The Simple Glossary
Term |
Definition |
Comments |
|---|---|---|
Subject |
A person, a service acting on behalf of a person , or a set of persons/services. |
|
Group |
A set of subjects |
|
Role |
a set of subjects each possessing the same set of privileges |
|
Resource |
A service , datum any other object for which access is controlled |
|
Privilege |
an expression of access to a resource |
|
Scope |
a constraint on a privilege which refers to a subset of those resources to which the privilege applies. |
|
Limit |
a constraint on a privilege that must be calculated at time of access |
|
|
|
|
|
|
|
The Mace Glossary
term |
definition |
comments |
|---|---|---|
attribute |
a quality of a subject |
|
role |
a set of subjects each possessing the same set of privileges |
|
subject |
A person, a service acting on behalf of a person , or a set of persons/services. |
|
group |
A set of subjects |
|
privilege/permission |
an expression of access to a resource |
|
provisioning |
the process of transporting attributes, privileges, groups, roles etc to a resource that does not participate in central IAM solution |
|
assertion |
a statement of the value of one or more attributes related to the identity of a subject |
|
delegation |
the process of a subject granting a subset of its privileges to another subject |
|
federation |
|
|
inter-federation |
|
|
level of assurance |
|
|
authority |
|
|
consent |
|
|
|
|
|