Something that the claimant possesses and controls that is used to authenticate the claimant’s digital identity.
The Taxonomy AHG observed that the word token has many meanings depending on the context. The OAuth protocol has a logical object called a token that signifies that authentication has occurred, and many people think of a physical device as a token. In the context of electronic authentication the group converged on the concept from SP 800-63 of the token as the secret controlled by the Claimant that enables them to authenticate.
The primary threat to which tokens are subject is loss or theft.
Example: Passwords and cryptographic keys are all tokens. Note that the token is secret, information, that must remain under subscriber control.
This version of the definition was added to the glossary on 12/10 based upon the definition included in the Weekly Discussion Guide for 12/5.
NIST SP 800-63
Quick Links: Taxonomy | Taxonomy Project Management | Taxonomy AHG Catalog | Taxonomy AHG Glossary |