-
Notifications
You must be signed in to change notification settings - Fork 113
Glossary
There are many different definitions for terms in the Identity Management ecosystem; here are those terms and their definitions.
The goal of the glossary is to define common Identity terms so that all parties can communicate about Identity without confusion. Some terms are used differently in specific contexts or dialects; we will map where these terms are used incorrectly or interchangeably.
Attribute Exchange
Attribute Query
Authentication (AuthN)
(Mutual) Authentication
Authorization (AuthZ)
(Double) Blind Privacy
(Triple) Blind Privacy
Credential
An object or data structure that authoritatively binds an identity (and optionally, additional attributes) to a token possessed and controlled by a Subscriber. SOURCE: SP 800-63
Evidence attesting to one’s right to credit or authority. SOURCE: FIPS 201
Evidence or testimonials that support a claim of identity or assertion of an attribute and usually are intended to be used more than once. SOURCE: CNSSI-4009
Credential Service Provider (CSP)
A trusted entity that issues or registers Subscriber tokens and issues electronic credentials to Subscribers. The CSP may encompass Registration Authorities (RAs) and Verifiers that it operates. A CSP may be an independent third party, or may issue credentials for its own use. SOURCE: SP 800-63
A CSP is often also an IdP.
Encryption
(Public Key) Encryption
(Symmetric) Encryption
(Asymmetric) Encryption
Entitlement
Documents that indicate that the holder is eligible for a service or benefit, such as health care.
Evidence Verifier
Evidence Verification
Evidence Verification Service
Fraud Detection
Fraud Indicator
Hash
Hashing Algorithm
Hub
Hub is the service provider that requests and obtains an identity assertion from an IdP on behalf of a user. On the basis of this assertion, the SP can make an access control decision - it can decide whether to perform some service for the connected principal. Will be revised as we make progress SOURCE: Wikipedia
Identity Access Management (IAM)
Identity Attribute
A property of a Digital Subject that may have zero or more values. Generally known as an "attribute" (name, first name, shoe size, social security number, religion, marital status, etc.) in digital form (so it's attached to a Digital Subject). The attributes exist whether or not they have a value and whether or not they're part of a Claim.
Identity Account Management
Identity Broker Service
Identity Proofing
The process by which a CSP and a RA collect and verify information about a person for the purpose of issuing credentials to that person.
Identity Provider (IdP)
An Identity Provider, also known as Identity Assertion Provider, is responsible for (a) providing identifiers for users looking to interact with a system, and (b) asserting to such a system that such an identifier presented by a user is known to the provider, and (c) possibly providing other information about the user that is known to the provider.
An Identity Provider can be described as a Service Provider for storing identity profiles and offering incentives to other SPs with the aim of federating user identities.
(Null) Identity
Identity Resolution
The ability to distinguish a person from all others within the context of the total population of persons of interest.
Identity Score
Identity Trust Framework
Key
(Public) Key
(Public) Key Infrastructure
(Symmetric) Key
(Asymmetric) Key
Local ID
Local Matching Service
Local Matching Service Datastore
Level Of Assurance (LOA)
Matching Service
Null Identity
An identity record present in the database that is missing one or more of the attributes included in an analysis that causes a search error and renders that record invalid for the purpose of the analysis.
Privilege
Provider ID
Provisioning
(Just-In-Time) Provisioning
(De)provisioning
Relying Party
An entity that relies upon the subscriber’s credentials, typically to process a transaction or grant access to information or a system. SOURCE: CNSSI-4009
An entity that relies upon the Subscriber's token and credentials or a Verifier's assertion of a Claimant’s identity, typically to process a transaction or grant access to information or a system. SOURCE: SP 800-63
Registration Authority (RA)
A trusted entity that establishes and vouches for the identity or attributes of a Subscriber to a CSP. The RA may be an integral part of a CSP, or it may be independent of a CSP, but it has a relationship to the CSP(s).
Service Provider (SP)
Verifier
An entity that verifies the Claimant’s identity by verifying the Claimant’s possession and control of a token using an authentication protocol. To do this, the Verifier may also need to validate credentials that link the token and identity and check their status. SOURCE: SP 800-63
An entity which is or represents the entity requiring an authenticated identity. A verifier includes the functions necessary for engaging in authentication exchanges. SOURCE: FIPS 196