1 / 12

Functional component terminology - thoughts

Functional component terminology - thoughts. C. Tilton. IDE Functional Components. 800-63 Model. Identity. NSTIC Digital Identity a set of attributes that represent a subject in an online transaction. 800-63 A set of attributes that uniquely describe a person within a given context .

yael
Download Presentation

Functional component terminology - thoughts

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Functional componentterminology - thoughts C. Tilton

  2. IDE Functional Components

  3. 800-63 Model

  4. Identity NSTIC • Digital Identity • a set of attributes that represent a subject in an online transaction 800-63 • A set of attributes that uniquely describe a person within a given context.

  5. Credential/Token NSTIC • Credential - the information objects used during a transaction to provide evidence of the subject’s identity The credential may also provide a link to the subject’s authority, roles, rights, privileges, and other attributes. • Credential medium - a device or object (physical or virtual) used for storing one or more credentials, claims, or attributes related to a subject 800-63 • Credential - An object or data structure that authoritatively binds an identity (and optionally, additional attributes) to a token possessed and controlled by a Subscriber. • While common usage often assumes that the credential is maintained by the Subscriber, this document also uses the term to refer to electronic records maintained by the CSP which establish a binding between the Subscriber’s token and identity. • Token - Something that the Claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the Claimant’s identity.

  6. Identity Provider NSTIC • Responsible for establishing, maintaining, and securing the digital identity associated with that subject. • These processes include revoking, suspending, and restoring the subject’s digital identity if necessary. • The identity provider may also verify the identity of and sign up (enroll) a subject • Alternatively, verification and enrollment may be performed by a separate enrolling agent. 800-63 • Term not used

  7. Attribute Provider NSTIC • Responsible for the processes associated with establishing and maintaining identity attributes • Attribute maintenance includes validating, updating, and revoking the attribute claim • An attribute provider asserts trusted, validated attribute claims in response to attribute requests from relying parties • In certain instances, a subject may self-assert attribute claims to relying parties • Trusted, validated attributes inform relying parties’ decision to authorize subjects. 800-63 • Term not used

  8. Credential Service Provider NSTIC • Term not used 800-63 • A trusted entity that issues or registers Subscriber tokens and issues electronic credentials to Subscribers. • The CSP may encompass Registration Authorities (RAs) and Verifiers that it operates. • A CSP may be an independent third party, or may issue credentials for its own use.

  9. Registration Authority NSTIC • Enrolling agent - verify the identity of and sign up (enroll) a subject • May be part of an IDP or separate 800-63 • A trusted entity that establishes and vouches for the identity or attributes of a Subscriber to a CSP. • The RA may be an integral part of a CSP, or it may be independent of a CSP, but it has a relationship to the CSP(s).

  10. Verifier NSTIC • Term not used 800-63 • An entity that verifies the Claimant’s identity by verifying the Claimant’s possession and control of a token using an authentication protocol. • To do this, the Verifier may also need to validate credentials that link the token and identity and check their status.

  11. Relying Party NSTIC • Makes transaction decisions based upon its receipt, validation, and acceptance of a subject’s authenticated credentials and attributes. • Within the Identity Ecosystem, a relying party selects and trusts the identity and attribute providers of their choice, based on risk and functional requirements. • Relying parties are not required to integrate with all permutations of credential types and identity media Rather, they can trust an identity provider’s assertion of a valid subject credential, as appropriate • Relying parties also typically need to identify and authenticate themselves to the subject as part of transactions in the Identity Ecosystem • Relying parties can choose the strength of the authentication and attributes required to access their services 800-63 • An entity that relies upon the Subscriber's token and credentials or a Verifier's assertion of a Claimant’s identity, typically to process a transaction or grant access to information or a system.

  12. Other possible functions/roles • Identity repository • Identity binding (of identity/attributes to a credential) • Identity cross-validation

More Related