Glossary of Key Terms

Similar documents
IDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Office of the CIO Province of BC People Collaboration Innovation

Audio: This overview module contains an introduction, five lessons, and a conclusion.

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

Introduction to SAML

DRAFT Pan Canadian Identity Management Steering Committee March 1, 2010

IDIM Privacy Enhancing Features Summary Identity Information Management Project (IDIM) Integration Infrastructure Program (IIP) Office of the CIO

USING FEDERATED AUTHENTICATION WITH M-FILES

5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES

How To Create Trust Online

Applying Cryptography as a Service to Mobile Applications

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS

A unique biometrics based identifier, such as a fingerprint, voice print, or a retinal scan; or

Provincial IDIM Program BC Services Card Project Identity Assurance Services Solution Architecture Overview

WHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ)

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

SECURITY IMPLICATIONS OF NFC IN AUTHENTICATION AND IDENTITY MANAGEMENT

Scalable Authentication

RealMe. Technology Solution Overview. Version 1.0 Final September Authors: Mick Clarke & Steffen Sorensen

Research Article. Research of network payment system based on multi-factor authentication

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

Device-Centric Authentication and WebCrypto

Entrust Secure Web Portal Solution. Livio Merlo Security Consultant September 25th, 2003

WHITE PAPER Usher Mobile Identity Platform

Biometric Recognition s Role in Identity Management

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

Improving Online Security with Strong, Personalized User Authentication

Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver

Procedure for How to Enroll for Digital Signature

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

Evaluation of different Open Source Identity management Systems

Chapter 1: Introduction

Understanding Digital Signature And Public Key Infrastructure

Defending the Internet of Things

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS

ARCHIVED PUBLICATION

CRYPTOGRAPHY AS A SERVICE

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.

Digital identity: Toward more convenient, more secure online authentication

Arkansas Department of Information Systems Arkansas Department of Finance and Administration

Identity Management: Key Technologies

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

Federated Identity in the Enterprise

A Conceptual Model of Practitioner Authentication Prior to Providing Telemedicine Services in Developing Countries

Cloud-based Identity and Access Control for Diagnostic Imaging Systems

White Paper. Authentication and Access Control - The Cornerstone of Information Security. Vinay Purohit September Trianz 2008 White Paper Page 1

GOALS (2) The goal of this training module is to increase your awareness of HSPD-12 and the corresponding technical standard FIPS 201.

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Digital Identity Management

Smart Card Setup Guide

IDIM CORPORATE PROVISIONING ARCHITECTURE Architecture and Standards Branch Office of the CIO Province of BC People Collaboration Innovation

Department of Veterans Affairs VA DIRECTIVE 6510 VA IDENTITY AND ACCESS MANAGEMENT

UAF Architectural Overview

Attribute-Based Access Control Solutions: Federating Authoritative User Data to Support Relying Party Authorization Decisions and Requirements

The Convergence of IT Security and Physical Access Control

eidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke

Digital Signatures on iqmis User Access Request Form

DEPARTMENTAL REGULATION

TIB 2.0 Administration Functions Overview

WEB SERVICES SECURITY

Web Applications Access Control Single Sign On

State of Arkansas Policy Statement on the Use of Electronic Signatures by State Agencies June 2008

Signicat white paper. Signicat Solutions. This document introduces the Signicat solutions for digital identities and electronic signatures

Information Security Basic Concepts

Security Digital Certificate Manager

Security Digital Certificate Manager

An NSTIC-Compliant Identity Ecosystem For Preventing Consumer Identity Theft

Security. TestOut Modules

Federation Proxy for Cross Domain Identity Federation

E-Authentication Federation Adopted Schemes

Standards for Identity & Authentication. Catherine J. Tilton 17 September 2014

Controlling Web Access with BMC Web Access Manager WHITE PAPER

AlphaTrust PRONTO Enterprise Platform Product Overview

Strong Authentication for Secure VPN Access

Security from the Ground Up eblvd uses a hybrid-asp model designed expressly to ensure robust, secure operation.

