Skip to topic | Skip to bottom
You are here: Main > ProjectDocs > GlossaryDoc

Start of topic | Skip to actions

Common Terminological Framework for
Interoperable Electronic Identity Management

Consultation paper

November 23, 2005

pdf version

1. Introduction

This short document attempts to provide a common terminological framework for interoperable identity management in eGovernment. This was identified as a key issue that needs to be resolved during the first ModinisIDM Workshop of 4 May 2005 in Leuven; a position which was subsequently supported by the eEurope eGovernment subgroup – Ad hoc group on Identification and Authentication. The initial version was largely written between July 6-15, 2005 by the partners of the MODINIS Study on Identity Management in eGovernment (K.U.Leuven, A-SIT and Lawfort). The document has subsequently been updated, based on feedback from Prime, Belgian Federal ICT Ministry and several Member States representatives.

The terms in this terminology paper have been influenced by the following consulted source materials:

This document is intended as a consultation paper, and has not yet undergone a formal review by the Commission. The ModinisIDM Study team is keenly aware that community consensus around the definitions is a prerequisite for success. Therefore, we hereby cordially invite all interested parties to contribute their thoughts and feedback on the terminology paper, so that it may be further refined. Any comments are welcome at

For more information about the ModinisIDM Study and a continuously updated version of the ModinisIDM Terminology Paper, we refer to our web site:

return to top

2. Table of Contents

return to top

3. Scope of the terminology document

During the first ModinisIDM Workshop of 4 May 2005 in Leuven, one of the first problems identified as a barrier to the development of interoperable IDM systems in eGovernment is the lack of a common conceptual framework. This was identified by the ModinisIDM Study Team as a key issue that needs to be resolved; a position which was subsequently supported by the eEurope eGovernment subgroup – Ad hoc group on Identification and Authentication during its session in Brussels on 30 June 2005.

Part of the conceptual framework – which includes every aspect of the IDM infrastructure – is made up of the terminological framework: the definitions of all concepts of the infrastructure. The lack of a common understanding of even the most prevalent IDM notions constitutes a meta-problem which obstructs a constructive dialogue on the problem of interoperable identity management as a whole. There is no common agreement on the definition of essential concepts such as identity, entity, attribute, delegation, or even entity authentication and identity management.

The current definitions vary widely, since they reflect a complete different point of view on such issues as the use of unique identifiers, who should manage identities and the scope of the definitions. As a practical example, it is nearly impossible to discuss privacy protection questions when there is no consensus about the attributes that define an entity, or if an entity can be something other than a natural person (e.g., a legal person, or even an object such as a computer system, where privacy concerns would not apply).

This paper deals with this issue by attempting to propose a series of neutral and internally consistent definitions of such IDM concepts, thus creating eGovernment IDM ontology. The definitions are based on the preparatory work done through other European projects and initiatives (such as FIDIS, PRIME and GUIDE), amended and completed by inputs from several eGovernment initiatives (such as the aforementioned subgroup, IDABC and of course the ModinisIDM Study itself).

The quality of any ontology depends on three characteristics: coverage (level of completeness), consensus (agreed upon), and accessibility (ease of use). It is thus important to note that this is a consultation paper, intended to draw criticism and generate constructive feedback. As such, it should be considered provisional in its entirety.

return to top

4. Terminology

This section presents a variety of definitions regarding identity management. Beyond a short definition, further explanatory comments according to the term defined are presented. The terms provided in this section aim to propose a shared vocabulary for common IDM terminology, taking into account the specific eGovernment IDM context. It is intended to provide all stakeholders with a common terminology, in order to facilitate further debate in this field and contribute to the further growth of a more general IDM conceptualisation. Thus, the definitions are ultimately intended to function as an enabler for the creation of a pan-European IDM architecture.

4.1 Access control

Definition: Access control is the protection of resources with technical, regulatory and organizational measures against access or use by unauthorized entities.

return to top

4.2 Anonymity

Definition: Anonymity refers to the quality or state of being not identifiable within the set of all possible entities that could cause an action and that might be addressed.

