Roger Clarke's Web-Site© Xamax Consultancy Pty Ltd, 1995-2024 |
||||||
HOME | eBusiness |
Information Infrastructure |
Dataveillance & Privacy |
Identity Matters | Other Topics | |
What's New |
Waltzing Matilda | Advanced Site-Search |
Version of 15 February 2010
This is a supporting document to http://www.rogerclarke.com/ID/IdModel-1002.html
For other supporting documents, see http://www.rogerclarke.com/ID/IdModel-Supp-1002.html
© Xamax Consultancy Pty Ltd, 2009-10
Available under an AEShareNet licence or a Creative Commons licence.
This document is at http://www.rogerclarke.com/ID/IdModel-Gloss-1002.html
This file consolidates the definitions of terms in the author's 'A Sufficiently Rich Model of (Id)entity, Authentication and Authorisation'.
Access control: the set of processes comprising Pre-Authentication, Enrolment, Authentication and Authorisation
Account: a set of Data-items which together define and describe an Identity, and which enable Identity Authentication and Authorisation processes to be performed
Agency: the capacity of a particular Identity or Entity to act on behalf of another particular Identity or Entity
Anonym: an Identifier which cannot be associated with any particular Entity, whether from the data itself, or by combining it with other data
Anonymity: a characteristic of an Identity, whereby it cannot be associated with any particular Entity, whether from the data itself, or by combining it with other data
Assertion: a proposition relating to a fact, the quality of a Data-item, the value of an Entity, the Location of an Entity, an Attribute of an Entity or an Identity (including Agency), , an Entity, or an Identity
Attribute: a characteristic, in particular of an Entity or an Identity
Authentication: a process that establishes a level of confidence in an Assertion
Authentication strength: the degree of confidence achieved in a particular Assertion as a result of an Authentication process
Authenticator: an item of evidence used in the Authentication process
Authorisation: the process whereby it is determined what Permissions or Privileges a particular Entity or Identity is permitted
Credential: an Authenticator that conveys the imprimatur of some authority, such as a registrar
Data-item: a discrete element of data
Data silo: a set of Records used for a particular purpose, and not linked to other sets of records relating to the same Entities or Identities
Digital persona: a Record that is sufficiently rich to provide the record-holder with an adequate image of the represented Entity or Identity
Enrolment: that part of the Registration process which establishes the means for an effective and efficient Authentication process on each subsequent occasion that the User seeks access
Entification: the process whereby data is associated with a particular Entity. This is achieved by acquiring an Entifier for the Entity
Entifier: a set of Data-items that are together sufficient to distinguish a particular entity from others in the same category
Entity: a real-world thing
Entity assertion: an assertion that an Entifier is being appropriately used, or that the Entity in question is who or what it purports or is inferred to be
Entity authentication: the process whereby a level of confidence is achieved in an Entity Assertion
Entity credential: a Credential that assists in the Entity authentication process
Entity silo: an Entifier that is used for a restricted purpose
Evidence of entity: an Authenticator that assists in the Entity authentication process
Evidence of identity: an Authenticator that assists in the Identity authentication process
General-purpose identifier: an Identifier that is available for use for any purpose (cf. Identity silo and Multi-purpose identifier)
Identification: the process whereby data is associated with a particular Identity. This is achieved by acquiring an Identifier for the Identity
Identifier: a set of Data-items that are together sufficient to distinguish a particular identity from others in the same category
Identity: a real-world thing, but of virtual rather than physical form
Identity assertion: an assertion that an Identifier is being appropriately used, or that the Identity in question is who or what it purports or is inferred to be
Identity authentication: the process whereby a level of confidence is achieved in an Identity Assertion
Identity credential: a Credential that assists in the Identity authentication process
Identity management: a generic term for architectures, infrastructure and processes that support the Authentication of Identity Assertions
Identity silo: an Identity, and its associated Identifier(s), which are used for a restricted purpose (cf. Multi-purpose identifier and General-purpose identifier)
Loginid: an Identifier that distinguishes a particular User from other Users and non-users
Multi-purpose identifier: an Identifier that is used for multiple purposes (cf. Identity silo and General-purpose identifier)
Nym: a generic term encompassing both Anonym and Pseudonym
Nymity: a generic term encompassing both Anonymity and Pseudonymity
Permission: a capability that an Entity or Identity is permitted to perform (a synonym for Privilege)
Persistent Nym. A Nym that is used for an extended period of time
Pre-authentication: that part of the Registration process whereby the Assertion is tested that the Entity is an appropriate one to have an Identifier, Identity Authenticator(s) and Permissions created for it or assigned to it
Privilege: a capability that an Entity or Identity is permitted to perform (a synonym for Permission)
Pseudonym: an Identifier which may be able to be associated with a particular Entity, but only if legal, organisational and technical constraints are overcome
Pseudonymity: a characteristic of an Identity, whereby it may be able to be associated with a particular Entity, but only if legal, organisational and technical constraints are overcome
Record: a set of Data-items each of which relates to a particular Entity or Identity
Registration: the set of processes comprising Pre-Authentication and Enrolment
Simplified sign-on: a less ambitious and less insecure approach than Single sign-on, whereby a master-Account provides access to a number of Accounts rather than to all Accounts within a domain
Single sign-on: a service whereby each User has a single master-Account that enables access to all Accounts with all service-providers, or with all service-providers within some domain such such as that provided by their employer
Token: a recording medium on which an Entifier or Identifier may be recorded
User: an Entity that seeks access to system resources
Userid: a synomym for Loginid and Username
Username: a synonym for Loginid and Userid
Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in the Cyberspace Law & Policy Centre at the University of N.S.W., and a Visiting Professor in the Department of Computer Science at the Australian National University.
Personalia |
Photographs Presentations Videos |
Access Statistics |
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax. From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 75 million in late 2024. Sponsored by the Gallery, Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer |
Xamax Consultancy Pty Ltd ACN: 002 360 456 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 6916 |
Created: 16 May 2009 - Last Amended: 15 February 2010 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/ID/IdModel-Gloss-1002.html
Mail to Webmaster - © Xamax Consultancy Pty Ltd, 1995-2024 - Privacy Policy