Difference between revisions of "Credential"

From MgmtWiki
Jump to: navigation, search
(Solutions)
(Solutions)
Line 11: Line 11:
 
==Solutions==
 
==Solutions==
 
*A [[X.509 Certificate|Certificate]] binds a credential to an [[Identifier]] of its [[Subject]] as well as (potentially) other [[Attribute]]s.
 
*A [[X.509 Certificate|Certificate]] binds a credential to an [[Identifier]] of its [[Subject]] as well as (potentially) other [[Attribute]]s.
* Often there is also a binding to some sort of real-world credential, usually a piece of paper with a seal.
+
* Often there is also a binding to some sort of real-world credential, typically a piece of paper with a seal.
  
  
 
[[Category:Glossary]]
 
[[Category:Glossary]]
 
[[Category:Authentication]]
 
[[Category:Authentication]]
 +
[[Category:Identity]]

Revision as of 15:03, 4 July 2019

Full Title or Meme

A Credential in the digital realm is a structure which contains, at a minimum, a secret value which can be used in Authentication of a Subject.

Context

  • The original digital Credential was just a shared secret, usually called a Password.
  • More secure Credentials keep private keys which are used to build an Identity Token which can include anti-replay elements, that (with User Consent) is sent to a requester.

Problems

  • The only truly secure Credential is one with a secret that the Subject owns and controls.
  • The secret in the credential cannot be shared in any know scalable secure manner, so it must simple be the source of some Authentication response that is secure from spoofing and replay.

Solutions

  • A Certificate binds a credential to an Identifier of its Subject as well as (potentially) other Attributes.
  • Often there is also a binding to some sort of real-world credential, typically a piece of paper with a seal.