Overview#
You will not find a simple, single definition on Identity or Digital Identity. Here are some that we have run across that we think are best:- Digital Identity is a set of attributes related to an Entity. ISO 29115
- Digital Identity is a representation of a set of Claims made by one Party about itself or another Entity.[1]
- Identity is how we keep track of people and things and, in turn, how they keep track of us.[2]
Digital Identity implies that Identification (i.e. that the Entity has been separated from the Anonymity Set) has been performed and the Digital Identity is NOT Anonymous.
Digital Identity exists within a provided context, usually some Data Store which might be within one of the Following:
When the Digital Identity is in a Data Store and a Credential is also maintained within the Data Store, the Data Store may be referred to as a Credential Repository
A Digital Identity has one or more Identifiers which MAY be referred to as Identity Attributes
Digital Identity Enrollment#
A Digital Identity can be created on the fly when a particular identity transaction is desired (Example: OpenID Connect), or persisted in a Data Store to provide a referenceable Digital Identity representation.Typically when a Digital Identity is created there is a Identity Proofing process
A Digital Identity may be signed by a Digital Identity Provider (IDP) to provide a Level Of Assurance to a Relying Party
Sovereign-source Identity is a Digital Identity created and maintained by a person for their own purposes
Digital Identity, Authentication, Authorization #
Digital Identity, Authentication and Authorization are separate and distinct.Digital Identity are the Claims (Attributes or Identifiers) for a specific entity that provide Identification
Authentication is the process of establishing a Level Of Assurance that the Identification is authentic.
Authorization is when a Trustor grants a Permission to a Digital Identity (a Trustee) to perform a privilege against a Target Resource
Digital Identity is Also Know as#
There are many terms used to represent essentially the same thing.- Resource Owner is used in OAuth 2.0
- Subject is used in Security Assertion Markup Language (SAML)
- User is often used
- Principal is often used
- Consumer of services may be used
Please do NOT use Account. An Account is a some place where a Digital Identity puts an Asset. (Just a thing with Ldapwiki folks.)
Digital Identity, well Identity, is a Facet Of Building Trust
Digital Identity Types#
People love to make up words and phrases to express themselves.- Organizational Identity
- Government Identity
- Social Identity
- Self-Sovereign Identity
- Anonymous Identity
How a Digital Identity relates to a Digital Subject#
There should be some further understandings about how a Digital Identity relates to a Digital Subject:- A Digital Identity is a set of Attributes about a Digital Subject for a specific Context
- For any given Digital Subject there will typically exist multiple Digital Identities. For Example:
Within an Organizational Entity (i.e think of a company there may be the following Data Stores:
There is probably a Employee with a Digital Identity defined in each of these Data Stores. Each one of these Data Stores has Attribute Values or Identifiers which could be presented to a Verifier as a Claim so each of them has a seperate Digital Identity that is associated with the same Employee. The combination of these Digital Identities is the Digital Subject within the Organizational Entity. Some folks refer to this as an Identity Cube.More Information#
There might be more information for this subject on one of the following:- API-Gateway
- Access Control Engine
- Access Control Models
- Access Proxy
- Account Expiration
- Account Inactivity
- Account Restrictions
- Account termination
- Act (Actor) Claim
- Adaptive Risk
- Administrative Identity
- Anonymous Identity
- Assurance Level
- Authentication
- Authenticator
- Bandit-project.org
- Blockchain
- Blockchain Identity
- Blockstack
- Business Entity
- CardSpace
- CertiPath
- Certificate
