token translators

Glossary

bundle
glossary
ft:publication_title
Glossary
Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

An aggregate term for both token processors and token generators.

password credential validator (PCV)

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022
| 1 min read

Configures a centralized location for user credential validation. The validator instances can then be referenced by PingFederate.

password credential validator (PCV)

PCV

portal

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

A web-based application, accessed using a web browser, that often aggregates content from multiple providers, serves as a central point of entry, or both.

POST

Page created: 22 Sep 2020 |
Page updated: 21 Sep 2021

An HTTP method used to request that the service or server accept the entity enclosed in the request as an addition to the resource identified in the URI.

primary domain controller (PDC)

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022
| 1 min read

On Microsoft Windows networks, the initial domain controller that maintains the master copy of the directory database and validates users.

primary domain controller (PDC)

PDC

private key

Page created: 8 Nov 2022 |
Page updated: 8 Nov 2022

In public key cryptography, a private key is the secret part of an asymmetric key pair that is typically used to digitally sign or decrypt data. The private key is kept secret by its owner, similar to a password.

protected resource

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

Information, typically accessed through a web URL, that is protected by an access management system.

protocol

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

The rules, syntax, semantics, and synchronization of transactions between entities.

pseudonym

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

A persistent name identifier assigned to a user and shared among entities, usually with the user's permission, to enable SSO and SLO. Pseudonyms are often used with the SAML account linking protocol to enable SSO while preventing the discovery of the user's identity or activities.

public key

Page created: 8 Nov 2022 |
Page updated: 8 Nov 2022

In public key cryptography, a public key is the part of an asymmetric key pair that the owner shares with others to allow them to decrypt digital signatures or encrypted data.

public key infrastructure (PKI)

Page created: 22 Sep 2020 |
Page updated: 8 Nov 2022
| 1 min read

Enables users of an unsecured public network to securely and privately exchange data through the use of key pairs and certificates. The PKI provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates.

public key infrastructure (PKI)

PKI

Remote Authentication Dial-In User Service (RADIUS)

Page created: 22 Sep 2020 |
Page updated: 21 Sep 2021
| 1 min read

A client/server networking protocol providing centralized user management.

Remote Authentication Dial-In User Service (RADIUS)

RADIUS

refresh token

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

A long-lived token used by OAuth clients to obtain a new access token without having to obtain fresh authorization from the resource owner.

relying party (RP)

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022
| 1 min read

An OAuth 2.0 client that requires end-user's authenticity and claims (attributes) from an OpenID provider.

relying party (RP)

RP

<RequestSecurityToken> (RST)

Page created: 22 Sep 2020 |
Page updated: 21 Sep 2021
| 1 min read

WS-Trust or WS-Federation XML element identifying a request for validation of a security token, or for validation and then issuance of a replacement security token.

<RequestSecurityToken> (RST)

RST

<RequestSecurityTokenResponse> (RSTR)

Page created: 22 Sep 2020 |
Page updated: 21 Sep 2021
| 1 min read

WS-Trust or WS-Federation XML element identifying a response to an RST and containing either the status of the submitted security token or both the status and (if requested and the received token is valid) a newly issued token for further SSO or web-services processing.

<RequestSecurityTokenResponse> (RSTR)

RSTR

REST API

Page created: 8 Nov 2022 |
Page updated: 8 Nov 2022

An application programming interface (API) that conforms to the design principles of the representational state transfer (REST) architectural style.

resource server

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

In OAuth, a server that hosts protected resources and can accept and respond to resource requests from clients presenting a valid access token.

SAML authority

Page created: 22 Sep 2020 |
Page updated: 21 Sep 2021

A security domain that issues SAML assertions.

SAML profiles

Page created: 22 Sep 2020 |
Page updated: 21 Sep 2021

Rules that describe how to embed SAML assertions into and extract them out of other protocols in order to enable SSO or SLO. Profiles describe SAML request and response flows that fulfill specific use cases.

SAML redirect

Page created: 22 Sep 2020 |
Page updated: 21 Sep 2021

A SAML binding that conveys a request or response by sending the user's browser to another location. For instance, an authentication request can be sent from an SP through a browser to an IdP.

scope

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

In OAuth, a parameter on an access request and resulting, issued access token that specifies a limitation or limitations on access to the protected resource or resources.

software development kit (SDK)

Page created: 10 Oct 2022 |
Page updated: 11 Nov 2022
| 1 min read

A set of tools that allows a developer to build a custom application that integrates with or connects to a platform or service.

