Roger Clarke's Web-Site

© Xamax Consultancy Pty Ltd,  1995-2024
Photo of Roger Clarke

Roger Clarke's '(Id)Entity Model Glossary

A Pragmatic Model of Id/Entity Management (Id/EM)
Glossary

Version of 27 April 2024

Revised version, to support a set of articles on IdEM

Roger Clarke **

© Xamax Consultancy Pty Ltd, 2004-24

Available under an AEShareNet Free
for Education licence or a Creative Commons 'Some
Rights Reserved' licence.

This document is at http://rogerclarke.com/ID/IDM-G.html

This document supersedes the version of 8 April 2024, and the previous versions of 23 June 2023 and 18 June 2022


[ Some degree of change-tracking is achieved by using strikethrough and underlining. ]

[ The current version may need some revisions once a careful review has been undertaken of recent versions of the set of papers that the Glossary supports. ]

Abstract World means a space in which humans create elements, which may be intended to, or may be assumed to, represent aspects of the Real World, in which case the representation may be more or less reliable

Access Control means a process within the Operational Phase of Id/Entity Management which utilises previously recorded Permissions to establish a Session that enables a User to exercise the appropriate Permissions

Account means the data-holdings or profile associated with an Actor or Id/Entity-Instance for which an Authorization process has created a Permission

Active Imposed Digital Persona: An Imposed Digital Persona that enables the person controlling it to influence the actions of the Id/Entity associated with it

Active Projected Digital Persona: A Projected Digital Persona that is capable of taking actions as an agent for the individual

Actor means any Real-World Thing capable of Action on a Resource, including humans and some categories of artefact

Action means an operation performed:

Anonym means an Identifier that cannot be associated with any particular Entity-Instance, whether from the Data itself, or by combining it with other Data

Anonymity means that characteristic of an Identity, whereby it cannot be associated with any particular Entity, whether from the Data itself, or by combining it with other Data

Assertion means an expression of knowledge about one of more elements of the pragmatic metatheoretic model

Attribute means a characteristic of an element at the Conceptual Model level, in particular of an Entity, Identity or a Transaction

Authentication means a process that uses Evidence to establish a degree of confidence in the reliability of an Assertion

Authenticator means an item of Evidence

Authorization means a process within the Registration Phase of Id/Entity Management, whereby an Authorization Authority decides whether or not to declare that an Actor has one or more Permissions in relation to a particular IS or Physical Resource

Authorization Authority means an Entity with legal or practical power (de juré or de facto) to determine whether and what Permissions a particular Actor has in relation to a particular IS or Physical Resource

Authorized User. See User

Avatar means a visual representation or embodiment of a Digital Persona, static or moving, which represents, or substitutes for, the (or an) underlying Id/Entity

Candidate-Identifier means any combination of Data-Items in a Record that is considered capable of achieving reliable matches against the relevant Data-Items in another Record

Codified Knowledge means Data that is expressed and recorded in a more or less formal language

Conceptual Model means a representation of a system at more abstract level than a Data Model, reflecting the modeller's perception of Phenomena, by postulating Entities and Entity-Instances and presentations of Entities called Identities (to represent Things), and Transactions (to represent Events), with Relationships of various kinds among them, each of which may have Attributes (to represent Properties)

Confirmatory Information means evidence that reinforces a tentative judgement or opinion

Content is a collective word for Data, in particular for that Data which is included within a particular instance of a Storage-Medium

Context means the prevailing circumstances, or (in decision theory) a collection of settings of environmental variables

Credential means an Authenticator that carries the imprimatur of some form of Authority

Credential Authority means an Id/Entity that is recognised as providing assurance regarding the reliability of an Authenticator

Data means any symbol, sign or measure that is in a form accessible to a person and/or an artefact

Database means a collection of Files or Data-Sets

Data-Format is a technical specification for the recording of Data on a Storage-Medium

Data-Item means a storage-location in which a discrete Data-Item-Value can be represented

Data-Item-Value means the Content of a particular Data-Item within a particular Record. It may Empirical Data or Synthetic Data

Data Model means a representation of a system at a less abstract level than a Conceptual Model, which has as its focus Data that represents the Conceptual Model's abstract notions

