Identification terminology
How terms related to identification management are used.
Dictionary definitions are sourced from the Collins Dictionary.
Agreed terms
These terms have been agreed through practice and/or consultation on specific topics.
| Term | Definition |
|---|---|
|
accountable |
responsible for some action; answerable [Source: expanded Dictionary meaning of accountable] Additional note Note 1: For roles such as Credential Provider and Relying Party, it is the primary publicly accessible party. |
|
affected party |
a party that could be influenced; acted upon [Source: expanded Dictionary meaning of affected] Additional notes For identification risk, the affected parties have been identified as:
|
|
anonymous |
not easily distinguished from others or from one another because of a lack of individual features or character [Source: Dictionary] |
|
assurance |
a statement, assertion, etc. intended to inspire confidence or give encouragement [Source: Dictionary] |
|
attribute |
(noun) a characteristic or quality of a person or thing [Source: Dictionary] |
|
authentication |
process for establishing an authenticator is genuine or as represented [Source: expanded Dictionary meaning of authenticate] |
|
authenticator |
things known and/or possessed and controlled by an entity that are used to be recognised when they return to an organisation [Source: Based on NIST SP 800-63-3 Digital Identity Guidelines] |
| authenticator holder |
the entity to which an authenticator was initially bound; the rightful holder [Source: New definition] |
|
authoritative |
possessing or supported by authority; official [Source: Dictionary] Additional notes Note 1: Indigenous peoples, society and industry communities can nominate a party as authoritative. It’s possible that such a party is subject to legal controls. |
|
binding |
(noun) the action of a person or thing that binds [Source: Dictionary] |
|
challenge |
(verb) to order (a person) to halt and be identified or to give a password [Source: Dictionary] Additional note Note 1: A ‘challenger’ issues a challenge and a ‘responder’ replies. |
|
comply ~ance |
to act in accordance with rules, wishes, etc; be obedient (to) [Source: Dictionary] |
|
consequence |
outcome of an event affecting objectives [Source: ISO Guide 73:2009] Additional notes Note 1: An event can lead to a range of consequences. Note 2: A consequence can be certain or uncertain and can have positive or negative effects on objectives. Note 3: Consequences can be expressed qualitatively or quantitatively. Note 4: Initial consequences can escalate through knock-on effects. |
|
context |
environment with defined boundary conditions in which entities exist and interact [Source: ITU-T X.1252] |
|
control |
(noun) measure that is modifying risk [Source: ISO Guide 73:2009 — modified to add note 3] Additional notes Note 1: Controls include any process, policy, device, practice, or other actions which modify risk. Note 2: Controls may not always exert the intended or assumed modifying effect. Note 3: When using Assessing identification risk guidance to calculate levels of identity process, these are not included as controls. |
|
control |
(verb) to command, direct, or rule [Source: Dictionary] Additional notes Note 1: Control is also used outside the context of risk mitigation. For example, to indicate the ability for an authenticator holder to retain use of their authenticator. |
| correlate ~ion |
to place or be placed in a mutual, complementary, or reciprocal relationship [Source: Dictionary] |
| credential |
an artefact created as the result of a series of processes that bind an entity with information and an authenticator, on which other parties rely Additional note: Note 1: At a minimum a credential includes an authenticator and information to enable presentation |
| credential provider |
the party accountable for the establishment and presentation facilitation of a credential Additional note Note 1: A Credential Provider may employ other parties in the carrying out of their function. |
|
derived value |
value obtained by reasoning; deduction or inference [Source: expanded Dictionary meaning of derive] |
|
enrol ~ment |
to become or cause to become a member; enlist; register [Source: Dictionary] |
|
entity |
something that has real or distinct existence from other things [Source: Dictionary] |
|
federate |
united by common agreement under an authority [Source: Dictionary – modified to remove central government] |
|
forgery |
the act of reproducing something for a deceitful or fraudulent purpose [Source: Dictionary] |
|
identification |
the act of identifying or the state of being identified [Source: Dictionary] |
identity theft |
the theft or assumption of a pre-existing identity (or significant part thereof) with or without consent, and, whether, in the case of an individual, the person is living or deceased [Source: Australian Centre for Policing Research] |
|
level of risk |
