Contacts

Toronto, Ontario, Canada

info@northernblock.io

+1 (855) 665-0833

Glossary

Self-sovereign Identity: Meaning of the Terms

The purpose of this glossary is to help readers to understand the meaning of the terms that are relevant to self-sovereign identity. The objective is to ensure that users, various parties and entities have a shared and consistent understanding of terms used in the context of the self-sovereign identity. The glossary includes the level of detail needed to have an introductory knowledge of the self-sovereign identity.

This glossary was developed by the Northern Block using terms from Pan-Canadian Trust Framework, The European Self-Sovereign Identity Lab Framework, Sovrin Glossary, National Institute of Standards and Technology USA, The Service Innovation Lab of New Zealand, and World Wide Web Consortium.

Agent

A software program or process used by or acting on behalf of an entity to interact with other agents or with the ledger.

Example: Google Play, Online Banking app, Mobile email app, Real-estate Agent, Teller in the Bank

Assurance
- A measure of certainty that a statement or fact is true. Example: I'm almost sure that your job is safe
Attribute (Identity Information, Identity Data)
- Property about a Subject in any format that alone or in combination may be used to distinguish one Subject from other similar entities in a given context, and describe the Subject as required by the program or service. Example: Name, address, date-of-birth, fingerprints
Authentication
- The process of establishing truth or genuineness to generate an assurance. Example: Login into the social network account, entering your apartment using a key.
Claim (Assertion)
- An assertion about an Attribute of a Subject. Examples of a Claim include date of birth, height, government ID number, or postal address—all of which are possible Attributes of an Individual. A Credential is comprised of a set of Claims. Example: I was born on January 11 1980, I've read this book, I am driving a car.
Conformance Criteria
- Requirements used to assess the trustworthiness of a specific process. Example: strength of the encryption key, number of keys needed to open the apartment building, strength of the car alarm
Consent
- permission for something to happen or agreement to do something. Consent does not require a yes, an affirmation, nor does it imply unanimity or full agreement. Permission, given from an Entity authorized to do so, to share Identity and/or Personal Information about a Subject as per the terms defined in a Notice. Example: a permission signed by a parent for his or her child to go on a field trip, a permission for medical treatment, a permission to use one's data.
Context
- the circumstances that form the setting for an event, statement, or idea, and in terms of which it can be fully understood and assessed. Digital Context is the surrounding environment and circumstances that determine meaning of Digital Identity(s) and the Policy(s) and protocols that govern their interactions. Example: current pandemic for travelling restrictions, country of birth for immigrants
Credential
A digital assertion containing a set of Claims made by an Entity about itself or another Entity. Credentials are a subset of Identity Data. Example: University diploma, driving license, birth certificate, Edx badge, military rank
Dependant
An Individual whose circumstances or capabilities in a given context requires dependence on a Guardian to administer the Individual’s Identity Data. Example: Kids under certain age, domestic animals, refugee
Digital Identity
A type of Digital Representation that uniquely identifies a Subject within a context, and that a User presents/uses exclusively to represent the Subject when they access online services. A Digital Identity is information on an Entity used by computer systems to represent an external agent. That agent may be a person, organization, application, or device. ISO/IEC 24760-1 defines identity as "set of attributes related to an entity". Example: Social network personal account, online banking account
DID - Decentralized Identifier
A globally unique identifier developed specifically for decentralized systems as defined by the W3C DID specification. DIDs enable interoperable decentralized Self-Sovereign Identity management. These identifiers are most often used in a verifiable Credential Example: driver's license number, health services card number, device serial number.
Digital Ecosystem
A digital ecosystem is an interdependent group of enterprises, people and/or things that share standardised digital platforms for a mutually beneficial purpose, such as commercial gain, innovation or common interest. Digital ecosystems enable you to interact with customers, partners, adjacent industries ‒ and even your competition. Example: Credit card payments ecosystem, AirBnB, Uber
Entity
Something that has a separate and distinct existence and that can be identified in a context. A thing with distinct and independent existence, such as a person, organization, or device that performs one or more roles in the ecosystem. Example: Human being with a identification document, registered organization, personal laptop in the internet.
