Skip to content

Glossary

Mossadeq Zia edited this page Jan 28, 2016 · 34 revisions

There are many different definitions for terms in the Identity Management ecosystem; here are those terms and their definitions.

The goal of the glossary is to define common Identity terms so that all parties can communicate about Identity without confusion. Some terms are used differently in specific contexts or dialects; we will map where these terms are used incorrectly or interchangeably.


A

Attribute Exchange

Attribute Query

Authentication (AuthN)

(Mutual) Authentication

Authorization (AuthZ)

B

(Double) Blind Privacy

(Triple) Blind Privacy

C

Credential

An object or data structure that authoritatively binds an identity (and optionally, additional attributes) to a token possessed and controlled by a Subscriber. SOURCE: SP 800-63

Evidence attesting to one’s right to credit or authority. SOURCE: FIPS 201

Evidence or testimonials that support a claim of identity or assertion of an attribute and usually are intended to be used more than once. SOURCE: CNSSI-4009

Credential Service Provider (CSP)

A trusted entity that issues or registers Subscriber tokens and issues electronic credentials to Subscribers. The CSP may encompass Registration Authorities (RAs) and Verifiers that it operates. A CSP may be an independent third party, or may issue credentials for its own use. SOURCE: SP 800-63

A CSP is often also an IdP.

D

E

Encryption

(Public Key) Encryption

(Symmetric) Encryption

(Asymmetric) Encryption

Entitlement

Documents that indicate that the holder is eligible for a service or benefit, such as health care.

Evidence Verifier

Evidence Verification

Evidence Verification Service

F

Fraud Detection

Fraud Indicator

G

H

Hash

Hashing Algorithm

Hub

Hub is the service provider that requests and obtains an identity assertion from an IdP on behalf of a user. On the basis of this assertion, the SP can make an access control decision - it can decide whether to perform some service for the connected principal. Will be revised as we make progress SOURCE: Wikipedia

I

Identity Access Management (IAM)

Identity Attribute

A property of a Digital Subject that may have zero or more values. Generally known as an "attribute" (name, first name, shoe size, social security number, religion, marital status, etc.) in digital form (so it's attached to a Digital Subject). The attributes exist whether or not they have a value and whether or not they're part of a Claim.

Identity Account Management

Identity Broker Service

Identity Proofing

The process by which a CSP and a RA collect and verify information about a person for the purpose of issuing credentials to that person.

Identity Provider (IdP)

An Identity Provider, also known as Identity Assertion Provider, is responsible for (a) providing identifiers for users looking to interact with a system, and (b) asserting to such a system that such an identifier presented by a user is known to the provider, and (c) possibly providing other information about the user that is known to the provider.

An Identity Provider can be described as a Service Provider for storing identity profiles and offering incentives to other SPs with the aim of federating user identities.

(Null) Identity

Identity Resolution

The ability to distinguish a person from all others within the context of the total population of persons of interest.

Identity Score

Identity Trust Framework

J

K

Key

(Public) Key

(Public) Key Infrastructure

(Symmetric) Key

(Asymmetric) Key

L

Local ID

Local Matching Service

Local Matching Service Datastore

Level Of Assurance (LOA)

M

Matching Service

N

Null Identity

An identity record present in the database that is missing one or more of the attributes included in an analysis that causes a search error and renders that record invalid for the purpose of the analysis.

O

P

Privilege

Provider ID

Provisioning

(Just-In-Time) Provisioning

(De)provisioning

Q

R

Relying Party

An entity that relies upon the subscriber’s credentials, typically to process a transaction or grant access to information or a system. SOURCE: CNSSI-4009

An entity that relies upon the Subscriber's token and credentials or a Verifier's assertion of a Claimant’s identity, typically to process a transaction or grant access to information or a system. SOURCE: SP 800-63

Registration Authority (RA)

A trusted entity that establishes and vouches for the identity or attributes of a Subscriber to a CSP. The RA may be an integral part of a CSP, or it may be independent of a CSP, but it has a relationship to the CSP(s).

S

Service Provider (SP)

T

U

V

Verifier

An entity that verifies the Claimant’s identity by verifying the Claimant’s possession and control of a token using an authentication protocol. To do this, the Verifier may also need to validate credentials that link the token and identity and check their status. SOURCE: SP 800-63

An entity which is or represents the entity requiring an authenticated identity. A verifier includes the functions necessary for engaging in authentication exchanges. SOURCE: FIPS 196

W

X

Y

Z

Clone this wiki locally