Develop OpenID specifications for providing Relying Parties with identity information, i.e. verified Claims, along with an explicit attestation of the verification status of those Claims (what, how, when, according to what rules, using what evidence). These specifications are aimed at enabling use cases requiring strong identity assurance, for example, to comply with potential regulatory requirements such as Anti-Money Laundering laws or access to health data, risk mitigation, or fraud prevention.

Terminology

[SOURCE: ISO/IEC 24760-1:2011, 3.1.2, modified – entity has been replaced by subject, added mapping of attribute to claim]

identity information verification 

process of checking identity information and credentials against issuers, data sources, or other internal or external resources with respect to authenticity, validity, correctness, and binding to the entity 

verification 

process of checking information by comparing the provided information with previously corroborated information 

verifier

actor that corroborates identity information

person

human being

subject

person whose identity is being proofed 

identity

set of attributes related to a subject

identifying attribute

attribute that contributes to uniquely identifying a subject within a context

Note: in the context of OpenID Connect designated as “Claim”. 

supporting attribute

attribute that is used in identity proofing but not as an identifying attribute

identity information

set of values of attributes optionally with any associated metadata in an identity

evidence of identity (EOI)

evidence that provides a degree of confidence that a subject is represented by the identity being claimed 

authoritative evidence 

holds identifying attribute(s) that are managed by an authoritative party

Note: A point in time copy of the identifying attribute(s) is liable to become out of date and therefore becomes corroborative evidence.

Note: This is one type of evidence of identity. 

authoritative party

entity that has the right to create and responsibility to own and directly manage an identifying attribute

Note: Law sometimes nominates a party as authoritative. It is possible that such a party is subject to legal controls.

corroborative evidence 

holds identifying attribute(s) that are not managed by an authoritative party

Note: The identifying attributes in corroborative evidence may not be as up-to-date or accurate as authoritative evidence. 

Note: This is one type of evidence of identity.

proofing information

information collected for identity proofing

proofing party

party that performs identity proofing of a subject