Evidence of Identity
A information record consisting of Identity Information and Attributes that supports the integrity and accuracy of identity claims made by a Subject. The types of evidence (identity information and attributes) that, when combined, provide confidence to a certain level of assurance, that an Entity is who they say they are. Example: federal immigration record, certificate of incorporation, serial number of the device maintained in the database of the producer
Guardian
An Identity Owner who administers Identity Data, Wallets, and/or Agents on behalf of a Dependent. Example: parent, adoptive parent, legal representative of the disabled person
Holder
A role played by an Entity when it is issued a Credential by an Issuer. The Holder may or may not be the Subject of the Credential and may posses more than one verifiable Credential. Example: Graduate student with diploma, Driver with a driving license, business owner with a business license.
Identifier
A text string or other atomic data structure used to provide a base level of Identity for an Entity in a specific context. Example: driver's license number, health services card number, device serial number, apartment number, car license
Identity
Information that enables a specific Entity to be distinguished from all others in a specific context. Identity may apply to any type of Entity, including individuals, organizations, and things. Example: passport, business license, health card
Issuer
A role an Entity can perform by asserting claims about one or more subjects, creating a verifiable Credential from these claims, and transmitting the verifiable Credential to a Holder. Example: University, Service Canada, ICBC
Key Public and Private - Private Key
The half of a cryptographic key pair designed to be kept as the Private Data of an Entity. Public Key - The half of a cryptographic key pair designed to be shared with other parties in order to decrypt or verify encrypted communications from an Entity. In digital signature schemes, a Public Key is also called a verification key.
Ledger
The distributed, continuously-replicated global cryptographic database of transactions maintained by stewards operating nodes. Example: Accounting ledger, ledger of changing in the state of anything.
Levels of Assurance
A measure—usually numeric—of the Trust Assurance that one Entity has in another Entity based on a defined set of criteria that establish the amount of reliance the first Entity may accept from the second Entity in the performance of the criteria. Example: I trust somebody fully, I usually trust him or her, I usually don't trust him or her, I don't trust this person.
Network Facilitator / Steward
A Role that a Participant performs to connect parties together in a multi-party identity transaction. This organization is an active participant and adds value in the delivery of the digital identity service. Example: Facebook, Amazon Web Services, Google Drive, Via Rail Canada, Air Canada
Node
A computer network server running an instance of the code necessary to operate a distributed ledger or blockchain. Example: any cloud provider
Notice
A statement that is formulated to describe the collection, use, disclosure, and retention of Personal Information and inform a User. Notice requirements for each jurisdiction's legislation must be adhered to. Example: Cookies notice, app notice.
Organisation
An Entity that consists of a person or organized body of people with a particular purpose, and whose existence is established by legal statute. Example: any business, non-profit or government entity.
Party
An entity that has objectives, knowledge about what exists, rules that (should) apply, and some capability that allows it to reason, make decisions, generate and maintain knowledge etc. in a self-Sovereign fashion; humans and organizations are the typical examples. Example: synonym to Entity
Participant
An Organization that performs one or more Roles in the Digital Identity Ecosystem and agrees to comply with the parameters of the Governance or Trust Framework. Example: Identity provider, Telus, Bell, Google, Wix, wallet app provider
P2P
Peer-to-peer computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent participants in the application. Example: Skype, Grid computing, Bit torrent, Bitcoin,
Personal Information
(according to PIPEDA) personal information includes any factual or subjective information, recorded or not, about an identifiable individual. This includes information in any form, such as: ◦ age, name, ID numbers, income, ethnic origin, or blood type; ◦ opinions, evaluations, comments, social status, or disciplinary actions; and ◦ employee files, credit records, loan records, medical records, existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs). information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a specific individual.
Policy

A business, legal, or technical rule specified in a Trust or Governance Framework.

