About identification management
Effective identification management helps organisations to reduce and/or prevent fraud, loss of privacy and identity theft by applying good practice processes during the enrolment of an entity, on-going interactions and use of credentials.
The identification management elements
Diagram 1: Relationship between the identification management elements
Read detailed description
This diagram shows a triangle representing the connection between Entities, Relying Party’s, Credentials and Credential Providers.
At the top of the triangle is an Entity (in this example a person). At the lower left of the triangle is a Relying Party (in this example a building representing an organisation). At the lower right of the triangle is a Credential Provider (in this example a different building representing an organisation).
At the centre of the triangle is a Credential (in this example represented by a mobile device and an access card).
The connection between Entity and Relying Party is labelled Enrolment. The connection between Entity and Credential Provider is labelled Credential Management. The connection between Relying Party and Credential Provider is labelled Facilitation.
An arrow labelled ‘presents credential’ points from the Entity to the Relying Party. Another arrow labelled ‘establishes credential’, points from the Credential Provider towards the Entity.
Descriptions of the elements and their relationships
An Entity can be a person or machine that can present a Credential to a Relying Party providing them with assurance that certain identification management processes have been previously carried out.
The Relying Party relies on the presentation of Credentials in order to interact with Entities and conduct its business effectively.
The Credential Provider establishes credentials for Entities and can facilitate their presentation to Relying Parties.
A Credential is an artefact that is established for an Entity, after a series of processes that bind the Entity to information and an authenticator. A Credential can include or be associated with mechanisms to enable its presentation to the Relying Party.
The process the Credential Provider undertakes to provide an Entity with a Credential.
The process of an Entity presenting a Credential to the Relying Party.
The processes the Relying Party undertakes to register an Entity within their context. Presentation of 1 or more Credentials can occur during these processes.
The processes the Credential Provider undertakes to ensure the Credential remains up to date and reliable.
The process where the Credential Provider has an active role in the presentation of a Credential to the Relying Party. Not all presentations of a Credential need the Credential Provider to be involved in the presentation process (for example, document-based Credentials and some self-sovereign Credentials).
Relying party becoming a Credential Provider
A Relying Party (or organisation) can become a Credential Provider when they have completed an enrolment process and decide to establish a credential that will be relied upon by other Relying Parties in the future. For example, a passport, practicing licence, or staff access card.
Identification management and other practices
Identity and identity management tend to focus on attributes and their management rather than the wider processes and human behaviours essential to prevent identity theft and the impacts of this. The material in this website takes a different approach to the area, to solve many of the problems that have been hampering effective development of solutions.
Privacy and security
Identification management is a practice that is separate from, but closely related to Privacy and Security. While several requirements within the Identification Management Standards contribute to information privacy and security, they do not replace the need to apply relevant standards within these separate practices.
Diagram 2: Relationship between practices