User:Scott Shorter

From IDESG Wiki
Jump to: navigation, search

'All material on the page is draft and work-in-progress!'

{{#expr:3758+100}}

Quick Links

Proposed Use Case Status Bar

Contributed

Contributed Working Draft Committee Review Compilation Approval Publication

OR

Contributed Working Draft Committee Review Compilation Approval Publication
This use case has been contributed to the wiki by an IDESG member. When the use case meets the relevance criterion it will enter the Working Draft phase.

Working Draft

Contributed Working Draft Committee Review Compilation Approval Publication

OR

Contributed Working Draft Committee Review Compilation Approval Publication
This use case is available for review by the Use Case AHG with the goal of refining and completing the use case, see the Use Case Catalog for the review schedule. When the use case meets the completeness and NSTIC guiding principles criteria and is approved by the use case AHG, it will enter the Committee Review phase.

Committee Review

Contributed Working Draft Committee Review Compilation Approval Publication

OR

Contributed Working Draft Committee Review Compilation Approval Publication
This use case has been sent to the IDESG Committees for their review. When committee comments are resolved and all individual use case criteria are met, this use case will be a candidate for compilation. The IDESG Standards Coordinating Committee may select this use case for including in the Compilation phase.

Compilation

Contributed Working Draft Committee Review Compilation Approval Publication

OR

Contributed Working Draft Committee Review Compilation Approval Publication
This use case has been selected by the IDESG Standards Coordinating Committee for inclusion in a set for ballot and publication. When the set meets the diversity criteria and has completed a privacy review, the IDESG Standards Coordinating Committee will approve the set to proceed to the Approval phase.

Approval

Contributed Working Draft Committee Review Compilation Approval Publication

OR

Contributed Working Draft Committee Review Compilation Approval Publication
This use case has been submitted by the IDESG Standards Coordinating Committee to be balloted by the IDESG Plenary.

Publication

Contributed Working Draft Committee Review Compilation Approval Publication

OR

Contributed Working Draft Committee Review Compilation Approval Publication
This use case has been approved by the IDESG Plenary and is an approved IDESG Work Product.

Proposed Definition Scratch Pad

Note: text below is for discussion only, has not been proposed to any AHG or committee!


  • Attribute: A named quality or characteristic that is claimed to be inherent in or ascribed to someone or something.
  • Authentication: A process of verification of an attribute, or a set of attributes, in order to obtain statistically acceptable assurance in a claimed identity.
  • Entity: A thing that exists, e.g., a person, organization, device, software application or service.
  • Identity: A set of attributes that uniquely distinguishes an entity in context.
  • Token: Something that the Claimant possesses and controls that is used to authenticate the Claimant’s identity.

Developing Glossary

Terminology AHG Consensus Achieved

attribute: named quality or characteristic that is claimed to be inherent in or ascribed to someone or something. {{#if: | See Also: {{{seealso}}}.|}} {{#if: |
Synonym: {{{synonym}}}. {{#if: |{{{synnote}}}|}}
|}}{{#if: Attributes have attribute-names and when representing information about an entity they also have attribute-values.|
Note: Attributes have attribute-names and when representing information about an entity they also have attribute-values.
|}}{{#if: Examples of attributes about individuals include basic personal facts such as name, date of birth, residential address, citizenship status; contact attributes such as mailing address, phone number or email address; or any of myriad other qualities or characteristics. Non-person entities may have attributes such as DUNS number and date of incorporation (for corporations), MAC address (for network interface), device key (for cryptographically trusted platforms) or version and Common Platform Enumeration for software.|
Example: Examples of attributes about individuals include basic personal facts such as name, date of birth, residential address, citizenship status; contact attributes such as mailing address, phone number or email address; or any of myriad other qualities or characteristics. Non-person entities may have attributes such as DUNS number and date of incorporation (for corporations), MAC address (for network interface), device key (for cryptographically trusted platforms) or version and Common Platform Enumeration for software.
|}}{{#if: NIST SP 800-63|
Source(s): NIST SP 800-63
|}}
identity: set of attributes that uniquely distinguishes an entity in context. {{#if: | See Also: {{{seealso}}}.|}} {{#if: |
Synonym: {{{synonym}}}. {{#if: |{{{synnote}}}|}}
|}}{{#if: The term identity is used in many contexts with many meanings, and the privacy implications of an attribute being part of an identity should be understood. The definition does not specify who has access to know the attributes about a given entity, for example a citizen's Social Security Number can be an attribute of their identity but it is considered private and subject to protections. A high-security pseudonymous identity service (for example a dating website for the affluent) could verify attributes such as legal names during the registration process, but protect that information and associate a pseudonym with the identity and the credentials.|
Note: The term identity is used in many contexts with many meanings, and the privacy implications of an attribute being part of an identity should be understood. The definition does not specify who has access to know the attributes about a given entity, for example a citizen's Social Security Number can be an attribute of their identity but it is considered private and subject to protections. A high-security pseudonymous identity service (for example a dating website for the affluent) could verify attributes such as legal names during the registration process, but protect that information and associate a pseudonym with the identity and the credentials.
|}}{{#if: |
Example: {{{example}}}
|}}{{#if: NIST SP 800-63, ITU-T X.1252|
Source(s): NIST SP 800-63, ITU-T X.1252
|}}
token: something that the claimant possesses and controls that is used to authenticate the claimant’s identity. {{#if: | See Also: {{{seealso}}}.|}} {{#if: |
Synonym: {{{synonym}}}. {{#if: |{{{synnote}}}|}}
|}}{{#if: The primary threat to which tokens are subject is loss or theft.|
Note: The primary threat to which tokens are subject is loss or theft.
|}}{{#if: Passwords and cryptographic keys are all tokens.|
Example: Passwords and cryptographic keys are all tokens.
|}}{{#if: NIST SP 800-63|
Source(s): NIST SP 800-63
|}}

