Child pages
  • Another Glossary Page
Skip to end of metadata
Go to start of metadata

The Simple Glossary

Term

Definition

Comments

Action

Describes the access to a resource e.g. "delete","add" , "reserve". Often used interchanged with function and verb.

 

Group

A set of subjects

 

Limit

A constraint on a privilege that must be calculated at time of access

 

Privilege/permission

An expression of access to a resource

 

Resource

A service, datum, or any other object for which access is controlled

 

Role

A set of subjects and the set of privileges they all  possess

 

Scope

A constraint on a privilege which refers to a subset of those resources to which the privilege applies

 

Subject

A person, a service acting on behalf of a person, or a set of subjects.

 


The MACE Glossary

term

definition

comments

Action

Describes the access to a resource e.g. "delete","add" , "reserve". Often used interchanged with function and verb.

 

Assertion

A statement of the value of one or more attributes related to the identity of a subject

 

Attribute

A quality of a subject or other object

 

Authority

The organization or process that covers most aspects of creating policies and rules governing who has privileges within an organization

 

Consent

A process by which a subject controls the dissemination of identity attributes about themselves

 

Delegation

The process of a subject granting a subset of its privileges to another subject

 

Deprovisioning

The process of removing access to a resource or service

 

Federation

A collection of organizations that have agreed to inter-operate using an common set of rules, particularly in the areas of privacy and security.

 

Group

A set of subjects

 

Inheritance

An object can imply indirect privileges due to inherited privileges of another object. There is a hierarchy along which privileges are inherited.

 

Inter-federation

A collection of 2 or more federations that have agreed to accept a limited set of attributes for purposes of allowing access to resources.

 

Level of assurance

Describes the degree of certainty that the user has presented a credential that accurately refers to his or her true identity.

Potential alternative, from the OIX: "a unit of measure for the degree of confidence a relying party can have in the assertions in an identity credential from an identity provider"

Limit

A constraint on a privilege that must be calculated at time of access

 

Privilege/permission

An expression of access to a resource

 

Privilege set

A set of privileges required to perform a particular business function

 

Provisioning

The process of transporting attributes, privileges, groups, roles etc to a resource that does not participate in central IAM solution

 

Resource

A service, datum, or any other object for which access is controlled

 

Role

A set of subjects each possessing the same set of privileges

 

Subject

A person, a service acting on behalf of a person , or a set of persons/services.

 

See also the MACE-paccman Glossary (a more extensive glossary geared to access management terms)

  • No labels