ISO/IEC 24760-1

Formatted: Centered
Style Definition: Heading 1
INTERNATIONAL STANDARD
Style Definition: Heading 2
Third edition
Style Definition: Heading 3
Style Definition: Heading 4
ISO/IEC FDIS 24760--1:2024(en)
Style Definition: Heading 5
2024-10-3112-12 Style Definition: Heading 6
Style Definition: Default Paragraph Font
ISO/IEC JTC 1/SC 27/WG5
Style Definition: ANNEX
Style Definition: AMEND Terms Heading
Secretariat: DIN
Style Definition: AMEND Heading 1 Unnumbered
Style Definition: IneraTableMultiPar: Font: Font color: Auto,
Horizontal document
Don't adjust space between Latin and Asian text, Don't adjust
space between Asian text and numbers
IT Security and Privacy — A framework for identity management —Part 1: Terminology
Formatted
and Core concepts and terminology
Formatted: Don't adjust space between Latin and Asian text,
Don't adjust space between Asian text and numbers
Sécurité et confidentialité IT — Cadre pour la gestion de l'identité — Partie 1: Terminologie et
Formatted: Don't adjust space between Latin and Asian text,
concepts
Don't adjust space between Asian text and numbers
Formatted: Centered
ISO/IEC FDIS 24760-1:2024(E)
Formatted
Formatted: Adjust space between Latin and Asian text,
Adjust space between Asian text and numbers
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no
part of this publication may be reproduced or utilized otherwise in any form or by any means, Formatted: Default Paragraph Font
electronic or mechanical, including photocopying, or posting on the internet or an intranet, without
Formatted: Default Paragraph Font
prior written permission. Permission can be requested from either ISO at the address below or
ISO's member body in the country of the requester.
ISO Copyright Office
CP 401 • CH-1214 Vernier, Geneva
Phone: + 41 22 749 01 11
Email: copyright@iso.orgcopyright@iso.org
Website: www.iso.orgwww.iso.org
Published in Switzerland.
ii © ISO 2024 – All rights reserved

ISO/IEC FDIS 24760-1:2024(Een)
Formatted: Font: 11.5 pt, Bold
Formatted: Font: 11.5 pt, Bold
Formatted: Normal, Centered, Space After: 36 pt, Line
spacing: Exactly 12 pt, Tab stops: 0.71 cm, Left
Contents
Formatted: Font: 11.5 pt, Bold
Formatted: Font: 11.5 pt, Bold
Foreword . iv Formatted: Font: 12 pt, Bold
Formatted: Space After: 0 pt, Adjust space between Latin
Introduction . v
and Asian text, Adjust space between Asian text and numbers
1 Scope . 11
Field Code Changed
Field Code Changed
2 Normative references . 11
3 Terms and definitions . 22
3.1 General terms. 2 Field Code Changed
3.2 Identification . 44
Field Code Changed
3.3 Authenticating identity information . 4
3.4 Management of identity . 88
3.5 Federation . 10 Field Code Changed
3.6 Privacy protection . 11
Field Code Changed
4 Symbols and abbreviated terms . 12 Field Code Changed
5 Identity . 12 Field Code Changed
5.1 General . 1212
5.2 Identity information . 13 Field Code Changed
5.3 Identifier . 14
Field Code Changed
5.4 Credential . 14
Field Code Changed
6 Attributes . 17 Field Code Changed
6.1 General . 17
Field Code Changed
6.2 Types of attributeattributes . 17
Field Code Changed
6.3 Domain of origin . 1818
7 Managing identity information . 19 Field Code Changed
7.1 General . 19
Field Code Changed
7.2 Identity lifecycle . 20
Field Code Changed
8 Identification . 2222
8.1 General . 2222
8.2 Verification . 2323
8.3 Enrolment . 23 Field Code Changed
8.4 Registration . 24
Field Code Changed
8.5 Identity proofing . 24
Field Code Changed
9 Authentication . 25 Field Code Changed
10 Maintenance . 26 Field Code Changed
11 Implementation aspects . 26 Field Code Changed
12 Privacy . 27 Field Code Changed
Bibliography . 2828
Index of terms . 3131
Formatted: Font: 9 pt
Formatted: Normal, Centered, Space After: 24 pt, Tab stops:
17.2 cm, Right
© ISO/IEC 2024 – All rights reserved
iii
ISO/IEC FDIS 24760-1:2024(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of documentsdocument should be noted. This document was drafted in accordance with
the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives or
www.iec.ch/members_experts/refdocswww.iso.org/directives or
www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any
claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had
not received notice of (a) patent(s) which may be required to implement this document. However,
implementers are cautioned that this may not represent the latest information, which may be obtained
from the patent database available at www.iso.org/patents and
https://patents.iec.ch.www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held
responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the World
Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see
www.iso.org/iso/foreword.html.www.iso.org/iso/foreword.html. In the IEC, see
www.iec.ch/understanding-standardswww.iec.ch/understanding-standards.
This document was prepared by Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 27, Information security, cybersecurity and privacy protection.
Formatted: Don't adjust space between Latin and Asian text,
This secondthird edition cancels and replaces the firstsecond edition (ISO/IEC 24760-1:2011)2019),
Don't adjust space between Asian text and numbers
which has been technically revised. It also incorporates the Amendment ISO/IEC 24760-1:2019/Amd
Formatted: English (United Kingdom)
1:2023.
Formatted: std_suppl
A list of all parts in the ISO/IEC 24760 series can be found on the ISO website.
Formatted: std_suppl
Any feedback or questions on this document should be directed to the user’s national standards body. A Formatted: Don't adjust space between Latin and Asian text,
Don't adjust space between Asian text and numbers
complete listing of these bodies can be found at www.iso.org/members.htmlwww.iso.org/members.html
and www.iec.ch/national-committeeswww.iec.ch/national-committees.
This document has been given the status of a horizontal document in accordance with the ISO/IEC
Directives, Part 1.
iv © ISO 2024 – All rights reserved

ISO/IEC FDIS 24760-1:2024(Een)
Formatted: Font: 11.5 pt, Bold
Formatted: Font: 11.5 pt, Bold
Formatted: Font: 11.5 pt, Bold
Formatted: Normal, Centered, Space After: 36 pt, Line
Introduction
spacing: Exactly 12 pt, Tab stops: 0.71 cm, Left
Formatted: Font: 11.5 pt, Bold
Data processing systems commonly gather a range of information on their users, be it a person, piece of
Formatted: Font: 12 pt, Bold
equipment, or piece of software connected to them, and make decisions based on the gathered
information. Such identity-based decisions can concern access to applications or other resources.
To address the need to efficiently and effectively implement systems that make identity-based decisions,
the ISO/IEC 24760 series specifies a framework for the issuance, administration, and use of data that
serves to characterize individuals, organizations or information technology components which operate
on behalf of individuals or organizations.
For many organizations, the proper management of identity information is crucial for maintaining
security within organizational processes. For individuals, correct identity management is important for
protecting privacy.
The ISO/IEC 24760 series specifies fundamental concepts and operational structures for identity Formatted: Pattern: Clear
management and provides a framework on which information systems can meet business, contractual,
Formatted: Pattern: Clear
regulatory, and legal obligations.
Formatted: Pattern: Clear
This document specifies the terminology and concepts for identity management, in order to promote a
common understanding in the field of identity management.
This document is intended to provide a foundation for the terminology and concepts toin other Formatted: Body Text, Space After: 0 pt, Tab stops: Not at
0.7 cm + 1.4 cm + 2.1 cm + 2.8 cm + 3.5 cm + 4.2 cm +
international standards related to identity information processing including other parts of the ISO/IEC
4.9 cm + 5.6 cm + 6.3 cm + 7 cm
24760 series, ISO/IEC 29100, ISO/IEC 29101, ISO/IEC 29115, and ISO/IEC 29146.
Formatted: Default Paragraph Font

Formatted: Font: 9 pt
Formatted: Normal, Centered, Space After: 24 pt, Tab stops:
17.2 cm, Right
© ISO/IEC 2024 – All rights reserved
v
FINAL DRAFT INTERNATIONAL ISO/IEC FDIS 24760-1:2024(Een)
Formatted: Font: 11.5 pt
STANDARDInternational Standard
Formatted: Font: 11.5 pt
...