An access management system determines what access a user has to resources.
ARP
Attribute Release Policy
Attribute
A single piece of user data (such as name, affiliation, study branch, etc.) needed to make authorization decisions. Some attributes are general; others are personal. Some combination of attributes defines a unique individual.
Attribute Assertion
The process by which one entity asserts that attributes about an individual are accurate.
Attribute Release Policy
Defines which attributes are going to be released to a requesting resource. It is a mechanism to implement privacy and data protection.
Authentication
The process of verifying the identity of a user. Also "auth" or "authN".
Authorization
The process of granting or denying access to a resource for an authenticated user. Also "authZ".
Certificate
A form of digital credential which may be used for authentication. More formally, a digital certificate is a cryptographically signed, digital representation of user or device attributes that binds a key to an identity. A unique certificate attached to a public key provides evidence that the key has not been compromised. A certificate is issued and signed by a certificate authority. http://en.wikipedia.org/wiki/Public_key_certificate
Certificate Authority (CA)
A trusted third-party organization or company that issues certificates used to encrypt, decrypt, and create digital signatures and public-private key pairs. http://en.wikipedia.org/wiki/Certificate_authority
Credential
Passwords, keys, other security tokens, such as a proxy or smart card, or biometrics such as fingerprints are examples of credentials.
Credential Provider
An entity that issues credentials to its members for the purpose of authenticating that individual's identity or authorizing access a particular system.
Discovery Service
A service that helps a user locate his or her "home" IdP. This discovery service is able to read federation metadata and generate a web page to enable the user to select the appropriate IdP.
Federated Identity
The management of identity information between members of a federation, according to agreed-upon standards and conventions. http://www.incommon.org/fedbasics.html
Federation
An Identity Federation is an organization of institutions that agree on a common set of principles in order to share information as a collection of equals.
Federation Member
An individual institution (such as a university, library, etc.) that agrees to participate in an Identity Federation
Federation Operator
An entity that runs the Federation on a day-to-day basis and maintains standards, metadata, operational agreements, etc.
Identifier
Characters or data that refer to a specific identity. Examples include an email address, a user name, a Kerberos principal name, a campus network ID, an employee or student ID, or a certificate. An identifier is a label for an identity.
Identity
Information about who you are. A set of data that is kept about an individual. May include data such as a user name and password, groups, roles, privileges or even personal information such as employment and health records. http://en.wikipedia.org/wiki/Digital_Identity
Identity Provider
Someone who stores your identity information and presents it to others. A campus or other organization that manages and operates an identity management system and offers information about members of its community to other InCommon participants; a trusted party that can be relied upon by users and servers for authentication. Also "Issuer".
Identity Store
A database of identities, such as an enterprise directory. A structured collection of information about multiple individuals.
Data or information about data. This information is necessary for one party to communicate to the other. A formal description of how federation components agree to communicate. In SAML there is metadata about the IdP and metadata about the SP. http://www.incommon.org/metadata.html
Principal
User
Roaming
A mechanism that allows a device to connect to a network other than its home network. http://www.eduroam.org
SAML
Security Assertion Markup Language. Specified by the OASIS Security Services Technical Committee, SAML is a standard to construct, exchange and interpret information between an IdP and an SP. http://www.oasis-open.org/committees/security
Service Provider
Someone who provides you with a "service" such as a web site, online community, or research tool. A campus, department, or other organization that makes online resources available to users based, in part, on information about them that it receives from other Federation participants. Also "Relying Party" (RP).
Shibboleth
Developed by Internet 2, it is a standards-based, open source software package for federated identity-based authentication and authorization infrastructure based on SAML web single sign-on across organizational boundaries such as in an identity federation. http://shibboleth.net/
SP
Service Provider
Subject
User
Trust
The amount of reliance that can be placed in received information. In a federation, trust is based on the practices and conventions that are agreed upon by federation members. http://en.wikipedia.org/wiki/Trusted_system
User
The person who accesses the online services available in a federation. Also "subject" or "principal".