An Anti-Phishing mechanism for Single Sign-On based on QR-Code

Enhancing Web Application Security

Chapter 15 User Authentication

Deriving a Trusted Mobile Identity from an Existing Credential

Single Sign-on (SSO) technologies for the Domino Web Server

CA SiteMinder SSO Agents for ERP Systems

Canadian Access Federation: Trust Assertion Document (TAD)

Multi-Factor Authentication

esign Online Digital Signature Service

Multi-factor authentication

Transcription:

and s Branch Glossary of Key Terms The terms and definitions listed in this glossary are used throughout the s Package to define key terms in the context of. Access Control Access The processes by which access to resources are permitted or denied A set of principles, practices, policies, processes and procedures that are used within an organization, to manage access to information AP see Authoritative Party Application (Desktop) Application (Web-based) An Information System that is accessed by a user through software on their computer; the client software may also interact with a server application over a network such as the internet or intranet An Information System that is accessed by a user via a web browser over a network such as the Internet or an intranet Assurance see Assurance Level Authentication (Business) Authentication Authentication Level Authoritative Party see Level and Transaction Assurance Level The act of establishing or confirming something (or someone) as authentic, that is that claims made by or about the thing are true The process by which an individual or system s identity is determined by another by verifying the presented credentials of the strength of an authentication event An organization or individual that is trusted to be an authority on the identity related attributes or roles associated with users and subjects of services. Authoritative Parties may issue credentials. see Credential Service Providers IDIM s Package - Glossary of Key Terms Page 1

and s Branch Authoritative Party Proxy Authorization Biometric Biometric Authentication Business Role Claim (business) Claim Claims Based Profile Contact information An organization or system that acts on behalf of the original authoritative source The process to validate that a person has the permission to use a protected resource Physiological or behavioral aspects of an individual that can be measured and used to identify or verify that individual The automated use of biometric attributes to establish or verify an individual s identity (biometric recognition) Users may be associated with one or more business roles which describe the business function of the user. For each business role there is an Authoritative Party that manages the definition and use of the business role An assertion that something is true. (NOTE: for the purposes of the s Package, claim is used as related to identity) see Identity Claim An attribute related to an identity in a particular context An describing a scalable, privacy enhancing and secure way to exchange identity information (claims) between parties using electronic services Profile describing a specific secure communication protocol of requesting claims and sending claims between Information Systems or applications Information used to contact an individual or organization Reference Model Context see Identity Context Credential A physical or electronic object (or identifier) that is issued to, or associated with, one party by another party and attests to the truth of certain stated facts and/or confers a qualification, competence, status, clearance or privilege. Identity credentials can be IDIM s Package - Glossary of Key Terms Page 2

and s Branch cards, like a driver s license or smart card; documents like a passport; or, in the context of digital identities, a User ID and password or digital certificate Credential Service Provider Credential Strength Credential Strength Level Digital Certificate Digital Identity Digital Signature Federation Foundation Identity Credential Given name A party that issues and manages a credential (over its lifecycle) that asserts identity attributes or privileges associated with an individual A measure of the ability of the credential to withstand attack or compromise of the strength that can be placed in a credential An electronic credential that binds the identity of a user, organization or computer to their public key The electronic representation of a set of characteristics by which a person or thing is definitively recognized or known An electronic signature that can be used to authenticate the identity of the sender of an electronic message or the signer of a digital document. Considered to be legally binding A digital object or document that contains a token, such as a password or cryptographic key, used for authentication to bind to a digital identity. The information, types of evidence and verification processes that, when combined, provide sufficient confidence that individuals are who they say they are A technical approach where one security domain has a system to authenticate users and another security domain has a system that trusts the authenticating system A credential that establishes the foundation of an individual s identity in Canada (e.g. Birth Certificate, Citizenship Card, etc) A name other than a surname (includes first and middle names) (Adapted from the BC Name Act) IDIM s Package - Glossary of Key Terms Page 3

