Credential Service Provider
Encyclopedia
A Credential Service Provider (CSP) is an element of an authentication
system, most typically identified as a separate entity in a Federated authentication system.
In any authentication system, some entity is required to authenticate the user on behalf of the target application or service. For many years there was poor understanding of the impact of security
and the multiplicity of services and applications that would ultimately require authentication. Therefore many services and applications were built embedding the CSP function. The result of this is that not only are users burdened with many credential
s that they must remember or carry around with them, but also applications and services must perform some level of registration and then some level of authentication of those users. A CSP decouples those functions from the application or service and typically provides trust to that application or service over a network (such as the Internet
).
The term CSP is used frequently in the context of the US government's
eGov
and eauthentication initiatives.
An example of a CSP would be an online site whose primary purpose may be, for example, internet banking - but whose users may be subsequently authenticated to other sites, applications or services without further action on their part.
Authentication
Authentication is the act of confirming the truth of an attribute of a datum or entity...
system, most typically identified as a separate entity in a Federated authentication system.
In any authentication system, some entity is required to authenticate the user on behalf of the target application or service. For many years there was poor understanding of the impact of security
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
and the multiplicity of services and applications that would ultimately require authentication. Therefore many services and applications were built embedding the CSP function. The result of this is that not only are users burdened with many credential
Credential
A credential is an attestation of qualification, competence, or authority issued to an individual by a third party with a relevant or de facto authority or assumed competence to do so....
s that they must remember or carry around with them, but also applications and services must perform some level of registration and then some level of authentication of those users. A CSP decouples those functions from the application or service and typically provides trust to that application or service over a network (such as the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
).
The term CSP is used frequently in the context of the US government's
Federal government of the United States
The federal government of the United States is the national government of the constitutional republic of fifty states that is the United States of America. The federal government comprises three distinct branches of government: a legislative, an executive and a judiciary. These branches and...
eGov
EGovernment
E-Government is digital interactions between a government and citizens , government and businesses/Commerce , government and employees , and also between government and governments /agencies...
and eauthentication initiatives.
An example of a CSP would be an online site whose primary purpose may be, for example, internet banking - but whose users may be subsequently authenticated to other sites, applications or services without further action on their part.