AAA (Authentication, Authorization, Accounting) Server RFC 2904 Access Control Decision Function (ADF) ISO-1011813, 3.2 Access Control Enforcement Function (AEF) ISO-1011813, 3.2 Access Policy < equivalenced to Policy in 4.3 > The list of rules in a particular expression language which govern whether or not requests for access will be approved. Administrative Domain (2.3) Those machines and services administered by the same organization. Alternately, those machines and services which are subject to the same operational rules. Assertion (4.1.1) Attribute (3.3), (4.1.1), 4.2.3.1 Attribute Acquisition RFC 3281, 3.3 Attribute Application RFC 3281, 3.3 Attribute Assertion (3.4.1), 4.2.3 Attribute Assertion Function 3.2 Attribute Authority 2.1, 4.1.1 Attribute Certificate (3.4.1) An X.509 attribute certificate as defined in RFC 3281 by the IETF. One type of Attribute Token. [RFC2904 -- structure containing authorization attributes which is digitally signed using public key cryptography.] Attribute Domain (4.2.1) The domain in which attributes are understood to have the same meaning ? The domain across which a given Attribute Authority is recognized as the authority ? Attribute Repository 4.2.3.2 Attribute Schema (4.2.3.1) The schema for describing the meaning and structure of an attribute and its elements Attribute Token (4.2.3.2) The object which is presented as proof of right to claim an attribute. Authentication Credential (4.4) Those pieces of information necessary for some entity to authenticate as a given identity. Includes an identifier (eg. a username) and some secret (eg. a password). Authentication Token (4.2) The object which is presented as proof of having authenticated to the issuer of the token. Authority (2.1) Typically an authority is some entity asked to make some decision or create some token and is given the franchise to do so by some source of authority. That franchise may be given by previous agreement, some chain of delegation, or a trust on the part of the relying party. Authority Policy (4.2.1) The policy which determines which authorities are accepted and how the franchises are granted. Authorization (AuthZ) 2.0 Authorization Agent Sequence 2.2.3 Authorization Algorithm 4.5 Authorization Architecture 3.1 Authorization Assertion 4.2 Authorization Attribute 4.2 Authorization Context 4.4 Authorization Credential (4.4) Authorization Decision (2.0.3) The decision on what type of authorization is granted. Often this is a logical return (yes, no, indetermined) and an authorization token. Authorization Information (2.1) The information presented with the authorization request trying to persuade the authority to grant the authorization. Authorization Policy (2.1), (4.4) [Is this the same as Access Policy ?] Authorization Privileges (4.4) [Is this a synonym for privilege ? Is there any other type ?] Authorization Pull Sequence 2.2.2 Authorization Push Sequence 2.2.1 Authorization Request (3.4.2), (4.4) Authorization Response (3.4.2), 4.5 Authorization Sequence RFC 2904 (2.2) Authorization Server 2.1, 4.2.1, 4.5 Authorization Subject 2.1 Authorization System (3.1) One particular implementation of an authorization sequence/model. It might refer to a placeholder for one implementation (eg. on an architectural diagram). Includes all the processes, procedures and protocols necessary to carry out an authorization for that particular implementation. Authorization Token 2.0.2 Certification Authorities (CA) 2.1 Community Domain (2.3) Delegation Attribute (4.2.3) An attribute expressing an authorization for the subject to carry out certain actions on behalf of the issuer. Or rather: An attribute which transfers to the subject some authorization held by the issuer. Or: An attribute authorizing the subject to assert some right claimed by the issuer. Domain (2.3) Enforcement of access rights 4.6 Environmental Authority 4.1.1 Holding Subjects (3.4.1) Home Domain (2.3) Identity Token (4.2.3.3) Object System (3.4.3.4) Parameters (3.3) Policy (3.3), (3.4.3), (4.1.1), 4.2 Policy Assertion Function 3.2 Policy Authority 2.1, 4.1.1 Policy Decision Point (PDP) RFC 2904, see ADF -- The point where policy decisions are made. Policy Enforcement Point (PDP) RFC 2904, see AEF -- The point where the policy decisions are actually enforced. Policy Statement 4.5 Policy System (Fig. 3-2) Privelege 4.2 Privelege Assignment 4.2.2 Privelege Authority 4.2.1 Privelege Management 4.1, 4.2 Proxy (4.1.2) Resource 2.1 Resource Authority 4.1.1 Rights (2.1) Service (2.0) Service Point (2.0) Service Provider RFC 2904 Source of Authority (SOA) 4.1.1 Subject 2.1 Subject Attributes 3.4.1 Subject Domain (4.2.1) System (3.4.3) Transport Channel (4.4) Trust (4.1) Trust Authorities (4.1.1) Trust Management 4.1 Trust Relationship (2.5), (4.1.1) Untrusted Services (4.6.2) User RFC 2904 (2.2) the entity seeking authorization to use a resource or a service. User Home Organization RFC 2904 (2.2) Virtual Organization Domain 2.3 Wire Format [System] (3.4.3.4) X.509 (4.2) ITU-T Recommendation X.509 (1997 E): Information Technology - Open Systems Interconnection - The Directory: Authentication Framework, June 1997. X.509 Certificate (ref RFC 2459 ?) (4.2.3.3) s-expression (3.4.3.1) Expansion of Acronyms: ACL - Access Control List (4.3) API - Application Programming Interface (3.4.3.5) WS-* Standard (3.4.3.5) { I believe this should be spelled out referencing the body of standards referenced } QoP (3.4.3.5) NIS - Network Information Service (?) (4.1.1) OGSA - Open Grid Services Architecture (ref >>>) (3.4.3.5) PKI - Public Key Infrastructure (4.1.1) POSIX (4.6.2) RBAC - Role Based Authorization Control (?) (4.1) SAML - Security Assertion Markup Language (ref >>>>) (3.4.3.5) SAML-P (4.6) SSL - Secure Socket Layer (4.1.1) Virtual Organization (VO) (2.3) WS-Policy (3.4.3.5) WS-Security - Web Services Security (ref >>>>) (3.4.3.5) WSDL - Web Services Description Language (3.4.3.5) XACML (3.4.3.5) XML - eXchange Markup Language (ref XXXX) (3.4.3.1)