Identification is foundational to any access control system that requires entities (devices or people) to have a unique way to identify themselves to a system.

Definitions of the key terms are excerpted as follows from the Industrial Internet Security Framework (IIC-IISF):

• Identity: "Identity is an inherent property of an entity that distinguishes it from other identities."
• Entity: "An item with recognizably distinct existence."
• Credential: "Evidence to support a claim of identity."

Uniqueness is the key to a proper credential, so that the system will not confuse the entity with any other user of the system. Depending on the use case, there are a wide variety of identifiers. It can be as weak as a person's first and last name. A unique device identifier such as media access control (MAC) address is an example of a stronger credential. Some other common examples are usernames, electronic identification cards, and the IP address of a network endpoint.

To ensure an adequate level of trustworthiness, proper credentials should be created from strong cryptographic algorithms. Also, credentials must be securely used and stored. It is generally considered risky to transmit credentials without multiple layers of confidentiality and integrity controls in effect.