https://www.infra-repository.org/oiar-2013/index.php?action=history&feed=atom&title=BT.Identity_ValidationBT.Identity Validation - Revision history2026-05-06T13:54:56ZRevision history for this page on the wikiMediaWiki 1.40.0https://www.infra-repository.org/oiar-2013/index.php?title=BT.Identity_Validation&diff=473&oldid=prevJan Schoonderbeek: start2012-11-11T23:22:21Z<p>start</p>
<p><b>New page</b></p><div>{{Maturity|3}}<br />
{{Pageheaderbox4BBT<br />
|name=Identity Validation<br />
|WorkingArea=Middleware (MW)<br />
|version=0.1<br />
|owner=J.A.H. Schoonderbeek<br />
}}<br />
An Identity Validation facility offers the ability to validate a digital identity. In essence, it can answer both questions "who is this entity?" and "how do I know I can trust that entity's answer?". The facility can be offered an identity (a set of identity attributes) and one or more corresponding credentials; the facility then validates that the credentials match the offered identity.<br><br />
An example of an identity attribute and matching credential would be a login name and a password; the identity validation facility must respond with a message, either confirming that the identity is valid, or not.<br />
<br />
Identity Validation is an important part of Authentication and Authorization. Beware, however, that Identity Validation is NOT synonymous to Authentication. Authentication roughly looks like this:<br />
* For a particular authentication, a security officer decides on a type of credentials (e.g. passport)<br />
* The credentials of that type are provided to the entities that are entitled to them (e.g. the issue of passports to people)<br />
* Where the authentication is required, a process is put in place that can test the credentials (e.g. airport passport check)<br />
When the above process for credential checking is automated (e.g. a passport scanning machine at an airport gate), then the facility deciding on the validity of the offered credential is an Identity Validation facility. Note that this facility is NOT the scanning machine itself, but rather the system with which that scanning machine communicates to check the scanned passport against. The scanning machine offers the passport data scanned plus the identity offered (presumably from a scanned air ticket), and the Identity Validation facility signals back that the passenger is (or isn't) who the ticket claims it is. That is not to say that the passenger truly IS who the ticket claims it is, only that we have a certain degree of certainty about it; a degree of certainty that (we believe) is very high when the credential is a passport - certainly higher than when we'd used a library card as credential. <br />
<br />
Note that Authentication means that someone (himself authorized to do so) makes a decision on the trustworthiness of credentials; thus the process of authentication always involves a security officer. Identity validation is only an automated means for ''part'' of that process, the correct deployment of which must itself be checked by a security officer.<br />
<br />
To validate a digital identity, the Identity Validation facility often needs access to an [[BT.MW.Identity_Store|identity repository]]. Note that the identity repository in itself is not part of the Identity Validation facility.<br />
{{FunctionIcon<br />
|image=Icon BBT Identity Validation.png<br />
}}<br />
{{BBT Text Footer}}</div>Jan Schoonderbeek