Extensible Markup Language (XML)

Glossary

bundle
glossary
ft:publication_title
Glossary
Page created: 22 Sep 2020 |
Page updated: 21 Jul 2022
| 1 min read

A structured, hierarchical text format, based on SGML (Standard Generalized Markup Language), for the flexible and organized exchange of data.

XML

access control instruction (ACI)

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022
| 1 min read

An instruction or rule that can be used to grant or deny access to users to perform operations on a server.

access control instruction (ACI)

ACI

access control rule (ACR)

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022
| 1 min read

An instruction or rule that can be used to grant or deny access to users to perform operations on a server.

access control rule (ACR)

ACR

access token

Page created: 21 Feb 2020 |
Page updated: 7 Jul 2022

A data object by which a client authenticates to a resource server and lays claim to authorizations for accessing particular resources.

account link

Page created: 21 Feb 2020 |
Page updated: 7 Jul 2022

A persistent name identifier that enables federation of separately established accounts among disparate domains (see also account linking and pseudonym)

account linking

Page created: 21 Feb 2020 |
Page updated: 7 Jul 2022

A form of identity mapping among separate user accounts managed under different domains. The mapping typically involves a name identifier, which can be a pseudonym, to link the user to each account. The identifier is persisted at the SP site to enable seamless SSO/SLO. Additional attributes can be sent with the identifier.

account mapping

Page created: 21 Feb 2020 |
Page updated: 7 Jul 2022

A form of identity mapping by which one or more user attributes is passed in a single sign-on transaction. The attributes are used at the destination site as a means identifying the user and looking up local account information.

Advanced Package Tool (APT)

Page created: 22 Sep 2020 |
Page updated: 21 Jul 2022
| 1 min read

A software user interface that works with core libraries to install and remove software on several Linux distributions.

APT

Active Directory (AD)

Page created: 22 Sep 2020 |
Page updated: 21 Sep 2021
| 1 min read

A directory service for Windows domain networks, included in most Windows Server operation systems.

Active Directory (AD)

AD

adapter

Page created: 21 Feb 2020 |
Page updated: 7 Jul 2022

Plug-in software that allows Ping products to interact with web applications and authentication systems.

adapter contract

Page created: 21 Feb 2020 |
Page updated: 7 Jul 2022

A list of attributes "hard-wired" to an adapter and conveyed generally through cookies between the adapter and application.

Amazon Web Services (AWS)

Page created: 22 Sep 2020 |
Page updated: 21 Sep 2021
| 1 min read

An Amazon subsidiary providing cloud computing platforms.

Amazon Web Services (AWS)

AWS

API Access Management

Page created: 8 Nov 2022 |
Page updated: 8 Nov 2022

In PingOne Authorize, API Access Management addresses the needs of identity and access management (IAM) teams by simplifying common API access control use cases and eliminating the guesswork of OAuth and OpenID Connect (OIDC).

application programming interface (API)

Page created: 22 Sep 2020 |
Page updated: 20 Jul 2022
| 1 min read

A specification of interactions available for building software to access an application or service.

API

artifact

Page created: 21 Feb 2020 |
Page updated: 7 Jul 2022

A reference to a SAML protocol message. The federation partner that receives the artifact dereferences it, identifying the sender, and requests the complete message in a separate SOAP transaction.

artifact resolution service (ARS)

Page created: 21 Feb 2020 |
Page updated: 7 Jul 2022
| 1 min read

The SOAP endpoint that processes artifacts returned from a federation partner to retrieve the referenced XML message. Can be used to dereference authentication requests, assertion responses, and SLO messages.

artifact resolution service (ARS)

ARS

assertion

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

A SAML XML document that contains identifying information about a particular subject; for example, a person, company, application, or system. A SAML assertion can contain authentication, authorization, and attribute information about the subject.

assertion consumer service (ACS)

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022
| 1 min read

A service provider URL that accepts SAML messages or artifacts to establish a session based on an assertion.

