Secure Login Server is designed to issue short-lived certificates in a short-term way. One of the reasons for such approach is to eliminate the need for revocation management of certificates.
However, SLS allows to configure also longer life times. The recommendation here is to revoke or lock on account and permission level. If your iPad was stolen, there will be more risks to be handled than this certificate.
But we are also planning the integration of third party enterprise PKIs like ADCS, allowing to issue certificates with CRL DPs or OCSP AIAs. SLS then acts as Registration Authority with the full bundle of user authentication and user name mapping capabilities.
-- Stephan