This glossary provides operational definitions of identity-related concepts as commonly used in the development sector. They are part of an effort by the World Bank to standardize the language we use in ID4D publications and operational work, and we hope they will be useful to other development partners and practitioners as a point of departure.
A named quality or characteristic inherent in or ascribed to someone or something (adapted from NIST 800-63:2017). In ID systems, common identity attributes include name, age, sex, place of birth, address, fingerprints, photo, signature, identity number, etc.
The process of establishing confidence that a person is who they claim to be. Digital authentication generally involves a person electronically presenting one or more “factors” to “assert” their identity—that is, to prove that they are the same person to whom the identity or credential was originally issued. These factors can include something a person knows (e.g., a password or PIN), has (e.g., an ID card, token, or mobile SIM card), or is (e.g., their fingerprints) (adapted from NIST 800-63:2017 and OWI 2017).
“Two-factor” authentication involves more than one of the factors describes above (i.e., two things that you are, know, or have).
Although authentication and verification are related and often used interchangeably, for the purposes of this Guide they can be distinguished by whether the process involves determining the veracity of particular attributes (verification) or ensuring that a person is the “true” owner of an identity or credential (authentication). In some cases, however, authentication procedures go beyond establishing a legitimate claim to an identity and also verify particular attributes.
For the purpose of this Guide, biographic data refers to attributes about a person or their life, that are not biometric (i.e., biological or behavioral). In foundational or legal ID systems, this often includes information such as name, sex, age, nationality, etc.
Although often used interchangeably with “demographic,” the term “biographic” is preferred when referring to personal data—i.e., information about a person or their life. The term “demographic” is more appropriate when discussing the statistical characteristics of a population or a subgroup (e.g., categorizing the population by sex, age, income group, etc.).
A biological (fingerprint, face, iris) or behavioral (gait, handwriting, signature, keystrokes) attribute of an individual that can be used for biometric recognition (adapted from ISO/IEC 2382-37).
The process of searching against a biometric enrollment database to find and return the biometric reference identifier(s) attributable to a single individual (ISO/IEC 2382-37). Biometric identification is often used to deduplicate identity records during registration (i.e., to perform a duplicate biometric enrollment check).
The automated recognition of individuals based on their biological and behavioral characteristics. Biometric recognition encompasses both biometric identification and biometric verification (ISO/IEC 2382-37).
The process of confirming a biometric claim through biometric comparison (ISO/IEC 2382-37). Biometric verification may be used during authentication procedures to conduct a 1:1 match of a captured biometric template (i.e., the biometric claim) against one stored on a card, mobile device, or database.
The continuous, permanent, compulsory and universal recording of the occurrence and characteristics of vital events pertaining to the population, as provided through decree or regulation in accordance with the legal requirements of each country (UNDESA 2014). Vital events concern the life, death and civil status of individuals, including live birth, death, fetal death, marriage, divorce, separation, annulment, adoption, legitimation, and recognition (of paternity).
A document, object, or data structure that vouches for the identity of a person through some method of trust and authentication. Common types of identity credentials include—but are not limited to—ID cards, certificates, numbers, passwords, or SIM cards. A biometric identifier can also be used as a credential once it has been registered with the identity provider (adapted from ID4D Technology Landscape and Public-Private Cooperation reports).
Identity “credential” is preferred to identity “document” in most contexts as many digital credentials are not physical documents.
Cybercrime is understood to include criminal conduct (as provided in the country’s criminal laws) directed against the confidentiality, integrity and availability of computer systems and networks, as well as the data stored and processed on them, and criminal acts carried out through the instrumentality of such systems, networks and data (World Bank & United Nations 2017).
The term “cybersecurity” is a convenient shorthand for a complex set of issues. It commonly refers to systems and actions aimed at securing data and communications over the internet and even the infrastructure of the internet itself. includes “cybercrime.” The more common threats to cybersecurity are malware, denial of service, and phishing attacks (attempts to acquire sensitive information online by someone who is masquerading as a trusted entity), but cyberincidents are increasingly perpetrated by disaffected insiders. cybersecurity usually refers to securing data and infrastructure in a civilian context; but acts that might previously have been considered civilian attacks are now being uncovered as acts of states against states via nonstate actor proxies, blurring the lines between acts of cybercrime and cyberwar or cyberterrorism (World Bank 2016b, p. 222).
In the context of identification systems, deduplication is a technique to detect duplicate identity records, identify inconsistent identity claims, and establish the uniqueness of people within a system. Biometric recognition is commonly used to perform this function; biographic data can also be used for deduplication but generally not with the same level of efficiency nor accuracy (adapted from ISO/IEC 2382-37 and ID4D Technology Landscape report).
A credential issued based on proof of possession and control of an authenticator associated with a previously issued credential, so as not to duplicate the identity proofing process (NIST 800-63:2017).
