Welcome Guest / Please Login




Access Management Systems

Any system that is responsible for mapping individual identities to a set of actions for which that identity has access. In short, an access management system is the engine that determines access to a particular resource (or resources) for a set of users.

Attribute Assertion

The process by which one entity asserts, in a non-repudiatable manner, that an attribute (or attributes) about an individual are accurate. This assertion is often communicated to another entity; that entity must decide if that assertion is trustworthy.


Certificate Authority (CA)

A trusted third-party organization or company that issues digital certificates used to create digital signatures and public-private key pairs.

Certificate Revocation List (CRL)

A signed list indicating a set of certificates that are no longer considered valid by the certificate issuer.

Certificate Signing Request (CSR)

An unsigned certificate for submission to a Certification Authority, which signs it with its private key.


Software keys and passwords as well as other security tokens, such as a proxy or smart card, are forms of credentials used on computers.

Credential Provider

An entity that issues credentials to its members for the purpose of authenticating that individuals identity as well as authorizing him/her to access a particular system.


Discovery Service

Part of the Shibboleth bundle of software that is responsible for connecting an individual user attempting to access a service, with his/her appropriate identity provider. This discovery service is able to read a federation metadata file and generate a web page to enable the user to select the appropriate identity provider.

Domain Name Service (DNS)

One of the core Internet protocols and mechanisms responsible for translating human-readable names (eg "federation.northcarolina.edu") into the binary IP addresses that are actually used to move data packets around on the Internet.


Electronic Identifier

A string of characters or structured data that may be used to reference an electronic identity. Examples include an email address, a user account name, a Kerberos principal name, a UC or campus NetID, an employee or student ID, or a PKI certificate [InCommon_POP].

Electronic Identity

A set of information that is maintained about an individual, typically in campus electronic identity databases. May include roles and privileges as well as personal information. The information must be authoritative to the applications for which it will be used [InCommon_POP].

Electronic Identity Database

A structured collection of information pertaining to a given individual. Sometimes referred to as an "enterprise directory." Typically includes name, address, email address, affiliation, and electronic identifier(s). Many technologies can be used to create an identity database, for example LDAP or a set of linked relational databases [InCommon_POP].

Enterprise Resource and Planning (ERP)

Software used by companies to plan and manage the basic commercial functions of their business, such as budgeting, accounting, human resources, material flows, etc


Identity Attribute

A single piece of information associated with an electronic identity database record. Some attributes are general; others are personal. Some subset of all attributes defines a unique individual [InCommon_POP].

Identity Management System

A set of standards, procedures and technologies that provide electronic credentials to individuals and maintain authoritative information about the holders of those credentials [InCommon_POP].

Identity Provider (IDP)

A campus or other organization that manages and operates an identity management system and offers information about members of its community to other InCommon participants [InCommon_POP].

InCommon Federation

The mission of the InCommon Federation is to create and support a common framework for trustworthy shared management of access to on-line resources in support of education and research in the United States. To achieve its mission, InCommon will facilitate development of a community-based common trust fabric sufficient to enable participants to make appropriate decisions about access control information provided to them by other participants. InCommon is intended to enable production-level end-user access to a wide variety of protected resources. InCommon uses standards-based, SAML-compliant Shibboleth as its federating system.


Level of Assurance (LOA)

The degree of certainty that the user has presented an identifier (a credential in this context) that refers to the user presenting it.


Service Provider (SP)

A campus or other organization that makes on-line resources available to users based in part on information about them that it receives from other Federation participants [InCommon_POP].


An Internet2 project that has created an architecture and open-source implementation for federated identity-based authentication and authorization infrastructure based on SAML



The act of believing something to be true. In this case, the article of belief is the attribute assertion from one participating entity to another. As with any article of belief, level of confidence in this belief stems from the quality of the information and the internal processes of the asserting party.