A Glossary of Security Terms
- Access Policy Enforcement
Once a user has been authenticated and associated with an account, the enforcement of the access policy is required as specified by the authorisation details.
- Authentication
The process of verifying that a user or system is who they say they are with credentials previously registered during the account provisioning phase. The credentials may involve something the user knows or has, such as a password or biometric information such as fingerprints.
- Authorisation
This is process of granting privileges that govern what an account is allowed to do. It specifies what a user or entity is allowed to do.
- IDM
An Identity Management System supports the creation, modification and removal of adentities and associated accounts, as well as the authentication and authorisation required to access resources. It is used to protect online resources from unauthorised access.
- IdP
Identity Provider.
- MFA
Multi-factor authentication involves authenticating a user with a stronger forms of authentication.
- OAuth 2.0
This authentication protocol allows a user to authorise a client application, to send a request to an API, known as a resource server (the social media site), on the user’s behalf to retrieve data the the resource server owned by the user. The application interacts with the authorisation server, which authenticates the user, recieves a token, which then enables the application to call the resource server on the user’s behalf. However, OAuth 2.0 does not proivde a standard way to securely convey the identity of an authenticated user to an application.
- Open ID
Open ID attempts to address the shortfall of consumer authentication that SAML does not provide. In addition to organisation controlled identity providers, Open ID allowed consumer users to setup their own identity provider and point applications to it for authentication.
- OIDC
OpenID Connect address the short comming of OAuth 2.0’s inability to securely convey an authenticated user’s identity to an application. It builds on top of the OAuth 2.0 protocol to provide informaiton in a standard formation for applications about the authenticated user’s identity.
- Provisioning
In the context of IT Security, provisioning is the creation of an identity account with its associated identity information.
- relying party
This could be a identity provider serving other clients.
- SAML
Security Assertion Markup Language, published in 2005, provides a solution for web single sign-on across domains and federated identities. It provided an excellent solution for enterprises needing better control over employee identities in SaaS applications. It redirected corporate users back to a corporate authentication service, known as an IdP for authentication. Identity federation provided a way to link an identity used in an application with an identity at the identity provider. It is an old authentication mechanism that does not provide API authorization.
- Session
In the context of IT Security, a session is the tracked time period on when a user has been authenticated and allowed to access privilledged actions based on his authorisation. Sessions usually have a time limit after which the user or entity will have to be reauthenticated.
- SSO
Single Sign On is the ability to login once and then access additional protected resources or applications with the same authentication requirements, without having to reenter credentials.