Planned for 2013-08-22

authentication: process of verifying to an acceptable level of confidence that a claimed [identity/identifier?] is based on valid credentials. {{#if: | See Also: {{{seealso}}}.|}} {{#if: |
Synonym: {{{synonym}}}. {{#if: |{{{synnote}}}|}}
|}}{{#if: The related term identity-proofing is different from authentication. In identity solutions requiring identity-proofing, that function occurs prior to credential issuance.|
Note: The related term identity-proofing is different from authentication. In identity solutions requiring identity-proofing, that function occurs prior to credential issuance.
|}}{{#if: Username/password or public-key cryptography are traditional forms of authentication, as is a conversation with a customer service representative over the phone in which information is exchanged to establish identity.|
Example: Username/password or public-key cryptography are traditional forms of authentication, as is a conversation with a customer service representative over the phone in which information is exchanged to establish identity.
|}}{{#if: NIST SP 800-63|
Source(s): NIST SP 800-63
|}}
digital-identity: set of attributes that represent a subject in an online transaction. {{#if: | See Also: {{{seealso}}}.|}} {{#if: |
Synonym: {{{synonym}}}. {{#if: |{{{synnote}}}|}}
|}}{{#if: The strategy is about digital identities. Page 21 of the Strategy states that “The Identity Ecosystem is the embodiment of the [NSTIC] vision. It is an online environment where individuals and organizations can trust each other because they follow agreed-upon standards and processes to identify and authenticate their digital identities—and the digital identities of organizations and devices.”|
Note: The strategy is about digital identities. Page 21 of the Strategy states that “The Identity Ecosystem is the embodiment of the [NSTIC] vision. It is an online environment where individuals and organizations can trust each other because they follow agreed-upon standards and processes to identify and authenticate their digital identities—and the digital identities of organizations and devices.”
|}}{{#if: |
Example: {{{example}}}
|}}{{#if: National Strategy for Trusted Identities in Cyberspace (April 15, 2011)|
Source(s): National Strategy for Trusted Identities in Cyberspace (April 15, 2011)
|}}
identifier: attribute or attributes used to uniquely identify an entity in context. {{#if: | See Also: {{{seealso}}}.|}} {{#if: |
Synonym: {{{synonym}}}. {{#if: |{{{synnote}}}|}}
|}}{{#if: By definition identifier can be one or more than one attributes, if the identifier is one attribute then that attribute must be unique, and is thus a unique-identifier. When multiple attributes are used, they are referred to as identifying-attribute.|
Note: By definition identifier can be one or more than one attributes, if the identifier is one attribute then that attribute must be unique, and is thus a unique-identifier. When multiple attributes are used, they are referred to as identifying-attribute.
|}}{{#if: |
Example: {{{example}}}
|}}{{#if: ITU-T X.1252|
Source(s): ITU-T X.1252
|}}
unique-identifier: single attribute that uniquely identifies an entity in context. {{#if: | See Also: {{{seealso}}}.|}} {{#if: |
Synonym: {{{synonym}}}. {{#if: |{{{synnote}}}|}}
|}}{{#if: |
Note: {{{note}}}
|}}{{#if: Examples of a single attribute identifier include email addresses (managed by email providers and the domain name registration system), Drivers License Number issued by state motor vehicle administrations or Taxpayer Identification Number (managed by the IRS and SSA).|
Example: Examples of a single attribute identifier include email addresses (managed by email providers and the domain name registration system), Drivers License Number issued by state motor vehicle administrations or Taxpayer Identification Number (managed by the IRS and SSA).
|}}{{#if: |
Source(s): {{{source}}}
|}}
identifying-attribute: one of multiple attributes that together identifies an entity in context. {{#if: | See Also: {{{seealso}}}.|}} {{#if: |
Synonym: {{{synonym}}}. {{#if: |{{{synnote}}}|}}
|}}{{#if: See note for identifier and distinguish from unique-identifier.|
Note: See note for identifier and distinguish from unique-identifier.
|}}{{#if: A common example of using multiple attributes to identify an entity is asking for name and address. Given the size of the overall population, most individuals will have names that they share with other people. Adding the address to the name enables differentiation and much higher confidence that a unique person has been identified. Different combinations of common attributes result in different levels of confidence in the uniqueness of the resulting identity.|
