A Glossary of Security Terms

Access Policy Enforcement

Once a user has been authenticated and associated with an account, the enforcement of the access policy is required as specified by the authorisation details.

Authentication

The process of verifying that a user or system is who they say they are with credentials previously registered during the account provisioning phase. The credentials may involve something the user knows or has, such as a password or biometric information such as fingerprints.

Authorisation

This is process of granting privileges that govern what an account is allowed to do. It specifies what a user or entity is allowed to do.

IDM

An Identity Management System supports the creation, modification and removal of adentities and associated accounts, as well as the authentication and authorisation required to access resources. It is used to protect online resources from unauthorised access.

IdP

Identity Provider.

MFA

Multi-factor authentication involves authenticating a user with a stronger forms of authentication.

OAuth 2.0

This authentication protocol allows a user to authorise a client application, to send a request to an API, known as a resource server (the social media site), on the user’s behalf to retrieve data the the resource server owned by the user. The application interacts with the authorisation server, which authenticates the user, recieves a token, which then enables the application to call the resource server on the user’s behalf. However, OAuth 2.0 does not proivde a standard way to securely convey the identity of an authenticated user to an application.

Open ID

Open ID attempts to address the shortfall of consumer authentication that SAML does not provide. In addition to organisation controlled identity providers, Open ID allowed consumer users to setup their own identity provider and point applications to it for authentication.

OIDC

OpenID Connect address the short comming of OAuth 2.0’s inability to securely convey an authenticated user’s identity to an application. It builds on top of the OAuth 2.0 protocol to provide informaiton in a standard formation for applications about the authenticated user’s identity.

Provisioning

In the context of IT Security, provisioning is the creation of an identity account with its associated identity information.

relying party

This could be a identity provider serving other clients.

SAML

Security Assertion Markup Language, published in 2005, provides a solution for web single sign-on across domains and federated identities. It provided an excellent solution for enterprises needing better control over employee identities in SaaS applications. It redirected corporate users back to a corporate authentication service, known as an IdP for authentication. Identity federation provided a way to link an identity used in an application with an identity at the identity provider. It is an old authentication mechanism that does not provide API authorization.

Session

In the context of IT Security, a session is the tracked time period on when a user has been authenticated and allowed to access privilledged actions based on his authorisation. Sessions usually have a time limit after which the user or entity will have to be reauthenticated.

SSO

Single Sign On is the ability to login once and then access additional protected resources or applications with the same authentication requirements, without having to reenter credentials.