The Simple Glossary
Term |
Definition |
Comments |
|---|---|---|
Action |
Describes the access to a resource e.g. "delete","add" , "reserve". Often used interchanged with function and verb. |
|
Group |
A set of subjects |
|
Limit |
A constraint on a privilege that must be calculated at time of access |
|
Privilege/permission |
An expression of access to a resource |
|
Resource |
A service, datum, or any other object for which access is controlled |
|
Role |
A set of subjects and the set of privileges they all possess |
|
Scope |
A constraint on a privilege which refers to a subset of those resources to which the privilege applies |
|
Subject |
A person, a service acting on behalf of a person, or a set of subjects. |
|
The MACE Glossary
term |
definition |
comments |
|---|---|---|
Action |
Describes the access to a resource e.g. "delete","add" , "reserve". Often used interchanged with function and verb. |
|
Assertion |
A statement of the value of one or more attributes related to the identity of a subject |
|
Attribute |
A quality of a subject or other object |
|
Authority |
The organization or process that covers most aspects of creating policies and rules governing who has privileges within an organization |
|
Consent |
A process by which a subject controls the dissemination of identity attributes about themselves |
|
Delegation |
The process of a subject granting a subset of its privileges to another subject |
|
Deprovisioning |
The process of removing access to a resource or service |
|
Federation |
A collection of organizations that have agreed to inter-operate using an common set of rules, particularly in the areas of privacy and security. |
|
Group |
A set of subjects |
|
Inheritance |
An object can imply indirect privileges due to inherited privileges of another object. There is a hierarchy along which privileges are inherited. |
|
Inter-federation |
A collection of 2 or more federations that have agreed to accept a limited set of attributes for purposes of allowing access to resources. |
|
Level of assurance |
Describes the degree of certainty that the user has presented a credential that accurately refers to his or her true identity. |
Potential alternative, from the OIX: "a unit of measure for the degree of confidence a relying party can have in the assertions in an identity credential from an identity provider" |
Limit |
A constraint on a privilege that must be calculated at time of access |
|
Privilege/permission |
An expression of access to a resource |
|
Privilege set |
A set of privileges required to perform a particular business function |
|
Provisioning |
The process of transporting attributes, privileges, groups, roles etc to a resource that does not participate in central IAM solution |
|
Resource |
A service, datum, or any other object for which access is controlled |
|
Role |
A set of subjects each possessing the same set of privileges |
|
Subject |
A person, a service acting on behalf of a person , or a set of persons/services. |
|
See also the MACE-paccman Glossary (a more extensive glossary geared to access management terms)