and s Branch Identification Identification Level Identity Identity Agent Level Model Identity Claim Identity Context The process of associating identity-related attributes with a particular person of the strength associated with an identification process A set of characteristics by which a person or thing is definitively recognized or known Software on an individual s personal computer or other device that acts on behalf of the individual by facilitating the flow of identity claims about the individual between Authoritative Parties and Relying Parties A measure of confidence that an identity claim or set of claims is true of the strength of assurance that can be placed in an identity claim or set of claims A four level model that illustrates several key concepts about Levels, their relationship to Transaction Assurance Levels and their dependency on registration processes, credential strength, authentication events and the underlying operational infrastructure and processes An assertion of the truth of something which pertains to a person s identity An identity claim could convey a single attribute such as an identifier (e.g. a student number) or it could convey that a person is part of a certain group or has certain entitlements (e.g. I am over 18, I am a company employee) A set of identity claims could provide sufficient identity attributes (e.g. name, date of birth address) to permit the identification of a person The environment or circumstances in which identity information is communicated and perceived. Individuals operate in multiple identity contexts (e.g., legal, social, employment, business, pseudonymous) and identify themselves differently based on the context Identity information A set of attributes used to describe a person and IDIM s Package - Glossary of Key Terms Page 4

and s Branch may be used to distinguish a unique and particular individual or organization Identity Metasystem A set of principles, practices, policies, processes and procedures that are used within an organization to manage identity information and realize desired outcomes concerning identity A model and architecture that represents how existing identity management infrastructure can be leveraged to provide secure access to information and systems. Similar to claims-based architecture Identity Provider see Authoritative Party Identity Selector see Identity Agent IDIM see Information Card Legal Name Multi-factor authentication Multi-factor credential A digital representation of an identity card. Contains a reference to the Identity Provider that issued it where a user can get a security token containing claims about their digital identity A name that a person uses for official or legal purposes Authentication that utilizes one or more credentials that incorporate multiple factors (e.g., something you know, something you have, or something you are) A credential that utilizes multiple factors of different types (e.g., something you know, something you have, or something you are) for authentication Name Given name or surname (or both) of an individual (adapted from the BC Name Act) Password Authentication The use of a password (a character string) known only by the user to verify an individual s identity IDIM s Package - Glossary of Key Terms Page 5

and s Branch Personal Information PIN Recorded information about an identifiable individual other than business contact information Personal Identification Number. A numeric password Freedom of Information and Protection of Privacy Act (RSBC 1996, c. 165) Pseudonym Registering Organization Relying Party (RP) (business) Relying Party (RP) A fictitious name used by an individual to conceal or obscure his or her identity A organization that collects and verifies identity claims a person makes during a registration process A party that controls access to a resource or service and relies on an Authoritative Party to provide identity assurance and identity related attributes about a user or subject An electronic service that requests claims about users from one or more Authoritative Parties so that it can apply its own security or access control policies to determine whether to allow the user access to a resource or service RP see Relying Party Security Token Smart Card Surname Transaction Assurance Level A package of data that contains claims that typically are digitally signed and encrypted to ensure security. It is used to prove identity to obtain access to a resource or service A high strength credential with an embedded chip that can be used for authentication The last name of a person (includes a family name and patronymic such as Mac or -son ) A pre-established assurance level (i.e., low, medium, high, very high) that applies to a transaction or service. It pre-sets the level of certainty in an identity claim that is needed to access information or (adapted from BC Name Act) IDIM s Package - Glossary of Key Terms Page 6

and s Branch conduct a transaction User Centric Web Services In the context of Identity, this describes providing users with choice, consent and control when sharing their identity and related information. This term also describes providing a consistent user experience and creating a less confusing service environment A technical approach to support interoperable machine-to-machine interaction over a network. The interaction may be to exchange information or invoke an action. It typically uses SOAP XML-based messages communicated over HTTP/HTTPS IDIM s Package - Glossary of Key Terms Page 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information