Week 1 Modules 1&2 Flashcards
Intro concepts and terms, Actors and Processes
The process of establishing the identities of interacting parties in an electronic transaction with a certain level of confidence
Identity Management
What are 3 reasons to having identity management?
Logical Access Control
Monitoring
Physical Access Control
What is an entity?
Something with a separate and distinct existence that can be identified in context
The following are examples of what? Human, agency, object, users, devices A. Attribute B. Entity C. Actor D. None of the above
B. Entity
A characteristic or property of an entity. Describes an aspect of an entity.
Attribute
The following are examples of what?
SSN, VIN #, IPAddress, Make of a car
Attribute
An attribute or set of attributes that uniquely identifies a subject (entity) within a domain or context.
Identity
Environment where an entity uses a set of attributes for identification, and other purposes.
OR
Environment with defined boundary conditions in which entities exist and interact.
Domain/Context
What is a digital representation of information known about a specific individual, group or organization.
Digital Identity
What is identity information that unambiguously distinguishes one entity from another in a given domain?
Identifier
________ is the process of recognizing an entity as distinct from other entities in a domain.
Identification
_______ applies verification to claimed or observed attributes.
Identity Verification (Authentication)
Evidence, during authentication, is called an ______
Authenticator
The structure linking the identity and authenticator is called a ______.
Credential
The validity of a credential involves verifying what?
A. Correctness B. Integrity C. Authenticity D. Currency E. Attributes F. All of the above
A. Correctness
B. Integrity
C. Authenticity
D. Currency
What does Authenticity mean?
issued by the correct authority
What is correctness?
conformance to the rules pertaining to the type of credential
______ is a subject whose identity is to be verified using one or more authentication protocols.
Claimant
A _____ is an entity that checks a claimant’s identity by verifying the claimant’s possession and control of one or two authenticators, using an authentication protocol.
Verifier
A category describing the strength of the authentication process.
A. Identity Access Assurance Level (IAAL)
B. Authentication Strength Level (ASL)
C. Authenticator Assurance Level (AAL)
D. None of the above
C. Authenticator Assurance Level
________ is a defined sequence of messages that demonstrates the claimant has possession and control of a valid authenticators to establish their identity. Can demonstrates the claimant is communicating with the intended verifier.
Authentication protocol
What is an Identity Media (Token)?
A device or object storing one or more credentials, claims, or attributes related to a single entity.
The ________ is an entity that creates, assigns, maintains and issues identity and credentials. Can also be a verifier.
Identity Provider/Identity Information Provider (IdP)
What is an identity assertion?
Statement made by an identity provider, used by a relying party for providing a service.
Proof of a successful authentication
What is the level of assurance in the result of an identity verification/authentication?
Identity (authentication) assurance
A _____ is authorized to enroll in an identity system and is authenticated for eligibility to access resources or services.
A. User
B. Subject
C. Principal
D. Actor
C. Principal
The below are responsibilities of who?
- Provide accurate identity information for enrollment
- request to be identified and authorized for access
- access to own information and request modification if needed
Principal
The ____ performs identity verification or authentication.
A. Verifier
B. Authorizer
C. Enroller
D. None of the above
A. Verifier
An entity that receives identity assertions from a verifier and relies on them for a purpose is the _____.
Relying party (RP)
What are the phases of the Identity Management Lifecycle? (choose all) A. Enrollment B. Planning C. Credential Management D. Authentication E. Monitoring
A. Enrollment
C. Credential Management
D. Authentication
____ and _____ are the processes involved in the Enrollment Phase.
Identity proofing
Registration
The Lifecycle management phase ____ is the collection of processes involved in making an entity known within a domain/context.
Enrollment
______ is a form of authentication based on identity evidence that is performed as the condition for enrollment.
Could be a Birth Certificate, ID, Passport.
Identity Proofing
The process of recording an entity's identity information in an identity register. A. Enrollment B. Registration C. Recording D. Identifier
B. Registration
Processes in the ______ phase in the Lifecycle Management that enable an entity to join, participate in and terminate participation in a domain/context.
Credential Management
The activities included in the Credential Management Phase of the Lifecycle include: A. Issue B. Bind C. Verify D. Revoke E. Modify F. Record-keeping
A. Issue
B. Bind
D. Revoke
F. Record-keeping
According to ISO/IEC, the following are part of what phase in the Management Lifecycle?
Credential Creation, Issuance, Activation, Storage, Suspension, Revocation, Destruction, Renewel, Record-Keeping
Credential Management Phase
The _____ phase of the Management Lifecycle includes the use of a protocol to demonstrate possession of a credential to establish confidence in a claim of identity.
Authentication (usage)
