Proof of Possession is a way to verify ownership of an identity.

The concept being tested is proof of possession as a mechanism to demonstrate control over credentials tied to an identity. In security terms, when someone claims an identity, they must prove they actually own the credential that proves that identity—most commonly by showing they hold the private key corresponding to a public key certificate or by demonstrating knowledge of a shared secret. This cryptographic proof binds the identity to the claimant and prevents impersonation by someone who merely knows the identity name but does not possess the credential. This is why it’s the best fit: it directly describes verifying ownership of the identity’s credentials, not merely creating identities, securing the communication path, or determining what the identity is allowed to do. The other concepts describe different parts of the security lifecycle—creating identities (provisioning), securing the channel (trusted path), or controlling access rights (entitlements)—not the act of proving possession of the credential itself.