Glossary of Identity Management Terms
On this page
Identity Management Terminology
Authenticator : An identity resource that is set with an authentication method.
Authentication : A process through which the Identity Management System verifies who the user or application is.
Authorization : A process through which it is determined what access should be granted for the specific request.
Neo-Security Architecture : A modular and open-standard-based security architecture for secure, protected and legitimate access to mobile and web applications and their data, such as APIs and services.
Back-channel : A method of transmitting a token from an IdP to an RP where the token is obtained through direct communication between the RP and IdP. To this end, the IdP will send a by-ref token to the RP through the front-channel. Then, the RP authenticates to the IdP and presents the reference. The IdP will authenticate the RP and return the associated assertion.
By-reference token, by-ref token : A token that contains reference pointing to the identity data. They are used in external networks, which makes the identity data opaque to external networks. For example, a phantom token.
By-value token : A token that contains identity data and almost always include a digital signature over that data to ensure the integrity. They are used in internal networks. For example, a JWT.
Front-channel : A form of transmitting a token from an IdP to an RP where the token is sent via the user (typically facilitated by their browser).
Nonce : A token that can be used "no" more than "once" (i.e., a single-use token). A nonce is often a by-reference token.
Subject : The entity that is authenticated by an IdP, often an end user.
Identity Management Abbreviations
ALFA : Abbreviated Language For Authorization used in formulating access control policies
AMS : API Management System
CRUD : Create, Read, Update, Delete
DCR : Dynamic Client Registration
DCRM : Dynamic Client Registration Management
EMS : Entitlement Management System
FIDO : Fast IDentity Online, a set of standards for fast, simple, strong authentication
HOTP : HMAC-based One-time Password algorithm
IDP, IdP : Identity Provider, the entity or organization that asserts an identity for a subject
IMS : Identity Management System
JOSE : JSON Object Signing and Encryption
JWT : JSON Web Token
PAP : Policy Administration Point
PDP : Policy Decision Point
PEP : Policy Enforcement Point
PIP : Policy Information Point
PRP : Policy Retrieval Point
RP : Relying Party, synonymous with SP and (in the context of OAuth) client
SAML : Security Assertion Markup Language
SP : Service Provider
SCIM : System for Cross-domain Identity Management
TOTP : Time-based One-Time Password algorithm, an extension of HOTP
Join our Newsletter
Get the latest on identity management, API Security and authentication straight to your inbox.
Start Free Trial
Try the Curity Identity Server for Free. Get up and running in 10 minutes.Start Free Trial