Typically, in trust based scenarios whenever a trust is established between the participating entities, the trust will remain active until an explicit action is taken by one or more of the participating entities to delete or revoke the artifact symbolizing the trust. For example, a trust is established in the form of a secret key which is shared between a server and partner application which uses the server's services. This trust remains until 1) the key is modified, revoked, deleted, etc., or 2) The server administrator explicitly deletes the partner application entry.
The problem with this implementation is that there are situations where an infinite longevity of such a trust is not required (e.g., administration overhead due to too many applications getting registered and not being used after few days), and the login server will have too many apps being registered and some of them will be needed only for a few days, for example. The login server may be an Oracle™ Single Sign-On server. However, the trust will still nonetheless remain until the entry is deleted explicitly, thus, opening the server up to potential security breaches and the like. Hence, improvements are needed in the art.