A set of electronically captured and stored attributes and/or credentials that uniquely identify a person (adapted from Harbitz & Kentala 2013 and ID4D Technology Landscape report).
Use “digital identity” when referring to a person’s digital identity, and “digital ID” when referring to a digital identity credential or system.
Digital identification (ID) system
An identification system that uses digital technology throughout the identity lifecycle, including for data capture, validation, storage, and transfer; credential management; and identity verification and authentication (adapted from ID4D Public-Private Cooperation report).
An asymmetric key operation where the private key is used to digitally sign data and the public key is used to verify the signature. Digital signatures provide authenticity protection, integrity protection, and non-repudiation, but not confidentiality protection (NIST 800-63:2017).
Note that “electronic signature” and “digital signature” are often used interchangeably but are NOT synonymous. Digital signatures are one technical implementation of an electronic signature using public-key cryptography. In addition, digital signatures are also used for other functions (e.g., authenticating devices) that do not serve the same purpose as an electronic signature, which is to substitute for a handwritten signature.
An electronic authentication technique that carries the legal weight of—and substitutes for—a handwritten signature (adapted from UNCITRAL 2002).
Note that “electronic signature” and “digital signature” are often used interchangeably but are NOT synonymous. Digital signatures are one technical implementation of an electronic signature using public-key cryptography. In addition, digital signatures are also used for functions (e.g., authenticating devices) that do not serve the same purpose as an electronic signature, which is to substitute for a handwritten signature.
Foundational identification (ID) system
An identification system primarily created to manage identity information for the general population and provide credentials that serve as proof of identity for a wide variety of public and private sector transactions and services. Common types of foundational ID systems include civil registries, universal resident or national ID systems, and population registers (adapted from Gelb & Clark 2013a and various ID4D publications).
Countries typically have multiple foundational ID systems that may or may not be entirely distinct. For example, a country may have a population register linked to the civil registration system that is used both to generate population statistics and as the basis on which national ID cards are issued.
Foundational ID systems are also typically legal ID systems, with the primary purposes of establishing or recognizing legal identity and issuing government-recognized credentials.
The distinction between foundational and functional ID systems is about the purpose for which they were created. In some countries—typically where foundational ID systems have been weak or non-existent outside of civil registration—functional credentials are used as the primary means of identification and authentication for a variety of purposes, (e.g., driver’s licenses or social security numbers in the U.S.); however there are not typically considered to be foundational systems as their primary purpose is still sector-specific.
Functional identification (ID) system
An identification system created to manage identification, authentication, and authorization for a particular service or transaction, such as voting, tax administration, social programs and transfers, financial services, and more. Functional identity credentials—such as voter IDs, health and insurance records, tax ID numbers, ration cards, driver’s licenses, etc.—may be commonly accepted as proof of identity for broader purposes outside of their original intent, particularly when there is no foundational ID system (adapted from Gelb & Clark 2013a and various ID4D publications).
Identity document (see credential).
Use “identify” when referring to the verb (e.g., write “people have no way to identify themselves” rather than “people have no way to ID themselves”).
When referring to a specific credential, add a description of that credential after ID whenever appropriate to avoid ambiguity in meaning (e.g., “national ID card” rather than “national ID”).
The process of establishing, determining, or recognizing a person’s identity (adapted from ISO/IEC 24760-1:2011 and ITU-T X.1252),
Use “identification (ID) system” when referring to the specific processes or systems used for identification.
Use “identity document,” “ID,” or “credential” when referring to a “form of identification”
Identification (ID) system
The databases, processes, technology, infrastructure, credentials, and legal frameworks associated with the capture, management, and use of personal identity data for a general or specific purpose (adapted from the Principles on Identification).
“identification (ID) system” is generally preferred over “identity system,” including in all compound types of ID systems (e.g., use “foundational identification/ID system” rather than “foundational identity system”).
A set of attributes that uniquely describe a person within a given context (adapted from NIST 800-63:2017).
Identity document (ID)
A type of identity credential. See also ID.
The set of identification systems—including databases, credentials, laws, processes, protocols, etc.—and their interconnections within a jurisdiction, geographic area, or particular sector (adapted from ID4D Public-Private Cooperation paper).
The process of registering, issuing, using and managing personal identities, including collecting identity data; validation through identity proofing and deduplication; issuing credentials; verification and authentication for transactions; and updating and/or revoking identities and credentials (adapted from ID4D Public-Private Cooperation paper).
Establishes the uniqueness and validity of an individual’s identity when they register in an ID system. Identity proofing may rely upon various factors such as identity documents, biographic information, biometric information, and knowledge of personally relevant information or events, and may be done in-person or remotely (adapted from NIST 2015 and NIST 800-63:2017).
