A statement from an attribute provider to a relying party that contains identity attributes about a subject. Assertions may also contain authentication or other identity information about the subject.
A claim of a named quality or characteristic inherent in or ascribed to someone or something.
Access control based on attributes associated with subjects, objects, targets, initiators, resources, or the environment. An access control rule set defines the combination of attributes under which access may take place.
A statement asserting a property of a subject without necessarily containing authentication or other identity information, independent of format. For example, for the attribute 'birthday', a claim could be 'older than 18' or 'born in December'.
Data providing information about the context and structure of an attribute. See metadata.
Manages and provides assertions of identity attributes to other relying and federated parties.
A document that captures the security, privacy, data protection, and attribute management practices of a given attribute provider or party acting as an attribute provider for a given set of transactions.
Data describing an asserted value for an associated attribute.
The decision to permit or deny a subject access to resources (e.g., network, data, application, services) based on the evaluation of access control policies.
An entity that issues digital credentials to subjects and issues or registers authenticators for subjects' use. A CSP may be an independent third party, or may issue credentials for its own use. A CSP may provide and verify attributes or may include attributes provided or verified by other entities.
A process that allows for the conveyance of identity attributes and authentication information across a set of networked systems.
A CSP in a federation that manages the subject's primary authentication credentials and issues assertions derived from those credentials.
Structured information that describes, explains, locates, or otherwise makes it easier to retrieve, use, or manage an information resource. Metadata is often called data about information or information about information.
An entity that relies upon a subject’s authenticator(s) and credentials or an IDP's assertion of a subject’s identity, typically to process a transaction or to grant access to information or a system.