Glossary

Abbreviation or term

Description                                                          

Activation Code

(See Initial password.)

Authentication (Guide)

Process of establishing to the required level of confidence, the identity of one or more parties to a transaction. Consists of identity management (establishing who you are) and login management (confirming who you are).

In particular, for the RealMe context, authentication is used in the commonly understood sense of a customer logging into a service with their username and authentication credential. 

Authentication Assertion (SAML)

An assertion that conveys information about a successful act of authentication that took place for a subject.

Authentication credential (DIA)

Method used by an individual to authenticate his or her identity over the internet. Examples of authentication credentials include passwords, one-time passwords, software tokens, hardware tokens and biometrics.

Authentication Request Protocol (Spec)

When a principal (or an agent acting on the principal’s behalf) wishes to obtain assertions containing authentication statements to establish a security context at one or more relying parties, it can use the authentication request protocol to send an <AuthnRequest> message element to a SAML authority and request that it return a <Response> message containing one or more such assertions. Such assertions MAY contain additional statements of any type, but at least one assertion MUST contain at least one authentication statement. A SAML authority that supports this protocol is also termed an identity provider.

Authentication Response (Spec)

The responder MUST ultimately reply to an <AuthnRequest> with a <Response> message containing one or more assertions that meet the specifications defined by the request, or with a <Response> message containing a <Status> describing the error that occurred.

Note: in this context, the RealMe login service will respond to the client with a FLT for a successful login by the Customer (user) and or with an applicable Status element for an unsuccessful login.

Client (DIA)

Organisational users of RealMe including both government service agencies and private sector organisations.

Client Administrator (DIA)

Private sector client or government agency employee who has responsibility for administering the customers accessing the online service. The Client Administrator can also access summary reports on RealMe login service activity for the client via the RealMe Help Desk website.

Customer (DIA)

Person interacting with clients to access services over the internet. A customer is a public user of online services from a client and therefore is also a user of RealMe. 

Establish identity (EOI)

An agency or organisation may ‘establish an identity’ as an output of an evidence of identity (EOI) process performed to a specific level of confidence.

The results of an EOI process can be considered accurate to a specific level of confidence and at a specific point in time. ‘Establish identity’ differs from ‘verify’ or ‘strengthen’ identity in that the EOI process relates to a natural person the agency has not interacted with before.

Evidence of identity (EOI) (Guide)

The types of evidence that, when combined, provide confidence that an individual is who they say they are.

Evidence of identity (EOI) process (Guide)

Process by which a client establishes confidence in an individual’s identity.  For government service providers this is a formalised requirement and process, but private sector agencies are expected to meet their own requirements in relation to identity checking for policy, industry or legal requirements to test for falseness of identity.

Federated Identity (SAML) (DIA)

A principal’s identity is said to be federated between a set of providers when there is an agreement between the providers on a set of identifiers and/or attributes to use to refer to the Principal.

Identity Federation – the act of creating a federated identity on behalf of a Principal.

The RealMe solution uses the terms:

“Federated Identifier” to mean the identifier unique to an individual’s identity paired with the particular online service provider with which the individual transacts.

“Federated Login Tag” (FLT) to mean the name given to the “Federated Identifier” used in the RealMe login service implementation.

In the RealMe login service context, the FLT is the unique value that pseudonymously identifies the Customer to one client privacy context. For a given Customer, the FLT will be different for each client or privacy context.

Federated Logon Tag (FLT)

(See Federated Identity.)

First time login (DIA)

This is the process whereby a Service Applicant completes a RealMe login authentication to the client’s online service for the very first time. This results in the client receiving an unrecognised FLT, which needs to be associated with the Service Applicant’s identity.

Identity (Guide)

A set of attributes and/or data linked to an individual person.

Identity-related (service) risk (Guide)

Any risk for a particular service that results from an individual’s identity being incorrectly attributed. Also refer to the Evidence of Identity Standard (external link) for further details.

Identity Provider (IdP) (SAML)

A kind of Service Provider that creates, maintains, and manages identity information for principals and provides principal authentication to other service providers within a federation, such as with web browser profiles.

Provider: a generic way to refer to both identity providers and service providers. (An example of an Identity Provider is the RealMe login service.)

igovt (DIA)

A previous brand for the set of all-of-government shared services covering identity and authentication, now replaced with the RealMe brand.  

Initial password (Guide)

Password that is issued to the customer and used only for the first authentication.

Note, in this context, an Activation Code is a specific instance of an initial password that enables a Customer to link their identity to a client when they login via the RealMe login service for the first time.

Login (DIA)

The combination of a username (login identifier component) with one or more authentication credentials (the authentication component) that is authenticated by the RealMe login service when presented by the Customer.

Log on, Log in, Sign-On (SAML)

The process whereby a Customer presents credentials to an Authentication Authority, establishes a simple session, and optionally establishes a rich session.

Low Strength Login (DIA)

The login strength required for low service risk transactions. Requires a username and a one-factor authentication credential in the form of a password conforming to the Password Standard.