Example: A common example of using multiple attributes to identify an entity is asking for name and address. Given the size of the overall population, most individuals will have names that they share with other people. Adding the address to the name enables differentiation and much higher confidence that a unique person has been identified. Different combinations of common attributes result in different levels of confidence in the uniqueness of the resulting identity.
|}}{{#if: |
Source(s): {{{source}}}
|}}
name: identifying-attribute by which the entity is commonly referenced. {{#if: | See Also: {{{seealso}}}.|}} {{#if: |
Synonym: {{{synonym}}}. {{#if: |{{{synnote}}}|}}
|}}{{#if: A name is not reliably a unique-identifier, because multiple entities, especially human individuals, will share the same name. Depending on the identity solution, individuals and organizations may be able to use pseudonyms as their name, or they may be required to use verified-names. The definition also applies to the assigned-names of such NPEs as computing devices on a network, virtual machines, domain names and mobile device names.|
Note: A name is not reliably a unique-identifier, because multiple entities, especially human individuals, will share the same name. Depending on the identity solution, individuals and organizations may be able to use pseudonyms as their name, or they may be required to use verified-names. The definition also applies to the assigned-names of such NPEs as computing devices on a network, virtual machines, domain names and mobile device names.
|}}{{#if: |
Example: {{{example}}}
|}}{{#if: |
Source(s): {{{source}}}
|}}
pseudonym: name claimed by a person or organizational entity which is not verified as belonging to the entity. {{#if: | See Also: {{{seealso}}}.|}} {{#if: |
Synonym: {{{synonym}}}. {{#if: |{{{synnote}}}|}}
|}}{{#if: The definition is explicit in applying to persons and organizations because other sorts of devices do not have legally valid names. In other words it is not meaningful for a mobile device or domain name to have a pseudonym.|
Note: The definition is explicit in applying to persons and organizations because other sorts of devices do not have legally valid names. In other words it is not meaningful for a mobile device or domain name to have a pseudonym.
|}}{{#if: Different communities have different expectations with respect to pseudonyms. The names that online video game players give to their gaming avatars are pseudonyms. Most online social networks lack an effective mechanism for verifying the names of users, so those names may be considered potential pseudonyms.|
Example: Different communities have different expectations with respect to pseudonyms. The names that online video game players give to their gaming avatars are pseudonyms. Most online social networks lack an effective mechanism for verifying the names of users, so those names may be considered potential pseudonyms.
|}}{{#if: |
Source(s): {{{source}}}
|}}
verified-name: name whose value is verified to be the entity's legal name. {{#if: | See Also: {{{seealso}}}.|}} {{#if: |
Synonym: {{{synonym}}}. {{#if: |{{{synnote}}}|}}
|}}{{#if: |
Note: {{{note}}}
|}}{{#if: The concept of legal names is applicable to individuals and organizations. The term assigned-name describes the "real name" for other types of entities such as computing devices on a network, virtual machines, domain names and device names.|
Example: The concept of legal names is applicable to individuals and organizations. The term assigned-name describes the "real name" for other types of entities such as computing devices on a network, virtual machines, domain names and device names.
|}}{{#if: |
Source(s): {{{source}}}
|}}
assigned-name: name for a NPE entity that is assigned by a name issuing authority. {{#if: | See Also: {{{seealso}}}.|}} {{#if: |
Synonym: {{{synonym}}}. {{#if: |{{{synnote}}}|}}
|}}{{#if: Describes the "real name" for NPEs that do not have an official legal name.|
Note: Describes the "real name" for NPEs that do not have an official legal name.
|}}{{#if: Names for NPEs are issued by various authorities, including the DNS system issuing network names, manufacturers issuing device names, and system implementers issuing host names.|
Example: Names for NPEs are issued by various authorities, including the DNS system issuing network names, manufacturers issuing device names, and system implementers issuing host names.
|}}{{#if: |
Source(s): {{{source}}}
|}}

