From IdCommons


Identity Gang

The Identity Dictionary Allan Milgate’s 100 or technical terms for the common understanding of IAM

The Digital Identity Glossary by P.T. Ong which includes links to other glossaries.

Anonymity, Unlinkability, Unobservability, Pseudonymity, and Identity Management - A Consolidated Proposal for Terminology

SAML 2.0 glossary definitions page

Stefan Brand's Primer--though more than a glossary this paper (also listed in [Reference Documents]) is helpful

Digital Identity - Wikipedia entry

Identity Concepts and Definitions, Dan Blum, Burton Group, --courtesy of Jamie Lewis

[x.911] - definitions in section 6.5


Agent Source:Identity Gang

Definition: A computer system or device that has been delegated (authority, responsibility, a function, etc.) by and acts for a Party (in exercising the authority, carrying out the responsibility, performing the function, etc.). [JoaquinM, X.911, PaulT]

Claim Source:Identity Gang

Definition: An assertion made by a Claimant of the value or values of one or more Identity Attributes of a Digital Subject, typically an assertion which is disputed or in doubt. [KimC, BenL, PeterD, ScottC, PaulT]

Examples of the kinds of Identity Attributes that might be conveyed in a Claim:

1. A Claim could just convey an identifier—for example, that the digital subject's student number is 490-525, or that the digital subject's Windows name is REDMONDkcameron. This is the way many existing identity systems work.

2. Another Claim might assert that a Digital Subject knows a given key—and should be able to demonstrate this fact.

3. A set of Claims might convey personally identifying information—name, address, date of birth and citizenship, for example.

4. A claim might simply propose that a Digital Subject is part of a certain group—for example, that she has an age less than 16.

5. And a Claim might state that a Digital Subject has a certain capability—for example, to place orders up to a certain limit, or modify a given file.

Comment1: Claims may or may not be directed to specific Parties. [KimC, DickH, PaulT] Comment2: A Claim is an association between a Claimant, a Digital Subject, and an Identity Attribute [PaulT]

Claimant Source:Identity Gang

Definition: A Digital Subject representing a Party that makes a Claim

Credential Source:Allan Milgate

The private part of a paired Identity assertion (user-id is usually the public part). The thing(s) that an Entity relies upon in an Assertion at any particular time, usually to authenticate a claimed Identity. Credentials can change over time and may be revoked. Examples include; a signature, a password, a drivers licence number (not the card itself), an ATM card number (not the card itself), data stored on a smart-card (not the card itself), a digital certificate, a biometric template.

There is no need to issue a new credential if an Identity already has one that can be used, is trusted and whose currency can be reconfirmed at each authentication such as an existing account, or a digital certificate from a trusted organisation (see ID Law 5 in The Identity Laws).

Digital Identity Source:Identity Gang

Definition: A digital representation of a set of Claims made by one Party about itself or another Digital Subject. [originally from Kim's Laws, ScottL, PaulT, BobWyman]

Comment1: A Digital Identity is just one set of Claims about a Digital Subject. For any given Digital Subject there will typically exist many Digital Identities . [PaulT]

Comment2: A Digital Identity can be created on the fly when a particular identity transaction is desired, or persisted in a data store to provide a referenceable representation [ScottL, Drummond, MaryRuddy]

Comment3: A Digital Identity may contain Claims made by multiple Claimants. [DickH]

Comment4: A Digital Identity may be signed by a Digital Identity Provider to provide assurance to a Relying Party [ConorC]

Digital Identity ProviderIdentity Gang Definition: An Agent that issues a Digital Identity. [PaulT, ScottL]

Comment1: The Agent is acting on behalf of an issuing Party [PaulT]

Digital Subject Source:Identity Gang

Definition: An Entity represented or existing in the digital realm which is being described or dealt with. [originally from Kim's Laws, "person or thing" replaced with entity by PaulT]

Comment 1: Every Digital Subject has a finite, but unlimited number of Identity Attributes" [DaveK]

'Enrolment Source:Allan Milgate

The process of adding a Permission to an Identity. It may result in the issuing of a new identity or an additional account. The link between Registration and Enrolment must remain unbroken.

Entity Identity Gang

Definition: A person, physical object, animal, or juridical entity

Comment1: In an identity system implementation an Entity is abstract, conceptual, non-modelled.

Identity Attribute Source: Identity Gang

Definition: A property of a Digital Subject that may have zero or more values. [adapted from Wikipedia, DaveK, JoaquinM]

Comment 1: What this lexicon calls an Identity Attribute is what is generally known as an "attribute" (name, first name, shoe size, social security number, religion, marital status, etc.) in digital form (so it's attached to a Digital Subject). The attributes exist whether or not they have a value and whether or not they're part of a Claim. [DaveK] Identity Context Identity Gang

Definition: The surrounding environment and circumstances that determine meaning of Digital Identities and the policies and protocols that govern their interactions. [DaveK, PaulT]

Party Source: Identity Gang

Definition: A natural person or a juridical entity. [PaulT, JoaquinM]

Mutual Authentication Source:Allan Milgate

This requires that both the service provider and the user positively identify each other. In this way the authentication is strengthened for both parties; it cannot be phished or spoofed as users aren't tricked into entering personal information on fake sites.

