued IDs for Natural Persons)
(State Issued IDs for Natural Persons)
Line 22: Line 22:
 
# Social Insurance cards typically have no expiry date other than date of death, which has a legal definition which overrides reality.
 
# Social Insurance cards typically have no expiry date other than date of death, which has a legal definition which overrides reality.
 
# [[EID]] or electronic smart cards issued to state residents.
 
# [[EID]] or electronic smart cards issued to state residents.
# Driver's Licenses started out with a simple expiry date used to assure person was still qualified and able to pay.
+
# Driver's Licenses have two meanings, (1) the grant of a right to use a care on public roads, (2) a plastic card that is provided to the user with its own identity number.
 
The following [[Expiry]] dates and events can apply to a driver's license. Complications arise because the license card is also used as an ID card.
 
The following [[Expiry]] dates and events can apply to a driver's license. Complications arise because the license card is also used as an ID card.
 
# Driving with an expired license is a crime, but any judge can revoke a license at any time. That order can likewise be removed. So only an online check can be used to determine the state of the license to driver.
 
# Driving with an expired license is a crime, but any judge can revoke a license at any time. That order can likewise be removed. So only an online check can be used to determine the state of the license to driver.

Revision as of 06:45, 22 June 2022

Full Title or Meme

Certificates and Credentials typically include an Expiry date-time or event, such as "on first use".

Context

  • Many digital documents include a start data and an Expiry date.
  • Many digital documents include a nonce or serial number which typically is used to ensure that the document is only processed on time, and then expires.
  • Liicense is a grant of a right.
  • Identification is the use of document to infer some set of attributes or behaviors to a subject.

There are two concepts that are NOT addressed in the document in the holder's possession.

  • Purpose is the reason why the relying party requests access to a document.
  • Policy is used to determine whether a relying party will accept the document presented. Policy may be determined by regulation or by business rules.

Problems

Expiry of a document can be devilishly difficult to determine.

  • Typically, a Certificate will expire on a give data and time, which seems very clear.
  • When a key with a certificate is used to sign a document, should the date of validation or the date of signing be operative?
  • License plates for vehicles expire every year, primarily to ensure that access taxes are collectable. This date is topically on a sticker applied to the license plate. The sticker is the license for the vehicle to be on a public road.

State Issued IDs for Natural Persons

Four kinds of Identity documents are considered here among the many issued by states all over the world.

  1. Passports seem to be the simplest in that they have an Expiry date but cannot be used for travel starting up to 6 months before that date and are eligible for renewal up to 12 months after the expiry date. A digital version has been proposed by some states. So the expiry state of the passport require policy to determine if it is good for any particular purpose.
  2. Social Insurance cards typically have no expiry date other than date of death, which has a legal definition which overrides reality.
  3. EID or electronic smart cards issued to state residents.
  4. Driver's Licenses have two meanings, (1) the grant of a right to use a care on public roads, (2) a plastic card that is provided to the user with its own identity number.

The following Expiry dates and events can apply to a driver's license. Complications arise because the license card is also used as an ID card.

  1. Driving with an expired license is a crime, but any judge can revoke a license at any time. That order can likewise be removed. So only an online check can be used to determine the state of the license to driver.
  2. When a new license is issued, the old one typically has a hole punched in the card, a receipt for the new card is printed and the new card is mailed to the licensee. Now the card is revoked for driving, but is explicitly still valid for ID, although that may, or may not, be honored by a verifier.

For a Digital Driver's License thing get even more complex. Note in particular that the license is a grant of a right to use the public roads. Calling the card a license is conflating the idea of license to drive with a card expressing that license.

  1. The Issuer of the license has a certificate with a finite expiry date.
  2. The "mDL" is represented as a bag of bits which is typically called an mdoc and which has an Expiry date which may be significantly shorter than the license.
  3. When the mdoc Expiry date triggers, it is not the mDL that expires, but the mdoc.
  4. The value of the expired mdoc after Expiry for identification is not clear at this point.
  5. A refreshed mdoc (current mDL data) may be send to the mDL in the user's phone by some method not yet clear.
  6. Recall that the license ID number is based on the mDL, not on the mdoc. So the mdoc is what is evaluated, but the mDL is a legal right to drive and most states continue to require a physical card to be present when driving.

References