W3C home > Mailing lists > Public > public-credentials@w3.org > February 2016

OECD Digital Identity Management Document

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Mon, 15 Feb 2016 16:25:58 +0000
Message-ID: <CAM1Sok09d3L6ncHEyzcoEZ2YDsKit-jaeuKt3TwLRwo99DZkDg@mail.gmail.com>
To: W3C Credentials Community Group <public-credentials@w3.org>
I found this[1] document.  Whilst the techniques appear miss the
opportunities brought about by Linked-data / Graph Databases /
decentralised infrastructure; it does have a bunch of terminology.

It also demonstrates the lack of terms for decentralised solutions, as
existing technology is based on RDBMS business models, IMHO.  This is
exemplified by the use 'citizen cards' and similar root-identifier

[1] http://www.oecd.org/sti/ieconomy/49338380.pdf

some extracts are per below. It might be a useful document to find
solutions for terminology.

This guidance focuses on natural persons (“individuals”) interacting with
the information systems of public and private organisations (“service
providers” 3 ) through a digital network such as the Internet.


1. In order to be known by the system, the individual must first register
with it and the conditions related to his/her identity or identity
attributes must be checked so he/she can be provided with a set of
credentials; this is the so-called registration or enrolment process.

2. Appropriate permissions and privileges to access the organisation’s
resources must be assigned to the individual, a process often called

3. To access resources, the individual makes an identity claim that can be
verified: he/she logs into the system with the credentials provided during
the registration process. This authentication process 7 establishes
confidence in the user’s identity.

4. The result of the authentication process is used in a process called
access control, whereby the system checks that the individual has the
appropriate authorisation to access the resource. 5. When the individual is
not associated anymore with the system, a revocation process must take
place whereby his/her credentials are rescinded.


 It is also essential to the security of the individual who accesses these
resources, particularly when they belong or relate to him/her (e.g. money
in a bank, or personal data such as a medical record).
Received on Monday, 15 February 2016 16:26:35 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:27 UTC