InCommon is operated by Internet2


About            Participants            Join InCommon


Becoming Certified

Community Trust and Assurance Board

Program Components


Assurance for Identity Providers

Assurance for Service Providers

Assurance Glossary

Federation Home Page

Assurance Glossary of Terms

Defined Term

Brief summary description

Address of Record

A means of contacting the Subject.

Alternative Means

Use of equivalent or stronger methods for satisfying the Assurance profile criteria than that specified in the Assurance documents.

Approved Algorithm

Any implementation of an algorithm or technique specified in a FIPS standard or NIST recommendation, or any algorithm or technique that conforms to an alternative means identified by InCommon as approved for specified IAPs.


Structured data objects containing Identity information and other relevant data.  Sometimes called Identity Assertions.


Elements of an Identity.

Attribute Service

Provides Subject Attributes in response to queries from SPs.

Authentication Secret

Used generically for passwords, passphrases, PINs, symmetric keys and other forms of secrets used for authentication


A unique identifier and authentication material.

Credential Store

Contains Authentication Secrets for all Subjects


Information that is true about a Subject.

Identity Attributes

Information elements relevant to a Subject.

Identity Management System

A set of functions serving the Identity and access management needs of an enterprise.

Identity Provider

The IdMS system component that issues Assertions.

IdMS database

A database of IdMS Subjects.

IdMS Operations

The technical environment supporting the IdMS.

IdP Operator

The organization operating an IdP is an IdP Operator.

Protected Channel

A communication mechanism that provides message integrity and confidentiality protection.


The process of creating a record of a Subject’s Identity information.

Registration Authority

A trusted entity entitled to perform Registrations.

Relying Parties

A synonym for Service Provider.

Service Provider

Uses an Identity Assertion as part of managing access to its services.


A person who is (or will be) registered with the IdP Operator


A physical device (or specialized software on a device such as a mobile phone) used in authentication.

User Agent

Typically a web browser, used by the Subject to authenticate to the IdP and convey the assertion to the SP.


Validates the correctness of offered authentication material.


Copyright 2004-2018 InCommon LLC. All rights reserved. InCommon is operated by Internet2.