Main Nav

Sorry for cross posts…

 

I’m looking for any published definitions of ‘Electronic Authentication Credential’.

NSTIC calls them ‘Trusted Credentials’ I believe.

 

I seem to see ‘credential’ used everywhere but defined nowhere.

 

Anyone have a URL?

 

Thanks,

 

Mark Jones
Manager, Systems Analyst & Programming  


Academic Technology | Software Engineering|
7000 Fannin | Suite, 780 | Houston, TX 77030 |
713 500 3508 tel | 713 500 0313 fax|

www.uth.tmc.edu/oac

 

AttachmentSize
image001.jpg6.49 KB

Comments

NIST definition: “Credential: Evidence attesting to one’s right to credit or authority”

Reference: FIPS-201 -2, Personal Identity Verification (PIV) of Federal Employees and Contractors (REVISED DRAFT), http://csrc.nist.gov/publications/PubsDrafts.html#FIPS-201--2

 

 

Michael G. Carr, JD, CISSP, CIPP

Chief Information Security Officer

The University of Kentucky

122 James F. Hardymon Bldg

Lexington  KY  40506-0495

Desk: (859) 218-0306

Mobile: (513) 295-3067

Michael.Carr@UKy.edu

 

Security/Privacy Tip:  Think before you text and always password protect your phone. 

 

 

 

 

 

 

Message from psxgr@nottingham.ac.uk

Hi, Mark. Here are a few of the definitions I've come across in my research: (US) NIST SP-800-63-1: "Credential: An object or data structure that authoritatively binds an identity (and optionally, additional attributes) to a token possessed and controlled by a Subscriber. While common usage often assumes that the credential is maintained by the Subscriber, this document also uses the term to refer to electronic records maintained by the CSP which establish a binding between the Subscriber’s token and identity." (p.8) (See also several other related definitions in the same section, including Derived Credential, Strongly/Weakly Bound Credential, etc.) http://csrc.nist.gov/publications/nistpubs/800-63-1/SP-800-63-1.pdf (US) FICAM Trust Framework Provider Adoption Process: "E-Authentication Credential: An object that authoritatively binds an identity (and optionally, additional attributes) to a token possessed and controlled by a person." (p.40) http://www.idmanagement.gov/documents/trustframeworkprovideradoptionproc... (EU) Modinis Study on Identity Management in eGovernment: "Credential: A credential is a piece of information attesting to the integrity of certain stated facts. Credentials are primarily used in the process of entity authentication, and are then often incorporated in an authentication token, e.g., a smart card, bank card, mobile phone, etc. Note that credentials are not always integrated into a token: in certain systems, a password might function as a credential, despite the lack of a medium carrying the information. Certificates are a common type of credential in a PKI system, where they often take the form of so-called attribute certificates: a credential attesting to the integrity of one or more attribute values with identification information about the corresponding entity. Credentials are typically revocable." (p.9) https://www.cosic.esat.kuleuven.be/modinis-idm/twiki/pub/Main/GlossaryDo... Best regards, Gilad -- Gilad L. Rosner PhD Candidate Horizon Doctoral Training Centre School of Computer Science University of Nottingham http://uk.linkedin.com/in/glrosner ________________________________________

Sorry for cross posts…

 

I’m looking for any published definitions of ‘Electronic Authentication Credential’.

NSTIC calls them ‘Trusted Credentials’ I believe.

 

I seem to see ‘credential’ used everywhere but defined nowhere.

 

Anyone have a URL?

 

Thanks,

 

Mark Jones
Manager, Systems Analyst & Programming  


Academic Technology | Software Engineering|
7000 Fannin | Suite, 780 | Houston, TX 77030 |
713 500 3508 tel | 713 500 0313 fax|

www.uth.tmc.edu/oac

 

Sorry for cross posts…

 

I’m looking for any published definitions of ‘Electronic Authentication Credential’.

NSTIC calls them ‘Trusted Credentials’ I believe.

 

I seem to see ‘credential’ used everywhere but defined nowhere.

 

Anyone have a URL?

 

Thanks,

 

Mark Jones
Manager, Systems Analyst & Programming  


Academic Technology | Software Engineering|
7000 Fannin | Suite, 780 | Houston, TX 77030 |
713 500 3508 tel | 713 500 0313 fax|

www.uth.tmc.edu/oac

 

NIST definition: “Credential: Evidence attesting to one’s right to credit or authority”

Reference: FIPS-201 -2, Personal Identity Verification (PIV) of Federal Employees and Contractors (REVISED DRAFT), http://csrc.nist.gov/publications/PubsDrafts.html#FIPS-201--2

 

 

Michael G. Carr, JD, CISSP, CIPP

Chief Information Security Officer

The University of Kentucky

122 James F. Hardymon Bldg

Lexington  KY  40506-0495

Desk: (859) 218-0306

Mobile: (513) 295-3067

Michael.Carr@UKy.edu

 

Security/Privacy Tip:  Think before you text and always password protect your phone. 

