A statement from an attribute provider to a relying party that contains identity attributes about a subject. Assertions may also contain authentication or other identity information about the subject.
A claim of a named quality or characteristic inherent in or ascribed to someone or something.
Access control based on attributes associated with subjects, objects, targets, initiators, resources, or the environment. An access control rule set defines the combination of attributes under which access may take place.
A statement asserting a property of a subject without necessarily containing authentication or other identity information, independent of format. For example, for the attribute 'birthday', a claim could be 'older than 18' or 'born in December'.
Manages and provides assertions of identity attributes to other relying and federated parties.
A document that captures the security, privacy, data protection, and attribute management practices of a given attribute provider or party acting as an attribute provider for a given set of transactions.
Data providing information about the context and structure of an attribute. See metadata.
Data describing an asserted value for an associated attribute.
The decision to permit or deny a subject access to resources (e.g., network, data, application, services) based on the evaluation of access control policies.
An entity that issues digital credentials to subjects and issues or registers authenticators for subjects' use. A CSP may be an independent third party, or may issue credentials for its own use. A CSP may provide and verify attributes or may assert attributes provided and verified by other entities.
A process that allows for the conveyance of identity attributes and authentication information across a set of networked systems.
A CSP in a federation that manages the subject's primary authentication credentials and issues assertions derived from those credentials.
Structured information that describes, explains, locates, or otherwise makes it easier to retrieve, use, or manage an information resource. Metadata is often called data about information or information about information.
Information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a specific individual.
An entity that relies upon a subject’s authenticator(s) and credentials or an IDP's assertion of a subject’s identity, typically to process a transaction or to grant access to information or a system.
Refers to the process of establishing agreements between framework participants in order to develop metadata schema requirements consistent with community needs.