A set of attributes that uniquely distinguishes an entity in context.
The term identity is used in many contexts with many meanings, and the privacy implications of an attribute being part of an identity should be understood. Not all elements of identity are public information – just because attributes distinguish an entity does not mean they are widely known. Thus the definition does not specify who has access to know the attributes about a given entity, for example a citizen's Social Security Number can be an attribute of their identity but it is considered private and subject to protections. A high-security pseudonymous identity service (for example a dating website) could verify attributes such as legal names during the registration process, but protect that information and associate a pseudonym with the identity and the credentials.
This definition has been re-openned for discussion after concerns around whether or not it supports anonymous transactions. If identity is associated with an entity is probably does not. If identity is associated with a connection (such as TLS), it would be possible. See description of Session Identifier.
Recent AHG discussions have focused primarily around the inclusion of word "entity" in the definition and whether or not this eliminates the possibility of anonimity or pseudonimity.
NIST SP 800-63, ITU-T X.1252
Status: Re-opened for discussion
Add a Comment
To add a comment, you will need to be logged on to the wiki. If you are logged on, click the button below to add a comment. The comment will be appended to the Discussion page for disposition by the reviewer. <inputbox> type=comment editintro=Comment_Instructions preload=Comment_Preload buttonlabel=Post a Comment on the Discussion Page default=Talk:Identity hidden=yes </inputbox>