Internet2

InCommon is operated by Internet2

InCommon

About            Participants            Join InCommon

Assurance

Subscribe

Program Components

FAQ

Assurance for Identity Providers

Assurance for Service Providers

Assurance Fee Schedule

Assurance Advisory Committee

Assurance Glossary

InCommon Affiliates


News from the Assurance Program



Assurance Glossary of Terms

Defined Term

Brief summary description

Address of Record

A means of contacting the Subject.

Alternative Means

Use of equivalent or stronger methods for satisfying the Assurance profile criteria than that specified in the Assurance documents.

Approved Algorithm

Any implementation of an algorithm or technique specified in a FIPS standard or NIST recommendation, or any algorithm or technique that conforms to an alternative means identified by InCommon as approved for specified IAPs.

Assertion

Structured data objects containing Identity information and other relevant data.  Sometimes called Identity Assertions.

Attributes

Elements of an Identity.

Attribute Service

Provides Subject Attributes in response to queries from SPs.

Authentication Secret

Used generically for passwords, passphrases, PINs, symmetric keys and other forms of secrets used for authentication

Credential

A unique identifier and authentication material.

Credential Store

Contains Authentication Secrets for all Subjects

Identity

Information that is true about a Subject.

Identity Attributes

Information elements relevant to a Subject.

Identity Management System

A set of functions serving the Identity and access management needs of an enterprise.

Identity Provider

The IdMS system component that issues Assertions.

IdMS database

A database of IdMS Subjects.

IdMS Operations

The technical environment supporting the IdMS.

IdP Operator

The organization operating an IdP is an IdP Operator.

Protected Channel

A communication mechanism that provides message integrity and confidentiality protection.

Registration

The process of creating a record of a Subject’s Identity information.

Registration Authority

A trusted entity entitled to perform Registrations.

Relying Parties

A synonym for Service Provider.

Service Provider

Uses an Identity Assertion as part of managing access to its services.

Subject

A person who is (or will be) registered with the IdP Operator

Token

A physical device (or specialized software on a device such as a mobile phone) used in authentication.

User Agent

Typically a web browser, used by the Subject to authenticate to the IdP and convey the assertion to the SP.

Verifier

Validates the correctness of offered authentication material.

 

Copyright 2004-2013 InCommon LLC. All rights reserved. info@incommon.org. InCommon is operated by Internet2.