Glossary of Neo-Security Architecture

Terminology

Authenticator : An identity resource that is set with an authentication method.

Authentication : A process through which the Identity Management System verifies who the user or application is.

Authorization : A process through which it is determined what access should be granted for the specific request.

Neo-Security Architecture : A modular and open-standard-based security architecture for secure, protected and legitimate access to mobile and web applications and their data, such as APIs and services.

By reference token : A token that contains reference pointing to the identity data. They are used in external networks, which makes the identity data opaque to external networks. For example, a phantom token.

By value token : A token that contains identity data and almost always include a digital signature over that data to ensure the integrity. They are used in internal networks. For example, a JWT.

Abbreviations

ALFA : Abbreviated Language For Authorization used in formulating access control policies

AMS : API Management System

CRUD : Create, Read, Update, Delete

DCR : Dynamic Client Registration

DCRM : Dynamic Client Registration Managment

EMS : Entitlement Management System

FIDO : Fast IDentity Online, a set of standards for fast, simple, strong authentication

HOTP : HMAC-based One-time Password algorithm

IMS : Identity Management System

JOSE : JSON Object Signing and Encryption

JWT : JSON Web Token

PAP : Policy Administration Point

PDP : Policy Decision Point

PEP : Policy Enforcement Point

PIP : Policy Information Point

PRP : Policy Retrieval Point

TOTP : Time-based One-Time Password algorithm, an extension of HOTP

SAML : Security Assertion Markup Language

SP : Service Provider

SCIM : System for Cross-domain Identity Management