An access management system determines what access a user has to resources.
Attribute Release Policy
A single piece of user data (such as name, affiliation, study branch, etc.) needed to make authorization decisions. Some attributes are general; others are personal. Some combination of attributes defines a unique individual.
The process by which one entity asserts that attributes about an individual are accurate.
Attribute Release Policy
Defines which attributes are going to be released to a requesting resource. It is a mechanism to implement privacy and data protection.
The process of verifying the identity of a user. Also "auth" or "authN".
The process of granting or denying access to a resource for an authenticated user. Also "authZ".
A form of digital credential which may be used for authentication. More formally, a digital certificate is a cryptographically signed, digital representation of user or device attributes that binds a key to an identity. A unique certificate attached to a public key provides evidence that the key has not been compromised. A certificate is issued and signed by a certificate authority. http://en.wikipedia.org/wiki/Public_key_certificate
An Identity Federation is an organization of institutions that agree on a common set of principles in order to share information as a collection of equals.
An individual institution (such as a university, library, etc.) that agrees to participate in an Identity Federation
An entity that runs the Federation on a day-to-day basis and maintains standards, metadata, operational agreements, etc.
Characters or data that refer to a specific identity. Examples include an email address, a user name, a Kerberos principal name, a campus network ID, an employee or student ID, or a certificate. An identifier is a label for an identity.
Information about who you are. A set of data that is kept about an individual. May include data such as a user name and password, groups, roles, privileges or even personal information such as employment and health records. http://en.wikipedia.org/wiki/Digital_Identity
Someone who stores your identity information and presents it to others. A campus or other organization that manages and operates an identity management system and offers information about members of its community to other InCommon participants; a trusted party that can be relied upon by users and servers for authentication. Also "Issuer".
A database of identities, such as an enterprise directory. A structured collection of information about multiple individuals.
Data or information about data. This information is necessary for one party to communicate to the other. A formal description of how federation components agree to communicate. In SAML there is metadata about the IdP and metadata about the SP. http://www.incommon.org/metadata.html
Security Assertion Markup Language. Specified by the OASIS Security Services Technical Committee, SAML is a standard to construct, exchange and interpret information between an IdP and an SP. http://www.oasis-open.org/committees/security
Someone who provides you with a "service" such as a web site, online community, or research tool. A campus, department, or other organization that makes online resources available to users based, in part, on information about them that it receives from other Federation participants. Also "Relying Party" (RP).
Developed by Internet 2, it is a standards-based, open source software package for federated identity-based authentication and authorization infrastructure based on SAML web single sign-on across organizational boundaries such as in an identity federation. http://shibboleth.net/
The amount of reliance that can be placed in received information. In a federation, trust is based on the practices and conventions that are agreed upon by federation members. http://en.wikipedia.org/wiki/Trusted_system
The person who accesses the online services available in a federation. Also "subject" or "principal".