1.3.3 Credential Life Cycle Management Processes


Figure 6: Credential Life Cycle Management

Architectural decision: Suspension of a credential is not supported in the reference architecture. It was left out to reduce complexity and can be added in a specific architecture if really needed.

(Process) Activity Details
Credential Issuance/replacement Provision a principal with a credential
Credential revocation Update the identity register to reflect the revocation status. The process might also trigger the collection of a physical credential like an OTP token.

Class Details
Credential creation/production facility Depending on the type of credential this might just be a password generator or could be e.g. a smartcard production.
Credentials can be delivered electronically, physically face to face, or via a delivery service.
Identity Registry Contains the subset of Identity Information that is required for enrolment, authentication and revocation services.

Event Details
new credential A process triggered the credential issuance process.
Replacement event  
revoke credential A process triggered the revocation of a credential.

(result) Object Details
Principal cannot authenticate  
Principal possesses activated credential