Idea Details

Purge Method WebFort Credential Issuance API

Last activity 12-13-2018 09:04 AM
Anon Anon's profile image
10-28-2014 07:19 AM

Introduction

With our customer we use the Arcot ID with the Arcot Native Client on Windows to distribute S/MIME certificates to be used with Outlook/Exchange. A single certificate is about 4 kByte. Certificates are renewed every year. Encryption certificates remain in the Arcot ID, signature certificates are exchanged every time. Arcot IDs expire every year and need to be reset. They may be also reset if the user forgets his password. Arcot IDs are deleted when an employee leaves the customers organisation.

  • when an Arcot ID is reset, the old Arcot ID becomes deleted and the content is copied over to the new one with the reset password.
  • when an Arcot ID is deleted, you still can query all information from that Arcot ID because the credential is only marked at deleted until you create a new one for the same user
  • after an Arcot ID was reset or a new one created for a deleted Arcot ID, you have no access to the Arcot ID any more, except by direct database access
  • the encrypted content  of an Arcot ID is stored in the database as a BLOB (Oracle)

Over time, we are gathering more and more dead information in the WebFort database with outdated information for every credential that gets deleted and recreated. Currently over 50% of our database space is taken up by deleted credentials.

Deleted credentials may be a target for hacking attacks in order to conclude, what the current credentials passwords might look like.

There is no point to store credentials, that are neither recoverable nor accessible any more.

 

Enhancement Request

Add a purge method to the WebFort Credential Issuance API  providing the same interface as the delete method already implemented. As the primary goal of this method is to clean up the database and reduce security risks by keeping only information that is still needed, the purge method should be able to purge a credential regardless of the state of the user associated with this credential and regardless of the state of the credential itself, i. e. the API always purges the credential and does not through a "user not found" exception if the user happens to belong to an LDAP organisation within !WebFort and cannot be found any more nor does it complain, if the credential itself is still active/valid. The method is meant to allow external business processes to really purge a credential forever according to the business reason the process may have to do so.

 

Technical Details

com.arcot.webfort.issuance.api
public interface CredentialIssuance

CredentialIssuance is the factory class that exposes all WebFort's credential APIs. Except setArcotIDUnsignedAttributes, deleteArcotIDUnsignedAttributes, and fetchQnAConfiguration. All other functions support multi-credential operations. In other words, in a single function call we can perform the operation on all credentials. All the multi-credential operations are atomic. That is, the operation is successful, if all operations are successful on all credentials that are specified in CredentialInputList. Otherwise, the operation will fail.

 
Existing "delete" method

CredentialResponse delete(java.lang.String userName,  java.lang.String orgName, CredentialInputList credList,  AdditionalInput additionalInput)

    throws InvalidParamException, CredentialNotFoundException, TransactionException,  ServerUnreachableException,  SDKNotInitializedException,  SDKInternalErrorException,  UserNotFoundException

This function deletes one or more credentials for a given user. The operation is atomic, which implies that either the operation succeeds for all credentials or fails for all.

Parameters:

userName - the identifier for the user.

orgName - the identifier for the organization to which the user belongs. Pass empty or null in case you want to use the default organization.

credList - the list of credentials needs to be deleted.

additionalInput - the additional input to be passed, it's a map of name-value pairs.

Returns:

CredentialResponse encapsulates the transaction details and the details of each credential output.

Throws:

InvalidParamException - This exception is thrown, if any of the inputs is invalid. The getParamName() method in InvalidParamException returns the parameter that is invalid.

CredentialNotFoundException - This exception is thrown, if credential is not present for the given user.

TransactionException - This exception is thrown, if WebFort Server could not delete the credential.

ServerUnreachableException - This exception is thrown if there is no communication between the Issuance SDK and WebFort Server.

SDKNotInitializedException - This exception is thrown if the Issuance SDK is not initialized.

SDKInternalErrorException - This exception is thrown if the SDK is unable to send/receive request/response to/from WebFort server

UserNotFoundException - This exception is thrown if the user does not exist.

 

Proposed "purge" method

CredentialResponse purge(java.lang.String userName,  java.lang.String orgName, CredentialInputList credList,  AdditionalInput additionalInput)

    throws InvalidParamException, CredentialNotFoundException, TransactionException,  ServerUnreachableException,  SDKNotInitializedException,  SDKInternalErrorException,  UserNotFoundException

This function purges one or more credentials for a given user, i. e. it cleans up the credential completely from the data store. It cannot be recovered by any means. The operation is atomic, which implies that either the operation succeeds for all credentials or fails for all.

Parameters:

userName - the identifier for the user.

orgName - the identifier for the organization to which the user belongs. Pass empty or null in case you want to use the default organization.

credList - the list of credentials needs to be deleted.

additionalInput - the additional input to be passed, it's a map of name-value pairs.

Returns:

CredentialResponse encapsulates the transaction details and the details of each credential output.

Throws:

InvalidParamException - This exception is thrown, if any of the inputs is invalid. The getParamName() method in InvalidParamException returns the parameter that is invalid.

CredentialNotFoundException - This exception is thrown, if credential is not present for the given user.

TransactionException - This exception is thrown, if WebFort Server could not delete the credential.

ServerUnreachableException - This exception is thrown if there is no communication between the Issuance SDK and WebFort Server.

SDKNotInitializedException - This exception is thrown if the Issuance SDK is not initialized.

SDKInternalErrorException - This exception is thrown if the SDK is unable to send/receive request/response to/from WebFort server

UserNotFoundException - This exception is thrown if the user does not exist. => The credential is purged, even if the user cannot be found!

 

P.S.: This idea would be best placed into "CA Security -> CA Strong Authentication", but it seems ideas cannot be placed there...


Comments

12-13-2018 09:04 AM

Thank you for your contribution of an enhancement idea to the CA Community. CA is continually working to improve its software and services to best meet the needs of its customers. Your input is vital to that effort.

The CA Advanced Authentication Product Management team has reviewed your enhancement suggestion and decided to maintain the idea for possible consideration in a future release. The Community will continue to be able to vote on this enhancement idea.

 

- The CA Advanced Authentication Product Team