The Simple Glossary
Term | Definition | Comments |
---|---|---|
Action | Describes the access to a resource e.g. "delete","add" , "reserve". Often used interchanged with function and verb. |
|
Group | A set of subjects |
|
Limit | A constraint on a privilege that must be calculated at time of access |
|
Privilege/permission | An expression of access to a resource |
|
Resource | A service, datum, or any other object for which access is controlled |
|
Role | A set of subjects and the set of privileges they all possess |
|
Scope | A constraint on a privilege which refers to a subset of those resources to which the privilege applies |
|
Subject | A person, a service acting on behalf of a person, or a set of subjects. |
|
The MACE Glossary
term | definition | comments |
---|---|---|
Action | Describes the access to a resource e.g. "delete","add" , "reserve". Often used interchanged with function and verb. |
|
Assertion | A statement of the value of one or more attributes related to the identity of a subject |
|
Attribute | A quality of a subject or other object |
|
Authority | The organization or process that covers most aspects of creating policies and rules governing who has privileges within an organization |
|
Consent | A process by which a subject controls the dissemination of identity attributes about themselves |
|
Delegation | The process of a subject granting a subset of its privileges to another subject |
|
Deprovisioning | The process of removing access to a resource or service |
|
Federation | A collection of organizations that have agreed to inter-operate using an common set of rules, particularly in the areas of privacy and security. |
|
Group | A set of subjects |
|
Inheritance | An object can imply indirect privileges due to inherited privileges of another object. There is a hierarchy along which privileges are inherited. |
|
Inter-federation | A collection of 2 or more federations that have agreed to accept a limited set of attributes for purposes of allowing access to resources. |
|
Level of assurance | Describes the degree of certainty that the user has presented a credential that accurately refers to his or her true identity. | Potential alternative, from the OIX: "a unit of measure for the degree of confidence a relying party can have in the assertions in an identity credential from an identity provider" |
Limit | A constraint on a privilege that must be calculated at time of access |
|
Privilege/permission | An expression of access to a resource |
|
Privilege set | A set of privileges required to perform a particular business function |
|
Provisioning | The process of transporting attributes, privileges, groups, roles etc to a resource that does not participate in central IAM solution |
|
Resource | A service, datum, or any other object for which access is controlled |
|
Role | A set of subjects each possessing the same set of privileges |
|
Subject | A person, a service acting on behalf of a person , or a set of persons/services. |
|
See also the MACE-paccman Glossary (a more extensive glossary geared to access management terms)