Overview#

Credential Management is the management of Credentials.

Credential Management is the set of practices that an Credential Service Provider uses to:[1]

• Credential Enrollment
• Credential Issuance
• Credential Reset or Credential Recovery
• Credential Suspension
• Credential Revocation

credentials for identities within their context and amongst any Federation partners

Risks with Credential Management#

• Attackers that can gain control of your Credential Management system can issue credentials that make them an insider, potentially with privileges to compromise systems undetected.
• Compromised Credential Management processes result in the need to re-issue credentials, which can be an expensive and time-consuming process.
• Business application owners’ expectations around security and Trust Models are rising, and can expose Credential Management as a weak link that may jeopardize compliance claims.

These Credentials are secrets and may consist of:

• passwords - for which we have Password Management
• Private Keys - which we really have no real standard for Credential Management, perhaps Secure Element?
• Certificates - which we have maybe Public Key Infrastructure; but that does not provide storage of Private Keys
• Universal Second Factor - Which has no standard for Credential Management
• Biometric Templates - Typically, these

No Recovery#

Any Authentication Method (or Authentication Factor) without a Credential Management that includes Credential Recovery, requires the replacement of the Credential y performing Credential Enrollment and Identity Proofing

More Information#

There might be more information for this subject on one of the following:

• Biometric Data Challenges
• Credential Recovery
• Credential Service Provider
• Password Management
• Universal Second Factor Challenges
• W3C Credential Management API

---

• [#1] - Federal Identity, Credential, and Access Management Architecture - based on information obtained 2017-04-02-