An overview of identity management terms: authentication, authorization, tokens, DCR, SCIM and more.

Glossary of Identity Management Terms

On this page

Identity Management Terminology

Authenticator : An identity resource that is set with an authentication method.

Authentication : A process through which the Identity Management System verifies who the user or application is.

Authorization : A process through which it is determined what access should be granted for the specific request.

Neo-Security Architecture : A modular and open-standard-based security architecture for secure, protected and legitimate access to mobile and web applications and their data, such as APIs and services.

Back-channel : A method of transmitting a token from an IdP to an RP where the token is obtained through direct communication between the RP and IdP. To this end, the IdP will send a by-ref token to the RP through the front-channel. Then, the RP authenticates to the IdP and presents the reference. The IdP will authenticate the RP and return the associated assertion.

By-reference token, by-ref token : A token that contains reference pointing to the identity data. They are used in external networks, which makes the identity data opaque to external networks. For example, a phantom token.

By-value token : A token that contains identity data and almost always include a digital signature over that data to ensure the integrity. They are used in internal networks. For example, a JWT.

Front-channel : A form of transmitting a token from an IdP to an RP where the token is sent via the user (typically facilitated by their browser).

Nonce : A token that can be used "no" more than "once" (i.e., a single-use token). A nonce is often a by-reference token.

Subject : The entity that is authenticated by an IdP, often an end user.

Identity Management Abbreviations

ALFA : Abbreviated Language For Authorization used in formulating access control policies

AMS : API Management System

CRUD : Create, Read, Update, Delete

DCR : Dynamic Client Registration

DCRM : Dynamic Client Registration Management

EMS : Entitlement Management System

FIDO : Fast IDentity Online, a set of standards for fast, simple, strong authentication

HOTP : HMAC-based One-time Password algorithm

IDP, IdP : Identity Provider, the entity or organization that asserts an identity for a subject

IMS : Identity Management System

JOSE : JSON Object Signing and Encryption

JWT : JSON Web Token

PAP : Policy Administration Point

PDP : Policy Decision Point

PEP : Policy Enforcement Point

PIP : Policy Information Point

PRP : Policy Retrieval Point

RP : Relying Party, synonymous with SP and (in the context of OAuth) client

SAML : Security Assertion Markup Language

SP : Service Provider

SCIM : System for Cross-domain Identity Management

TOTP : Time-based One-Time Password algorithm, an extension of HOTP

Join our Newsletter

Get the latest on identity management, API Security and authentication straight to your inbox.

Start Free Trial

Try the Curity Identity Server for Free. Get up and running in 10 minutes.

Start Free Trial