Example: Eviction policy, insurance policy

Presentation
Data derived from one or more verifiable credentials, issued by one or more issuers, that is shared with a specific Verifier. A verifiable presentation is a tamper-evident presentation encoded in such a way that authorship of the data can be trusted after a process of cryptographic verification. Example: Scan of any legal or educational document, book cover.
Relying Party (Verifier)
A Role that an organization or person performs to consume digital Identity Information created and managed by Participants to conduct digital transactions with Subjects, to process a transaction or grant access to information or a system. A role an entity performs by receiving one or more verifiable credentials, optionally inside a verifiable presentation for processing. Example: bank when opening a new account for a Subject; a car dealer when verifying credit of a buyer; service provider who needs some level of identity verification
Revocation
The act of an Issuer revoking the validity of a Claim or a Credential. Example: driver license suspension, working visa expiration
Selective Disclosure
A principle of revealing only the subset of the data described in a Claim, Credential, or other set of Identity Data that is required by a Verifier. Example: Showing one page of the passport, Allowing app not to see contacts on the phone.
Subject
A person, organization, or machine that holds or is in the process of obtaining a digital representation in the Digital Identity Ecosystem system, and that can be subject to legislation, policy and regulations within a context. A thing about which claims are made. Example: social network account owner, passport owner, business owner.
Self-Sovereign Identity
Identity system architecture based on the core principle that identity owners have the right to permanently control one or more Identifiers together with the usage of the associated Identity Data.
Transaction
A discrete event between a user and a system that supports a business or programmatic purpose. A government digital system may have multiple categories or types of transactions, which may require separate analysis within the overall digital identity risk assessment. Example: Opening bank account, buying groceries, etc.
Trust Assurance
A means by which one Entity conveys confidence that another Entity is complying with the rules of a Trust or Governance Framework. Example: Checking travelling documents in the airport arrival or departure, checking id when entering bar
Trust or Governance Framework
The set of business, legal, and technical definitions, policies, specifications, and contracts by which the members of a trust community agree to be governed in order to achieve their desired Levels of Assurance. Example: University policies and regulations, tenancy laws and rules
Trusted Process
A set of business or technical activities that transform an input condition to an output condition, and that have been shown, by being assessed against conformance criteria defined in the Pan-Canadian Trust Framework, to be trustworthy and reliable. Example: user authorisation in social network, online banking, cra account.
Verification
The evaluation of whether a verifiable Credential or verifiable presentation is an authentic and timely statement of the Issuer or presenter, respectively. This includes checking that: the Credential (or presentation) conforms to the specification; the proof method is satisfied; and, if present, the status check succeeds. A process that confirms that the digital Identity Information being presented relates to the Subject who is making the assertion. Example: Checking travelling documents in the airport arrival or departure, checking id when entering bar, asking for a pin in bankomat
Wallet
A software module, and optionally an associated hardware module, for securely storing and accessing Private Keys, other sensitive cryptographic key material, and other Identity Data used by an Entity. A Wallet is accessed by an Agent. Example: leather wallet with credit cards.
User
A person who is either the Subject or authorized to represent the Subject and intentionally accessing a digital service or digital program.
Zero-Knowledge Proof
A Zero Knowledge Proof provides cryptographic proof about some or all of the data in a set of Credentials without revealing the actual data or any additional information, including the Identity of the prover. Example: registering to the account without typing password by using cryptographic fingerprint or qrcode.
// We Carry more Than Just Good Coding Skills

Let's Build Your Website!

// support center

Our Support Team
will Always Assist You 24/7

01

Entrust full-cycle implementation of your software product to our experienced BAs, UI/UX designers, developers.

LEARN MORE
01

For Partners

For Partners
02

Entrust full-cycle implementation of your software product to our experienced BAs, UI/UX designers, developers.

LEARN MORE
02

For Customers

For Customers
03

Entrust full-cycle implementation of your software product to our experienced BAs, UI/UX designers, developers.

LEARN MORE
03

For Startups

For Startups

Author

Mathieu Glaude

Mathieu is the Chief Executive Officer of Northern Block, a leading global provider of self-sovereign identity, blockchain, verifiable IDs & documents and automated business workflow technology headquartered in Toronto, Canada. Connect with him on LinkedIn here