Login ID

Owned by David Doret
Last updated: 09-35-2021
2 min read

Login ID

Addendum

Login ID: Describe how the login-id information type may represent a data privacy concern (especially with underage, etc.) and how it may or may not be shared in the context of identity federations. (https://open-measure.atlassian.net/wiki/spaces/QUOT/pages/1538785579)

Alternative Forms

  • Account ID

  • Account Name

  • Login Synonym

  • Login Identifier Spelled out form

Definitions

Definition 1

A Login ID is an identity attribute. It is an identifier that uniquely identifies an identity. It may be used by an entity to claim the corresponding identity before system authentication.

A Login ID is generally composed of a series of printable non-blank characters.

Depending on the Identity Management System, a Login ID may be immutable or mutable. If mutable, a distinct identity system identifier must be used to uniquely identify the identity, and assure traceability.

It is often assumed that the Login ID is public information that is known or that may be easily discovered by a threat agent. But in some circumstances, the usage of hard-to-guess Login ID may provide security benefits by making it harder to attack identities.

An Identity Management System may give the subject the freedom to choose a Login ID within some technical constraints or impose a naming convention. Some widespread naming conventions are:

  • Email address (e.g. “john.doe@acme.org”)

  • Local part of email address (e.g. “john.doe”)

  • Naming conventions based on manipulations and combinations of first, middle and last name often coupled with numbers to distinguish homonyms, such as the first letter of the first name followed by the last name (e.g. “jdoe1”).

  • Pseudo-random character combinations (e.g. “als4g3ku”).

  • Surrogate keys (e.g. “u1234567” for John Doe)

The choice of a naming convention is generally a question of balancing subject preferences, usability, costs, technical constraints, and security requirements. For instance, naming conventions based on people’s names may cause issues when people change their names if the Login ID is immutable. Pseudo-random and surrogate key naming conventions may provide some security benefits at the detriment of usability.

 

Sample Sentences

Whenever possible, Bob used his private email address as his login ID. Once he decided to change his email address, he felt discouraged by the sheer number of applications he had to reconfigure.

Conceptual Diagram

Quotes

Bibliography

See Also

Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.

This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.