Data-Record means a collection of Data-Items that refers to a single Real-World Thing or Event

Data-Set means a collection of Records. Also File

Decision means a commitment to a course of action

Digital Persona means a model of an Id/Entity's public personality, based on Data, and intended for use as a proxy for the Id/Entity. Operationally, a Data-Record sufficiently rich to provide an adequate image of the represented Id/Entity

Domain means the set of valid Data-Item-Values that can appear in a particular Data-Item

Empirical Data means Data that is intended to represent a Property of a Real-World Phenomenon

End User means a User that is provided Permissions for application purposes

Enrolment means a process within the Registration Phase of Id/Entity Management, in which Data is recorded to enable the Operational Phase to be conducted in an effective and efficient manner

Entification means a process whereby Data is associated with a particular Entity by acquiring or postulating an Entifier for the Entity

Entifier means a set of Data-items that are together sufficient to distinguish a particular Entity-Instance from others in the same category

Entity means an element at the Conceptual-Model level that models a Real-World Physical Thing

Entity Assertion is a claim that a particular Physical Thing is appropriately associated with one or more Entity-Records, by means of one or more Entifiers

Entity-Attribute is an element of a Conceptual Model that represents a Real-World Property of a Thing

Entity Authentication means a process that establishes a degree of confidence in the reliability of an Entity Assertion

Entity-Instance means a particular instance of an Entity

Entity-Record means a collection of Data-Items that refer to a single Physical Thing

Event means a Real-World occurrence that gives rise to changes in the Properties of Things

Evidence means Data that assists in determining a level of confidence in the reliability of an Assertion

Evidence of Entity (EoE) means one or more Authenticators used in relation to Entity Assertions

Evidence of Identity (EoI) means one or more Authenticators used in relation to Identity Assertions. The term Proof of Identity (PoI) is deprecated

File means a collection of Records. Also Data-Set

Function means a general description of a cluster of activities and Tasks that together form a cohesive whole

General-Purpose Identifier means an Identifier that was designed for, or has come to be used for, any and all purposes (cf. Identity Silo and Multi-Purpose Identifier)

Identification means a process whereby Data is associated with a particular Identity by acquiring or postulating an Identifier for the Identity

Identifier means a set of Data-items that are together sufficient to distinguish a particular Identity-Instance from others in the same category

Identity means an element at the Conceptual-Model level that models a Real-World Virtual Thing, e.g. arising from an Entity's performance in a particular Role

Identity Assertion means a claim that a particular Virtual Thing is appropriately associated with one or more Identity-Records, by means of one or more Identifiers

Identity-Attribute: An element of a Conceptual Model that represents a Real-World Property of a Thing

Identity Authentication means a process that establishes a degree of confidence in the reliability of an Identity Assertion

Identity-Instance means a particular instance of an Identity

Identity Management (IdM) means the architectures, infrastructure and processes conventionally used to support the Authentication of Identity Assertions. For a replacement notion that overcomes IdM's deficiencies, see Id/Entity Management (Id/EM)

Identity-Record means a collection of Data-Items that refer to a single Virtual Thing

Identity Silo means an Identity, and its associated Identifier(s), that are used for a restricted purpose (cf. Multi-Purpose Identifier and General-Purpose Identifier)

Id/Entification means a process within either the Registration or Operational process of Id/Entity Management, whereby Data is associated with a particular Id/Entity. This necessarily involves the provision, acquisition or postulation of either an Identifier (for Identification) or an Entifier (for Entification)

Id/Entifier means a set of Data-Items that are together sufficient to distinguish a particular Id/Entity-Instance in the Abstract World from other Id/Entity Instances

Id/Entity encompasses both Entity and Identity, and means an element of the Abstract World that models a Real-World Physical Thing (in the case of an Entity) or Virtual Thing (in the case of an Identity)

Id/Entity-Instance means a particular instance of an Id/Entity

Id/Entity Authentication means a process that establishes a degree of confidence in the reliability of an Id/Entity Assertion

Id/Entity Management (Id/EM) means the architecture, infrastructure and processes whereby access to Resources is enabled for appropriate Identity-Instances, and otherwise denied. It is a replacement for conventional Identity Management (IdM), designed to overcome IdM's inherent weaknesses

