...
Authenticity can be achieved by digitally 70222188 Signing a message with the private key from the sender. The recipient can verify the digital signature with the matching public key. Certificates containing public and private keys are issued by a Certificate Authority.
...
Authorisation is the process of giving someone or something permission to something, for example to access to services, data or other functionalities. Authorization is enabled by 70222188 Authentication. Policies and attributes determine what types of activities are permitted by an entity.
...
The Authorisation Registry:
- Manages records of 70222188 Delegation and Authorisation of 70222188 and/or 70222188;
- Checks on the basis of the registered permission(s) whether a 70222188 Service Consumer is authorized to take delivery of the requested service, and;
- Confirms the established powers towards the 70222188.
...
In the context of information security, credentials are used to control access of someone or something to something, for example to services, data or other functionalities. The right credentials validate (i.e. 70222188Authentication) the identity claimed during 70222188 Identification.
The best-known example of credentials is a password, but other forms include electronic keycards, biometrics and, for machines, public key certificates.
...
The Data owner is the legal person 70222188 Accountability for the 70222188 Confidentiality, 70222188 Integrity, availability and accurate reporting of data.
The Data Owner can be the 70222188. In this case, he is not only accountable for the availability of data, but also 70222188 Responsibility.
...
| Anchor | ||||
|---|---|---|---|---|
|
...
HTTP stands for 'Hypertext Transfer Protocol', and when secured via 70222188 TLS or SSL it is referred to as HTTPS (HTTP Secure). It is a protocol for (secure) communication over a computer network and is widely used on the Internet.
...
Identification is the process of someone or something claiming an identity by presenting characteristics called identity attributes. Such attributes include a name, user name, e-mail address, etc. The claimed identity can be validated (i.e. 70222188Authentication) with the right credentials.
...
If multiple distinct 70222188 exist where each data set is protected under a distinct trust domain, multiple 70222188 may be needed. Moreover, the iSHARE Scheme may require different 70222188 Levels of assurance for specific data and may wish to designate specific Identity Providers for specific services.
In order to support multiple Identity Providers (with possible multiple rules) and Service Providers, an Identity Broker is required. An Identity Broker allows 70222188 to select the Identity Provider they prefer to 70222188 Authentication themselves at. It prevents the need for a direct relationship between all Service Providers and all Identity Providers.
...
The Identity Provider:
- Provides identifiers for 70222188 Human Service Consumer;
- Issues credentials to Human Service Consumers;
- Manages records of Authorization of the 70222188;
- Identifies and authenticates Human Service Consumers based on provided credentials
- Checks on the basis of the provided credentials and the registered permission(s) whether a Human Service Consumer (role) Service Consumer is authorized to take delivery of the requested service, and;
- Confirms the established powers towards the 70222188.
- Possibly provides other information (which are frequently referred to as attributes) about the user that is known to the Identity Provider.
In the iSHARE environment an Identity Provider could support various methods of 70222188 Authentication, such as:
- Password authentication;
- Hardware-based authentication (e.g. smartcard, token);
- Biometric authentication;
- Attribute-based authentication.
...
A JSON Web Token (JWT) is used when 70222188 Non-repudiation between parties is required. A statement, of which the data is encoded in 70222188 JSON, is digitally 70222188 Signing to protect the 70222188 Authenticity and 70222188 Integrity of the statement.
...
Anchor Levels of assurance Levels of assurance
Levels of Assurance (LoA)
| Levels of assurance | |
| Levels of assurance |
Within online 70222188 Authentication, depending on the authentication protocol used, the server is to some extend assured of the client's identity. Depending on parameters such as the quality of the registration process, quality of credentials, use of biometrics or multiple authentication factors and information security, an authentication protocol can provide a server with a high or low confidence in the claimed identity of the client. For low-interest products, a low certainty might be sufficient, while for sensitive data it is essential that a server is confident that the client's claimed identity is valid.
...
Non-repudiation is closely related to 70222188 Authenticity and can be achieved by digital 70222188 Signing in combination with message tracking.
...