|Table of Contents|
Acronym for "Authentication and Authorization Infrastructure".
(SAML) AssertionA Assertion
Anchor Assertion Assertion
A digital statement issued by an IdP, derived from the Digital Identity of an End the Digital Identity of an End User. Typically an Assertion is digitally signed and optionally encrypted.AuthenticationProcess
Process of identifying of a previously registered user.AuthorizationProcess
Process of granting or denying access to a resource for an authenticated user.
(Authorization) AttributesUser Attributes
Anchor Attr Attr
User data (such as name, affiliation, study branch, etc.) needed for access control decisions. The attributes used by eduGAIN are defined in theeduGAIN the eduGAIN Attribute Profile.
Attribute AuthorityThe Authority
The AA is a component of the Identity Provider. It issues attributes on behalf of an organization.
Attribute Release Policy (ARP)
It defines which attributes are going to be released to a requesting resource (the attribute filter). It is a mechanism to implement privacy and data protection.
Attribute ResolverA Resolver
A component of the Identity the Identity Provider. It retrieves attributes from various data sources (LDAP, Active Directory, ...) and performs the necessary transformations for SAML transportfor SAML transport.
Anchor Digital_Identity Digital_Identity
Discovery ServiceTechnical Service
Technical term/synonym for WAYFfor WAYF.
Anchor End_User End_User
Typically, a human person who belongs to an organization, typically an employee or student, who uses Federated Authentication via its IdPits IdP. However, an End User can also be a legal person, a virtual artifact (e.g. a computer process, an application), a tangible object (e.g. a device) or a group of other entities (e.g. an organization) of an organization.EntitlementEntitlements
Entitlements form a specialized class of Authorization Attributes important of Authorization Attributes important enough to call out separately. They can be used to identify a user's eligibility to access a given resource such as an e-journal, see common see common-lib-termsEntityIDThe EntityID terms.
Federated AuthenticationAn End User uses his Digital Identity to Authentication
Federated Identity ManagementThe Management
The management and use of identity information across security domains, e.g. between individual universities. It deals with issues such as interoperability, liability, security, privacy and trust.FederationA
Anchor Fed Fed
A federation is a collection of organizations that agree to interoperate under a certain rule set.
Federation MemberA Member
A Federation Member is an organization (such as a university, library, etc.) that runs one Identity Provider and one Identity Provider and any number of AAI-enabled Resourcesenabled Resources. Federation Members usually have to agree on a common set of policies and rules defined in a service/federation agreement.
Federation OperatorThe Operator
The organization managing the Federation, operating the central components and acting as a competence centre. SWITCH is for example the Federation Operator of the SWITCHaai the SWITCHaai Federation, the Swiss identity federation.
Federation Technology ProfileThe Profile
Anchor FTP FTP
The technology profiles specify how to use which subsets of a specific federation technology in the context of a Federationa Federation.
Home Organization, Home InstitutionA Institution
Anchor HO HO
A participating organization representing a user community, e.g. a university, library, university hospital etc. A Home Organization registers users and stores information about them. Furthermore, it is able to authenticate its users an it operates an IdPan IdP.
Identity Provider (IdP)
Anchor Idp Idp
The system component that issues Assertions on behalf of End Users who issues Assertions on behalf of End Users who use them to access the services of SPs.IdP OperatorThe organization operating an IdPof SPs.
Anchor Idpo Idpo
The organization operating an IdP. IdP Operator refers to the legal entity that signs contracts, is a Federation Participant and a Federation Participant and is responsible for the overall processes supporting the IdP.InterfederationInterfederation
Interfederation takes place if a user from one federation accesses one federation accesses a service which is registered in another federation.
Lazy Session EstablishmentThis Establishment
This special form of session establishment allows access to a URL or resource prior to authentication. The point is that the application decides when a user has to authenticate. More information is available for example on the SWITCHaai the SWITCHaai Demo Resource.
Anchor Metadata Metadata
The Metadata contains technical details and descriptive information about the IdPs and SPsthe IdPs and SPs. For interoperability in a specific context, the Metadata format definition is part of a Federation a Federation Technology Profile.
Anchor FP FP
An organization that participates in an Identity an Identity Federation.
Relying PartyIn Party
In general, one or more Service Provider or Identity Provider that is sender or recipient of an Assertion. A relying party could be a single Service Provider or a group of Service Providers. The SPs and IdPs can be grouped into a relying party by including them into an EntitiesDescriptor element in the Metadataan EntitiesDescriptor element in the Metadata. Such a group of Service Providers can then for example be used tell an Identity Provider to use a special way to transmit the attributes to the components of this relying party.ResourceWeb
Anchor Res Res
Web application, web site, information system, etc. An AAI-enabled Resource requests attributes about requests attributes about users from an IdP and makes access decisions (authorization) based on these attributes.
SAMLSAML - the
Anchor Saml Saml
SAML - the Security Assertion Markup Language - is an XML framework for exchanging authentication and authorization information. SAML is a standard of OASIS of OASIS. The software Shibboleth is software Shibboleth is based on SAML.
Service Provider (SP)
Anchor Sp Sp
The system component that evaluates the Assertion from an IdP and the Assertion from an IdP and uses the information from the Assertion for controlling access to protected services. Synonym for an AAI-enabled Resourceenabled Resource, although used in a more technical sense.ShibbolethThe
Anchor Shib Shib
The name an open source SAML implementation developed by Shibboleth by Shibboleth Consortium. Shibboleth is based on SAML and on SAML and allows the implementation of an AAI. eduGAIN makes use of SAML.
Simple SAML PHPSimpleSAML PHP is another PHP
SimpleSAML PHP is another very popluar open source SAML software. It supports SAML and additional protocols that can be used for federated identity management.
SP OperatorThe Operator
The organization operating an SP. SP Operator refers to the legal entity that signs contracts, is a Federation Participant and a Federation Participant and is responsible for the overall processes supporting the SP.
Single Sign-On (SSO)
Single Sign-On enables the user to gain access to multiple Resources by authenticating only once.
WAYF (Where Are You From)
Anchor Wayf Wayf
The WAYF service, also called Discovery Service, lets the user choose his Home Organization from his Home Organization from a list and then redirects the user to this Home Organization's login page for authentication.