BOX 1.1 Terminology For the purposes of this brief report, and to help clarify discussion, concepts that the committee's final report1 will explore in detail are explained here. Identity. The identity of X according to Y is a set of statements believed by Y to be true about X. In this report, identity generally refers to a set of information about X, especially in the context of a particular identity system. Identification. Identification is the process of determining to what identity a particular individual corresponds, often without a claimed identity on the part of the individual (for example, the identification of an unconscious patient in an emergency room). ID. In this report, ID refers to the identity information pertaining to a particular individual that is contained within an identity system and/or the token associated with that information. Authentication. Authentication is the process of confirming an asserted identity with a specified or understood level of confidence. Note that authentication is quite distinct from identification. Security. Security refers to a collection of safeguards that ensure the confidentiality of information, protect the integrity of information, ensure the availability of information, account for use of the system, and protect the system(s) and/or network(s) used to process the information. Security is intended to ensure that a system resists (potentially correlated) attacks. Privacy. The right to privacy is the right of an individual to decide for himself or herself when and on what terms his or her attributes should be revealed. It should be noted that each of these terms represents a complicated, nuanced, and, in some instances, deeply philosophical topic. The descriptions of these concepts given here are not meant to be definitive, prescriptive, or comprehensive. 1 See <http://www.cstb.org/web/project_authentication> for more information.