Something that the claimant possesses and controls that is used to authenticate the claimant’s digital identity.
The Taxonomy AHG observed that the word token has many meanings depending on the context. The OAuth protocol has a logical object called a token that signifies that authentication has occurred, and many people think of a physical device as a token. In the context of electronic authentication the group converged on the concept from SP 800-63 of the token as the secret controlled by the Claimant that enables them to authenticate.
The primary threat to which tokens are subject is loss or theft.
Example: Passwords and cryptographic keys are all tokens. Note that the token is secret, information, that must remain under subscriber control.
This version of the definition was added to the glossary on 12/10 based upon the definition included in the Weekly Discussion Guide for 12/5.
NIST SP 800-63
Add a Comment
To add a comment, you will need to be logged on to the wiki. If you are logged on, click the button below to add a comment. The comment will be appended to the Discussion page for disposition by the reviewer. <inputbox> type=comment editintro=Comment_Instructions preload=Comment_Preload buttonlabel=Post a Comment on the Discussion Page default=Talk:Token hidden=yes </inputbox>