 

 

 

 

 

 

Message from psxgr@nottingham.ac.uk

Hi, Mark. Here are a few of the definitions I've come across in my research: (US) NIST SP-800-63-1: "Credential: An object or data structure that authoritatively binds an identity (and optionally, additional attributes) to a token possessed and controlled by a Subscriber. While common usage often assumes that the credential is maintained by the Subscriber, this document also uses the term to refer to electronic records maintained by the CSP which establish a binding between the Subscriber’s token and identity." (p.8) (See also several other related definitions in the same section, including Derived Credential, Strongly/Weakly Bound Credential, etc.) http://csrc.nist.gov/publications/nistpubs/800-63-1/SP-800-63-1.pdf (US) FICAM Trust Framework Provider Adoption Process: "E-Authentication Credential: An object that authoritatively binds an identity (and optionally, additional attributes) to a token possessed and controlled by a person." (p.40) http://www.idmanagement.gov/documents/trustframeworkprovideradoptionproc... (EU) Modinis Study on Identity Management in eGovernment: "Credential: A credential is a piece of information attesting to the integrity of certain stated facts. Credentials are primarily used in the process of entity authentication, and are then often incorporated in an authentication token, e.g., a smart card, bank card, mobile phone, etc. Note that credentials are not always integrated into a token: in certain systems, a password might function as a credential, despite the lack of a medium carrying the information. Certificates are a common type of credential in a PKI system, where they often take the form of so-called attribute certificates: a credential attesting to the integrity of one or more attribute values with identification information about the corresponding entity. Credentials are typically revocable." (p.9) https://www.cosic.esat.kuleuven.be/modinis-idm/twiki/pub/Main/GlossaryDo... Best regards, Gilad -- Gilad L. Rosner PhD Candidate Horizon Doctoral Training Centre School of Computer Science University of Nottingham http://uk.linkedin.com/in/glrosner ________________________________________

Sorry for cross posts…

 

I’m looking for any published definitions of ‘Electronic Authentication Credential’.

NSTIC calls them ‘Trusted Credentials’ I believe.

 

I seem to see ‘credential’ used everywhere but defined nowhere.

 

Anyone have a URL?

 

Thanks,

 

Mark Jones
Manager, Systems Analyst & Programming  


Academic Technology | Software Engineering|
7000 Fannin | Suite, 780 | Houston, TX 77030 |
713 500 3508 tel | 713 500 0313 fax|

www.uth.tmc.edu/oac

 

Sorry for cross posts…

 

I’m looking for any published definitions of ‘Electronic Authentication Credential’.

NSTIC calls them ‘Trusted Credentials’ I believe.

 

I seem to see ‘credential’ used everywhere but defined nowhere.

 

Anyone have a URL?

 

Thanks,

 

Mark Jones
Manager, Systems Analyst & Programming  


Academic Technology | Software Engineering|
7000 Fannin | Suite, 780 | Houston, TX 77030 |
713 500 3508 tel | 713 500 0313 fax|

www.uth.tmc.edu/oac

 

NIST definition: “Credential: Evidence attesting to one’s right to credit or authority”

Reference: FIPS-201 -2, Personal Identity Verification (PIV) of Federal Employees and Contractors (REVISED DRAFT), http://csrc.nist.gov/publications/PubsDrafts.html#FIPS-201--2

 

 

Michael G. Carr, JD, CISSP, CIPP

Chief Information Security Officer

The University of Kentucky

122 James F. Hardymon Bldg

Lexington  KY  40506-0495

Desk: (859) 218-0306

Mobile: (513) 295-3067

Michael.Carr@UKy.edu

 

Security/Privacy Tip:  Think before you text and always password protect your phone. 

 

 

 

 

 

 

Message from psxgr@nottingham.ac.uk

Hi, Mark. Here are a few of the definitions I've come across in my research: (US) NIST SP-800-63-1: "Credential: An object or data structure that authoritatively binds an identity (and optionally, additional attributes) to a token possessed and controlled by a Subscriber. While common usage often assumes that the credential is maintained by the Subscriber, this document also uses the term to refer to electronic records maintained by the CSP which establish a binding between the Subscriber’s token and identity." (p.8) (See also several other related definitions in the same section, including Derived Credential, Strongly/Weakly Bound Credential, etc.) http://csrc.nist.gov/publications/nistpubs/800-63-1/SP-800-63-1.pdf (US) FICAM Trust Framework Provider Adoption Process: "E-Authentication Credential: An object that authoritatively binds an identity (and optionally, additional attributes) to a token possessed and controlled by a person." (p.40) http://www.idmanagement.gov/documents/trustframeworkprovideradoptionproc... (EU) Modinis Study on Identity Management in eGovernment: "Credential: A credential is a piece of information attesting to the integrity of certain stated facts. Credentials are primarily used in the process of entity authentication, and are then often incorporated in an authentication token, e.g., a smart card, bank card, mobile phone, etc. Note that credentials are not always integrated into a token: in certain systems, a password might function as a credential, despite the lack of a medium carrying the information. Certificates are a common type of credential in a PKI system, where they often take the form of so-called attribute certificates: a credential attesting to the integrity of one or more attribute values with identification information about the corresponding entity. Credentials are typically revocable." (p.9) https://www.cosic.esat.kuleuven.be/modinis-idm/twiki/pub/Main/GlossaryDo... Best regards, Gilad -- Gilad L. Rosner PhD Candidate Horizon Doctoral Training Centre School of Computer Science University of Nottingham http://uk.linkedin.com/in/glrosner ________________________________________

Sorry for cross posts…

 

I’m looking for any published definitions of ‘Electronic Authentication Credential’.

NSTIC calls them ‘Trusted Credentials’ I believe.

 

I seem to see ‘credential’ used everywhere but defined nowhere.

 

Anyone have a URL?

 

Thanks,

 

Mark Jones
Manager, Systems Analyst & Programming  


Academic Technology | Software Engineering|
7000 Fannin | Suite, 780 | Houston, TX 77030 |
713 500 3508 tel | 713 500 0313 fax|

www.uth.tmc.edu/oac

 

Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.