Overview#
Credential Management is the management of Credentials.Credential Management is the set of practices that an Credential Service Provider uses to:[1]
- Credential Enrollment
- Credential Issuance
- Credential Reset or Credential Recovery
- Credential Suspension
- Credential Revocation
Risks with Credential Management#
- Attackers that can gain control of your Credential Management system can issue credentials that make them an insider, potentially with privileges to compromise systems undetected.
- Compromised Credential Management processes result in the need to re-issue credentials, which can be an expensive and time-consuming process.
- Business application owners’ expectations around security and Trust Models are rising, and can expose Credential Management as a weak link that may jeopardize compliance claims.
These Credentials are secrets and may consist of:
- passwords - for which we have Password Management
- Private Keys - which we really have no real standard for Credential Management, perhaps Secure Element?
- Certificates - which we have maybe Public Key Infrastructure; but that does not provide storage of Private Keys
- Universal Second Factor - Which has no standard for Credential Management
- Biometric Templates - Typically, these
No Recovery#
Any Authentication Method (or Authentication Factor) without a Credential Management that includes Credential Recovery, requires the replacement of the Credential y performing Credential Enrollment and Identity ProofingMore Information#
There might be more information for this subject on one of the following:- Biometric Data Challenges
- Credential Recovery
- Credential Service Provider
- Password Management
- Universal Second Factor Challenges
- W3C Credential Management API
- [#1] - Federal Identity, Credential, and Access Management ArchitectureContent unavailable! (broken link)https://ldapwiki.com/wiki/images/out.png - based on information obtained 2017-04-02-