Non-repudiation Source:Allan Milgate

The ability through historical logs and logical analysis to prevent or discourage an Entity from denying that it had acted as an Identity in a given transaction, especially in a legal sense. It may need to be based on a biometric and include encrypted audit trails to be successful in a court of law; otherwise the offender could be able to plead guilty to the lesser charge of leaving their password on a Post-It Note.

Owner Source:Allan Milgate

The registered Entity for an Identity. An Entity owns an Identity (and therefore its access rights) due solely to the ability to authenticate it. See Registration.

Persona Source:Identity Gang

Definition: A prexisting Digital Identity that a user through an Agent has the ability to select and use to represent themselves in a given Identity Context. [PaulT, DaveK, IainH, TonyN, Kim, Drummond, Johannes, Luke, Jaco, PTOng, PeterD]

Comment1: A Persona is something put forward by a user, but how it is perceived, recognized, accepted, rejected, trusted, used etc. by a Relying Party cannot be specified or in any way implied. [PaulT]

Comment2: Often used when the set of Claims represents some role or virtual character animated by the Digital Subject [Kim]

Comment3: Ordinary language meanings: (1) a voice or character representing the speaker in a literary work. (2) the characters in a dramatic or literary work. (3) the role that one assume or displays in public or society; one's public image or personality, as distinguished from the inner self. persona

Persona Source:Allan Milgate

a super-identity or ‘avatar’ of an entity; a persona may be the result of federating several existing identities. Literally means "mask" (greek). The result is intended to convey a special purpose or role, such as the incarnation of a higher being. See Identity.

Policy Source:Allan Milgate

A set of Rules, usually associated with a Role or other dynamic attributes. It is normally used for access provisioning and access reconciliation.

Privacy Source:Allan Milgate

a right to control the dissemination of the attributes of an entity. Attributes can be given up, after which it is dificult to restrict their use in the absence of any specific legal remedy. Some would argue that there is no privacy other than that artificially created by legislature.

Provisioning Source:Allan Milgate

This is automatically providing an Identity with access to a role, resource or service, or automatically changing or removing that access, based on the life cycle of events or work requests or changed attributes. For example; the first-day, second-day, on-going provisioning and last-day deprovisioning of the access rights of an employee.

Pseudonym Source:Allan Milgate

A fictitious identity that an Entity creates for itself, whereby the Entity can remain pseudonymous, or prehaps even fully anonymous, in certain contexts. Literally means "false name". It may be persistent or temporary. But it must be “persistent” if you will want to reuse it; this makes it difficult to remain fully anonymous because any details provided or collected over time may be joined with other details and republished (unless there are privacy laws preventing it).

Relying Party Source:Identity Gang

Definition: A Party that makes known through its Agent one or more alternative sets of Claims that it desires or requires, and receives through this same Agent a Digital Identity purportedly including the required Claims from a Digital Identity Provider or other Agent of another Party. [JoaquinM, DaveK, DickH, Johannes]

Relying Party Source:Allan Milgate

The entity that relies on the result of an authentication. Usually, but not always, the same as the authenticating party and service provider.

Trust Source:Allan Milgate

an instance of a relationship between two or more entities, in which an entity assumes that another entity will act as authorised/expected. The risk/trust relationship depends on who you are and what you want to do at any instance. The degrees of separation between parties can decrease the trust (increase the risk). They trust you, so I (kinda) trust you (for now) to do (only) this. Trust [P.T. Ong]

Trust is an evaluation, by an entity, of the reliablity of an identity when the identity is involved in interactions. [See also: Trust is an Emotion.] The level of trust is typically based on the technical strength of the identity, but it also includes the evaluating entity's subjective considerations (e.g. feelings) of the reliability of the entity the identity represents. Trust is at least partially transitive (as in the case of notaries).

User Source:Allan Milgate

An Identity where the identifier of the identity is the public part of a paired Identity assertion. A user may have several identities / usernames / user-ids / logon-ids / sign-ons.

User Source:[P.T. Ong]

A user is a human entity who can only access the network via a client device.

User Identifiers Source:[P.T. Ong]

User identifiers are identifiers that represent users in their interactions with other parties. Users may present their identifiers verbally, on paper, on plastic cards, or in any other appropriate manner. Electronic user identifiers are electronically presented over data communication channels by user-operated computing devices (client devices) such as PCs, laptops, mobile phones, and smartcards. [Derived from: Stefan Brands.]