Glossary of Identity Management Terms
Authenticator : An identity resource that is set with an authentication method.
Authentication : A process through which the Identity Management System verifies who the user or application is.
Authorization : A process through which it is determined what access should be granted for the specific request.
Neo-Security Architecture : A modular and open-standard-based security architecture for secure, protected and legitimate access to mobile and web applications and their data, such as APIs and services.
Back-channel : A method of transmitting a token from an IdP to an RP where the token is obtained through direct communication between the RP and IdP. To this end, the IdP will send a by-ref token to the RP through the front-channel. Then, the RP authenticates to the IdP and presents the reference. The IdP will authenticate the RP and return the associated assertion.
By-reference token, by-ref token : A token that contains reference pointing to the identity data. They are used in external networks, which makes the identity data opaque to external networks. For example, a phantom token.
By-value token : A token that contains identity data and almost always include a digital signature over that data to ensure the integrity. They are used in internal networks. For example, a JWT.
Front-channel : A form of transmitting a token from an IdP to an RP where the token is sent via the user (typically facilitated by their browser).
Nonce : A token that can be used "no" more than "once" (i.e., a single-use token). A nonce is often a by-reference token.
Subject : The entity that is authenticated by an IdP, often an end user.
ALFA : Abbreviated Language For Authorization used in formulating access control policies
AMS : API Management System
CRUD : Create, Read, Update, Delete
DCR : Dynamic Client Registration
DCRM : Dynamic Client Registration Management
EMS : Entitlement Management System
FIDO : Fast IDentity Online, a set of standards for fast, simple, strong authentication
HOTP : HMAC-based One-time Password algorithm
IDP, IdP : Identity Provider, the entity or organization that asserts an identity for a subject
IMS : Identity Management System
JOSE : JSON Object Signing and Encryption
JWT : JSON Web Token
PAP : Policy Administration Point
PDP : Policy Decision Point
PEP : Policy Enforcement Point
PIP : Policy Information Point
PRP : Policy Retrieval Point
RP : Relying Party, synonymous with SP and (in the context of OAuth) client
SAML : Security Assertion Markup Language
SP : Service Provider
SCIM : System for Cross-domain Identity Management
TOTP : Time-based One-Time Password algorithm, an extension of HOTP