Another Glossary Page

Subject

A person, a service acting on behalf of a person, or a group of subjects.

Group

A set of subjects

Role

A set of subjects and the set of privileges they all  possess

Resource

A service, datum, or any other object for which access is controlled

Privilege/permission

An expression of  access to a resource

Scope

A constraint on a privilege which refers to a subset of those resources to which the privilege applies

Limit

A constraint on a privilege that must be calculated at time of access

Attribute

A quality of a subject or other object

Role

a set of subjects each possessing the same set of privileges

Subject

A person, a service acting on behalf of a person , or a set of persons/services.

Group

A set of subjects

Privilege/permission

an expression of  access to a resource

Provisioning

the process of  transporting attributes, privileges, groups, roles etc to a resource that does not participate in central IAM solution

Assertion

a statement of the value of one or more  attributes related to the identity of a subject

Delegation

the process of a subject granting a subset of its privileges to another subject

Federation

A collection of organizations that have agreed to inter-operate using an common set of rules, particularly in the areas of privacy and security.

Inter-federation

Level of assurance

describes the degree of certainty that the user has presented a credential that accurately refers to his or her true identity.

Authority

The organization or process that  covers most aspects of creating policies and rules governing who has  privileges within  an organization. 

Consent

A process by which a subject controls the dissemination  of identity attributes about themselves

Privilege set

a set of privileges required to perform a particular business function