In this state, the involvement of an entity in a given process is concealed, so that a given action can not be attributed to a specific entity. The set in which an entity is anonymous typically varies in time and decreases in size as digital systems do not “forget”.

return to top

4.3 Assertion

Definition: an assertion is synonymous with a credential.

return to top

4.4 Attribute

Definition: An attribute is a distinct, measurable, physical or abstract named property belonging to an entity.

An attribute has a type and a value. It is any piece of information about an entity, which does not necessarily uniquely distinguish the entity from any other entity in a given context. Attributes include the characteristics of an entity. An entity has a finite, but unlimited number of attributes.

return to top

4.5 Authentication

Definition: Authentication is the corroboration of a claimed set of attributes or facts with a specified, or understood, level of confidence.

Authentication may be used during any IDM process. Authentication serves to demonstrate the integrity (i.e., equivalence to a corresponding reality) and origin (i.e., the source) of what is being pretended (the claimed information). The security and reliability of authentication mechanisms may vary dependant on the desired authentication level. The stronger the authentication, the higher the confidence that an entity corresponds with the claimed set of attributes.

Authentication is typically subdivided into two separate classes: data authentication and entity authentication. For this reason, autonomous use of the term “authentication” (without specifying the type of authentication) should be avoided, as it is subject to (mis)interpretation.

Authentication can be unilateral or mutual. Unilateral authentication provides assurance of the identity of only one entity, where mutual authentication provides assurance of the identities of both entities.

4.5.1 Data authentication

Definition: Data authentication is the corroboration that the origin and integrity of data is as claimed.
Data authentication is a technical process which (in an IDM context) serves to verify that any claimed attribute corresponds to the actual attribute held by an entity.

It is worth noting that data authentication verifies origin and integrity (i.e., the correspondence of a claimed attribute to an attribute that was issued to a specific entity), but not necessarily truth (i.e., the factual correctness of the claimed attribute). E.g., an authentication token containing incorrect data (e.g., an incorrect name) could be used to authenticate data which is factually wrong. Data authentication protects against manipulation (insertion, substitution or deletion) by unauthorised parties; not against e.g., incorrect issuance of credentials or tokens.

4.5.2 Entity authentication

Definition: Entity authentication is the corroboration of the claimed identity of an entity and a set of its observed attributes.

As a part of entity authentication, entities can be identified by factors: knowledge (e.g., password), possession (e.g., token), a personal characteristic (biometrics), location (e.g., network address or phone number), etc., or by a combination of these factors. A typical example of a two-factor authentication mechanism consists of the combination of password and fingerprint authentication.

The specific case of biometrics can be considered a variation of possession (e.g., fingerprint authentication demonstrates the possession of the required fingertip). As the only difference between biometry and other forms of possession is the decreased likelihood of accidental loss of the identifying element, it does not necessitate specific attention at this point.

Entity authentication can be unilateral or mutual. Unilateral authentication provides assurance of the identity of only one entity. Mutual authentication provides assurance of the identities of both entities.

return to top

4.6 Authorisation

Definition: Authorisation refers to (1) the permission of an authenticated entity to perform a defined action or to use a defined service/resource; (2) the process of determining, by evaluation of applicable permissions, whether an authenticated entity is allowed to have access to a particular resource.

Usually, authorisation is in the context of authentication. Permission is granted or denied based on the result of data or entity authentication, and on the allowed activities, as defined within the system. Once an entity is authenticated, it may be authorized to perform different types of access, each of which is referred to as a role.

return to top

4.7 Characteristic

Definition: A characteristic of an entity is an attribute specific to a particular context.

A characteristic does not need to uniquely identify an entity. Characteristics indicate an entity’s capacity, function, and qualification, etc.

Examples: - the prime minister of a particular country or a prime minister in a group of prime ministers; - the Belgian national registry number of a citizen in Belgium or the same number determining a part of a computer device.

