The direction of transaction flow from a service or server.
Kerberos
A network authentication protocol to provide strong authentication for client/server applications using symmetric key cryptography and a trusted authentication service (Key Distribution Center). The Key Distribution Center (KDC) authenticates the client and issues tickets allowing access to the server. Kerberos is the default authentication technology used by Microsoft.
Kerberos ticket
Issued to an authenticated client to allow access to a server on the network.
Key Distribution Center (KDC)
The Kerberos Key Distribution Center (KDC) authenticates the client and issues tickets allowing access to a server on the network.
Key Distribution Center
KDC
key size
The length in bits for a key used by a cryptographic algorithm..
key pair
The private key and public key represented by a certificate.
Kubernetes
An open-source system for automating deployment and management of containerized applications.
LDAP Data Interchange Format (LDIF)
An IETF standard file format for representing LDAP directory content and modifications to directory content. Typically used to import and export LDAP-based directory information.
LDIF
Lightweight Directory Access Protocol (LDAP)
An open, cross platform protocol used for interacting with directory services.
LDAP
magic link
A passwordless authentication method that involves the authentication service sending a single-use sign on link to the user by email or SMS.
message authentication code (MAC)
A generated code that authenticates a message’s sender and content.
message authentication code (MAC)
MAC
metadata
A summary description of referenced data.
multi-factor authentication (MFA)
An electronic authentication method where a user is granted access only after presenting two or more verification factors for authentication.
multi-factor authentication (MFA)
MFA
network access server (NAS)
A server accessible using a point-to-point protocol connection that acts as a gateway between an external network and an internal network. Typically used by Radius clients.
network access server (NAS)
NAS
OAuth
A standard framework that enables an application (OAuth client) to obtain access tokens from an OAuth authorization server for the purpose of retrieving protected resources on a resource server.
OAuth authorization server (AS)
The authorizing service in an OAuth framework that issues and manages access tokens for clients to access protected resources.
OAuth authorization server (AS)
OAuth AS
OAuth client
Online Certificate Status Protocol (OCSP)
The protocol used by Certificate Authorities (CAs) to check the revocation status of an X.509 certificate.
Online Certificate Status Protocol (OCSP)
OCSP
one-time passcode (OTP)
A passcode valid for only one sign on or transaction on a computer system or other digital device. Also known as a one-time password, one-time PIN, or dynamic password.
one-time passcode (OTP)
OTP
opaque
Not readable. If a user's subject identifier is opaque, an SSO partner cannot directly identify the user with reference to the source. An persistent identifier, or pseudonym, can be used for account linking.
OpenID Connect (OIDC)
An authentication protocol built on top of OAuth that authenticates users and enables clients (relying parties) of all types to request and receive information about authenticated sessions and users. OIDC is extensible, allowing clients to use optional features such as encryption of identity data, discovery of OpenID Providers (OAuth authorization servers), and session management.
OpenID Connect (OIDC)
OIDC
OpenID Provider (OP)
In OAuth terms, an authorization server (AS). The OP/AS issues access tokens to protected resources for approved clients (relying parties). The clients use the access token to access the protected resources hosted by the OAuth resource server.
OpenID Provider (OP)
OP
orchestration
An orchestration platform visually maps user experiences as no code, drag-and-drop visual flows, which help determine how many screens might be needed, the order in which they should appear, and the components required for each experience.