Figure DI.02 - Credential Hierarchy

Several types of Credential exist and the list might be completed.<br/><b>LoginPasswordCredential </b><br/>A LoginPasswordCredential defines needed data to authenticate an identity with a login and a password.<br/><b>NetworkCredential</b><br/>A NetworkCredential is an implicit credential (automatically retrieved via network access like MSISDN, IP address, IMPU…).<br/>It may provide a lower level of confidence than a LoginPasswordCredential for example. Thus some permissions requesting a high level of confidence might not be available.<br/><b>BiometricCredential</b><br/>A BiometricCredential uses biometric information such as finger print, iris, face or voice.<br/><b>TokenCredential</b><br/>TokenCredential corresponds to a link with a digital identity provided by an external digital identity provider such as OpenID, GoogleID... <br/>The link can be done only if the digital identity provider is a partner from the CSP.<br/>A TokenCredential allows to navigate from the partner website to the CSP website without having to identify / authenticate again. <br/><b>DongleCredential</b><br/>DongleCredential uses a hardware (dongle) that connects to a port on another device to identify / authenticate. In some cases an additional password might be required and checked on the dongle.<br/>To have a better trustLevel, a Credential might be composed of several Credentials. For example, in addition of a Login and Password we may ask for a code dynamically sent on the mobile line.<br/>