Difference between revisions of "Credential Service Provider"
From MgmtWiki
(→Solutions) |
(→Context) |
||
| (One intermediate revision by the same user not shown) | |||
| Line 4: | Line 4: | ||
==Context== | ==Context== | ||
*The all digital [[Credential]]s come with a secret which is used to help in [[Authentication]] of the [[Subject]]. | *The all digital [[Credential]]s come with a secret which is used to help in [[Authentication]] of the [[Subject]]. | ||
| + | * Also see [[Credential Service Provider]] which is typically used to refer to a provider of W3C [[Verifiable Credential]]s. | ||
==Problems== | ==Problems== | ||
| Line 11: | Line 12: | ||
* Often there is also a binding to some sort of real-world credential, typically a piece of paper with a seal. | * Often there is also a binding to some sort of real-world credential, typically a piece of paper with a seal. | ||
* NIST 800-63 (all versions) describe a [[Credential Service Provider]] which is designed to issue credentials to users after they by had the [[Identity Proofing]] prior to employment by the government. This flow can be substantially different in commercial systems, but there is always a need to verify the security of the user's private key or other secret that is a part of a credential. | * NIST 800-63 (all versions) describe a [[Credential Service Provider]] which is designed to issue credentials to users after they by had the [[Identity Proofing]] prior to employment by the government. This flow can be substantially different in commercial systems, but there is always a need to verify the security of the user's private key or other secret that is a part of a credential. | ||
| − | + | ==References== | |
| + | <references /> | ||
| + | ===Other Sources=== | ||
| + | * [https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-130.pdfNIST Special Publication 800-130, “A Framework for Designing Key Management Systems] (2013) written in a earlier time by the greats in the cypto field: Elaine Barker, Miles Smid, Dennis Branstad, Santosh Chokhani. | ||
[[Category:Glossary]] | [[Category:Glossary]] | ||
[[Category:Authentication]] | [[Category:Authentication]] | ||
[[Category:Identity]] | [[Category:Identity]] | ||
Revision as of 08:43, 16 June 2021
Full Title or Meme
A Credential Service Provider provides Credential Management Services for a Credential assign to a Subject.
Context
- The all digital Credentials come with a secret which is used to help in Authentication of the Subject.
- Also see Credential Service Provider which is typically used to refer to a provider of W3C Verifiable Credentials.
Problems
- The only truly secure Credential is one with a secret that the Subject owns and controls.
- The secret in the credential cannot be shared in any know scalable secure manner, so it must simple be the source of some Authentication response that is secure from spoofing and replay.
Solutions
- Often there is also a binding to some sort of real-world credential, typically a piece of paper with a seal.
- NIST 800-63 (all versions) describe a Credential Service Provider which is designed to issue credentials to users after they by had the Identity Proofing prior to employment by the government. This flow can be substantially different in commercial systems, but there is always a need to verify the security of the user's private key or other secret that is a part of a credential.
References
Other Sources
- Special Publication 800-130, “A Framework for Designing Key Management Systems (2013) written in a earlier time by the greats in the cypto field: Elaine Barker, Miles Smid, Dennis Branstad, Santosh Chokhani.
