Identity Terminology Part 2: Credentials
When you meet your neighbor Mrs. Lovelace by chance at a shopping mall, you know the person is her because the person looks like her and acts like her. Not so? Yes, because some of the person’s attributes are visible to you, some are audible whereas others may even be olfactible. Because of these familiar attributes, you are quite sure to a large extent that the entity interacting with you is of Mrs. Lovelace’s identity, and therefore it is actually Mrs. Lovelace, not somebody else. Well, there is of course the off chance that the person is an impersonator, but for the purpose of saying hello, you do not need to ascertain more attributes. She might think you are weird if you ask her to produce her ID card. Even if you do, that small chance does not completely disappear, as you have no means of checking on the spot if the ID card is counterfeit, unless of course you are so weird as to carry around the equipment capable of doing that, but I digress.
Imagine how Mrs. Lovelace’s identity must have been conveyed to you when you met her for the very first time. Assuming you were not blind, you could see some of her inherent attributes, such as her hair, eyes, and skin color. Some other attributes, on the other hand, were not readily apparent and had to be told, like her name or age.
In identity parlance, when someone tells you of certain attributes of an entity (such as themselves), it is said that they claim or assert that those attributes are of such and such values. For example, your sweet neighbor might happen to be introducing herself to you one morning while claiming or asserting that her last name is Lovelace, and her age is 64.
Those claims or assertions may or may not be true, but in the social context, their veracity may not be consequential. In some other context, however, it may be important for Mrs. Lovelace to assure the other party — say, Veronica — that she is telling the truth about herself. How could she do that?
One way to do it is for Mrs. Lovelace to get a third party involved whom Veronica trusts. Suppose that Veronica trusts that Isaac would never lie to her, and Mrs. Lovelace happens to know Isaac too. Mrs. Lovelace could then ask Isaac to write a letter that makes assertions about her on her behalf. She then presents that letter to Veronica. Veronica checks if the letter indeed comes from Isaac, by maybe ringing him or inspecting his handwriting and signature. Once the authenticity of the letter is proven, Veronica believes those written claims.
That letter is an example of a credential, which is a set of claims about one entity made on their behalf by a third party. Mrs. Lovelace is the subject of the credential. Isaac is the issuer of the credential, whereby the identity of Mrs. Lovelace is attested.
There is still one problem. Since Veronica has not known Mrs. Lovelace before, how could she know that the entity bearing the letter — the holder of the credential — is the same as the subject?
The letter has to contain some attributes that Veronica can verify. For example, the letter could contain a realistic drawing of Mrs. Lovelace’s face, so that Veronica can check if the holder has the same face; or the letter could contain Mrs. Lovelace’s signature, so that Veronica can check if the holder can reproduce it. Because of this verification process, Veronica is called the verifier of the credential.
Note that Mrs. Lovelace has many options for presenting the letter to Veronica. She could present the original letter directly. Alternatively, she could make a photocopy of it, leave the original copy at home, and present the photocopy instead. She could also redact some parts of the photocopy if she deems them unnecessary. (For example, she may have second thoughts about disclosing her age.)Generally, a credential has many presentations.
At this point, I am sure you can think of many other examples of credentials. A driving permit is a credential issued by a government agency attesting to an entity’s competence to drive, in the form of a plastic card. A passport is a credential issued by a government agency attesting to an entity’s identity for international travel, in the form of a booklet. A diploma is a credential issued by an educational institution attesting to an entity’s qualifications, in the form of a piece of paper. A movie ticket is a credential issued by a cinema attesting to an entity’s entitlement to admission to one of the auditoria, in the form of a voucher. These are physical realizations of credentials.
Credentials may exist in the digital form too. How can digital credentials be issued, held and verified? Stay Tuned for Part 3.