Managed credential acquisition

Credential providers and identity providers must participate in managed credential acquisition in order to respond to the user's requests to obtain new credentials for an identity or to renew credentials for an existing identity.

There are two major processes that result in managed credential acuqisition. One is the acquisition of credentials, while the other is credential renewal. During a renewal, existing credentials are used to obtain new credentials which expire later than the existing credential. Typically, the identity provider performs the task of obtaining renewed initial credentials while the other credential providers obtain new credentials based on these initial credentials.

New Credentials

When a user initiates the process of initial credential acquisition, Network Identity Manager broadcasts a <KMSG_CRED,KMSG_CRED_NEW_CREDS> message. Credential providers which need to participate in the credential acquisition should respond to this message as detailed in Responding to credential acquisition messages.

Renew Credentials

Network Identity Manager broadcasts a <KMSG_CRED,KMSG_CRED_RENEW_CREDS> message to initiate the process of renewing credentials. This may be triggered automatically or by a user action. Credential providers which need to participate in the renewal should respond to this message as detailed in Responding to credential acquisition messages.

The following pages provide detailed information:


Generated on Fri Aug 3 08:27:13 2007 for Network Identity Manager by Doxygen 1.5.2
© 2004-2007 Massachusetts Institute of Technology.
© 2005-2007 Secure Endpoints Inc.
Contact khimaira@mit.edu