Term · 2. Authentication & Authorization

Credential

IDM/IGA Domain

AuthN ISO/IEC NIST Introduced by: Big4 (Deloitte / PwC / EY / KPMG)

Definition

Data presented to authenticate or authorize — password, token, certificate, biometric, API key. NIST SP 800-63 distinguishes authenticator (the thing/knowledge proving identity) from credential (the binding of authenticator to identifier). Credentials have lifecycles: issuance, rotation, revocation, expiration.

Application: MidPoint: Information used to prove the identity of a subject during authentication, which is bound to that particular identity.

Standards & regulations

NIST SP 800-63-4 «credential: An association between an individual and a CSP that is used to represent the subscriber across one or more interactions or transactions. A credential is typically the result of an enrollme»
NIST SP 800-63B-4 «Credentials are established as a result of enrollment and authenticator binding, and represent the subscriber in subsequent authentications. The credential maintained by the CSP is a securely maintain»
NIST SP 800-63-3 «credential: An object or data structure that authoritatively binds an identity—via an identifier or identifiers—and (optionally) additional attributes, to at least one authenticator possessed and cont»
NIST SP 800-63B «A credential is established as a result of identity proofing and authenticator binding. The authoritative instance of a credential is a data structure that is securely maintained by the CSP and binds »

Sources

NIST SP 800-63 Digital Identity Guidelines (NIST) primary source

Related terms

← Back to glossary · Open in main list