A user may be referred to as follows:
- In the event of representation:
- inside the network with an Internal pseudonym issued by the AD; and
- inside and outside of the network with a Specific pseudonym issued by the MR
- In the event of non-representation:
- Inside and outside of the network with a Specific pseudonym issued by the AD
For polymorfe pseudonimisering the following pseudonyms are discerned in the Afsprakenstelsel ETD:
Pseudonyms | Transformation of | Unique to | May be transformed into |
---|---|---|---|
Polymorphic Pseudonym | a cryptographic derivative of a root identifying attribute, such as the BSN | a Participant (MU/AD), | Encrypted Pseudonym |
Polymorfe Identiteit | Encrypted Identity | ||
Encrypted Pseudonym | Polymorphic Pseudonym | a Relying Party | Persistent Pseudonym |
Encrypted Identity | Identity, equal to the root identifying attribute the original PIP was derived from, such as BSN. | ||
Persistent Pseudonym | Encrypted Pseudonym | - |
- Encrypted Pseudonym — An Encrypted Pseudonym is a Persistent Pseudonym encrypted under Polymoprohic Pseudonimization for a specific recipient.
- Internal pseudonym — The internal pseudonym is determined by the AD and MUST be unique within the AD its context. Every time the same authentication token is used, it should return the same internal pseudonym. When requested by the user, a new pseudonym MAY always be ignored. An internal pseudonym that has been used MUST NOT be reused. The only exception is when an authentication token is replaced and the AD can determine with sufficient certainty that it is really being replaced. In this case, the same internal pse
- Persistent Pseudonym — A Persistent Pseudonym is a pseudonym identifier for a natural person specific for the relying party, that is persistent independent of the Attesting Party.
- Polymorphic Pseudonym — A Polymorphic Pseudonym is a cryptographic structure that can be transformed into a specific Encrypted Pseudonym, without disclosing the relevant subject due to Polymorphic Pseudonimization.
- Specific pseudonym — The specific pseudonym is unique for each different combination of user, represented service consumer, intermediary and service provider.