HomeDownloadsUser GuideDevelopment

User Guide: Glossary

Glossary

Term Description
Action An operation on a resource.
Attribute Property of an Object consisting of a type/value pair, e.g. type=Name, value=John Doe.
Attribute Authority AA Trusted authorities which assign roles to users. Normally this is done also by the SOA.
Attribute Certificate AC Attributes that are certified (digitally signed) by an Attribute Authority as belonging to a particular object. As an analogy, if a PKC corresponds to a passport, an AC corresponds to a visa.
Attribute Certificate Revocation List ACRL List of revoked ACs issued by and AA.
Authorization Decision The result of evaluating applicable policy, returned by the PDP to the PEP. A function that evaluates to "Permit", "Deny", "Indeterminate" or "NotApplicable", and (optionally) a set of obligations
Certification Authority CA Issues digital certificates.
Credential Validation Service CVS Validates if the allocation of privileges is valid, decides according to policies if an AA may allocate privileges.
Credentials What AA needs from the SOA to be able to issue ACs.
Decision Request The request by a PEP to a PDP to render an authorization decision
Obligation An operation specified in a policy that should be performed by the PEP in conjunction with the enforcement of an authorization decision
Policy A set of rules, an identifier for the rule-combining algorithm and (optionally) a set of obligations. May be a component of a policy set
Policy decision point PDP The part of the Privilege Verification Subsystem (PVS) that evaluates applicable policy and renders an authorization decision.
Policy enforcement point PEP The part of the Privilege Verification Subsystem (PVS) that performs access control, by making decision requests and enforcing authorization decisions.
Privilege Management Infrastructure PMI Similar to PKI except for authorization.
Privilege Verification Subsystem PVS Decision Engine consisting of PEP and PDP.
Public Key Certificate PKC An electronic document that using a digital signature binds together a public key and an identity. As an analogy, if an AC corresponds to a visa, a PKC corresponds to a passport.
Public Key Infrastructure PKI Binds public keys with respective user identities by means of a CA.
Role Based Access Control RBAC A model for controlling access to resources where permitted actions on resources are identified with roles rather than with individual subject identities.
Resource Data, service or system component
Role Type of attribute that is typically used to signify the position that someone has in an organisation.
Source of Authority SOA Root of trust, issues ACs and may have subordinate AAs.
Subject An actor who wants to perform an action on a target.
Target A resource on which a subject tries to perform an action.
X.500 Series of computer networking standards covering electronic directory access. Similar to LDAP.
X.509 Standard for public-key and attribute certificate frameworks (PKI, PMI, SSO).