While a characteristic is a single attribute, in practice it often implies a set of other attributes, which may or may not be included in the system. E.g., the characteristic of being a doctor implies adulthood and the completion of a certain education.

return to top

4.8 Confidentiality

Definition: Confidentiality refers to the state of keeping the content of information secret from all entities but those authorised to have access to it.

return to top

4.9 Context

Definition: a context is a sphere of activity, a geographic region, a communication platform, an application, a logical or physical domain.

Practically, a context is only relevant in an interaction.

return to top

4.10 Corroboration

Definition: Corroboration is the confirmation by provision of sufficient evidence and examination thereof that specified requirements have been fulfilled.

The term “verification” is often used as a synonym of corroboration. However, this term is somewhat more dubious, as it is also occasionally used as a synonym of authentication (either entity or data authentication). For this reason, “corroboration” should be preferred over “verification”.

“Sufficient evidence” is determined by the Identity Management System. It is possible that the amount of evidence required is (virtually) non-existent or holds (virtually) no legal value, e.g., a simple set of claims (e.g., claiming to have a certain name or address).

return to top

4.11 Credential

Definition: A credential is a piece of information attesting to the integrity of certain stated facts.

Credentials are primarily used in the process of entity authentication, and are then often incorporated in an authentication token, e.g., a smart card, bank card, mobile phone, etc.

Note that credentials are not always integrated into a token: in certain systems, a password might function as a credential, despite the lack of a medium carrying the information. Certificates are a common type of credential in a PKI system, where they often take the form of so-called attribute certificates: a credential attesting to the integrity of one or more attribute values with identification information about the corresponding entity.

Credentials are typically revocable.

return to top

4.12 Delegation

Definition: Delegation is the process in which an identified entity issues a mandate to another identified entity.

From a legal perspective, the concept of delegation usually implies acceptance by the receiving identified entity. In a technical context, acceptance is usually unnecessary.

A mandate can be used to delegate authorizations of one identified entity to another.

return to top

4.13 Digital Identity

Definition: A digital identity is a partial identity in an electronic form.

For any given entity, there will typically exist many digital identities which may be unique or non-unique. A digital identity can be created on the fly when a particular identity transaction is desired.

A digital identity is, by definition, a subset of the identity, and can in effect be considered a manifestation of an entity’s presence in an electronic IDM system (i.e., it is the subset of attributes belonging to an entity that is accessible through a specific IDM system).

return to top

4.14 Enrolment

Definition: An enrolment is synonymous with a registration.

return to top

4.15 Entity

Definition: An entity is anyone (natural or legal person) or anything that shall be characterised through the measurement of its attributes.

The choice was made to provisionally keep this definition open to any type of person (including legal persons, to facilitate e.g., eProcurement), but also to any other type of entity, such as objects (e.g., computers or other forms of machinery), digital resources or processes (e.g., programmes), as this allows abstraction to the largest common element and thus offers the largest number of applications.

In order for its existence to be acknowledged, an entity needs to have at leas one unique identity.

return to top

4.16 Federated Identity

Definition: A federated identity is a credential of an entity that links an entity’s partial entity from one context to a partial entity from another context.

return to top

4.17 Identifiable Entity

Definition: An identifiable entity is an entity whose identity can be established.

return to top

4.18 Identification

Definition: Identification is the process of using claimed or observed attributes of an entity to deduce who the entity is.

The term “identification” is also referred to as entity authentication. The identification of an entity within a certain context enables another entity to distinguish between the entities it interacts with.

return to top

4.19 Identified entity

Definition: An identified entity is an identifiable entity the identity of which has been corroborated.
The term “identified entity” is also referred to as an “authenticated identity.”

As indicated below, corroboration entails that a given element has been proven to the extent required by the Identity Management System. As such, there are no fixed rules or criteria to meet before an entity can be considered identified. The only criterion is the acceptance of the identification by the IMS.

return to top

4.20 Identifier

Definition: An identifier is an attribute or a set of attributes of an entity which uniquely identifies the entity within a certain context.