- Certificate Issuer
- Chip Card
- Computer account
- CoreID
- Credential
- Curators
- Customer Relationship Management
- Data Accuracy
- Data aggregator
- De-anonymization
- Decentralized Identifier
- Delegation vs Impersonation
- Digital Context
- Digital Identity
- Digital Identity Acceptance Policy
- Digital Subject
- Domain Administrative Accounts
- Domain of OneS Own
- E-residency
- Emergency Identity
- Enrollment
- Enterprise Directory
- Entitlement
- Entitlement Example
- Entity
- Example Certificate
- Federated Identity
- Federated Identity Management
- Federation
- Federation Models
- G-Suite User
- GCP Identity
- Geolocation Attributes
- Glossary Of LDAP And Directory Terminology
- Google Account
- Government Entity
- Government Identity
- Group
- Higgins Project
- Hyperledger
- IAM Charter
- IDM The Application Developers Dilemma
- IDPro
- IMA Interoperability Framework
- IMA Technical Reference Architecture
- Identifiable
- Identification
- Identifier
- Identify and Authenticate access to system components
- Identity Assurance
- Identity Attributes
- Identity Aware Proxy
- Identity Broker
- Identity Correlation
- Identity Credential and Access Management
- Identity Cube
- Identity Data Store
- Identity Document
- Identity Governance and Administration
- Identity Lifecycle Management
- Identity Management Architecture
- Identity Proofing
- Identity Relation
- Identity Relationship Management
- Identity Sovereignty
- Identity State
- Identity Token
- Identity Verification Service
- Identity and Access Management
- Impersonation
- Independent Identity
- Information Cards
- Internet of Things
- Intruder Detection
- Iss
- Item of Interest
- JML
- JSON Web Token Best Current Practices
- JSON-LD Examples
- Joiner
- Juridical Person
- Knowledge-Based Authentication
- LIGHTest
- LOA 1
- LOA 2
- LOA 3
- Law of Consistent Experience Across Contexts
- Law of Directed Identity
- Law of Human Integration
- Law of Justifiable Parties
- Law of Pluralism of Operators and Technologies
- Law of User Control and Consent
- Leavers
- Legal Person
- Legitimacy of Social Login
- Local Administrative Accounts
- MIT TRUST DATA CONSORTIUM
- Maverick Research The Death of Authentication
- Movers
- NIST.SP.800-63A
- NIST.SP.800-63C
- NOT_DELEGATED
- National Strategy for Trusted Identities in Cyberspace
- Neo-Security Stack
- Network Attributes
- Non-Governmental Entity
- Non-person entity
- OAuth 2.0 Token Revocation
- Open Identity Exchange
- OpenID
- OpenID Connect
- Openliberty.org
- Organizational Attributes
- Organizational Entity
- Organizational Identity
- Permid
- Persistent Compute Objects
- Persona
- Personal Entity
- Personal Identification Number
- Privacy Considerations
- Privileged Identity
- Profile
- Profile Management
- Provisioning
- Proxy-Authorization
- RFC 7643
- RFC 7644
- RSA SecurID
- Registration
- Relying Party
- Repudiation
- Resource
- Resource Provisioning
- Risk-Based Authentication
- SAFE-BioPharma
- SAML
- SAML Web Browser Profiles
- SCIM Object
- Secure Production Identity Framework For Everyone
- Security Account Manager
- Security Domain
- Security Information and Event Management
- Security Token
- Self-regulating Provisioning
- Service Account
- Single Sign-On Scenarios
- Social Identity
- Social Login
- Social Websites
- Something You Know
- Sovereign-source Identity
- Sovrin
- Sovrin Foundation
- Sybil
- System for Cross-domain Identity Management
- TRUSTED_FOR_DELEGATION
- TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
- The Laws of Relationships
- The Seven Laws Of Identity
- Token
- Touch ID
- Trust
- Trust Model
- User Self Service
- Username
- Vectors of Trust
- Verifier
- Voice recognition
- Web Blog_blogentry_030117_1
- Web Blog_blogentry_031017_1
- Web Blog_blogentry_140316_1
- Web Blog_blogentry_230717_1
- Web Blog_blogentry_250816_1
- WebID
- What Is IDM
- Windows Logon
- XDAS Trust Management Events
- Yadis
- Yadis ID
- Zero Trust
- [#1] - The Seven Laws Of Identity/TheLawsOfIdentity.pdf
- [#2] - A Primer on Functional Identity
- based on information obtained 2017-08-14