Planned for 2013-08-29

applicant: An entity undergoing the processes of registration, enrollment and identity proofing. {{#if: sponsor | See Also: sponsor.|}} {{#if: |
Synonym: {{{synonym}}}. {{#if: |{{{synnote}}}|}}
|}}{{#if: |
Note: {{{note}}}
|}}{{#if: |
Example: {{{example}}}
|}}{{#if: |
Source(s): {{{source}}}
|}}
subscriber: An entity who has received a credential from a Credential Service Provider (CSP). {{#if: | See Also: {{{seealso}}}.|}} {{#if: subject|
Synonym: subject. {{#if: In the context of X.509 certificates and PKI the term subject means the same thing, the entity to whom the certificate was issued.|In the context of X.509 certificates and PKI the term subject means the same thing, the entity to whom the certificate was issued.|}}
|}}{{#if: |
Note: {{{note}}}
|}}{{#if: |
Example: {{{example}}}
|}}{{#if: |
Source(s): {{{source}}}
|}}
claimaint: entity whose identity is to be verified using an authentication protocol. {{#if: | See Also: {{{seealso}}}.|}} {{#if: |
Synonym: {{{synonym}}}. {{#if: |{{{synnote}}}|}}
|}}{{#if: |
Note: {{{note}}}
|}}{{#if: |
Example: {{{example}}}
|}}{{#if: |
Source(s): {{{source}}}
|}}
entity: A thing that exists, e.g., a person, organization, device, software application or service. {{#if: | See Also: {{{seealso}}}.|}} {{#if: |
Synonym: {{{synonym}}}. {{#if: |{{{synnote}}}|}}
|}}{{#if: An entity is something with an identity that can be verified.|
Note: An entity is something with an identity that can be verified.
|}}{{#if: Entities include individuals and organizations as well as devices and logical artifacts such as data and software. The term Non Person Entity (NPE) can refer to organizations as well as computing devices, software components (application, operating system or firmware) or services (web sites, validation services, etc.)|
Example: Entities include individuals and organizations as well as devices and logical artifacts such as data and software. The term Non Person Entity (NPE) can refer to organizations as well as computing devices, software components (application, operating system or firmware) or services (web sites, validation services, etc.)
|}}{{#if: |
Source(s): {{{source}}}
|}}

Planned for 2013-09-05

identity-proofer: lorem ipsum {{#if: | See Also: {{{seealso}}}.|}} {{#if: |
Synonym: {{{synonym}}}. {{#if: |{{{synnote}}}|}}
|}}{{#if: |
Note: {{{note}}}
|}}{{#if: |
Example: {{{example}}}
|}}{{#if: |
Source(s): {{{source}}}
|}}
identity-provider: lorem ipsum {{#if: | See Also: {{{seealso}}}.|}} {{#if: |
Synonym: {{{synonym}}}. {{#if: |{{{synnote}}}|}}
|}}{{#if: |
Note: {{{note}}}
|}}{{#if: |
Example: {{{example}}}
|}}{{#if: |
Source(s): {{{source}}}
|}}
attribute-provider: lorem ipsum {{#if: | See Also: {{{seealso}}}.|}} {{#if: |
Synonym: {{{synonym}}}. {{#if: |{{{synnote}}}|}}
|}}{{#if: |
Note: {{{note}}}
|}}{{#if: |
Example: {{{example}}}
|}}{{#if: |
Source(s): {{{source}}}
|}}
relying-party: lorem ipsum {{#if: | See Also: {{{seealso}}}.|}} {{#if: |
Synonym: {{{synonym}}}. {{#if: |{{{synnote}}}|}}
|}}{{#if: |
Note: {{{note}}}
|}}{{#if: |
Example: {{{example}}}
|}}{{#if: |
Source(s): {{{source}}}
|}}
credential-service-provider: lorem ipsum {{#if: | See Also: {{{seealso}}}.|}} {{#if: |
Synonym: {{{synonym}}}. {{#if: |{{{synnote}}}|}}
|}}{{#if: |
Note: {{{note}}}
|}}{{#if: |
Example: {{{example}}}
|}}{{#if: |
Source(s): {{{source}}}
|}}

Planned for 2013-09-12

physical-token: lorem ipsum {{#if: | See Also: {{{seealso}}}.|}} {{#if: |
Synonym: {{{synonym}}}. {{#if: |{{{synnote}}}|}}
|}}{{#if: |
Note: {{{note}}}
|}}{{#if: |
Example: {{{example}}}
|}}{{#if: |
Source(s): {{{source}}}
|}}
logical-token: lorem ipsum {{#if: | See Also: {{{seealso}}}.|}} {{#if: |
Synonym: {{{synonym}}}. {{#if: |{{{synnote}}}|}}
|}}{{#if: |
Note: {{{note}}}
|}}{{#if: |
Example: {{{example}}}
|}}{{#if: |
Source(s): {{{source}}}
|}}