Doing some quick research into this myself (by which I mean typing in the words as a part of various web-search queries), I discovered some subtle distinctions in the use of these terms. Firstly of course registration is itself a far more general term which can apply in various different scenarios. Enrollment however is typically used in the domains of certificate-based authentication (in particular with relation to a device, rather than a personal identity) and in biometrics, where it refers to the capturing of biometric information to be used for later authentication purposes.
So how do these two terms relate to one another? Well in the biometrics case I would presume that the person enrolling has previously registered somewhere before being presented to the enrollment mechanism.
In the case of certificate-based authentication it seems that registration is also the prerequisite activity, before a device is enrolled with a certificate authority.
I consulted two infosec glossaries investigating this. The first was the NIST "Glossary of Key Information Security Terms" where the only reference to enrollment is:
Enrollment Manager – The management role that is responsible for assigning user identities to management and non-management roles.
SOURCE: CNSSI-4009
which isn't much help. But registration is covered here:
Registration – The process through which a party applies to become a subscriber of a Credentials Service Provider (CSP) and a
Registration Authority validates the identity of that party on behalf
of the CSP. SOURCE: CNSSI-4009 The process through which an
Applicant applies to become a Subscriber of a CSP and an RA validates
the identity of the Applicant on behalf of the CSP. SOURCE: SP
800-63
which is fairly clear. The other source I discovered was "Javvin Network Dictionary" which defines registration thus:
Registration in network security means the administrative act or
process whereby an entities names or other attributes are established
for the first time at a Certificate Authority (CA), prior to the CA
issuing a digital certificate that has the entity's name as the
subject.
Again "enrollment" is a little more vague:
Certificate Enrollment Protocol (CEP) is a certificate management
protocol ... CEP specifies how a device communicates with a CA,
including how to retrieve the public key of the CA, how to enroll a
device with the CA, and how to retrieve a Certificate Revocation List
(CRL).
The actual documentation for CEP doesn't define the term, but a related RFC "Certificate Management over CMS (CMC)" describes the term as follows:
Enrollment or certification request refers to the process of a
client requesting a certificate. A certification request is a
subset of the PKI Requests.
Still not completely clear, but looking at another related RFC for "Enrollment over Secure Transport":
After authenticating an EST server and verifying that it is
authorized to provide services to the client, an EST client can
acquire a certificate for itself by submitting an enrollment request
to that server.
So, basically authentication is a prerequisite to enrollment, and if you're authenticating you must surely have already been registered.
This understanding ties in with the Biometrics case, and also my own experiences where I enrol to register my device on a network where my identity is already known. In a more general "non Infosec" sense this lines up too; you register with a university and then upon enrollment you provide your personal details and select your classes!
Barring that, it looks a bit like you're just splitting hairs. What it really comes down to is your target audience. I've sat through MANY tech meetings on whether to (fictional example) title a button 'start' or 'begin'. After several hours one is chosen... and the actual end users don't care. They just want the product to work.
– Rick Chatham Aug 17 '15 at 20:39