1、IT Security and Privacy A framework for identity management Part 1:Terminology and conceptsScurit IT et confidentialit Cadre pour la gestion de lidentit Partie 1:Terminologie et conceptsINTERNATIONAL STANDARDISO/IEC24760-1Reference numberISO/IEC 24760-1:2019(E)Second edition2019-05 ISO/IEC 2019 ISO/
2、IEC 24760-1:2019(E)ii ISO/IEC 2019 All rights reservedCOPYRIGHT PROTECTED DOCUMENT ISO/IEC 2019All rights reserved.Unless otherwise specified,or required in the context of its implementation,no part of this publication may be reproduced or utilized otherwise in any form or by any means,electronic or
3、 mechanical,including photocopying,or posting on the internet or an intranet,without prior written permission.Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester.ISO copyright officeCP 401 Ch.de Blandonnet 8CH-1214 Vernier,GenevaPhone:
4、+41 22 749 01 11Fax:+41 22 749 09 47Email:copyrightiso.orgWebsite:www.iso.orgPublished in Switzerland ISO/IEC 24760-1:2019(E)Foreword.ivIntroduction.v1 Scope.12 Normative references.13Termsanddefinitions.13.1 General terms.13.2 Identification.33.3 Authenticating identity information.33.4 Management
5、of identity.53.5 Federation.73.6 Privacy protection.74 Symbols and abbreviated terms.85 Identity.85.1 General.85.2 Identity information.95.3 Identifier.105.4 Credential.105.4.1 General.105.4.2 Credential management.116 Attributes.116.1 General.116.2 Types of attribute.126.3 Domain of origin.137 Mana
6、ging identity information.137.1 General.137.2 Identity lifecycle.148Identification.158.1 General.158.2 Verification.168.3 Enrolment.178.4 Registration.178.5 Identity proofing.178.5.1 General.178.5.2 Identity evidence.189 Authentication.1810 Maintenance.1911 Implementation aspects.1912 Privacy.19Bibl
7、iography.21Index of terms.23 ISO/IEC 2019 All rights reserved iiiContents Page ISO/IEC 24760-1:2019(E)ForewordISO(the International Organization for Standardization)and IEC(the International Electrotechnical Commission)form the specialized system for worldwide standardization.National bodies that ar
8、e members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity.ISO and IEC technical committees collaborate in fields of mutual interest.Other international
9、 organizations,governmental and non-governmental,in liaison with ISO and IEC,also take part in the work.The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives,Part 1.In particular,the different approval criteria needed for
10、the different types of document should be noted.This document was drafted in accordance with the editorial rules of the ISO/IEC Directives,Part 2(see www.iso.org/directives).Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights.ISO and I
11、EC shall not be held responsible for identifying any or all such patent rights.Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received(see www.iso.org/patents)or the IEC list of patent declarati
12、ons received(see http:/patents.iec.ch).Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.For an explanation of the voluntary nature of standards,the meaning of ISO specific terms and expressions related to conformity assessm
13、ent,as well as information about ISOs adherence to the World Trade Organization(WTO)principles in the Technical Barriers to Trade(TBT)see www.iso.org/iso/foreword.html.This document was prepared by Technical Committee ISO/IEC JTC 1,Information technology,Subcommittee SC 27,IT Security Techniques.Thi
14、s second edition cancels and replaces the first edition(ISO/IEC 24760-1:2011)which has been technically revised.The main changes compared to the previous edition are as follows:new terms have been added to Clause 3;some definitions have been simplified and corrected;some terms have been deleted and
15、some replaced;the introductory paragraphs of Subclause 5.1 have been reworded;new subclauses 5.4 and 8.5 has been created;A list of all parts in the ISO/IEC 24760 series can be found on the ISO website.Any feedback or questions on this document should be directed to the users national standards body
16、.A complete listing of these bodies can be found at www.iso.org/members.html.iv ISO/IEC 2019 All rights reserved ISO/IEC 24760-1:2019(E)IntroductionData processing systems commonly gather a range of information on their users,be it a person,piece of equipment,or piece of software connected to them,and make decisions based on the gathered information.Such identity-based decisions can concern access to applications or other resources.To address the need to efficiently and effectively implement sys
