Overview#

You will not find a simple, single definition on Identity or Digital Identity. Here are some that we have run across that we think are best:

• Digital Identity is a set of attributes related to an Entity. ISO 29115
• Digital Identity is a representation of a set of Claims made by one Party about itself or another Entity.[1]
• Identity is how we keep track of people and things and, in turn, how they keep track of us.[2]

Digital Identity implies that Identification (i.e. that the Entity has been separated from the Anonymity Set) has been performed and the Digital Identity is NOT Anonymous.

Digital Identity has one or more Identifiers which MAY be referred to as Identity Attributes

Context#

Digital Identity exists within a provided context which usually involves a Relationship which might be within one of the Following:

• Organizational Entity
• Government Entity
• Social

Digital Identity Enrollment#

A Digital Identity can be created on the fly when a particular identity transaction is desired (Example: OpenID Connect), or persisted in a Data Store to provide a referenceable Digital Identity representation.

Typically when a Digital Identity is created there is a Identity Proofing process

A Digital Identity may be signed by a Digital Identity Provider (IDP) to provide a Level Of Assurance to a Relying Party

Digital Identity, Authentication, Authorization #

Digital Identity, Authentication and Authorization are separate and distinct.

Digital Identity are the Claims (Attributes or Identifiers) for a specific entity that provide Identification

Authentication is the process of establishing a Level Of Assurance that the Identification is authentic.

Authorization is when a Trustor grants a Permission to a Digital Identity (a Trustee) to perform a privilege against a Target Resource

Digital Identity is Also Know as#

There are many terms used to represent essentially the same thing.

• Resource Owner is used in OAuth 2.0
• Subject is used in Security Assertion Markup Language (SAML)
• User is often used
• Principal is often used
• Consumer of services may be used

Please do NOT use Account. An Account is a some place where a Digital Identity puts an Asset. (Just a thing with Ldapwiki folks.)

Digital Identity, well Identity, is a Facet Of Building Trust

Digital Identity Classification#

There two broad Digital Identity Classifications:

• foundational identity - is a multi-purpose, allowing access to multiple services or Resources.
• functional identity - solely for a narrowly defined service or Resource. For example, a medical insurance card is used to access health care and a voter ID card serves the purpose of conducting a vote

People love to make up words and phrases to express themselves.

Digital Identitys may be classified by the type of Identity Provider (IDP):

• Organizational Identity
• Government Identity
• Social Identity
• Anonymous Identity

Digital Identity might also be classified by the Relationship as:

• Employee (B2E)
• Customer (B2C)
• Partners (B2B)
• Contractor (B2B)
• Vender (B2B)
• Citizen

classified by the Identity Management Framework of the Digital Identity:

• User-centric Identity
  • Self-Sovereign Identity
• Multi-Source Identity

Digital Identitys may be Classified as one of the following:

• Privileged Identity which may be further Classified
• NORMAL_ACCOUNT

Digital Identity and Context#

A given Digital Identity is typically related to a given Context.

How a Digital Identity relates to a Digital Subject#

There should be some further understandings about how a Digital Identity relates to a Digital Subject:

• A Digital Identity is a set of Attributes about a Digital Subject for a specific Context
• For any given Digital Subject there will typically exist multiple Digital Identities. For Example:
  • Yahoo
  • Google
  • Microsoft
  • their bank
  • their Employee Digital Identity from the company where they work.

Digital Identity Data Stores#

Within an Organizational Entity (i.e think of a company there may be the following Data Stores:

• Human Resources
• LDAP
• Microsoft Active Directory
• Databases

There is probably a Employee with a Digital Identity defined in each of these Data Stores. Each one of these Data Stores has Attribute Values or Identifiers which could be presented to a Verifier as a Claim so each of them has a seperate Digital Identity that is associated with the same Employee. The combination of these Digital Identities is the Digital Subject within the Organizational Entity. Some folks refer to this as an Identity Cube.

More Information#

There might be more information for this subject on one of the following:

• API-Gateway
• Access Control Engine
• Access Control Models
• Access Proxy
• Account
• Account Expiration
• Account Inactivity
• Account Restrictions
• Account termination
• Act (Actor) Claim
• Adaptive Risk
• Administrative Identity
• Anonymous Identity
• Assurance Level
• AtMention
• Authentication
• Authenticator
• Bandit-project.org
• Blockchain
• Blockchain Identity
• Blockstack
• Bring Your Own Identity
• Business Entity
• Business to Business
• CardSpace
• CertiPath
• Certificate
• Certificate Issuer
• Chip Card
• Claim
• Computer account
• CoreID
• Credential
• Curators
• Customer Relationship Management
• Data Accuracy
• Data aggregator
• De-anonymization
• Decentralized Identity
• Delegation vs Impersonation
• DigiD
• Digital Context
• Digital Identity
• Digital Identity Acceptance Policy
• Digital Subject
• Domain Administrative Accounts
• Domain of OneS Own
• E-residency
• Emergency Identity
• Enrollment
• Enterprise Directory
• Entitlement
• Entitlement Example
• Entity
• Example Certificate
• Federated Identity
• Federation
• Federation Models
• G-Suite User
• GCP Identity
• Geolocation Attributes
• Glossary Of LDAP And Directory Terminology
• Google Account
• Government Entity
• Government Identity
• Group
• Higgins Project
• Hyperledger
• Hyperledger Indy
• IAM Charter
• IDM The Application Developers Dilemma
• IDPro
• IMA Interoperability Framework
• IMA Technical Reference Architecture
• Identifiable
• Identification
• Identifier
• Identify and Authenticate access to system components
• Identity Assurance
• Identity Attributes
• Identity Aware Proxy
• Identity Broker
• Identity Correlation
• Identity Credential and Access Management
• Identity Cube
• Identity Data Store
• Identity Document
• Identity Governance and Administration
• Identity Lifecycle Management
• Identity Management Architecture
• Identity Proofing
• Identity Relation
• Identity Relationship Framework
• Identity Relationship Management
• Identity Sovereignty
• Identity State
• Identity Token
• Identity Trust Framework
• Identity Vault
• Identity Verification Service
• Identity and Access Management
• Impersonation
• Independent Identity
• Information Cards
• Internet of Things
• Intruder Detection
• Iss
• Item of Interest
• JML
• JSON Web Token Best Current Practices
• JSON-LD Examples
• Joiner
• Juridical Person
• Knowledge-Based Authentication
• LIGHTest
• LOA 1
• LOA 2
• LOA 3
• Law of Consistent Experience Across Contexts
• Law of Directed Identity
• Law of Human Integration
• Law of Justifiable Parties
• Law of Pluralism of Operators and Technologies
• Law of User Control and Consent
• Leavers
• Legal Person
• Legitimacy of Social Login
• Lightweight Ethereum Identity
• Local Administrative Accounts
• Local Identity
• Local Security Authority
• MIT TRUST DATA CONSORTIUM
• MSFT Access Token
• Maverick Research The Death of Authentication
• Movers
• NIST.SP.800-63A
• NIST.SP.800-63C
• NOT_DELEGATED
• National Identification Number
• National Strategy for Trusted Identities in Cyberspace
• Neo-Security Stack
• Network Attributes
• Non-Governmental Entity
• Non-person entity
• OAuth 2.0 Token Revocation
• Online
• Open Identity Exchange
• OpenID
• OpenID Connect
• Openliberty.org
• Organizational Attributes
• Organizational Entity
• Organizational Identity
• Password
• Permid
• Persistent Compute Objects
• Persona
• Personal Entity
• Personal Identification Number
• Privacy Considerations
• Privileged Identity
• Profile
• Profile Management
• Provisioning
• Proxy-Authorization
• RFC 7643
• RFC 7644
• RSA SecurID
• Registration
• Relative IDentifier
• Relying Party
• Repudiation
• Resource
• Resource Provisioning
• Risk-Based Authentication
• Robotic Process Automation
• SAFE-BioPharma
• SAML
• SAML Web Browser Profiles
• SCIM Object
• Secure Production Identity Framework For Everyone
• Security Account Manager
• Security Domain
• Security Information and Event Management
• Security Token
• Self-Sovereign Identity
• Self-regulating Provisioning
• Service Account
• Single Sign-On Scenarios
• Social Identity
• Social Login
• Social Websites
• Something You Know
• Sovrin
• Sovrin Foundation
• Sybil
• System for Cross-domain Identity Management
• TLS Client Authentication
• TRUSTED_FOR_DELEGATION
• TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
• Ten Principles of Self-Sovereign Identity
• The Laws of Relationships
• The Seven Laws Of Identity
• Token
• Touch ID
• Trust
• Trust Model
• User Self Service
• User-centric Identity
• Username
• Vectors of Trust
• Verifier
• Voice recognition
• Web Blog_blogentry_020918_1
• Web Blog_blogentry_030117_1
• Web Blog_blogentry_031017_1
• Web Blog_blogentry_041118_1
• Web Blog_blogentry_140316_1
• Web Blog_blogentry_161018_1
• Web Blog_blogentry_230717_1
• Web Blog_blogentry_250816_1
• WebID
• What Is IDM
• Windows Logon
• XDAS Trust Management Events
• Yadis
• Yadis ID
• Zero Trust

---

• [#1] - The Seven Laws Of Identity/TheLawsOfIdentity.pdf
• [#2] - A Primer on Functional Identity - based on information obtained 2017-08-14