Defined Term |
Brief summary description |
Address of Record |
A means of contacting the Subject. |
Approved Algorithm |
Any implementation of an algorithm or technique specified in a FIPS standard or NIST recommendation, or any algorithm or technique that conforms to an alternative means identified by InCommon as approved for specified IAPs. |
Assertion |
Structured data objects containing Identity information and other relevant data. Sometimes called Identity Assertions. |
Attributes |
Elements of an Identity. |
Attribute Service |
Provides Subject Attributes in response to queries from SPs. |
Authentication Secret |
Used generically for passwords, passphrases, PINs, symmetric keys and other forms of secrets used for authentication |
Credential |
A unique identifier and authentication material. |
Credential Store |
Contains Authentication Secrets for all Subjects |
Identity |
Information that is true about a Subject. |
Identity Attributes |
Information elements relevant to a Subject. |
Identity Management System |
A set of functions serving the Identity and access management needs of an enterprise. |
Identity Provider |
The IdMS system component that issues Assertions. |
IdMS database |
A database of IdMS Subjects. |
IdMS Operations |
The technical environment supporting the IdMS. |
IdP Operator |
The organization operating an IdP is an IdP Operator. |
Protected Channel |
A communication mechanism that provides message integrity and confidentiality protection. |
Registration |
The process of creating a record of a Subject’s Identity information. |
Registration Authority |
A trusted entity entitled to perform Registrations. |
Relying Parties |
A synonym for Service Provider. |
Service Provider |
Uses an Identity Assertion as part of managing access to its services. |
Subject |
A person who is (or will be) registered with the IdP Operator |
Token |
A physical device (or specialized software on a device such as a mobile phone) used in authentication. |
User Agent |
Typically a web browser, used by the Subject to authenticate to the IdP and convey the assertion to the SP. |
Verifier |
Validates the correctness of offered authentication material. |