For the sake of clarity, identifiers consisting of one attribute are also characteristics; they distinguish an entity from other entities.

An entity may have multiple distinct identifiers referring to it. Identifiers uniquely identify an entity, while characteristics do not need to. However, it should be noted that identifiers can consist of a combination of attributes, whereas characteristics are always one single attribute.

return to top

4.21 Identity

Definition: The identity of an entity is the dynamic collection of all of the entity’s attributes. An entity has only one identity.

An entity has only one identity, consisting of a number of attributes that need not necessarily be unique for that entity, but which are nonetheless useful when attempting to distinguish several entities. Common examples of such attributes include name, date and place of birth, address, the identity of parents, etc.

As such, the identity is a fluid and evolving philosophical concept, rather than a practical one: as it is impossible for any one IDM system to gather all attributes of any specific entity, IDM systems must focus on a specific subset of relevant attributes.

As a rule of thumb, when people refer to the identity of an entity, they are referring to the essence of the entity as defined above. In contrast, when they refer to an identity of an entity, they are referring to the concept of partial identity, as defined below.

This brings us to the following concepts.

return to top

4.22 Identity management (IDM)

Definition: Identity management is the managing of partial identities of entities, i.e., definition, designation and administration of identity attributes as well as choice of the partial identity to be (re-) used in a specific context.

return to top

4.23 Identity management application

Definition: An identity management application is a tool used by an entity to manage partial identities.

In general, the identity management application is used to manage partial identities, e.g., for their creation, updating, revocation, etc.

return to top

4.24 Identity management system (IMS)

Definition: An identity management system is the organisational and technical infrastructure used for the definition, designation and administration of identity attributes.

return to top

4.25 Mandate

Definition: A mandate (or proxy) is a revocable role or a set of revocable roles which refer(s) to one or more permissions granted by an identified entity to another identified entity to perform well-defined actions with legal consequences in the name and for the account of the former.

Mandates are a type of characteristic, and thus also an attribute. Mandates (or proxies) must be revocable. E.g., the power of attorney or a parent’s authority over its underage child.

return to top

4.26 Non-repudiation of origin

Definition: Non-repudiation of origin is the ability to prevent an acting entity from denying at a later stage that it performed that specific action.

return to top

4.27 Nym

Definition: A nym is synonymous with a pseudonym.

return to top

4.28 Partial Identity

Definition: A partial identity is a certain subset of one or more attributes that does not necessarily uniquely identify the entity.

While an entity has only one identity, it may have many partial identities. Partial identities are often simply referred to as “identities”, which may lead to confusion when they refer to a single entity. For this reason, the term “partial identity” should be preferred.

return to top

4.29 Permission

Definition: Permission describes the privileges granted to an authenticated entity with respect to low-level operations that may be performed on some resource (e.g., read, write, delete, execute, create…).

Permissions are also referred to as “access rights.”

return to top

4.30 Persona

Definition: A persona is a pre-existing digital identity that an entity can select and use to represent itself in a given context.

A persona is something put forward by an entity, but how it is perceived, recognized, accepted, rejected, trusted, used, etc. by another entity cannot be specified or in any way implied. It is often used when the set of credentials of the entity represents a role or has a virtual character animated by the entity.

return to top

4.31 Personally identifiable information

Definition: Personally identifiable information is any data that identifies or refers to a particular natural or legal person.

return to top

4.32 Principal

Definition: A principal is synonymous with an identifiable entity.

return to top

4.33 Privacy

Definition: Privacy is the right of an entity – in this context usually a natural person – to decide for itself when and on what terms its attributes should be revealed.

Privacy can alternatively be described as the freedom of a natural person to sustain a “personal space”, free from interference by other entities.

