You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

The Simple Glossary ( Privileges for Peasants)

Term

Definition

Comments

Subject

A person, a service acting on behalf of a person, or a group of subjects.

 

Group

A set of subjects

 

Role

A set of subjects and the set of privileges they all  possess

 

Resource

A service, datum, or any other object for which access is controlled

 

Privilege/permission

An expression of access to a resource

 

Scope

A constraint on a privilege which refers to a subset of those resources to which the privilege applies

 

Action

... on a resource

 

Limit

A constraint on a privilege that must be calculated at time of access

 


The Mace Glossary

term

definition

comments

Attribute

A quality of a subject or other object

 

Role

A set of subjects each possessing the same set of privileges

 

Subject

A person, a service acting on behalf of a person , or a set of persons/services.

 

Group

A set of subjects

 

Inheritance

the privilege-set a subject gains because of its position in a hierarchy

 

Privilege/permission

An expression of access to a resource

 

Provisioning

The process of transporting attributes, privileges, groups, roles etc to a resource that does not participate in central IAM solution

 

Deprovisioning

The process of removing access to a resource or service

 

Assertion

A statement of the value of one or more attributes related to the identity of a subject

 

Delegation

The process of a subject granting a subset of its privileges to another subject

 

Federation

A collection of organizations that have agreed to inter-operate using an common set of rules, particularly in the areas of privacy and security.

 

Inter-federation

A collection of 2 or more federations that have agreed to accept a limited set of attributes for purposes of allowing access to resources.

 

Level of assurance

Describes the degree of certainty that the user has presented a credential that accurately refers to his or her true identity.

Potential alternative, from the OIX: "a unit of measure for the degree of confidence a relying party can have in the assertions in an identity credential from an identity provider"

Authority

The organization or process that covers most aspects of creating policies and rules governing who has privileges within an organization

 

Consent

A process by which a subject controls the dissemination of identity attributes about themselves

 

Privilege set

A set of privileges required to perform a particular business function

 
  • No labels