The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

View only
Access governanceAccess Governance is een aanpak waarbij op een geautomatiseerde wijze autorisaties van een heterogeen applicatielandschap worden geanalyseerd met als doel de risico's van ongeautoriseerde toegang te verminderen. Access Governance wordt ingezet als internecontrolemaatregel, maar kan ook onderdeel uitmaken van de interne of externe audit, waarbij de externe accountant steunt op de uitkomst van het Access Governance-proces en hiermee waarborgen krijgt omtrent de juistheid van de toegang tot de financiële systemen en onderliggende infrastructuur. Naast voornoemde aspecten wordt in dit artikel uitgelegd hoe Access Governance as a Service kan worden ingezet, wat inhoudt dat een organisatie de periodieke autorisatieanalyse uitbesteedt aan een externe partij. Dit model is ook toepasbaar in relatie tot de betrokkenheid van IT-audit bij de jaarrekeningcontrole. Daarnaast wordt de relatie tussen Access Governance en Identity & Access Management (IAM) gegeven.KPMGAGdu
BSNBurger Service NummereHerkenningBSNeRecognitionduBurgerservicenummer
EnrollmentInschrijven, opnemen in registerduInschrijven, registreren
Ministry of Economic Affairs, Agriculture and InnovationMinistry of Economic Affairs, Agriculture and InnovationeHerkenningEL&IeHerkenningdu
SIVIStandaardisatie Instituut voor Verzekeringen in de IntermediairbrancheSIVISIVIduSIVI
(to certify)characteristics of an information system or, as in the context of the PKI for the government, a management system conducted by an independent third party. Certification is carried out as part of a process, in which the degree is established to which a management system adheres to an established collection of requirements (e.g. ETSI TS 101 456). PKIoverheid (and ETSI TS 101 456). Note: in some European guidelines, including the guideline on electronic signatures, this is indicated as accreditation.eHerkenningeHerkenningen
ABACAttribute Based Access ControlABACen
Access GovernanceAccess Governance is the responsibility for structuring and maintaining processes that are needed in order to achieve and maintain the Access Governance Nirvana.
Processes that play a significant role in this responsibility are processes surrounding Enterprise Architecture, Identity Management, Access Control, Assessment, Logging and Monitoring and Reporting.

Account linkingen
Attribute providerAn attribute provider (AP) is responsible for the processes associated with establishing and maintaining identity attributes Attribute maintenance includes validating, updating, and revoking the attribute claim An attribute provider asserts trusted, validated attribute claims in response to attribute requests from relying parties In certain instances, a subject may self-assert attribute claims to relying parties Trusted, validated attributes inform relying parties’ decision to authorize subjects.NSTICAPen
Authentication (to authenticate)Verifying the (or a) claimed identity of a party and the set of his claimed attributes at a specific trust level. Analogous to KPMG6, Modinis7, "Opdrachtformulering Vraagstuk eRecognition bedrijven en instellingen" d.d. 10-1-2008, NTP Authorisation Policy (AP) v1.1. Definition is also analogous to PKIoverheid8 which states: "In the electronic signatures act the Dutch term ‘Authentificatie’ is used. The original English word is ‘Authentication’, translated in Dutch as ‘Authenticatie’. This document uses the latter."eHerkenningeHerkenningenauthenticatie
Authentication serviceAuthentication service: makes the issued tokens available in the eRecognition network in real time.eHerkenningeHerkenningenAuthenticatiedienst
Authentication serviceA required role within the network for eRecognition which is fulfilled by a participant in the scheme and which bears responsibility for authenticating a natural person based on the authentication token used by the natural person. With respect to the definition in Vraagstuk eRecognition bedrijven en instellingen, a distinction is made here between token issuer on one hand and authentication service on the other.eHerkenningeHerkenningen
Authentication tokenA set of attributes (for example a certificate) on the basis of which authentication of a party can occur. Analogous to KPMGeHerkenningeHerkenningen
Authorative Attribute SourceAn Authoritative Attribute Source (AAS) is the one source of attribute data that is authorized by the organization
and that overrides all other attribute sources.
AuthorisationA process under the responsibility of the service provider in which, on the basis of the proofs provided by eRecognition and possible checks of other relevant access rights which have been established by the service provider himself, it is determined whether a transacting natural person is granted access to a specific service or is authorised to perform a specific action. Note: authorisation is not a synonym of mandate Analogous to Modinis / "PKI overheid begrippenlijst (2005)"/"Van Dale Groot woordenboek van de Nederlandse taal 14", but made specific to the context of eRecognition. Also analogous to the Glossary for the OASIS Security Assertion Markup Language (SAML) V2.0 (saml-glossary-2.0-os). PKI overheid uses a general definition which is not in conflict with the above.eHerkenningeHerkenningen
BSNBurgerservicenummer in Dutch: citizen service number, personal identification number issued by the Dutch government for natural persons. Based on Article 1 para b Wabb: the number assigned to a natural person.eHerkenningeHerkenningen
BusinessA business in the sense of the Companies Register Act of 2007. Scope: businesses in this sense from other EU countries fall within the definition in principle, however for version 1.1 the scope of the companies which can use eRecognition is restricted to those businesses which are required to be registered in the Dutch Chamber of Commerce Register. Companies Register Act of 2007eHerkenningeHerkenningen
CertificateA document attesting to the truth of certain stated facts.encertificaat
CertificateA signed document intended as legal proof. A certificate has the particular characteristic that it serves as legally binding proof in a legal procedure. An electronic form of this can be a document signed with an electronic signature in accordance with the law governing electronic signatures. In accordance with the civil code art. 1 56 paragraph 1.eHerkenningeHerkenningen
Certification (to certify)A broad (both technical and non-technical) evaluation of the securityeHerkenningeHerkenningen
Chained proofAn electronically established declaration from which the existence and correctness can be established of a chain of mandates showing that a specific transacting natural person represents a specific interested party for a specific transaction or service on the basis of checking the entire chain in mandate registers. Own definitioneHerkenningeHerkenningen
Chamber of Commerce RegisterThe Dutch basic registration of companies and legal entities which are required to register in the Netherlands. Also sometimes referred to in Dutch as NHR (‘Nieuw Handelsregister’). Companies Register Act 2007.eHerkenningeHerkenningen
CIAConfidentiality, integrity and availabilityCIAen
Collaborative ventureA legal unit without the properties of a legal entity, comprising two or more natural persons, legal entities or other collaborative ventures set up with the purpose of running a business in the sense of the 2007 Companies Registration Act. Scope: for version 1.1 the scope has been restricted to collaborative ventures which have an obligation to register with the Dutch Cahmber of Commerce Register. In later versions it will be closely delineated as to which collaborative ventures of other EU countries also fall within the scope. Definition in accordance with “Catalogus Basisregistraties”.eHerkenningeHerkenningen
CompanyA natural person who runs a company (a one-man business) or a nonnatural person. A company is represented by a transacting natural person. Scope: for version 1.1 the scope is restricted to businesses and legal entities who are obliged to be registered with the Chamber of Commerce. Application of eRecognition for G2G is outside the scope of 1.1, meaning governmental organisations which fall within the definition of Company still fall outside the scope. Own definitioneHerkenningeHerkenningen
ContextCotext in which authentication takes placeencontekst
Data minimisationSetting up data processing so that as few identification details as possible need to be known by the fewest possible parties. Own definitioneHerkenningeHerkenningen
Declaration of intentAn expression of intent (or volition) is an electronic signature which links the established details to which the intent applies, to the electronic details on whose basis the transacting natural person who issues the declaration of intent can be authenticated at any later time. Own definitioneHerkenningeHerkenningen
eRecognitionAuthentication for bussiness to government in The NetherlandseHerkenningeneHerkenning
eRecognitioneRecognition is a standardised, electronic identification method for recognising companies when
they access digital services from (government) service providers, just as DigiD is now the
identification method for citizens.
eRecognitioneRecognition is taken to denote recognition: see under recognition. Own definition specific to the context of the schemeeHerkenningeHerkenningen
eRecognition brokerThrough the eRecognition broker, government organisations have access to all authentication services and mandate registries within the eRecognition network.eHerkenningeHerkenningenHerkeninningsmakelaar
eRecognition networkSynonym for Network (for eRecognition)eHerkenningeHerkenningen
Identification (to indentify)Stating the attributes of an entity to indicate it uniquely within a specific context. In the context of eRecognition this is the identification of parties. Analogous to KPMG, NTP Authorisation Policy (AP) vl.l. Note: definition of PKIoverheid refers to "establishing" the identity. The definition used here is more precise and does not entail the risk that establishing is associated with authenticating.eHerkenningeHerkenningen
Identifying characteristicA series of characters with which something or someone (a party) is indicated uniquely in a specific context. If the characteristic consists only of digits, then it may also be called an identifying number. Own definitioneHerkenningeHerkenningen
Identifying numberAn identifying characteristic which only consists of digits. Own definitioneHerkenningeHerkenningen
IdentityThe complete but dynamic set of all attributes associated with a specific entity which makes it possible to distinguish the relevant entity from others. Each entity only has one identity. The identity belongs to the entity. Analogous to KPMG and Modinis.eHerkenningeHerkenningen
identity and access governanceidentity and access governance (IAG)IAGen
Identity providerAn identity provider (IDP) is responsible for establishing, maintaining, and securing the digital identity associated with that subject These processes include revoking, suspending, and restor-
ing the subject’s digital identity if necessary.
Identity provider(SAML) A type of service provider which creates, maintains and manages identity details for parties and authenticates them for other service providers within the context of a federation.eHerkenningeHerkenningen
Interested partyCompany that acts as represented party without itself representing another party. The interested party is the first person in a chain of mandates. Own definitioneHerkenningeHerkenningen
least priviligeen
Legal entityA legal unit and subject of rights and bearer of obligations. Something is a legal entity on the basis of law or because it has arisen in accordance with legal requirements: a legal entity has a specified legal form. Scope: for version 1.1 the scope has been restricted to legal entities which have an obligation to register with the Dutch Chamber of Commece Register. In later versions it will be closely delineated as to which legal entities of other EU countries also fall within the scope. Definition in accordance with “Catalogus Basisregistraties”.eHerkenningeHerkenningen
Legal representationA representation proceeding from the law without there being a grant of an authority or mandate by the represented party. Examples are: the manager(s) of a legal entity, the curator, the parents of a minor. Own definitioneHerkenningeHerkenningen
Level of AssuranceLoAenbetrouwbaarheidsniveau
Levels of ProtectionProtection at the side of the service provideren
Management organisationThe management organisation of the eRecognition scheme as described in the scheme. Own definitioneHerkenningeHerkenningen
ManagerA transacting natural person with the specific authority on behalf of a company to record, suspend, withdraw or otherwise carry out any associated registration processes for the mandating of other persons. Own definitioneHerkenningeHerkenningen
MandateThe registration of what a natural transacting person is allowed to do (mandated for) on behalf of the transacting company Own definitioneHerkenningeHerkenningenMachtiging
Mandate (to mandate)A revocable authority which a represented party grants to another party (the mandated party) to perform legal transactions on behalf of the first-named. A mandate may be general or specific. A specific mandate is restricted to specific legal transactions or a specific relevant scope with regard to legal transactions. Mandate may be regarded as a synonym for power of attorney, however the term mandate is used principally in an administrative law context. Own definition based on Modinis.eHerkenningeHerkenningen
Mandate confirmationAn electronically established declaration from which the existence and the correctness can be verified of a mandate as this has been checked in a mandate register for a specific transaction or service. Own definitioneHerkenningeHerkenningen
Mandate registerA required role within the network for eRecognition which is fulfilled by a participant in the scheme and which bears responsibility for registering, managing and checking mandates and verifying declarations about mandates (and/or at the request of the transacting natural person issuing mandate confirmations). Own definitioneHerkenningeHerkenningen
Mandate registryMandate registry: stores all authorisations given to employees to perform certain tasks on behalf of the business. All representatives must have valid authorisation.eHerkenningeHerkenningenMachtigingsregister
Mandated partyThe party which (on the basis of the law on mandates and/or power of attorney) is mandated to perform specific transactions on behalf of the represented party, for which the legal consequences will accrue to the represented party. When the mandated party is a natural person, there is no restriction on non-residents acting as mandated parties. Therefore a foreign natural person may also be a mandated party. Article 3:60 para 1 BW; Article 2:1 para 1 AWB.eHerkenningeHerkenningen
Natural personAn individual human person and subject of rights and bearer of obligations. Every natural person is a person in the sense of the definition of person given here. Own definition in accordance with ‘Catalogus Nieuw Handelsregister’.eHerkenningeHerkenningen
Network (for eRecognition)The collection of mutually connected components regulated by the scheme and which together deliver the eRecognition services and to this end have at least one participant in each of the roles of recognition broker, mandate register, authentication service and token issuer, possibly augmented with further roles for recognition services such as a signature service, their mutual connections, the connections up to and including the link with service providers and the processes for issuing tokens, registration of mandates and registrations of re-usable tokens from companies, including the required facilities for management in accordance with the scheme. Own definitioneHerkenningeHerkenningen
Non-natural entityEither a legal entity, or a collaborative venture of natural persons and/or non-natural persons. Not every non-natural entity is a person in the sense of the definitions given here for person: collaborative ventures for example are collections of persons but are themselves not a person in the legal sense. Own definition, in accordance with “Catalogi Basisregistraties” (www.stelselcatalogus.nl)eHerkenningeHerkenningen
OOBOut-of-bandOOBenapart kanaal
ParticipantA party who, in accordance with what is established to this end in the scheme, fulfils one or more roles within the network for eRecognition. Participants may fulfil roles for their own use and/or for use by third parties. Own definition specific for the context of the schemeeHerkenningeHerkenningen
PartyA person or collaborative venture which occurs in the context of eRecognition or which could occur and which can be uniquely identified and authenticated where necessary. Examples of parties are: participants, service providers, companies, represented parties, mandated parties, etc. The term is used as a generalisation. Based on Identified Entity (STORK glossary9) Party, Principal and System Entity (SAML glossary) and Identifiable Entity (Modinis) and tailored for eRecognition.eHerkenningeHerkenningen
Persistent pseudonymPseudonym which is applied over an extended period and which is only used within eRecognition without a specific working domain. Own definition based on definition of pseudonym and Persistent Pseudonym (SAML glossary)eHerkenningeHerkenningen
PersonEither a natural person or a legal entity. Note: collaborative ventures are collections of persons but they are not themselves a person in the legal sense. Generalisation of the definitions natural person and legal entity. Note: www.stelselcatalogus.nl is not consistent with regard to the question as to whether the term person also encompasses collaborative ventures, which is why this is made explicit in this glossary. It must still be checked whether this assertion is correct: person is synonymous with legal subject, namely the bearer of rights and obligations.eHerkenningeHerkenningen
PIVPersonal Identity Verificationen
PKIPublic Key Infrastructure A combination of architecture, technology, organisation, procedures and rules, based on ‘public key cryptography’. Its objective is to make reliable electronic communication and reliable electronic service provision possible. PKIoverheideHerkenningeHerkenningen
Proof of authenticationA declaration established electronically inferring the existence and correctness of an authentication which has occurred within the context of a specific transaction or service. Own definitioneHerkenningeHerkenningen
PseudonymAn arbitrary identifying characteristic which is produced on the basis of a version of another identifying characteristic in a way which constantly delivers the same pseudonym for the same characteristic without this latter being able to be derived from the pseudonym. Multiple pseudonyms may exist for one identifying characteristic, each with its own working domain. In that case two pseudonyms with the same characteristic cannot be related to each other in different domains. Based on ModinieHerkenningeHerkenningen
Quality Authentication Assurance LevelQuality Authentication Assurance LevelSTORKQAAenbetrouwbaarheidsniveau
RACIDescribes the participation by various roles in completing tasks or deliverables for a project or business process. It is especially useful in clarifying roles and responsibilities in cross-functional/departmental projects and processes. RACI is an acronym that was derived from the four key responsibilities most typically used: Responsible,Accountable, Consulted, and Informed.Identity.NextRACIen
Re-useRe-use of authentication tokens: The application of authentication tokens within eRecognition issued previously for other purposes and under other conditions, on the basis of the registration of the authentication token by its holder. Own definitioneHerkenningeHerkenningen
RecognitionIn this context recognition is taken to mean: each of the functions of the network for eRecognition aimed at maintaining and verifying trust concerning identities, mandates and declarations of intent in relations or transactions between service providers and companies and their transacting natural persons. Examples of such functions are authentication, verifying a mandate and declaration of intent. In version 1.1 authentication and verifying mandates are supported. Own definition specific to the context of the scheme. Generalisation of the concepts authentication, mandates and declaration of intent.eHerkenningeHerkenningen
Recognition brokerA required role within the network for eRecognition which is fulfilled by a participant in the scheme and which forms the single point of contact through which service providers access recognition services, responsible for separating the message traffic to and from the service providers from the internal messages within the network and acting as a router for all participating authentication services, mandate registers and signature services. Own definitioneHerkenningeHerkenningen
Recognition servicesServices for recognition, namely: authentication, verifying a mandate, establishing declaration of intent and the associated identifications and guarantees for non-repudiation as well as the required registration processes. In version 1.1 authentication and verifying of mandates are supported. Own definition specific to the context of the scheme.eHerkenningeHerkenningen
Relying partyA relying party (RP) makes transaction decisions based upon its receipt, validation, and acceptance of a subject’s authenticated credentials and attributes Within the Identity Ecosystem, a relying party selects and trusts the identity and attribute providers of their choice, based on risk and functional requirements Relying parties are not required to integrate with all permutations of credential types and identity media Rather, they can trust an identity provider’s assertion of a valid subject credential, as appropriate Relying parties also typically need to identify and authenticate themselves to the subject as part of transactions in the Identity Ecosystem Relying parties can choose the strength of the authentication and attributes required to access their
Representation (to represent)The legal construct which allows the legal consequences of a transaction performed by a specific party (the representative or mandated party) on behalf of another party (the represented party) with a third party to be ascribed to the represented party. The mandate for conducting representation transactions arises from the law whether a power of attorney (private law) or a mandate (administrative law). Such a mandate may be restricted to specific legal transactions, or a specific scope with regard to legal transactions. In a private law context, alongside the term representative, agent or authority is used instead of mandated party. In accordance with legal test Prof. A. MohreHerkenningeHerkenningen
RepresentativeThe party which is granted authority to represent another party (the represented party) in conducting transactions with third parties. See definition representationeHerkenningeHerkenningen
Represented partyThe party which has granted the representative the authority to transact on behalf of the first-named. Article 3:60 para 1 BW; Analogous to AP1.1. See definition representationeHerkenningeHerkenningen
RoleOne of the responsibilities which occur within the network for eRecognition which provides recognition services together with the other roles. If a role occurs without specifying it is a ‘role in the network’ or a ‘role in the network for eRecognition’ then the term is intended more generally than defined here. Own definition specific to the context of the schemeeHerkenningeHerkenningen
SchemeThe entirety of agreements covering organisation, management, architecture, applications, technology, procedures and rules concerning the network for eRecognition in a specific established version. The objective is reliable eRecognition based on the recognition services of a properly regulated network for eRecognition. Own definition by analogy with definition of PMeHerkenningeHerkenningen
Service performerA service performer is a company which performs services as defined in the EU Services Directive for third parties. A government service provider as defined in the context of eRecognition is generally not a service performer. Guideline 2006/123/EG (Services Directive).eHerkenningeHerkenningen
Service providerGeneral: A role which is fulfilled by a delineated and active component of a system that offers services to parties or to other components of that system. In eRecognition: A party offering electronic services which require recognition services. Scope: in version 1.1 this may be either a governmental or a private service provider. General: Glossary for the OASIS Security Assertion Markup Language (SAML) V2.0 (saml-glossary-2.0-os) eRecognition: Own definition specific for the context of the scheme.eHerkenningSPeHerkenningen
Services catalogueAn electronic searchable catalogue containing the structured collection of all services, including the subdivision into sub-services and any collected services, needed at least for establishing special mandates, in other words mandates which are restricted to specific services. Own definitioneHerkenningeHerkenningen
Signature serviceA role within the network for eRecognition which is fulfilled by a participant in the scheme and which bears responsibility for registering declarations of intent, validating them and providing the associated association confirmation. Scope: In version 1.1 the signature service role has not yet been further developed, but it is however stated where relevant. Own definitioneHerkenningeHerkenningen
Specific pseudonymPseudonym that is applied over a longer period in a specific working domain. A service provider specific pseudonym is always the same for the same service provider in the context in which it is being used; a company-specific pseudonym is always the same for the context of one company etc.eHerkenningeHerkenningen
STORKSecure identity across borders linkedSTORKen
SubjectThe subject of a transaction may be an individual or an NPENSTIC en
Token issuerA required role within the network for eRecognition which is fulfilled by a participant in the scheme and which is responsible for issuing authentication tokens in accordance with the requirements of the specified trust level. Own definitioneHerkenningeHerkenningen
Transacting companyA company which receives a service directly (without the intervention of other companies) from a service provider, where it allows itself to be represented by a suitably mandated transacting natural person. This transacting company can be the interested party itself, but it could also be an intermediary. Own definition specific to the context of the schemeeHerkenningeHerkenningen
Transacting natural person A natural person who transacts on behalf of a company (that company is then called: transacting company) on the basis of a mandate for representation of that company. Within the context of eRecognition this transacting concerns accessing a service from a service provider. Own definition specific to the context of the schemeeHerkenningeHerkenningen
Trust levelA relative level of the strength of the proof material concerning an authentication/identity claim, mandate, verification of mandate or a declaration of intent formed by a cohesive whole of factors, where applicable consisting of: the strength of the prior registration, identification, authentication and issuing; the strength of the token itself and the use of the token (the authentication mechanism). Taken from the English STORK “assurance level” and adapted to the scheme terminology10eHerkenningeHerkenningen
UserA service provider or company. Own definition specific to the context of the schemeeHerkenningeHerkenningen
Verifying a mandateVerifying that the mandate is based upon a representation agreement registered in a mandate register. The reason for the distinction between the mandate itself and verifying a mandate is that the mandate may also exist separately from the mandate register. Own definitioneHerkenningeHerkenningen
Brochure FSB
General nl-en
Pointer to other dictionaries