Imposed Digital Persona means a Digital Persona controlled by someone other than the individual it is associated with

Imposter means an Actor that is improperly recognised as another Actorachieves Authentication and is thereby able to exercise Permissions that have been granted to a particular Id/Entity, despite not being an appropriate Entity to be authenticated as that particular Id/Entity

Information means Data that makes a difference, or Data that has value, or Data that has Relevance in a particular Context

Information System (IS) means a set of interacting elements that performs one or more functions involving the handling of Data and Information, including data creation, editing, processing and storage; and information selection, filtering, aggregration, presentation and use

Information Technology (IT) means artefacts designed for the purpose of supporting IS

IS discipline comprises researchers concerned with systematic data creation and information production, communication and use, and their management, impacts and implications

IS profession comprises practitioners concerned with systematic data creation and information production, communication and use, and their management, impacts and implications

IS Resource means Data or Process in the Abstract World, on which an Actor is capable of undertaking an Action. See also Resource and Physical Resource

Knowledge means:

  1. the matrix of impressions within which an individual situates newly acquired information (naturalistic interpretation); and
  2. a body of facts and principles accumulated by humankind over the course of time (mechanistic interpretation)

Login means a process whereby an an Actor communicates a request to exercise Permissions granted to a particular Id/Entity, which triggers an Operational Authentication process, and, if successful, an Access Control process, which creates a Session

Masquerade means one or more Actions by an Imposter in relation to a particular Resource

Metadata means Data that describes an Attribute of some other Data-related construct

Model means an Abstract-World representation of a Real-World System

Multi-Purpose Identifier means an Identifier that was designed for, or has come to be used for, multiple purposes (cf. Identity Silo and General-Purpose Identifier)

Nym is a generic term encompassing both Anonym and Pseudonym

Nymity is a generic term encompassing both Anonymity and Pseudonymity

Operational Authentication means a process within the Operational Phase of Id/Entity Management, which utilises previously-recorded Means of Authentication, to achieve a degree of confidence in the reliability of an Id/Entity Assertion

Operational Phase means the main phase of Id/Entity Management, comprising Id/Entification, Authentication and Access Control processes

Permission means an entitlement, or legal or practical (de juré or de facto) authority, to be provided with the capability to perform a specified Action in relation to a specified IS or Physical Resource, for a particular Purpose, Use, Function or Task:

Actor-Instance may-perform Action-Instance on { Resource, Resource-Instance }

Permission Breach means an Action in relation to a particular Resource that is performed other than in accordance with the Permission granted, whether through malfunction or other than for the particular Purpose, Use, Function or Task for which the Permission was granted

Persistent Nym is a Nym that is used for an extended period of time

Personal-Data-De-Identification is a process that purports to prevent Data from being reliably associated with the relevant human Id/Entity (if any)

Personal-Data-Re-Identification is a process that, despite the prior application of a Personal-Data-De-Identification process, purports to reliably associate Data with the relevant human Id/Entity

Personal-Data-Falsification is a process whereby Personal Data is changed in such a manner that is rendered valueless for any purpose relating to the administration of relationships between organisations and particular individuals. It converts Empirical Data, that reflects an Attribute of A Real-World human Id/Entity, into Synthetic Data that represents a plausible Phenomenon, but not a real one

Personal-Data-Item is a Data-Item that purports to be associated with a human Id/Entity

Personal-Data-Item-Value is a Data-Item-Value that purports to represent some Attribute of a human Id/Entity

Phenomenon is a collective term for Real-World Physical and Virtual Things, Events and Properties

Physical Resource means a Thing, Event or Property in the Real World, on which an Actor is capable of undertaking an Action. See also Resource and IS Resource

Physical Thing means a static Real-World Phenomenon with corporeal form. See also Thing and Virtual Thing

Pre-Authentication means a process within the Registration Phase of Id/Entity Management, in which Evidence is acquired and evaluated, to establish a degree of confidence in the reliability of Assertions of Id/Entity Assertion and of the appropriateness of providing that Id/Entity with a Permission

Projected Digital Persona means a Digital Persona under the control of the individual

Proof of Identity (PoI) is a deprecated term for an Authenticator used in relation to Identity Assertions. See instead Evidence of Identity (EoI)

Property means an aspect, feature or characteristic of a Phenomenon

Property Assertion means a claim that a particular Thing has a particular Property, based on one or more particular Data-Item-Values in one or more particular Id/Entity Records.

