Hi Daniel,
While this is a typical case that we want to make better in the future, I think in this case I would recommend:
- Model the keys using persistent facts
- Ensure revocation of a key has a corresponding action fact "Revoke(k)"
- At the point in your model where a user supposedly checks if a key k is revoked, add an action "IsNotRevoked(k)"
- Add a restriction that forces that for all IsNotRevoked(k)@i, there cannot be a Revoke(k)@j with j < i .
You can do something similar for refreshing keys.
Hope this helps,
Cas