/
Glossary

Glossary

  • Ready for review

    • List of the key terms used within Perun context with their definitions. More detailed info can be found on each subpage.

    • Authentication and Authorization Infrastructure (AAI)Set of technologies, standards, and practices that enable secure and efficient access to resources or services across multiple organizations and domains.
    • Discovery serviceA web-based application that allows users to discover and select an identity provider (IdP) with which to authenticate.
    • Enhanced Client or Proxy Profile (ECP)A specification that extends the Security Assertion Markup Language (SAML) protocol to allow for the exchange of SAML assertions between a client and a proxy server.
    • European Health Data Space (EHDS)One of domain-specific common European data spaces. It will address health-specific challenges to electronic health data access and sharing.
    • Federated identityA way to enable users to access multiple applications or systems using a single set of credentials or identity, which are managed by a third-party identity provider.
    • Group entitlementGroup entitlement is one of common ways for a service provider to use claims issued by an identity provider or a proxy for access control.
    • Identity Provider (IdP)Software application or service that authenticates users and provides information about their identity and attributes to Service Providers (SPs).
    • IdP filteringThe process of limiting the list of identity providers (IdPs) that are presented to a user during the authentication process based on specific criteria or attributes.
    • IdP hintingA feature that allows a service provider (SP) to suggest a preferred identity provider (IdP) to the user during the authentication process.
    • Multi-factor authentication (MFA)A security mechanism that requires users to provide multiple forms of authentication to verify their identity when accessing a system, application, or service.
    • Open Authorization (OAuth)An open standard protocol used for granting third-party access to a user's resources or data without sharing their credentials (such as usernames and passwords) with the third-party service.
    • OpenID Connect (OIDC)An authentication protocol built on top of OAuth 2.0. It provides a standardized way to perform user authentication and authorization, while also providing additional features such as user profile information and session management.
    • PhishingA type of cyberattack that involves tricking individuals into revealing sensitive information, such as login credentials, financial details, or personal data, by posing as a legitimate and trustworthy entity.
    • Policy Decision Point (PDP)A component in security framework that evaluates access requests against predefined security or privacy policies and returns an authorization decision.
    • Policy Enforcement Point (PEP)A component in security framework that enforces access control policies by intercepting access requests to resources and by keeping control on whether to grant or deny those requests, based on predefined security and compliance rules.
    • Relying Party (RP)A service provider or application that relies on an identity provider (IdP) to authenticate and authorize users.
    • Resource capabilityResource capabilities is one of common ways for a service provider to use claims issued by an identity provider or a proxy for access control.
    • Security Assertion Markup Language (SAML)An XML-based open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider (IdP) and a service provider (SP).
    • Service Provider (SP)Software application or service that provides access to resources or services to users who have been authenticated by an Identity Provider (IdP).
    • Single Sign-On (SSO)A mechanism that allows users to authenticate once and then access multiple applications or systems without having to log in again for each one.
    • Time-based One-Time Password (TOTP)Type of token used for Multi-Factor Authentication (MFA) utilizing typically 6-digit codes generated in a dedicated application.
    • WebAuthnA web standard developed by the World Wide Web Consortium (W3C) for enhancing online authentication and security. It can be used a second factor for Multi-Factor Authentication (MFA).
    • Where Are You From (WAYF)A component of some identity federation systems that is used to help users select their identity provider (IdP) during the authentication process.

     

    Support: perun@cesnet.cz