SDK

Secure Shell (SSH)

Page created: 22 Sep 2020 |
Page updated: 21 Jul 2022
| 1 min read

Protocol for secure operation of network services over an unsecured network.

SSH

Secure Sockets Layer (SSL)

Page created: 22 Sep 2020 |
Page updated: 21 Jul 2022
| 1 min read

A protocol for authenticated and encrypted links between networked machines, typically over HTTPS. SSL was deprecated in 1999 in favor of Transport Layer Security (TLS).

SSL

Security Assertion Markup Language (SAML)

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022
| 1 min read

A standard, XML-based, message-exchange framework enabling the secure transmittal of authentication tokens and other user attributes across domains.

SAML

security domain

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

An application or group of applications that trust a common security token used for authentication, authorization, or session management. The token is issued to a user after the user has authenticated to the security domain.

security token

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

A collection of information used to establish acceptable identity for security purposes. Tokens can be in binary or XML format. A SAML assertion is one kind of security token.

Security Token Service (STS)

Page created: 22 Sep 2020 |
Page updated: 21 Sep 2021
| 1 min read

An entity responsible for responding to WS-Trust requests for validation and issuance of security tokens used for SSO authentication to web services.

Security Token Service (STS)

STS

service-oriented architecture

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

A loosely coupled application architecture in which all functions or services are accessible using standard protocols. Interfaces are platform and programming-language independent.

service provider (SP)

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022
| 1 min read

In SAML, an entity that receives and accepts an authentication assertion issued by an identity provider (IdP), typically for the purpose of allowing access to a protected resource.

service provider (SP)

SP

session persistence

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

A mechanism for identifying a user or browser for subsequent requests to a server, needed because the HTTP protocol is stateless. This information is used to look up state information for the user. (For example, items in a shopping cart.)

A client session is persisted by directing the client to the same backend server or host for the duration of the session.

Simple Object Access Protocol (SOAP)

Page created: 22 Sep 2020 |
Page updated: 21 Jul 2022
| 1 min read

A program and platform-independent messaging protocol for the exchange of structured (XML) information, generally over HTTP. Most often used to invoke web services and process responses.

SOAP

single logout (SLO)

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022
| 1 min read

The process of signing a user out of multiple sites where the user has started a single sign-on (SSO) session.

single logout (SLO)

SLO

single logout return service

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

The SAML implementation endpoint URL that returns logout requests.

single logout service

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

The SAML implementation endpoint URL that receives logout requests for processing

single sign-on (SSO)

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022
| 1 min read

The process of authenticating an identity (signing on) at one website (usually with a user ID and password) and then accessing resources secured by other domains without re-authenticating.

single sign-on (SSO)

sso

single sign-on service

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

A service that implements SSO. In SAML, this is an endpoint that receives and processes authentication requests.

source ID

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

A 20-byte sequence used to determine an identity provider's (IdP) identity.

SP-initiated SLO

Page created: 22 Sep 2020 |
Page updated: 21 Sep 2021

In SAML, an identity-federation transaction in which the initial action for single logout (SLO) occurs at a the service provider (SP) site.

SP-initiated SSO

Page created: 22 Sep 2020 |
Page updated: 21 Sep 2021

In SAML, an identity-federation transaction in which the initial action for single sign-on (SSO) occurs at a the service provider (SP) site.

subject

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

A person, computer system, or application. In the SAML context, assertions make statements about subjects.

System for Cross-domain Identity Management (SCIM)

Page created: 22 Sep 2020 |
Page updated: 21 Sep 2021
| 1 min read

An application-level, HTTP-based protocol for provisioning and managing user identity information. SCIM supplies a common schema for representing users and groups and provides a REST API.

System for Cross-domain Identity Management (SCIM)

SCIM

target URL

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

In SAML, the destination on a service provider (SP) to receive single sign-on (SSO) events.

time-based one-time passcode (TOTP)

Page created: 29 Nov 2022 |
Page updated: 29 Nov 2022
| 1 min read

A temporary passcode generated by an algorithm that uses the current time of day as one of its authentication factors. Typically, an app or hardware token generates a six-digit passcode that is valid for less than 1 minute.

time-based one-time passcode (TOTP)

TOTP

transient name identifier

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

A temporary ID used to preserve user anonymity while facilitating account linking.

token authorization

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

A mechanism for evaluating attribute criteria available during a transaction to determine whether a user is authorized to access resources. A token in this instance can mean any type of security token, such as SSO, session cookie, or OAuth token.

token exchange

Page created: 22 Sep 2020 |
Page updated: 7 Jul 2022

The process by which a security token is exchanged for another security token.