IDEF Registry

A product, service, environment or facility which is usable by USERs with the widest range of capabilities. [ISO 9241-210]

The property of a system or system resource that ensures that the actions of a USER or AGENT may be traced uniquely to that USER or AGENT, which can then be held responsible for its actions. [RFC4949]

A non-human application or service acting in the digital environment on behalf of a human USER. Synonymous with “non-person entity” (NPE). See USER

ANONYMOUS: An interaction designed such that the data collected is not sufficient to infer the identity of the USER involved nor is such data sufficient to permit an entity to associate multiple interactions with a USER or to determine patterns of behavior with a USER.

A statement from an ATTRIBUTE provider to a RELYING PARTY. [NIST SP 800-63-2] NOTE: ASSERTIONs may be used to communicate CLAIMs, ATTRIBUTEs, IDENTIFIERs, or DIGITAL IDENTITIES. See CLAIM

A named quality or characteristic that is claimed to be inherent in or ascribed to someone or something. [IDESG Taxonomy]

“AUTHENTICATION” is defined in the IDEF Functional Model [FM] in part as a “Process of determining the validity of one or more CREDENTIALs used to claim a DIGITAL IDENTITY.” [FM] CREDENTIAL AUTHENTICATION: Process of determining the validity of one or more CREDENTIALs used to claim a DIGITAL IDENTITY. [IDESG Taxonomy] DIGITAL IDENTITY AUTHENTICATION: Process used to achieve sufficient confidence in the binding between the USER or AGENT and the presented DIGITAL IDENTITY. [OpenID Connect]

“AUTHORIZATION” is defined in the IDEF Functional Model [FM] in part as a “Process of granting or denying requests for specific access to resources.” [FM]

A statement about the USER or AGENT asserting a property of the USER or AGENT without necessarily containing identity information. NOTE: CLAIMs refer to the content of an ASSERTION rather than the specific source and destination. See ASSERTION

Safeguards and Countermeasures prescribed for an information system or employed within an entity. See Security-Control and Privacy Control.

A set of data presented as evidence of a claimed DIGITAL IDENTITY. [IDESG Taxonomy]

“CREDENTIALING” is defined in the IDEF Functional Model [FM] in part as a “Process to bind an established DIGITAL IDENTITY with a CREDENTIAL.” [FM]

The property that data has not been inappropriately altered.

The property that data has not been inappropriately altered.

An ATTRIBUTE set that can be uniquely distinguished in a given context and can be used for a digital interaction. [IDESG Taxonomy]

DIGITAL IDENTITY MANAGEMENT FUNCTIONS: Activities and services associated with identity management.  It includes each of the functions described in the IDESG Functional Model (registration, credentialing, authentication, authorization, and intermediation), which also encompass enrollment, identity proofing, identity vetting, access control, attribute management, transaction processing, and identity data maintenance.

ENTITY / ENTITIES: Any organization providing or using identity services. [IDESG IDEF][UXC-Dict] NOTE: The correct usage of ENTITY is “Organization providing or using identity services”; synonymous with Service Provider in the ID Ecosystem. USER should be used for persons. AGENT should be used for non-persons. NOTE: The word “actor” has been employed in this Glossary to replace the term “entity” previously used in some definitions, where ENTITY (as an organization) is not exclusively intended.

An association comprising any number of service providers and IDENTITY PROVIDERS. [SAML v2.0] NOTE: This definition concerns IDENTITY and CREDENTIAL FEDERATIONs

IDENTIFIERS: numbers or other non-attribute designations designed to specify individuals or sets of individuals in a system.

