2 CessationOfTrust

This method is to be called when an applicant is no longer eligible for a PIV credential.

It will immediately start to cancel all derived credentials that the credential authenticated.

Note: If an applicant has multiple derived credentials on the same device (for example, two derived credential VSCs on the same physical PC) only the first derived credential is canceled.

2.1 Inputs

Parameter	Format	Use
credentialFASCN	String(50)	Identifies the FASCN for the credential that is no longer to be trusted (hex representation).
credentialUUID	String(38)	Identifies the UUID for the credential that is no longer to be trusted. The -{ and } symbols are optional.

Parameter

Format

Use

credentialFASCN

String(50)

Identifies the FASCN for the credential that is no longer to be trusted (hex representation).

credentialUUID

String(38)

Identifies the UUID for the credential that is no longer to be trusted.

The -{ and } symbols are optional.

2.2 Possible outcomes

One of the parameters must be supplied otherwise an 1100 - Minimum data not supplied error will be returned.

If one or more of the parameters contain invalid characters, for example wildcards, an 1102 - Invalid Data error will be returned.

If the supplied parameters do not match any credentials, a zero will be returned.

If the supplied parameters do match credentials and they are all successfully canceled, the number of credentials canceled will be returned.

If the supplied parameters do match credentials and one or more fail to cancel, an 1101 - One or more devices failed to cancel error will be returned which will contain details of each device.

For more details about the errors, see section 8, Error reference.