The identity industry, just like any another industry, loves to use its own specialist terms. This often causes confusion as every term with broad meaning may have a specific definition in the identity ecosystem. This list of terms and their identity industry meanings should help bring clarity in this space. More information on how the identity ecosystem works can be found in the OIX Guide to Trust Frameworks.
Issuer. An organization that can issue the user with a credential to store in their Digital ID and share with others. Many organizations can be issuers of credentials. This includes authoritative sources, such as government agencies or education establishments, as well as third parties who might digitize a paper version of a user's identity credential. Indeed, a digital identity itself might be empowered to issue credentials on behalf of the user, such as 'is the user over 18?'
Relying Party. The party who accepts the Digital ID from the user. When they accept the digital ID from the user, they are relying upon the trust that the digital identity conveys about the user or their credentials, thus the term relying party. Relying Parties (RPs), sometimes called Service Providers (SPs), are organizations that need to establish and maintain the identity of their customers, suppliers or partners. An RP can also be an organization that needs to verify an attribute of a person’s identity, such as a person’s age. Examples of RPs are banks, utility companies, telecoms operators, insurance firms, and local authorities.
Self Sovereign ID. An identity that is owned and controlled by the end user.
Decentralized and Centralized. Centralized ID ecosystems involve the storage of identity information in databases held by the identity provider. These centralized databases hold the identity data for many users at once. Decentralized ID ecosystems hold each users identity information seperately in a distributed manner.
Credential. A credential is something that helps show who the user is or what they are eligible to do. Examples of credentials include passports, driving licenses, education certificates, vaccination certificates, national ID cards, tickets, boarding passes and premises access cards.
Verifiable Credential. A credential that can be verified as being genuine and belonging to that user by reference to its issuer. Facts about a person's identity that are verifiable by an authoritative source, which is both independent and trusted. Facts provided by an individual to a recognised issuing authority must be checked and verified by them as a trusted source, prior to them issuing an official document. Once checked, credentials issued by the trusted organization can be consumed by other organizations as verifiable credentials.
ID Provider. Someone who provides the user with a software tool to manage their identity. Increasingly, these software tools are referred to as digital wallets.
GPG45. The UK standard for identity proofing and verification for individuals.
Hub Provider. Someone who allows a user to choose who their identity provider is and connects that identity provider with a relying party on behalf of the user.
Orchestrator. A provider of technical connections between relying parties and identity providers, often involving the user in identity provider choice via a hub.
Attribute. A piece of data that describes something about the user, such as their name, address, height, eyecolour, driving permissions, vaccine type, vaccination date...etc.
Claim. An unverified attribute associated with a user.
Verified Claim. An attribute that has been verified by an authoritative source as belonging to the user.
Electronic Attribute Attestation. An electronic collection of one or more attributes associated with a user.
Electronic Signature or e-Signature. A way to sign an electronic document. There are three types of e-signature: simple electronic signatures which allow traceability to the user but do not verify who the user is. Advanced electronic signatures which also allow traceability to the user with a more robust set of authenticators, but still do not verify who the user is. Qualified electronic signatures which include advanced authenticators, as well as confidence in who the user is. Please see the OIX publication Explaining Electronic Signatures for more information on this topic.
Wallet. A software tool that allows the user to gather, manage and share credentials. A wallet may operate on a user's device or in the cloud.
Data Minimization. Ensuring that only the minimum amount of data is provided by the user to the relying party to meet the needs of the specifc transaction. For example, knowing that the user is over 18, or is identity proofed to a required level, may be all that is needed to meet the needs of the relying party.
Selective Disclosure. Simular to data minimization. Only the attributes that are required to meet the needs of the relying party's transaction are disclosed from the user's Digital ID.
Zero Knowledge Proof. This is a method by which one party (the prover) can prove to another party (the verifier) that a given statement is true while the prover avoids conveying any additional information apart from the fact that the statement is indeed true.
Protocols. The way identity information is securely exchanged between parties. There are various protocols available in the market, including: OAUTH, OIDC , SAML DIDComm and Verifiable Credentials.