ATTRIBUTE or value that can be used to distinguish a DIGITAL IDENTITY. [IDESG Taxonomy]

see DIGITAL IDENTITY

An ENTITY that creates, maintains, and manages trusted identity information. [NSTAC]

An event involving two or more actors. See TRANSACTION

A term given to a set of design areas that focuses on the INTERACTION value of content, as opposed to its presentation or information value. The INTERACTION topics include USER interface controls, error handling, and feedback systems. The term “INTERACTION DESIGN” is intended to differentiate these topics from other topics for purposes of evaluation and development. [Human Factors]

“INTERMEDIATION” (or “Transaction Intermediation”) is defined in the IDEF Functional Model in part as “Processes and procedures that limit linkages between TRANSACTIONs and facilitate CREDENTIAL portability.” [FM]

The ability of independent systems to exchange meaningful information and initiate actions from each other, in order to operate together to mutual benefit. In particular, it envisages the ability for loosely-coupled independent systems to be able to collaborate and communicate. [NSTAC]

See the IDESG Baseline Requirement “PRIVACY-1. DATA MINIMIZATION” [Reqts]

AUTHENTICATION using two or more different factors to achieve AUTHENTICATION. Factors include something one knows (e.g., password/PIN), something one has (e.g., cryptographic identification device, token), or something one is (e.g., biometric). [SP 800-53]

NONPROPRIETARY PUBLISHED FORMAT/SPECIFICATION: a known and consistent format that is published and transparent to all RELYING-PARTIES and IDENTITY-PROVIDERS in the relevant network, and is not controlled by a commercial interest. [IDESG IDEF]

A route or routes of events, actions or INTERACTIONs leading to a defined result. [UXC-Dict]

PERSONAL INFORMATION: broadly means any information about or linked to a USER that is collected, used, transmitted, or stored in or by digital identity management functions. [IDESG IDEF]

Creating USER access accounts and assigning privileges or entitlements within the scope of a defined process or INTERACTION; providing USERs with access rights to applications and other resources that may be available in an environment; may include the creation, modification, deletion, suspension or restoration of a defined set of privileges. [ABAC]

PSEUDONYMOUS: An interaction designed such that the data collected is not sufficient to allow the entity to infer the USER involved but which does permit an entity to associate multiple interactions with the USER’s claimed identity.

REDRESS: When (a) an entity offers an opportunity for a party who is transacting with it to complain or ask for adjustment, if the transaction is unsatisfactory to that other party; and (b) the entity responds clearly to each request of that kind; and (c) if the request relates to the entity’s failure to comply with the IDESG Baseline Requirements, the entity cures the failure to comply, or provides a remedy for the failure.

“REGISTRATION” is defined in the IDEF Functional Model in part as a “process that establishes a DIGITAL IDENTITY for the purpose of issuing or associating a CREDENTIAL.” [FM]

Actor that relies on an identity ASSERTION or CLAIM. [ISO/IEC 29115]

OPEN STANDARDS are standards made available to the general public and are developed (or approved) and maintained via a collaborative and consensus driven process. OPEN STANDARDS facilitate INTEROPERABILITY and data exchange among different products or services and are intended for widespread adoption. (ITU-T) See also: IDESG Standards Adoption Policy v2.0 [SAPv2]

Something that the claimant possesses and controls that is used to authenticate the claimant’s DIGITAL IDENTITY. [IDESG Taxonomy]

A specialized form of INTERACTION that involves an exchange of some kind. See INTERACTION

Extent to which a system, product or service can be used by USERs to achieve specified goals with effectiveness, efficiency and satisfaction in a specified context of use. [ISO/IEC 9241-210]

USER: An individual human being. See AGENT

1. In USABILITY statements, refers to an individual human being. This does not include machines, algorithms, or other non-human agents or actors. Equivalents and related terms may include: user-centric, user-centered, human-centered, end user, individual user, user-friendly.
2. In SECURITY statements, may refer either to an individual natural person, or to an entity such as a company or agency: Various security requirements may confer opportunities, rights or remedies on a party or account which is served by a cybersecurity function, whether that account relates to a single human or to an organization.

For definitions of user, user-centric and others, see the NSTIC Strategy (page 8 and throughout) : https://www.whitehouse.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf

USER-CENTRIC: Systems, design and/or program processes that put the individual human being at the center of the activity. Equivalents and related terms may include: USER, user-centered, human-centered, end user, individual user, user-friendly. [IDESG IDEF] [UXC-Dict]

A USER’s perceptions and responses resulting from the use of an ENTITY’s services as rendered by expected USER AGENTs.