 
 
 
 
 
 
   
Disconnected operation is common in our system and revocation of access rights is consequently a concern. Effective revocation of access rights in distributed systems is generally considered a hard problem to solve [9], and lack of connectivity makes the problem even more difficult. This places limits on when revocation can be performed. In order to revoke a certificate there are essentially two approaches: either to
Timestamps are used as an additional source of information for revocation purposes. Since individual users specify access policies, the correctness of the time stamp encoded into each delegation certificate depends entirely on this user's ability to determine what the current time is. However, timestamps are only used to recognize and refuse old certificates. The use of time to discard once-only delegation certificates is not entirely without risks (for a discussion, see, for example, [3]).
 
 
 
 
