...
Baseline use case (matches constellation C01)
Subject | Entity whose identity can be authenticated | Synonymous with Principal in X.1252, ISO 29115; Caveat: The definition includes all trust service providers, but use cases imply that only users (service consumers) are meant |
Relying Party | Entity that relies on identity-related claims by a asserting entity | In general use except in STORK |
Identity Provider | Provider who manages identity information for Principals and provides identity-based services | Not a Kantara term; defined in X.1252 and STORK |
Delegated Identity Management (constellation C10)
Attribute Provider | SP that manages and asserts attributes for Principals |
|
CSP (Credential Service Provider | Provider supporting the verification of identities, the issuance of identity related tokens, and their subsequent management |
|
RA (Registration Authority) | An entity validating the identity and claims of applicants but does not issue or manage credentials |
|
...
Identity Federation (extension of constellation C32)
Attribute Authority | A party whose authority to make claims is recognized by one or more relying parties |
|
Assessor | Entity that evaluates an ETS or service provider's compliance using the Service Assessment Criteri |
|
Auditor | Organization assessing entities and their services to establish their compliance with a policy |
|
Federation Operator | Entity that defines standards and manages memberships and compliance with policy for its respective federation |
|
Identity Broker | Provider that interfaces Relying Parties to a federation and aggregates federation relationships to simplify the interface for a RP |
|
PMA (Policy Management Authority |
|
|
Trust Anchor | The cryptographic service that serves as the top-most authority and is agreed out of the technical trust protocol |
|
Underwriter | Insurance company that underwrite a specific risk of of a trust service provider to cover its liability |
|
...