Assertion Consumer Service (ACS)

ACS

attributes

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

Distinct characteristics that describe a subject. If the subject is a website user, attributes may include a name, group affiliation, email address, and attributes alike.

attribute contract

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

A list of attributes, agreed to by the partners in an identity federation, representing information about a user (SAML subject). The attributes are sent from the IdP to the SP during SSO or STS processing.

attribute mapping

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

Matching corresponding attributes between an IdP and an SP to identify federated users or add supplemental user information.

attribute source

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

Specific database or directory location containing data needed by an IdP to fulfill a connection partner's attribute contract or by an SP to look up additional attributes to fulfill an adapter contract.

audience

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

Part of a SAML assertion indicating the intended SP.

authentication context

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

An element in a SAML assertion indicating the method or process used by an IdP to authenticate the subject of the assertion; may be used for authorization decisions or auditing compliance.

authentication request (OpenID Connect)

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

An OAuth 2.0 authorization request using extension parameters and scopes defined in the OpenID Connect specifications that a relying party (RP, an OAuth client) sends to an OpenID Provider (an OAuth authorization server) for the purpose of authenticating the end user.

authentication request (SAML 2.0)

Page created: 22 Sep 2020 |
Page updated: 29 Nov 2022

A SAML XML document that a service provider (SP) sends to an identity provider (IdP) to request that the IdP to authenticate the identity of an end user and to return a response for the request.

authorization request

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

A request based on the OAuth 2.0 Authorization Framework that an OAuth client sends to an authorization server for the purpose of obtaining an access token (for the purpose of ultimately accessing protected resources on a resource server).

backchannel

Page created: 25 Mar 2021 |
Page updated: 7 Jul 2022

A direct, cross-domain communication path using a protocol that doesn't rely on a browser as an intermediary.

binding

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

A mapping of SAML request and response messages to specific transport protocols (redirect, POST, or artifact).

certificate

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

A digital file used for identity verification and other security purposes. The certificate, which is often issued by a certificate authority (CA), contains a public key, which can be used to verify the originator's identity.

certificate authority (CA)

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022
| 1 min read

An entity that issues digital certificates.

certificate authority (CA)

CA

certificate revocation list (CRL)

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022
| 1 min read

A list of revoked signing certificates, maintained by the issuing authority at a public URL.

certificate revocation list (CRL)

CRL

certificate signing request (CSR)

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022
| 1 min read

A message sent to a certificate authority in order to apply for a digital identity certificate.

certificate signing request (CSR)

CSR

channel

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

A dedicated outbound provisioning configuration specific to a particular service partner, data source, and target service.

classless inter-domain routing (CIDR)

Page created: 22 Sep 2020 |
Page updated: 21 Jul 2022
| 1 min read

A method for allocating IP addresses and for IP routing.

CIDR

client-initiated backchannel authentication (CIBA)

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022
| 1 min read

An extension to OpenID Connect defining a new OAuth grant type where user consent can be requested and granted through an out-of-band authentication flow. CIBA uses direct relying party to OpenID provider communication without redirects through the user's browser.

client-initiated backchannel authentication (CIBA)

CIBA

connection partner

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

Entities, such as companies, that are part of an identity federation.

credential

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

Information used to identify a subject for access purposes (for example, username and password). A credential can also be a certificate.

cross-origin resource sharing (CORS)

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022
| 1 min read

A mechanism to allow restricted resources, such as images and scripts, on a web page to be requested from a domain outside of the domain from which the first resource was served.

cross-origin resource sharing (CORS)

CORS

Common Event Format (CEF)

Page created: 22 Sep 2020 |
Page updated: 21 Sep 2021
| 1 min read

A logging and auditing file format that supports multiple device types.

Common Event Format (CEF)

CEF

database management system

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

A system for storing and maintaining user account information and attributes.

Data Encryption Standard (DES)

Page created: 22 Sep 2020 |
Page updated: 21 Sep 2021
| 1 min read

A symmetric-key method of encryption.

Data Encryption Standard (DES)

DES

datastore

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

A database or directory location containing user account records and associated user attributes.

defederation

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

Optional user-initiated delinking of an identity federation that uses a persistent name identifier or pseudonym for account linking.

digital signature

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

A process for verifying the identity of the originator of an electronic document and whether the document has been intercepted or altered. The process involves message signing, signature validation, and signing policy coordination between partners.

distinguished name (DN)

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022
| 1 min read

A name uniquely identifying an object within the hierarchy of a directory tree.

distinguished name (DN)

DN

Dynamic Authorization

Page created: 8 Nov 2022 |
Page updated: 8 Nov 2022

In PingOne Authorize, Dynamic Authorization allows application owners and stakeholders to leverage real-time data in fine-grained policies that go beyond identity and roles.

endpoint

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

One end in a communication channel, typically a URI.

entity ID

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

The XML element in a SAML assertion that uniquely identifies an identity provider.