Pseudonym means an Identifier that may be able to be associated with a particular Entity-Instance, but only if legal, organisational and technical constraints are overcome

Pseudonymity means that characteristic of an Identity whereby it may be able to be associated with a particular Entity, but only if legal, organisational and technical constraints are overcome

Purpose means a general category of Uses to which a Resource may be put

Real World means a space in which Phenomena called Things are postulated to exist and Events are postulated to occur. See also Abstract-World

Real-World Data: See Empirical Data

Record means a collection of Data-Items that refers to a single Real-World Thing or Event. See also Entity-Record, Identity-Record and Transaction-Record

Record-Key means any one or more Data-Items held in a Data-Record whose value(s), alone or in combination, are sufficient to distinguish that Data-Record from other Data-Records. See also Entifier and Identifier

Refutative Information means evidence that contradicts a tentative judgement or opinion

Registration Phase means the preliminary phase of Id/Entity Management, comprising Id/Entification, Pre-Authentication, Authorization and Enrolment processes

Relationship means a linkage between two elements within the Conceptual Model level

Relationship-Attribute means an Atttribute of a Relationship

Relevance, in relation to particular Data, means the capacity of that Data to affect a particular Context

Relying Party means an Id/Entity that relies on Evidence that is purported to support an Assertion

Resource means either an IS Resource or a Physical Resource

Role means a coherent pattern of behaviour performed in a particular context

Session means a period of time during which a User is able to exercise its Permissions in relation to particular Resources

Storage-Medium means a Real-World Object whose purpose is to store Data

Subject means any Thing capable of action on an IS or Physical Resource

Surprisal Value means value arising because Data-Item-Value is not what was expected

Synthetic Data means Data that bears no direct relationship to any real-world Phenomenon

System means a set of interacting Real-World Id/Entities whose interactions give rise to behaviour that is materially different from the behaviour of the elements individually

System User means a User that is provided Permissions for system management purposes

Tacit Knowledge means insights that are informal and intangible, that exist only in the mind of a particular person, and that are experiential, procedural or propositional

Task means a specific activity in relation to an IS or Physical Resource

Text is a collective word for Content in Data-Formats that are intended to convey natural languages

Thing means a static Real-World Phenomenon. See also Physical Thing and Virtual Thing

Token means a recording medium on which useful Data is stored, such as one ore more Id/Entifiers, Authenticators and/or Credentials

Transaction is an element of a Conceptual Model that corresponds with a Real-World Event

Transaction-Attribute means an Attribute of a Transaction that reflects a Real-World Property that the modeller considers to be relevant to the purpose

Transaction-Instance means a specific instance of a Transaction

Transaction-Record means a collection of Data-Items that refer to a single Event

Use means a specific category of Purpose to which a Resource may be put

User means an authenticated Id/Entity that is provided with a Session that enables it to exercise its Permissions to perform particular Actions in relation to particular Resources. Aka: Authorized User. See also End User and System User

Value:

Virtual Thing means a static Real-World Phenomenon that does not have corporeal form. See also Thing and Physical Thing

Wisdom means well-informed judgement, exercised by applying decision criteria to Codified or Tacit Knowledge combined with new Information, possibly also embodying an appreciation of values and/or also applying negotiation among stakeholders in order to seek a best, or least-worst, outcome in terms of the impacts on each of those stakeholders' value-sets


Author Affiliations

Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor associated with the Allens Hub for Technology, Law and Innovation in UNSW Law, and a Visiting Professor in the Research School of Computer Science at the Australian National University.



xamaxsmall.gif missing
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.

From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 75 million in late 2024.

Sponsored by the Gallery, Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916

Created: 18 June 2022 - Last Amended: 27 April 2024 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/ID/IDM-G.html
Mail to Webmaster   -    © Xamax Consultancy Pty Ltd, 1995-2024   -    Privacy Policy