In an IDM context, privacy is mostly used as a synonym of “informational privacy”, i.e., the interest of a natural person to control, or at least significantly influence the handling of data about themselves, also taking into account the nature of the applicable attributes and the entity in charge of data management.

return to top

4.34 Privacy enhancing technology (PET)

Definition: A privacy enhancing technology is hardware or software which increases the ability of a natural person to actively influence the availability of information about and exposure of itself.

return to top

4.35 Profile

Definition: A profile of an entity or a group of entities is an organized set of attributes that characterizes the specific properties of that entity or entities within a given context for a specific purpose.

return to top

4.36 Profiling

Definition: Profiling is the practice of collecting and analysing data related to an entity with the aim of creating its profile.

return to top

4.37 Proxy

Definition: A proxy is synonymous with a mandate.

return to top

4.38 Pseudonym

Definition: A Pseudonym (syn.: nym) is an arbitrary identifier of an identifiable entity, by which a certain action can be linked to this specific entity. The entity that may be identified by the pseudonym is the holder of the pseudonym.

A pseudonym is typically a fictitious name that can refer to an entity without using any of the entity’s identifiers. In effect, the pseudonym is an additional attribute of a given entity’s identity, which allows it to form a set of partial identities which can not necessarily be easily traced to the originating entity.

As identifiers, pseudonyms are context-bound, and one pseudonym is not necessarily valid across multiple identity management systems.

An entity is pseudonymous if it relies on a pseudonym as identifier.

return to top

4.39 Registration

Definition: The registration of an entity is the process in which the entity is identified and/or other attributes are corroborated. As a result of the registration, a partial identity is assigned to the entity for a certain context.

In other words, the registration of an entity is the process of linking a (partial) identity to the identity of an entity, by corroborating a specific set of attributes, which do not necessarily need to include identifiers.

Successful completion of the registration procedures results in the granting of a means (e.g., a credential) by which the entity can be authenticated in the future.

Quality assurance criteria (with various degrees of liability attached) can be imposed on the registration process.

return to top

4.40 Resource

Definition: a resource is either data related to some identity or identifiers, or a service acting on behalf of some identity or group of identities.

The set of technical, regulatory and organizational measures intended to protect system resources against access by unauthorized entities.

return to top

4.41 Role

Definition: A role is a set of one or more authorisations related to a specific application or service.

return to top

4.42 Token

Definition: A token is any hardware or software that contains credentials related to attributes.

Tokens may take any form, ranging from a digital data set to smart cards or mobile phones.

Tokens can be used for both data/entity authentication (authentication tokens) and authorisation purposes (authorisation tokens).

return to top

4.43 Trust

Definition: Trust is a quality of a relationship between two or more entities, in which an entity assumes that another entity in the relationship will behave in a fashion agreed beforehand, and in which the first entity is willing to act on this assumption.

Whether or not to trust depends on a natural person’s decision. It is possible, but not necessary that several entities trust each other mutually in a certain context. Trust decisions of legal persons depend on the decisions made by the legal person’s responsible natural persons.

Trust may be limited to one or more specific functions, and may depend on the fulfilment of one or more requirements.

return to top

4.44 Trusted third party (TTP)

Definition: A trusted third party is an entity trusted by multiple other entities within a specific context and which is alien to their internal relationship.

return to top

4.45 Unique identity

Definition: A unique identity is a partial identity in which at least a part of the attributes are identifiers.

Since at least some of the attributes (or combinations thereof) are identifiers, the entity can be uniquely identified through the unique identity within a certain context. A unique identity is an identifier such as a unique number or any set of attributes that allows one to determine precisely who or what the entity is.

return to top

Prepared by:

The Modinis IDM Study Team
B-3000 Leuven, Belgium

Lead contractor:

K.U.Leuven Research & Development, Belgium
Project manager: prof. Bart Preneel
Subproject manager: prof. Jos Dumortier


Secure Information Technology Center, Austria (A-SIT)
Director: prof. Reinhard Posch


Lawfort – ICT Law Department, Belgium
Head: prof. Jos Dumortier

to top

Copyright © 2005-2023 by the Modinis-IDM consortium. All material is the property of the contributing authors. Reproduction is authorised, provided the source (eGovernment Unit, DG Information Society,European Commission) is clearly acknowledged, save where otherwise stated.