An entity—e.g., a government agency or private firm—that issues and manages identities, credentials, and authentication processes throughout the identity lifecycle (ID4D Public-Private Cooperation paper).
The terms “identity provider (IdP),” “identity service provider,” and “digital identity service provider” are often used somewhat synonymously in different publications and standards, and are often broken down into more specific roles such as a “registration authority,” “credential service provider,” “attribute provider,” “verifier,” etc., depending on the architecture of the ID system and the various entities and roles involved (e.g., see NIST 800-63:2017, ISO/IEC 24760-1:2011 and ITU-T X.1252). In this Guide, the term is used in a generic sense to encompass all or most of these roles unless otherwise stated.
The ability of different functional units—e.g., systems, databases, devices, or applications—to communicate, execute programs, or transfer data in a manner than requires the user to have little or no knowledge of those functional units (adapted from ISO/IEC 2382:2015).
Level of assurance (LOA)
The ability to determine, with some level of certainty or assurance, that a claim to a particular identity made by some person or entity can be trusted to actually be the claimant’s “true” identity (ID4D Public-Private Cooperation). The overall level of assurance is a function of the degree of confidence that the applicant’s claimed identity is their real identity (the identity assurance level or IAL), the strength of the authentication process (authentication assurance level or AAL), and—if using a federated identity—the assertion protocol used by the federation to communicate authentication and attribute information (federation assurance level or FAL) (adapted from NIST 800-63:2017).
National identification (ID) system
A foundational identification system that provides national IDs (NIDs)—often a card—and potentially other credentials. In many countries, a primary function of national ID systems has been to establish and provide recognition and proof of nationality and/or residency status.
There is no commonly agreed-upon definition of an NID system and countries have used this term to refer to a variety of types of ID systems. For example, “national” may be interpreted both as providing proof of nationality and/or in the sense that the system is nation-wide in scope.
Most so-called NID systems normally provide proof of legal identity
Use “national ID” or “NID” when referring to the credential (e.g., a card) and “national ID system” or “NID system” when referring to the entire system, including databases, etc.
Public Key Infrastructure (PKI)
A set of policies, processes, server platforms, software, and workstations used for the purpose of administering certificates and public-private key pairs, including the ability to issue, maintain, and revoke public key certificates (NIST 800-63:2017).
A database of every individual that has the right to reside in the country, including citizens and non-citizens, children and adults. Population registers typically contain demographic data and life-event information that is the basis of or exchanged with other identification systems and databases such as national ID systems, civil registers, and others (adapted from Harbitz & Kentala 2013).
Proof of legal identity
A credential, such as a birth certificate, identity card or digital identity credential, that is recognized as proof of legal identity under national law and in accordance with emerging international norms and principles (United Nations Legal Identity Expert Group Operational Definition of Legal Identity).
The process through which a person applies for an ID system and the ID provider proofs their identity (adapted from NIST 800-63:2017).
In this Guide, the term “registration” is used interchangeably with “enrollment,” following NIST definitions. Note that other sources have defined these two terms to mean distinct processes (e.g., see ISO/IEC 24760-1:2011 and ITU-T X.1252).
Relying party (RP)
An entity that relies upon the credentials and authentication mechanisms provided by an ID system, typically to process a transaction or grant access to information or a to system (adapted from NIST 800-63:2017).
One-to-one mapping of identity records in an existing database with those in another database (e.g., via a unique ID number). Seeding can be done in bulk with no action required by individual users (“inorganic seeding”) or on a case-by-case bases as users interact with one of the systems (“organic seeding) [adapted from ID4D Aadhaar Case Study (forthcoming)].
Unique ID number (UIN)
In the context of identification systems, a number that uniquely identifies a person—i.e., each person only has one UIN and no two people share the same UIN. UINs are generally assigned for a person’s lifetime in a particular ID system (i.e., their number does not change over time), typically after validating a person’s identity and uniqueness through deduplication process (adapted from ID4D Public-Private Cooperation).
In general, use “UIN” and not “UID” unless referring to a country-specific system (e.g., as in India)
Many countries have UINs that are referred to as national ID numbers or “NINs”
Universal resident ID system
A digital, foundational ID system that uniquely identifies and provides government-recognized credentials to all residents of a country, including nationals and non-nationals.
NID systems may be universal resident ID systems to the extent that they are digital and provide IDs to residents as well as nationals.
For the purpose of this document, verification is defined as the process of verifying specific identity attributes or determining the authenticity of credentials in order to facilitate authorization for a particular service.
Although authentication and verification are related and often used interchangeably, they can be distinguished by whether the process involves determining the veracity of specific attributes or credentials (verification) or ensuring that a person is who they claim to be (authentication)
Note that during the identity proofing process, the term verification is typically used to refer to the process of verifying that the applicant is the true owner of the claimed identity and evidence (i.e., authentication).