Assurance

["Jones, Mark B" <>]

I interpret “no longer valid” as any circumstance where the owner of a credential should no longer be allowed to use that credential.  For instance an employee leaves the institution or a student drops out or if a user is issued two accounts by mistake and one of the two accounts is deactivated (invalidated).

 

This can get messy as this leaves the definition of ‘valid’ to each institution.  So you should have documents that spell out when your accounts should come and go.  For instance you may want student accounts to remain active over the summer even if the student is not enrolled for the summer.  Or you may want the opposite.  Just document how you do it.

 

 

 

From: [mailto:] On Behalf Of Lisa Campeau
Sent: Monday, November 12, 2012 12:51 PM
To:
Subject: [Assurance] question about 'valid' credential

 

4.2.4.1  The IdPO shall revoke Credentials and Tokens within 72 hours after being notified that a Credential is no longer valid or is compromised.

 

 

What is meant by ‘no longer valid’ here?  For instance, we discussed this and we could have a faculty member switch to being an unpaid researcher.  We would not want to revoke his Silver status due to the fact that he is inactive in payroll for a time before receiving an active ‘Researcher’ affiliation.  Other faculty members sometimes are affected by having a Business Administrator neglect to extend an appointment, we have major problems if we  revoked silver  status in that case as well. 

 

Do  ‘no longer valid’ and ‘compromised’ mean the same thing?  Or does validity have something to do with morbidity?

 

-          Lisa

 

 

Lisa Campeau

Team Leader, Identity Management Information

     and System Operations

Data Administration - Admin Information Technologies

3401 Walnut, Suite 265C

Philadelphia, PA  19104-6228

phone 215-573-1951 fax 215-898-0386