<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] is a [NIST] INTERNAL/INTERAGENCY REPORTS ([NISTIR]) covering A [Credential] Reliability and [Revocation|Credential Revocation] Model for [Federated Identities|Federated Identity]

[{$pagename}] points out:
''Evidence of malicious activity at the [service provider|Relying Party] is not generally shared with the [identity provider|Identity Provider (IDP)]. This situation is unfortunate, as the [service provider|Relying Party] is at the forefront of attacks. It has all audit trails and knowledge of suspicious or malicious account activities [...] [Service provider|Relying Party] feedback is especially useful and indicative in the [federation] since the feedback is likely reported by several [service provider|Relying Party] in the [federation], thus providing strong evidence of [credential] compromise.''

!! Uniform Reliability and Revocation Service (URRS)
[{$pagename}] suggest a Uniform Reliability and Revocation Service (URRS) further stating:
The URRS is the central information collection and distribution point of credential status information and
its reliability. The role of the URRS is to:
* Maintain [credential] status (ACTIVE, SUSPENDED, REVOKED).
* Communicate [credential] status and reliability scores to [service provider|Relying Party] in order for the [service provider|Relying Party] to make a [risk] based decision to accept or decline the proposed [credential] for [authentication].
* Maintain reliability score for each ACTIVE [credential] and
** Lower the reliability score in cases where the pre-established reliability threshold has not been reached. The [credential] status in this case remains ACTIVE.
** Update the [credential] status to SUSPENDED in cases where the pre-established reliability threshold has been reached or as requested by the user.
** Update the [credential] status to REVOKED as requested by the [identity provider|Identity Provider (IDP)].
* Communicate feedback from the service provider to the identity provider and the user, including the resulting actions (credential status and/or reliability score update).
* Accept immediate SUSPENSION requests from the user for credentials that have not reached the pre-established reliability threshold.
* Accept immediate REVOCATION requests from the identity provider for credentials that have not reached the pre-established reliability threshold.
The URRS automatically updates the reliability score with each feedback from the service provider.

These updates are communicated to the identity provider and the user. The URRS automatically suspends the credential if a feedback causes the score to fall below the reliability score threshold. The threshold value is established and agreed upon by the identity providers and service providers when the URRS is set up.

%%warning
However, there has been no further activity on the Uniform Reliability and Revocation Service since proposed in [2012|Year 2012]
%%

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
</pre>