Identity Management without Revocation

Key revocation in mobile and tactical network environments remains a hard problem due to the required amount of connectivity and network bandwidth. Still, authenticity and integrity of messages are primary requirements in a tactical operation, so identity management must be offered in some form. Besides, tactical operations are organized as coalitions, where autonomous domains manage their services, identities and access control policies, and yet want to offer their services to clients in other domains. This requires that the identity management operating in the tactical zone is able to authenticate principals and control access privileges across security domains. For the sole purpose of authentication (and subsequent access control), authentication protocols are often over-engineered since they also provide privacy protection, DOS protection and even non-repudiation. Extraneous services bloat the protocol and introduce unnecessary traffic. This paper presents a cross domain identity management protocol which relies on less connectivity, sends fewer messages and maintains a weaker binding between domain authorities. It obtains this through the replacement of public key certificates with {\it identity statements} which are short-lived bindings between identity, attributes and public key. Identity statements do not offer a revocation mechanism and circumvent the familiar certificate validation problem. The increased focus on the importance of authenticated and unmodified messages, and the growing interest in mobile application makes this contribution relevant also for civilian research, e.g. in rescue networks.