This Wiki is available to view at but still under maintenance. PLEASE DO NOT EDIT THE WIKI UNTIL FURTHER NOTICE. We are attempting to restore missing edits which took place between Monday 8 and Thursday 11 April 2019, therefore the site is likely to be taken off line at any time. Updated 20:43 CEST 16 April 2019.
Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents
stylenone
typeflat
|

...

A

AAIAcronym AAI

Acronym for "Authentication and Authorization Infrastructure".

Anchor
Assertion
Assertion
(SAML) AssertionA Assertion

A digital statement issued by an IdP, derived from the Digital Identity of an End the Digital Identity of an End User. Typically an Assertion is digitally signed and optionally encrypted.AuthenticationProcess

Authentication

Process of identifying of a previously registered user.AuthorizationProcess

Authorization

Process of granting or denying access to a resource for an authenticated user.

Anchor
Attr
Attr
(Authorization) AttributesUser Attributes

User data (such as name, affiliation, study branch, etc.) needed for access control decisions. The attributes used by eduGAIN are defined in theeduGAIN the eduGAIN Attribute Profile.

Attribute AuthorityThe Authority

The AA is a component of the Identity Provider. It issues attributes on behalf of an organization.

Attribute Release Policy (ARP)

It defines which attributes are going to be released to a requesting resource (the attribute filter). It is a mechanism to implement privacy and data protection.

Attribute ResolverA Resolver

A component of the Identity the Identity Provider. It retrieves attributes from various data sources (LDAP, Active Directory, ...) and performs the necessary transformations for SAML transportfor SAML transport.


B


C


D

Digital IdentityA

Anchor
Digital_Identity
Digital_Identity
Digital Identity

A set of information that is attributable to an End User It an End User It is issued and managed by an IdP Operator on an IdP Operator on the basis of the identification of the End the End User.

Discovery ServiceTechnical Service

Technical term/synonym for WAYFfor WAYF.


E

End UserTypically

Anchor
End_User
End_User
End User

Typically, a human person who belongs to an organization, typically an employee or student, who uses Federated Authentication via its IdPits IdP. However, an End User can also be a legal person, a virtual artifact (e.g. a computer process, an application), a tangible object (e.g. a device) or a group of other entities (e.g. an organization) of an organization.EntitlementEntitlements

Entitlement

Entitlements form a specialized class of Authorization Attributes important of Authorization Attributes important enough to call out separately. They can be used to identify a user's eligibility to access a given resource such as an e-journal, see common see common-lib-termsEntityIDThe EntityID terms.

EntityID

The EntityID is a unique identifier, identifying each Service Provider and Identity Providereach Service Provider and Identity Provider.


F

Federated AuthenticationAn End User uses his Digital Identity to Authentication

An End User uses his Digital Identity to authenticate for accessing services offered by SP Operators within the same or a different organization.

Federated Identity ManagementThe Management

The management and use of identity information across security domains, e.g. between individual universities. It deals with issues such as interoperability, liability, security, privacy and trust.FederationA

Anchor
Fed
Fed
Federation

A federation is a collection of organizations that agree to interoperate under a certain rule set.

Federation MemberA Member

A Federation Member is an organization (such as a university, library, etc.) that runs one Identity Provider and one Identity Provider and any number of AAI-enabled Resourcesenabled Resources. Federation Members usually have to agree on a common set of policies and rules defined in a service/federation agreement.

Federation OperatorThe Operator

The organization managing the Federation, operating the central components and acting as a competence centre. SWITCH is for example the Federation Operator of the SWITCHaai the SWITCHaai Federation, the Swiss identity federation.

Anchor
FTP
FTP
Federation Technology ProfileThe Profile

The technology profiles specify how to use which subsets of a specific federation technology in the context of a FederationFederation.


G


H

Anchor
HO
HO
Home Organization, Home InstitutionA Institution

A participating organization representing a user community, e.g. a university, library, university hospital etc. A Home Organization registers users and stores information about them. Furthermore, it is able to authenticate its users an it operates an IdPan IdP.


I

Anchor
Idp
Idp
Identity Provider (IdP)

The system component that issues Assertions on behalf of End Users who issues Assertions on behalf of End Users who use them to access the services of SPs.IdP OperatorThe organization operating an IdPof SPs.

Anchor
Idpo
Idpo
IdP Operator

The organization operating an IdP. IdP Operator refers to the legal entity that signs contracts, is a Federation Participant and Federation Participant and is responsible for the overall processes supporting the IdP.InterfederationInterfederation

Interfederation

Interfederation takes place if a user from one federation accesses one federation accesses a service which is registered in another federation.


J


K


L

Lazy Session EstablishmentThis Establishment

This special form of session establishment allows access to a URL or resource prior to authentication. The point is that the application decides when a user has to authenticate. More information is available for example on the SWITCHaai the SWITCHaai Demo Resource.


M

MetadataThe Metadata

Anchor
Metadata
Metadata
Metadata

The Metadata contains technical details and descriptive information about the IdPs and SPsthe IdPs and SPs. For interoperability in a specific context, the Metadata format definition is part of a Federation Federation Technology Profile.


N


O


P

Federation ParticipantAn

Anchor
FP
FP
Federation Participant

An organization that participates in an Identity an Identity Federation.


Q


R

Relying PartyIn Party

In general, one or more Service Provider or Identity Provider that is sender or recipient of an Assertion. A relying party could be a single Service Provider or a group of Service Providers. The SPs and IdPs can be grouped into a relying party by including them into an EntitiesDescriptor element in the Metadataan EntitiesDescriptor element in the Metadata. Such a group of Service Providers can then for example be used tell an Identity Provider to use a special way to transmit the attributes to the components of this relying party.ResourceWeb

Anchor
Res
Res
Resource

Web application, web site, information system, etc. An AAI-enabled Resource requests attributes about requests attributes about users from an IdP and makes access decisions (authorization) based on these attributes.


S

SAMLSAML - the

Anchor
Saml
Saml
SAML

SAML - the Security Assertion Markup Language - is an XML framework for exchanging authentication and authorization information. SAML is a standard of OASIS of OASIS. The software Shibboleth is software Shibboleth is based on SAML.

Anchor
Sp
Sp
Service Provider (SP)

The system component that evaluates the Assertion from an IdP and the Assertion from an IdP and uses the information from the Assertion for controlling access to protected services. Synonym for an AAI-enabled Resourceenabled Resource, although used in a more technical sense.ShibbolethThe

Anchor
Shib
Shib
Shibboleth

The name an open source SAML implementation developed by Shibboleth by Shibboleth Consortium. Shibboleth is based on SAML and on SAML and allows the implementation of an AAI. eduGAIN makes use of SAML.

Simple SAML PHPSimpleSAML PHP is another PHP

SimpleSAML PHP is another very popluar open source SAML software. It supports SAML and additional protocols that can be used for federated identity management.

SP OperatorThe Operator

The organization operating an SP. SP Operator refers to the legal entity that signs contracts, is a Federation Participant and Federation Participant and is responsible for the overall processes supporting the SP.

Single Sign-On (SSO)

Single Sign-On enables the user to gain access to multiple Resources by authenticating only once.


T


U


V


W

Anchor
Wayf
Wayf
WAYF (Where Are You From)

The WAYF service, also called Discovery Service, lets the user choose his Home Organization from his Home Organization from a list and then redirects the user to this Home Organization's login page for authentication.

...