|Networking government in New Zealand.

Tabs

Site map Access Keys Contact us About this site

You are here: Home » Services » SEEMail » S.E.E. PKI: Paper 5 - Identity, evidence of identity, and the registration process for S.E.E. Keys » 9 Appendix A - Terminology

9 Appendix A - Terminology

9.1.1 An individual in this context is a person who is to be granted access to engage in generic cross-agency e-government activities. An individual will usually be working for one or more government agencies, either as an employee or in a consulting or contracting role, at the time of registration (see below).

9.1.2 A role is a job or function carried out by one or more individuals. Conversely one individual may have a number of roles at any one time (for example, policy analyst, departmental representative on an inter-departmental working group and building floor warden). This paper draws a strong distinction between individuals and roles.

9.1.3 Organisational affiliation, in the context of this document, represents the relationship of an individual to an organisation in cases where the organisation wishes that the individual to appear to be a member of the organisation.

9.1.4 Identity relates to the existence of an individual or, in some contexts, organisation). It is that which uniquely distinguishes one individual from another.

9.1.5 Evidence of Identity (EOI) is a set of data items that together provide an acceptable level of evidence of the unique existence of an individual. The size or complexity of the EOI (referred to as strength of EOI) required for identification is generally dependent on the security level of the information to be accessed. Thus much stronger EOI is required for accessing SENSITIVE information, for example, than for subscribing to an open email list.

9.1.6 Identification is the process of establishing the unique identity of an individual and gathering sufficient EOI about that person to facilitate subsequent authorisation and authentication activities.

9.1.7 Registration is the process of providing EOI sufficient to enable the identity of an individual to be established.

9.1.8 A Registration Agent is an entity that carries out registration to establish the identity of an individual. This will typically be a part of the agency for which the individual is working (as either an employee or through some business relationship). The role of the Registration Agent is to vouch for the existence of the person being identified.

9.1.9 A Sponsor is an agency representative responsible for authorising certificate issuance and revocation, and managing an agency's internal registration processes.

9.1.10 Authorisation is the process of establishing the right of an individual to access a particular system or service.

9.1.11 Authentication is the confirmation of identity of a person to a computer system in order for them to be permitted access to a system or service.

9.1.12 A S.E.E. Key is a digital certificate with its associated private key stored on a smart-token. This is the authentication mechanism recommended in Paper 3 for controlling access to SENSITIVE systems.

9.1.13 Revocation - when a certificate is revoked, it is added to a certificate revocation list (CRL), which applications need to look up before deciding to trust a certificate.

9.1.14 A relying party is a system or individual who relies on signed data (authentication for access control also uses signed data temporarily) and in particular places some level of confidence that the signatory indeed was the individual named in the certificate used for signing the data.

[ Previous ]