magnitude of a risk or combination of risks, expressed in terms of the combination of consequences and their likelihood [Source: ISO Guide 73:2009] |
|
likelihood |
chance of something happening [Source: ISO Guide 73:2009] Additional notes Note 1: In risk management terminology, the word “likelihood” is used to refer to the chance of something happening, whether defined, measured or determined objectively or subjectively, qualitatively or quantitatively, and described using general terms or mathematically (such as a probability or a frequency over a given time period). Note 2: The English term “likelihood” does not have a direct equivalent in some languages; instead, the equivalent of the term “probability” is often used. However, in English, “probability” is often narrowly interpreted as a mathematical term. Therefore, in risk management terminology, “likelihood” is used with the intent that it should have the same broad interpretation as the term “probability” has in many languages other than English. |
|
mechanism |
a process or technique, esp. of execution [Source: Dictionary] |
|
one-time password OTP |
a password that is valid for only 1 login session or transaction [Source: Wikipedia] Additional notes Note 1: Also known as one-time pin or dynamic password. Note 2: Generation can be time-based OTP (TOTP) or event-based OTP also known as hash-based message authentication codes (HMAC) (HOTP). |
|
orphan ~ed |
entity information that is not bound to an entity or authenticator |
|
party |
an entity who participates or is concerned in an action, proceeding, plan, etc. [Source: Dictionary – modified to include non-persons] |
|
present ~ation |
(verb) to offer or hand over for action or settlement [Source: Dictionary] |
|
pseudonymous |
using a pseudonym [Source: Dictionary] Additional notes A pseudonym being an identifier that may relate to an individual entity but does not allow the entity to be identifiable outside the context. |
|
relying party |
the accountable party who relies on presented credential/s in order to make decisions Additional notes Note 1: A Relying Party may employ other parties in the carrying out of their function. |
|
replication |
the act of repeating, duplicating, copying, or reproducing [Source: Dictionary] |
|
risk |
effect of uncertainty on objectives [Source: ISO Guide 73:2009] Additional notes Note 1: An effect is a deviation from the expected — positive and/or negative. Note 2: Objectives can have different aspects (such as financial, health and safety, information security, and environmental goals) and can apply at different levels (such as strategic, organisation-wide, project, product and process). Note 3: Risk is often characterized by reference to potential events and consequences, or a combination of these. Note 4: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood of occurrence. Note 5: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood. |
|
self-sovereign |
(concept) an entity having sole ownership over the ability to control their accounts and information [Source: Based on searchsecurity.techtarget.com] |
|
service |
a system or method of providing people with the use of something, as electric power, water, transportation, mail delivery, etc. [Source: Dictionary] Additional notes Note 1: Today service has a broader application than utilities, such as finance, employment and compliance services. Note 2: A service may contain 1 or more transactions. |
|
session |
an unbroken interactive information interchange between 2 or more entities [Source: Wikipedia (computer science) – modified] |
|
spoofing |
<biometric system> presenting a recorded image or other biometric data sample, or an artificially derived biometric characteristic, in order to impersonate an individual [Source: ISO/IEC TR 24714-1:2008] |
|
subject |
entity that is the focus of entity information |
|
synchronise ~ous |
to occur or recur or cause to occur or recur at the same time or in unison [Source: Dictionary] |
|
transaction |
one or more exchanges between an individual and an organisation in a process related to a specific outcome Additional notes Note 1: A single transaction may constitute a step in a segmented process or result in the completion of an end to end process. Note 2: A service is usually made up of several transactions. |
Evolving terms
Terms in this space are either still being developed, used inconsistently or insufficiently defined. Once they have a consistent context and use within the material of this site, they will be moved to the agreed terms section.
| Term | Definition |
|---|---|
|
identifier |
information that is enough to uniquely represent an entity in a given context |
|
identity |
one or more attributes that allow an entity record to be unique from all others in the context Additional note Note 1: Due to the contextual nature of the attributes that make up an identity and its poor interaction with other words, use of the word ‘identity’ as a descriptor should be avoided wherever possible. |
Last Updated
Page last updated:
