The IT Law Wiki

This wiki's URL has been migrated to the primary domain.Read more here


The IT Law Wiki


A Credential Service Provider' (also written Credential Service Provider) is an

[e]ntity that issues and/or registers authenticators and corresponding electronic credentials (binding the authenticators to the verified identity) to subscribers. The CSP is responsible for maintaining the subscriber's identity credential and all associated enrolment data throughout the credential's lifecycle and for providing information on the credential's status to verifiers.[1]

A Credentials Service Provider (also written Credential Service Provider) is

[a] trusted entity that issues or registers subscriber tokens and issues electronic credentials to subscribers. The CSP may encompass registration authorities and verifiers that it operates. A CSP may be an independent third party, or may issue credentials for its own use.[2]


The CSP establishes a mechanism to uniquely identify each subscriber and the associated tokens and credentials issued to that subscriber. The CSP registers or gives the subscriber a token to be used in an authentication protocol and issues credentials as needed to bind that token to the identity, or to bind the identity to some other useful verified attribute. The subscriber may be given electronic credentials to go with the token at the time of registration, or credentials may be generated later as needed. Subscribers have a duty to maintain control of their tokens and comply with the responsibilities to the CSP. The CSP maintains registration records for each subscriber to allow recovery of registration records.[3]


  1. Guidance on Digital ID, Glossary, at 102.
  2. NIST, Electronic Authentication Guideline 5 (NIST Special Publication 800-63) (Apr. 2006) (full-text).
  3. Id. at 10.