Electronic Credentials
Paper credentials are documents that attest to the identity or other attributes of an individual or entity called the subject of the credentials. Some common paper credentials include passports, birth certificates, driver’s licenses, and employee identity cards.
The credentials themselves are authenticated in a variety of ways: traditionally perhaps by a signature or a seal, special papers and inks, high quality engraving, and today by more complex mechanisms, such as holograms, that make the credentials recognizable and difficult to copy or forge. In some cases, simple possession of the credentials is sufficient to establish that the physical holder of the credential is indeed the subject of the credentials.
More commonly, the credentials contain biometric information such as the subject’s description, a picture of the subject or the handwritten signature of the subject, which can be used to authenticate that the holder of the credentials is indeed the subject of the credentials. When these paper credentials are presented in-person, authentication biometrics contained in those credentials can be checked to confirm that the physical holder of the credential is the subject.
Electronic identity credentials bind a name and perhaps other attributes to a token. This recommendation does not prescribe particular kinds of electronic credentials. There are a variety of electronic credential types in use today, and new types of credentials are constantly being created. At a minimum, credentials include identifying information that permits recovery of the records of the registration associated with the credentials and aname that is associated with the Subscriber. In every case, given the issuer and the identifying information in the credential, it must be possible to recover the registration records upon which the credentials are based. Electronic credentials may be general-purpose credentials or targeted to a particular Verifier.
Some common types of credentials are:
- X.509 public key identity certificates that bind an identity to a public key;
- X.509 attribute certificates that bind an identity or a public key with some attribute;
- Kerberos tickets that are encrypted messages binding the holder with some attribute or privilege.
Electronic credentials may be stored as data in a directory or database. These credentials may be digitally signed objects (e.g., X.509 certificates), in which case their integrity may be verified. In this case, the directory or database may be an untrusted entity, since the data it supplies is self-authenticating. Alternatively, the directory or database server may be a trusted entity that authenticates itself to the Relying Party or Verifier. When the directory or database server is trusted, unsigned credentials may simply be stored as unsigned data.
8 Responses to “Electronic Credentials”
What are the elements of an authentication process ?
1) Person or Group Seeking Authentication
2) Distinguishing Characteristics for Authentication
3) The Authenticator
4) The Authentication Mechanism
5) Access Control Mechanism
6) Types of Authentication
7) Authentication Methods
Who designed SSL ?
Secure Sockets Layer (SSL) is an industry standard protocol designed by Netscape
Communications Corporation for securing network connections
What is a DMZ ?
A DMZ (Demilitarized Zone)is a segment of a network or a network between the protected network and the external network.
The purpose of a DMZ on an organization network is to provide some insulation and extra security.
What is ARPANET ?
The ARPANET (Advanced Research Projects Agency Network) was developed by ARPA of the United States Department of Defense (DOD) , and was the predecessor of the global Internet.
interesting post
a very good article about Electronic Credentials