IDEF Glossary

From IDESG Wiki
Jump to navigation Jump to search


This IDEF Glossary Version 1.0 is intended specifically to support the IDEF Registry program. It was approved by the IDESG Plenary by electronic ballot on May 13, 2016.

Citations for the primary source of each definition are given in brackets, and link to IDEF Glossary References, where titles and Internet links are provided.

Also see the category reference for Glossary at the bottom of this page.


A product, service, environment or facility which is usable by USERs with the widest range of capabilities. [ISO 9241-210]


The property of a system or system resource that ensures that the actions of a USER or AGENT may be traced uniquely to that USER or AGENT, which can then be held responsible for its actions. [RFC4949]


A non-human application or service acting in the digital environment on behalf of a human USER. Synonymous with "non-person entity" (NPE). See USER


An INTERACTION designed such that the data collected is not sufficient to infer the identity of the USER involved nor is such data sufficient to permit an ENTITY to associate multiple INTERACTIONs with a USER or to determine patterns of behavior of a USER. [IDESG IDEF] [UXC-Dict] See PSEUDONYMOUS


A statement from an ATTRIBUTE provider to a RELYING PARTY. [NIST SP 800-63-2] NOTE: ASSERTIONs may be used to communicate CLAIMs, ATTRIBUTEs, IDENTIFIERs, or DIGITAL IDENTITIES. See CLAIM


A named quality or characteristic that is claimed to be inherent in or ascribed to someone or something. [IDESG Taxonomy]


"AUTHENTICATION" is defined in the IDEF Functional Model in part as a "Process of determining the validity of one or more CREDENTIALs used to claim a DIGITAL IDENTITY." [FM] CREDENTIAL AUTHENTICATION: Process of determining the validity of one or more CREDENTIALs used to claim a DIGITAL IDENTITY. [IDESG Taxonomy] DIGITAL IDENTITY AUTHENTICATION: Process used to achieve sufficient confidence in the binding between the USER or AGENT and the presented DIGITAL IDENTITY. [OpenID Connect]


"AUTHORIZATION" is defined in the IDEF Functional Model in part as a "Process of granting or denying requests for specific access to resources." [FM]


A statement about the USER or AGENT asserting a property of the USER or AGENT without necessarily containing identity information. NOTE: CLAIMs refer to the content of an ASSERTION rather than the specific source and destination. See ASSERTION



The management, operational, and technical controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information. [SP 800-37]


The administrative, technical, and physical safeguards employed within an entity to ensure compliance with applicable privacy requirements and manage privacy risks.


A set of data presented as evidence of a claimed DIGITAL IDENTITY. [IDESG Taxonomy]


"CREDENTIALING" is defined in the IDEF Functional Model in part as a "Process to bind an established DIGITAL IDENTITY with a CREDENTIAL." [FM]


The property that data has not been inappropriately altered.


An ATTRIBUTE set that can be uniquely distinguished in a given context and can be used for a digital interaction. [IDESG Taxonomy]


The functions described in the IDESG Functional Model (REGISTRATION, CREDENTIALING, AUTHENTICATION, AUTHORIZATION, and INTERMEDIATION), which also encompass enrollment, identity proofing, identity vetting, access control, attribute management, transaction processing, and identity data maintenance.


Any organization providing or using identity services. [IDESG IDEF][UXC-Dict] NOTE: The correct usage of ENTITY is “Organization providing or using identity services”; synonymous with Service Provider in the ID Ecosystem. USER should be used for persons. AGENT should be used for non-persons. NOTE: The word “actor” has been employed in this Glossary to replace the term “entity” previously used in some definitions, where ENTITY (as an organization) is not exclusively intended.


