Omaerz: 33 revisions imported: Initial Upload of old pages from IDESG Wiki

2018-06-28T03:51:47Z

33 revisions imported: Initial Upload of old pages from IDESG Wiki

New page

==Definition==
#A set of data presented as evidence of a claimed digital identifier or set of attributes.
#A set of data held by the user that allows presentation of evidence of a claimed digital identifier or set of attributes.

==Notes==
A certificate associated with a credential can establish a level of confidence in the attributes used in the identity claim as well as the security of the credential.

The security of some credentials, as defined in 1 above, like passwords, are not generally secure. The security of credentials that are not directly passed, as defined in 2 above, can be made arbitrarily secure.

Previous proposed definitions include:
#Attribute(s) presented as evidence of a claimed identity. (Taxonomy AHG)
#An object or data structure that authoritatively binds an identity (and optionally, additional attributes) to a token possessed and controlled by a Subscriber. (NIST 800-63)
#Some form of token presented to facilitate identification and authentication. (Wallace)
#Verified attributes presented as evidence of a claimed identity.(Faron)
#Evidence of possession of an attribute by an entity, provided during identity proofing and similar processes.(Fenton)
#Something that is verifiable and is presented as evidence of a claimed identity and/or entitlement.(Corwin)
#A credential is an attestation of qualification, competence, or authority issued to an individual by a third party with a relevant or de facto authority or assumed competence to do so. (Wikipedia)
#A credential needs to be an unique property of an individual that cannot be transferred. (Tom Jones)

Open question: Is binding necessary, or preferred?

== Sources ==
ITU-T X.1252

NIST 800-63: An object or data structure that authoritatively binds an identity (and optionally, additional attributes) to a token possessed and controlled by a Subscriber.
While common usage often assumes that the credential is maintained by the Subscriber, this document also uses the term to refer to electronic records maintained by the CSP which establish a binding between the Subscriber’s token and identity.

[http://www.w3.org/TR/credential-management-1/#concept-credential W3C Credential Management Level 1]

From a developer’s perspective, a ''credential'' is an object which allows a developer to make an authentication decision for a particular action. Various types of credentials are used or presented by the [[User Agent]]. A credential is effective for a particular site if it is accepted as authentication on that site. Even if a credential is effective at a particular point in time, the [[User Agent]] can’t assume that the same credential will be effective at any future time, for a couple reasons:
#A password credential may stop being effective if the account holder changes their password.
#A credential made from a token received over SMS is likely to only be effective for a single use.

Single-use credentials are generated by a credential source, which could be a private key, access to a federated account, the ability to receive SMS messages at a particular phone number, or something else. Credential sources are not exposed by the [[User Agent]]. To unify the model, we consider a password to be a credential source on its own, which is simply copied to create password credentials.

== Status ==
<span style="background:green">MC Approved</span>

{{Comment}}

----
Quick Links: [[Taxonomy]] | [[Taxonomy Project Management]] | [[Taxonomy AHG Catalog]] | [[Taxonomy AHG Glossary]] |
----

[[Category:Glossary]]

Credential - Revision history

Omaerz: 33 revisions imported: Initial Upload of old pages from IDESG Wiki