Extensible Markup Language (XML)

A data object by which a client authenticates to a resource server and lays claim to authorizations for accessing particular resources.

A persistent name identifier that enables federation of separately established accounts among disparate domains (see also account linking and pseudonym)

A form of identity mapping among separate user accounts managed under different domains. The mapping typically involves a name identifier, which can be a pseudonym, to link the user to each account. The identifier is persisted at the SP site to enable seamless SSO/SLO. Additional attributes can be sent with the identifier.

A form of identity mapping by which one or more user attributes is passed in a single sign-on transaction. The attributes are used at the destination site as a means identifying the user and looking up local account information.

Plug-in software that allows Ping products to interact with web applications and authentication systems.

A list of attributes "hard-wired" to an adapter and conveyed generally through cookies between the adapter and application.

In PingOne Authorize, API Access Management addresses the needs of identity and access management (IAM) teams by simplifying common API access control use cases and eliminating the guesswork of OAuth and OpenID Connect (OIDC).

A reference to a SAML protocol message. The federation partner that receives the artifact dereferences it, identifying the sender, and requests the complete message in a separate SOAP transaction.

A SAML XML document that contains identifying information about a particular subject; for example, a person, company, application, or system. A SAML assertion can contain authentication, authorization, and attribute information about the subject.

Distinct characteristics that describe a subject. If the subject is a website user, attributes may include a name, group affiliation, email address, and attributes alike.

A list of attributes, agreed to by the partners in an identity federation, representing information about a user (SAML subject). The attributes are sent from the IdP to the SP during SSO or STS processing.

Matching corresponding attributes between an IdP and an SP to identify federated users or add supplemental user information.

Specific database or directory location containing data needed by an IdP to fulfill a connection partner's attribute contract or by an SP to look up additional attributes to fulfill an adapter contract.

Part of a SAML assertion indicating the intended SP.

An element in a SAML assertion indicating the method or process used by an IdP to authenticate the subject of the assertion; may be used for authorization decisions or auditing compliance.

An OAuth 2.0 authorization request using extension parameters and scopes defined in the OpenID Connect specifications that a relying party (RP, an OAuth client) sends to an OpenID Provider (an OAuth authorization server) for the purpose of authenticating the end user.

A SAML XML document that a service provider (SP) sends to an identity provider (IdP) to request that the IdP to authenticate the identity of an end user and to return a response for the request.

A request based on the OAuth 2.0 Authorization Framework that an OAuth client sends to an authorization server for the purpose of obtaining an access token (for the purpose of ultimately accessing protected resources on a resource server).

A direct, cross-domain communication path using a protocol that doesn't rely on a browser as an intermediary.

A mapping of SAML request and response messages to specific transport protocols (redirect, POST, or artifact).

A digital file used for identity verification and other security purposes. The certificate, which is often issued by a certificate authority (CA), contains a public key, which can be used to verify the originator's identity.

A dedicated outbound provisioning configuration specific to a particular service partner, data source, and target service.

Entities, such as companies, that are part of an identity federation.

Information used to identify a subject for access purposes (for example, username and password). A credential can also be a certificate.

A system for storing and maintaining user account information and attributes.

A database or directory location containing user account records and associated user attributes.

Optional user-initiated delinking of an identity federation that uses a persistent name identifier or pseudonym for account linking.

A process for verifying the identity of the originator of an electronic document and whether the document has been intercepted or altered. The process involves message signing, signature validation, and signing policy coordination between partners.

In PingOne Authorize, Dynamic Authorization allows application owners and stakeholders to leverage real-time data in fine-grained policies that go beyond identity and roles.

One end in a communication channel, typically a URI.

The XML element in a SAML assertion that uniquely identifies an identity provider.