Page tree
Skip to end of metadata
Go to start of metadata


An Assertion (or Identity Assertion) is a collection of Attributes from a Service Provider’s current user's Identity that is sent from an Identity Provider to the Service Provider for the purpose of making access decisions and/or personalizing the user’s experience with the service.


Assurance is something that inspires trust. In the context of identity and access management, assurance typically refers to a collection of one or more criteria addressing legal, policy, operation, technology, organizational, and other issues affecting the administration and use of identity information.


An Attribute is an element of Identity associated with a person.


Authentication is a process for associating a person with an identity in a verified manner. Verification is performed on the basis of a credential: something you know (e.g., a password), something you have (e.g., a hardware token), something you are (e.g., a fingerprint scan), or a combination of these factors.


Authorization is the act of granting access to a service or resource for an authenticated person, based on information contained in that person's Identity, such as the person's organizational affilation, role, or explicit entitlements.

CACTI (Community Architecture Committee for Trust and Identity)

CACTI, Community Architecture Committee for Trust and Identity, is a standing architecture strategy group of community members chartered by Internet2's Vice President for Trust and Identity. 

Community Member

A community member is person who is represented by a federation Participant organization that operates an IdP. For university Participants, Community Members may include students, staff, faculty, and other persons who have some affiliation with the university or its programs.


A credential is something a person uses to verify who they are during authentication. Examples are something you know (e.g., a password), something you have (e.g., a hardware token), something you are (e.g., a fingerprint scan).

CTAB (Community Trust and Assurance Board)

The Community Trust and Assurance Board (CTAB) represents the InCommon community in InCommon Federation’s trust and assurance related programs and initiatives. It is advisory to the InCommon Steering Committee. The CTAB wiki includes the charter, meeting minutes, and additional information.

Digital Certificate

A digital certificate is an electronic document that can be used to verify the authenticity of information (e.g., within a Trust Registry) that has been signed using public key cryptography. Digital Certificates have other uses, such as data encryption, that (while used extensively) are less specifically related to identity and access management.

eduGAIN (EDUcation Global Authentication INfrastructure)

eduGAIN (EDUcation Global Authentication INfrastructure) is an inter-federation service connecting participant identity federations around the world. eduGAIN simplifies access to content, services and resources for the global research and education community.

Entity Category

An Entity Category is information in federation Metadata that indicates a formally-defined property, such as the REFEDS Research and Scholarship Category, applies to a specific Identity Provider or Service Provider.

FIM4L (Federated Identity Management for Libraries)

FIM4L (Federated Identity Management for Libraries) is a library-led working group that aims to further the usage of Federated Identity Management technologies by providing guidelines for libraries on how to deploy such technologies while in the same time preserve the privacy of the users.

FIM4R (Federated Identity Management for Research)

FIM4R (Federated Identity Management for Research) is a collection of research communities and infrastructures with a shared interest in enabling Federated Identity Management for their research cyber infrastructures.

Home Institution

A home institution (also known as home organization) is a federation Participant that operates an IdP and other identity services on behalf of its community members.


In contrast to its usual English meaning, identity in the context of the practice of identity management refers to the set of information that pertains to a person. This information includes identifiers, memberships, eligibility, roles, names, characteristics, etc. Some of this information may uniquely identify that person, even sensitive Personally Identifiable Information (PII), but much of this information is not.

Identity Assertion

An identity assertion is information about a service provider’s current user that is sent from an identity provider to the service provider for the purpose of making access decisions and/or personalizing the user’s experience with the service.

Identity Provider

An identity provider (abbreviated IdP or IDP) is a system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network.

InCommon Federation

InCommon Steering Committee

The InCommon Steering Committee provides high-level governance, including policies and general practices primarily for the InCommon Federation and related community activities. Meeting minutes are available on the wiki. You can find the InCommon bylaws, which govern the Steering Committee, and the InCommon LLC document, along with a number of other documents, on the Policies page.


Also known as Trust Registry, Metadata is the registry of all Identity Providers and Service Providers known to the federation.

Multilateral Federation

A Multilateral Federation is one in which the participating institutions declare conformance with federation-wide standards to foster implicit bilateral trust between each Identity Provider and Service Provider. These declarations are represented in the federation's Metadata (or Trust Registry).

Participant (InCommon Participant)

An InCommon Participant (abbreviated Participant) is an organization that has signed an agreement with the InCommon Federation to cover the registration, verification and publication of information about its IdPs and SPs in the federation’s Trust Registry.

REFEDS (the Research and Education FEDerations group)

The mission of REFEDS (the Research and Education FEDerations group) is to be the voice that articulates the mutual needs of research and education identity federations worldwide.

Service Provider

A Service Provider (abbreviated SP) is a network-accessible service that relies on Identity Assertions for the purpose of making access decisions and/or personalizing the user’s experience.

TAC (Technical Advisory Committee)

The InCommon Technical Advisory Committee (TAC) an advisory body to the InCommon Steering Committee. It advises InCommon Steering and InCommon operations on InCommon’s operational processes, practices, strategies, capabilities, and roadmap. The TAC meets biweekly throughout the year. Members serve three-year terms. The TAC wiki includes the committee's charter, meeting minutes, and additional information.


“Assured reliance on the character, ability, strength, or truth of someone or something" - Merriam-Webster.

  • No labels