Mobile device

A mobile device is a hand held smart device that the user can take anywhere – eg smart phone or tablet. The mobile device is required when a user elects to use Google Authenticator application as a 2nd factor authentication.

Moderate Strength Login (DIA)

The login strength required for moderate service risk transactions. Requires a username and an authentication credential that is at least one of the following: a one-time password system combined with a password; a one-time password device requiring per-session local activation (with a password or biometric) or a software token requiring per-session local activation (with a password or biometric).

Note: Currently RealMe uses the following One Time Password options

  • A one-time code sent by SMS – referred to as a RealMe code by TXT
  • A RSA token which is a one-time code device – referred to as a RealMe code by token
  • Google Authenticator which is a one-time code associated with a mobile device – referred to as a Google Authenticator token

Ongoing use (login) (DIA)

This is the process whereby a Customer makes a second or subsequent RealMe login authentication to the client. This results in the client receiving and recognising an FLT which they have previously stored. If the Service Registration process and the Evidence of Identity Process for the Customer have been completed, then the client is able to associate the FLT with the Customer’s identity.

Online service (Guide)

Service that a client offers through an interactive online delivery channel.

Privacy domain (DIA)

A privacy domain (or privacy realm, or identity privacy context) is the same set of Customer identity records that are used by one or more online services. A RealMe service will return one Federated Identifier (FLT or FIT) per privacy domain. Depending upon privacy requirements, legislative controls and practical constraints, a client may have a single privacy domain, several privacy domains, or share a privacy domain with other clients in the same sector.

RealMe (DIA)

RealMe® is the brand name for the all-of-government common capability providing authentication and identity assertion services.

RealMe code by Google Authenticator

A one time code generated by the Google Authenticator application. The Google Authenticator application is loaded onto a mobile device. The code is used as an additional security protocol known as a 2nd Factor authentication where a moderate strength login is required.

RealMe code by token

A one time code generated by the RSA token that is sent to the user. The code is used as an additional security protocol known as a 2nd Factor authentication where a moderate strength login is required.

RealMe code by TXT

A one time code sent to a mobile phone via SMS. This code is used as an additional security protocol known as a 2nd Factor authentication where a moderate strength login is required.

RealMe Help Desk  (DIA)

The RealMe Help Desk provides Level 1 support to Customers and responds to login-related queries/requests. Staff working in the RealMe Help Desk typically resolve problems during the Customer’s first call.

RealMe login service (Guide)

An all-of-government shared service, that provides ongoing reconfirmation of online identity to participating clients to the desired level of confidence.

Secondary Authentication (DIA)

Means of confirming the identity of a Customer offline to the required level of confidence, e.g. when they call the RealMe Help Desk for assistance. Also an alternate means by which the Customer can confirm their identity when their RealMe login cannot be used, e.g. answering low strength security questions to reset a forgotten password.

The strength of Secondary Authentication used to confirm a Customer’s identity must be equal to (or higher than) the strength of the online RealMe login it is intended to substitute. Note: Secondary Authentication to confirm the identity of Customers can only be used within RealMe and will not be available to clients.

Security Assertion Markup Language (SAML)

The set of specifications describing security assertions that are encoded in XML, profiles for attaching the assertions to various protocols and frameworks, the request/response protocol used to obtain the assertions, and bindings of this protocol to various transfer protocols (for example, SOAP and HTTP).

Service Agency (DIA)

A previous term, sometimes replaced by Client.

For the purposes of integration a Service Agency was a government entity that relied on the logon service for user authentication in order to deliver an online service to a Service User (now, Customer). The entity could be a sector, a service agency, or a service within an agency.

Any Department or client listed in Schedule 1 of the Ombudsmen Act 1975 (external link) has been eligible to operate as an igovt Service Agency.  Now both government agencies and private sector clients are included as clients utilising RealMe services including authentication and identity assertion.

Service Applicant (DIA)

Person applying online to access the client’s online service.

Note that once a client’s registration process for the online service is complete, the Service Applicant is commonly known as a new Customer, Customer or Service User.

Service provider (SP) (SAML)

A role donned by a system entity where the system entity provides services to principals or other system entities. Note, in this context, Clients are Service Providers.

Service Registration (DIA)

Service Registration is a process that allows a Customer to apply for access to a service. To do this, the client must ensure the identity of the Customer (see EOI), especially in the government context. This process can be online using the RealMe assertion service (or some other method that satisfies the required confidence level) or offline using existing manual processes.

Service User (Guide)

Person interacting with clients to access services over the internet. In this context a Service User is a public user or end user of the client and therefore also a user of RealMe. Now more commonly referred to as the Customer.

Status

(See Authentication Response.)

User (SAML)

A natural person who makes use of a system and its resources for any purpose. Note: in this context, any user of the client’s online service or the RealMe login service including Service Applicants, Customers/Service Users, and Client Administrators.

Subscribe