An association comprising any number of service providers and IDENTITY PROVIDERS. [SAML v2.0] NOTE: This definition concerns IDENTITY and CREDENTIAL FEDERATIONs


ATTRIBUTE or value that can be used to distinguish a DIGITAL IDENTITY. [IDESG Taxonomy]




An ENTITY that creates, maintains, and manages trusted identity information. [NSTAC]


An event involving two or more actors. See TRANSACTION


A term given to a set of design areas that focuses on the INTERACTION value of content, as opposed to its presentation or information value. The INTERACTION topics include USER interface controls, error handling, and feedback systems. The term “INTERACTION DESIGN” is intended to differentiate these topics from other topics for purposes of evaluation and development. [Human Factors]


"INTERMEDIATION" (or "Transaction Intermediation") is defined in the IDEF Functional Model in part as "Processes and procedures that limit linkages between TRANSACTIONs and facilitate CREDENTIAL portability." [FM]


The ability of independent systems to exchange meaningful information and initiate actions from each other, in order to operate together to mutual benefit. In particular, it envisages the ability for loosely-coupled independent systems to be able to collaborate and communicate. [NSTAC]


See the IDESG Baseline Requirement “PRIVACY-1. DATA MINIMIZATION” [Reqts]



AUTHENTICATION using two or more different factors to achieve AUTHENTICATION. Factors include something one knows (e.g., password/PIN), something one has (e.g., cryptographic identification device, token), or something one is (e.g., biometric). [SP 800-53]


A known and consistent format that is published and transparent to all RELYING-PARTIES and IDENTITY PROVIDERS in the relevant network, and is not controlled by a commercial interest. [IDESG IDEF]


A route or routes of events, actions or INTERACTIONs leading to a defined result. [UXC-Dict]


Any information about or linked to a USER that is collected, used, transmitted, or stored in or by DIGITAL IDENTITY MANAGEMENT FUNCTIONS. [IDESG IDEF]


Creating USER access accounts and assigning privileges or entitlements within the scope of a defined process or INTERACTION; providing USERs with access rights to applications and other resources that may be available in an environment; may include the creation, modification, deletion, suspension or restoration of a defined set of privileges. [ABAC]


An INTERACTION designed such that the data collected is not sufficient to allow the ENTITY to infer the USER involved but which does permit an ENTITY to associate multiple INTERACTIONs with the USER’s claimed identity. [IDESG IDEF] [UXC-Dict]


"REGISTRATION" is defined in the IDEF Functional Model in part as a "process that establishes a DIGITAL IDENTITY for the purpose of issuing or associating a CREDENTIAL." [FM]


Actor that relies on an identity ASSERTION or CLAIM. [ISO/IEC 29115]


OPEN STANDARDS are standards made available to the general public and are developed (or approved) and maintained via a collaborative and consensus driven process. OPEN STANDARDS facilitate INTEROPERABILITY and data exchange among different products or services and are intended for widespread adoption. (ITU-T) See also: IDESG Standards Adoption Policy v2.0 [SAPv2]


Something that the claimant possesses and controls that is used to authenticate the claimant’s DIGITAL IDENTITY. [IDESG Taxonomy]


A specialized form of INTERACTION that involves an exchange of some kind. See INTERACTION


Extent to which a system, product or service can be used by USERs to achieve specified goals with effectiveness, efficiency and satisfaction in a specified context of use. [ISO/IEC 9241-210]


An individual human being. See AGENT


Systems, design and/or program processes that put the individual human being at the center of the activity. Equivalents and related terms may include: USER, user-centered, human-centered, end user, individual user, user-friendly. [IDESG IDEF] [UXC-Dict]


A USER’s perceptions and responses resulting from the use of an ENTITY’s services as rendered by expected USER AGENTs.

Older Material - to be edited

Appendix A to the Baseline Requirements, which is incorporated into the IDESG Glossary, provides the following definitions:

"Digital identity management functions" means activities and services associated with identity management, as described in more detail in the IDESG Functional Model. The Functional Model generally sorts identity management activities and services into the following five categories (summarized at the links below, and discussed in more detail in the Functional Model, PDF link, starting at page 5):

Each IDEF Baseline Functional Requirement specifies which of these activities are likely to be relevant to that requirement. The IDESG SALS self-assessment program and those Requirements are designed to be relevant to those activities. A party that does not conduct any of the foregoing activities may find that the SALS guidance is of limited use.

<< Back to: IDESG Self Assessment Listing Service
<< Baseline Requirements
>> Forward to: SALS FAQs