This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Credential
Credential

Version management

Difference between version and

At line 1 added 66 lines
!!! Overview
A [{$pagename}] is a [claim] (or set of [claims]) made by an [entity] about an [Digital Identity].[1]
A [Credential Holder] makes a [Claim] that the password for a specific [Digital Identity] has a specific value. Or a [Credential Holder] may just supply that they [Authenticated] the [Digital Identity] to some specific [Level Of Assurance]
[Authentication] is the process of the [Verification] of a [{$pagename}]
[{$pagename}] may be as subtle as a [Website] associating an [IP Address] with a [cookie]. Although this [{$pagename}] may have a very low [Level Of Assurance], it is a method of [Authentication] and an [Identification] which separates this specific [Entity] from the [Anonymity Set].
[{$pagename}] is [evidence] of an [entity]’s claimed [Identification].
!! [{$pagename}] types
[{$pagename}]s come in many types, from physical papers, [Identity Documents] and cards (such as a passport or [Payment Card]) to electronic items (such as a [password] or digital [certificate]), and often incorporate anti-tamper features.
Within the [United States federal government] a [Personal Identity Verification] ([PIV]) is a [credential].
[{$pagename}] regardless what type, associate an identity with an [entity] (typically via an identifier) and identify the [Organizational Entity] that issued the [{$pagename}]:
* Your [Driver License] includes a license number, your name, and a state seal.
* An [Payment Card] includes a card number, your name, and a corporate symbol.
* A PIV credential contains a picture, the issuing agency logo, and [cryptographic] key pairs
Some [{$pagename}] indicate [authorizations] granted to the [entity] by the issuing [Organizational Entity]. For [example], a [Driver License] includes the [authorization] to drive a car.
Unlike identities, [{$pagename}] generally expire. If an identity continues past the expiration date of the [{$pagename}], a new credential is issued:
* Your [Driver License] expires after so many years and you receive a new one.
* Your [Payment Card] expires after so many years and you receive a new one.
* Your [PIV] credential expires after three to six years and you receive a new one.
A [{$pagename}] that is lost or compromised before it expires may be revoked by the organization that issued it. Credentials can incorporate something you know (such as a password or PIN), something you have (such as a card), or something you are (such as a fingerprint or iris). Some credentials incorporate more than one option, and are referred to as two-factor or three-factor or multi-factor.
As with [Identity Proofing], [{$pagename}]s have different [Level Of Assurance] depending on the strength required. The [{$pagename}] for accessing your bank account is likely stronger than the credential for accessing your health club.
!! Good [{$pagename}]
A good [{$pagename}] must meet the following criteria:
* easy to remember
* easy to change
* hard to guess
* hard to [intercept|Data In Transit]
then it's a good set of credentials.
!! [Derived Credential][2]
[NIST] has defined Derived credentials to refer to credentials that are derived from those in a [Personal Identity Verification] ([PIV]) card or [Common Access Card] ([CAC]) and carried in a [Mobile Device] instead of the card. A [CAC] card is a [PIV] card issued by the [United States Department of Defense]
We assume this would be similar to the adding of a [Payment Card] to a [Digital Wallet].
[NIST.SP.800-157] is titled "Guidelines for Derived Personal Identity Verification (PIV) Credentials".
The Electronic Authentication Guideline, [NIST.SP.800-63], defines a derived credential more broadly as:
A [credential] issued based on [Proof-of-Possession] and control of a [claim] associated with a previously issued [credential], so as not to duplicate the [Identity Proofing] process.
!! [Compromised Credential]
[Compromised Credentials] are any [Credentials] that the Owner is not in control of or that another [entity] has gained access to the [credential]
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Identity Credentials 1.0|https://opencreds.org/specs/source/identity-credentials/|target='_blank'] - based on information obtained 2017-10-15-
* [#2] - [Protecting Derived Credentials without Secure Hardware in Mobile Devices|http://pomcor.com/2014/04/01/protecting-derived-credentials-without-secure-hardware-in-mobile-devices/|target='_blank'] - based on information observed on 2014-04-02
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop