Anil John
Making Digital Services Secure and Trustworthy

Anil John

Credential Manager in the Token and Attribute Manager Separation Model

 Tweet  Share  Comment  Print  Email

Since my original blog post on the Token-Attribute Separation Model, I have explored if NIST SP800-63-1 can support such a model, as well as the role of anonymity in the model. In this blog post, I make a slight terminology update to one of the roles to reflect current thinking.

The minor terminology update is the renaming of the Token-Identity Link Record Manager to simply Credential Manager. The reasons are rather simple: (1) it is an unwieldy mouthful and (2) the definition of a Token-Identity Link Record, which it manages, fits the definition of Credential.

The interest and conversations on this topic continues to grow and I would point to the work that Andrew Hughes is leading as part of the Kantara IAWG. As I mentioned before, the model that I posted was based on the work that Andrew and others had done originally, and it is good to see it continuing.

In addition, the NSTIC NPO had a blog post yesterday about terminology considerations for NSTIC pilots. While I don’t fully agree with some of the terms used, it is good that the conversation is starting in the IDESG as well.

Hopefully all these separate conversations will come together.

By the way, the “Token and Attribute Manager Separation Model” is a long phrase as well. If you have a suggestion for a short, catchy but descriptive term to replace it, please leave it in the comments.


Did you find this interesting? Don't miss any new posts. Sign up to automatically receive them now!

I will never share, rent, or sell your information to anyone. Cancel anytime.

This blog post first appeared on Anil John | Blog ( The opinions expressed here are my own and do not represent my employer’s view in any way.

By on |

Continue The Conversation ...

I would love to know your thoughts on this blog post. Please leave a comment below!

I am a Public Interest Technologist. I help technical leaders make digital services secure and trustworthy. Learn more »

Free Updates

I will never share, rent, or sell your information to anyone