Decoding ISO definitions is both an art and science.
ISO definitions use the 'replacement rule' approach - this means that wherever a defined term appears in text, the reader can directly substitute the definition and the resulting text shall make sense.
Or, in ISO Directives-speak: "The definition shall be written in such a form that it can replace the term in its context."
So, when you read the following description of Identity Assurance, these defined terms come into play:
SC 27/WG 5 describes Identity Assurance as:
identity assurance is the term used to describe an assured process where:
An identity is established through verification of a set of identity attributes using acceptable evidence or validated systemically against an authoritative data source; then
This identity is bound to the entity.
The outcome of the process is one or more assured identifiers that can be used as the basis for authentication.
The process and the organization operating the process are assured in accordance with a defined policy that includes:
- A governance body or authority;
- A policy specification that is systemized in a process;
- One or more organizations that operate the process;
- The detection of policy violations, anomalies and indicators of compromise, and actions to address them;
- One or more organizations that assure and enforce the process and the processing organizations.
...
<<NOTE: Need to change the order of the terms to the same as used above - look for any odd usages etc>>
Term | Definition | |||
---|---|---|---|---|
entity | item inside or outside an information and communication technology system, such as a person, an organization, a device, a subsystem, or a group of such items that has recognizably distinct existence | |||
identity | set of attributes related to an entity | |||
attribute | characteristic or property of an entity that can be used to describe its state, appearance, or other aspects | |||
identifier | identity information that unambiguously distinguishes one entity from another one in a given domain | |||
identity assurance | level of assurance in the result of identification | |||
identification | process of recognizing an entity in a particular domain as distinct from other entities | |||
identity | set of attributes related to an entity | |||
verification | process to determine that presented identity information associated with a particular entity is applicable for the entity to be recognized in a particular domain at some point in time | |||
domain | environment whereattribute | characteristic or property of an entity | can use a set of attributes for identification and other purposesthat can be used to describe its state, appearance, or other aspects | |
identity information | set of values of attributes optionally with any associated metadata in an identity | authentication | ||
identity evidence | identity information for an entity required for authentication of that entity | |||
authenticated identity | identity information for an entity created to record the result of authentication | identity assurance | level of assurance in the result of identification||
entity | item inside or outside an information and communication technology system, such as a person, an organization, a device, a subsystem, or a group of such items that has recognizably distinct existence | |||
identifier | identity information that unambiguously distinguishes one entity from another one in a given domain | |||
authentication | formalized process of verification that, if successful, results in an authenticated identity for an entity | |||
enrolment | process to make an entity known within a particular domain | |||
identity proofing or initial entity authentication | particular form of authentication based on identity evidence that is performed as the condition for enrolment | |||
enrolment | process to make domain | environment where an entity known within a particular domain | identity evidence | identity information for an entity required for authentication of that entitycan use a set of attributes for identification and other purposes |