Presentation is loading. Please wait.

Presentation is loading. Please wait.

Functional component terminology - thoughts C. Tilton.

Similar presentations

Presentation on theme: "Functional component terminology - thoughts C. Tilton."— Presentation transcript:

1 Functional component terminology - thoughts C. Tilton

2 IDE Functional Components NSTIC800-63Kantara Identity Provider (IDP)CSP Credential Service Provider (CSP) Attribute Provider (AP)Identity Proofer Relying Party Individual, NPE, subjectSubscriber/Claimant Credential (Authentication) Token Trust Framework Accreditation Authority Enrolling AgentRegistration Authority Verifier Identity Federation 2

3 800-63 Model 3

4 Identity NSTIC Digital Identity a set of attributes that represent a subject in an online transaction 800-63 A set of attributes that uniquely describe a person within a given context. 4

5 Credential/Token NSTIC Credential - the information objects used during a transaction to provide evidence of the subject’s identity The credential may also provide a link to the subject’s authority, roles, rights, privileges, and other attributes. Credential medium - a device or object (physical or virtual) used for storing one or more credentials, claims, or attributes related to a subject 800-63 Credential - An object or data structure that authoritatively binds an identity (and optionally, additional attributes) to a token possessed and controlled by a Subscriber. – While common usage often assumes that the credential is maintained by the Subscriber, this document also uses the term to refer to electronic records maintained by the CSP which establish a binding between the Subscriber’s token and identity. Token - Something that the Claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the Claimant’s identity. 5

6 Identity Provider NSTIC Responsible for establishing, maintaining, and securing the digital identity associated with that subject. – These processes include revoking, suspending, and restoring the subject’s digital identity if necessary. The identity provider may also verify the identity of and sign up (enroll) a subject – Alternatively, verification and enrollment may be performed by a separate enrolling agent. 800-63 Term not used 6

7 Attribute Provider NSTIC Responsible for the processes associated with establishing and maintaining identity attributes – Attribute maintenance includes validating, updating, and revoking the attribute claim An attribute provider asserts trusted, validated attribute claims in response to attribute requests from relying parties – In certain instances, a subject may self-assert attribute claims to relying parties Trusted, validated attributes inform relying parties’ decision to authorize subjects. 800-63 Term not used 7

8 Credential Service Provider NSTIC Term not used 800-63 A trusted entity that issues or registers Subscriber tokens and issues electronic credentials to Subscribers. The CSP may encompass Registration Authorities (RAs) and Verifiers that it operates. A CSP may be an independent third party, or may issue credentials for its own use. 8

9 Registration Authority NSTIC Enrolling agent - verify the identity of and sign up (enroll) a subject May be part of an IDP or separate 800-63 A trusted entity that establishes and vouches for the identity or attributes of a Subscriber to a CSP. The RA may be an integral part of a CSP, or it may be independent of a CSP, but it has a relationship to the CSP(s). 9

10 Verifier NSTIC Term not used 800-63 An entity that verifies the Claimant’s identity by verifying the Claimant’s possession and control of a token using an authentication protocol. To do this, the Verifier may also need to validate credentials that link the token and identity and check their status. 10

11 Relying Party NSTIC Makes transaction decisions based upon its receipt, validation, and acceptance of a subject’s authenticated credentials and attributes. Within the Identity Ecosystem, a relying party selects and trusts the identity and attribute providers of their choice, based on risk and functional requirements. Relying parties are not required to integrate with all permutations of credential types and identity media Rather, they can trust an identity provider’s assertion of a valid subject credential, as appropriate Relying parties also typically need to identify and authenticate themselves to the subject as part of transactions in the Identity Ecosystem Relying parties can choose the strength of the authentication and attributes required to access their services 800-63 An entity that relies upon the Subscriber's token and credentials or a Verifier's assertion of a Claimant’s identity, typically to process a transaction or grant access to information or a system. 11

12 Other possible functions/roles Identity repository Identity binding (of identity/attributes to a credential) Identity cross-validation 12

Download ppt "Functional component terminology - thoughts C. Tilton."

Similar presentations

Ads by Google