The private part of a paired Identity assertion (user-id is usually the public part). The thing(s) that an Entity relies upon in an assertion at any particular time, usually to authenticate a claimed Identity. Credentials can change over time and may be revoked. Examples include; a signature, a password, a drivers licence number (not the card itself), an ATM card number (not the card itself), data stored on a smart-card (not the card itself), a digital certificate, a biometric template.

There is no need to issue a new credential if an Identity already has one that can be used, is trusted and whose currency can be reconfirmed at each authentication such as an existing account, or a digital certificate from a trusted organisation

Source: http://identityaccessman.blogspot.com/2006/08/identity-dictionary.html