The AARC Glossary provides an overview of terms and acronyms frequently used in the AARC Community, alongside their definitions. Further suggestions of glossary terms are welcome.
Additional terms can be found in https://aarc-community.org/guidelines/aarc-g045/
| Terminology / Acronym | Definition |
|---|---|
| 2FA | Two-Factor Authentication (2FA) is a type of authentication in which there are two steps to authenticate, usually a username/password plus a physical token generator. |
| AAI | Authentication and Authorisation Infrastructure. A service that enables authenticated and authorised access to resources. |
| Attribute | Metadata about the end-user, the service, or other entities. Attributes are used by Service Providers for service provision, including authentication, authorisation, and accounting operations. They may also assist end-user systems in selecting appropriate services. |
| Attribute Authority | A component containing attributes about users and entitled to make statements about entities and assign attributes to them. Attribute authorities can be part of the AAI, an infrastructure proxy, or elsewhere in the federation. |
| Authentication | The process by which a system recognises who you are. When you log in to your university network, you are authenticated. Authentication checks user credentials against an authorised database or authentication server. |
| Authorisation | The process of determining what services or resources a user is permitted to access, based on policies from service providers or relevant authorities. It enforces access control decisions after authentication. |
| Collaboration | A bounded collection of universities, laboratories, institutions, or similar entities that adhere to collaboration policies and offer research infrastructure to a community. |
| Collaboration management | Boards, committees, groups, and/or individuals mandated to oversee and control the collaboration. |
| Collaboration policy | Policies governing the management, operations, and security of the collaboration, including operational security, membership management, and data protection. |
| Community | A group of users organised around a common purpose and jointly granted access to a collaboration. It may mediate access between users and resources. |
| Community AAI | An AAI service managed by a community or its representative, used to assign user roles, rights, and community-specific attributes. |
| Community / Infrastructure ID | A user identity enriched with community or infrastructure attributes for user management at the community or infrastructure level. |
| Community management | A management body responsible for a community, its sub-groups, and the lifecycle of user membership. |
| Community membership policy | A policy governing community membership and access rules. It does not supersede infrastructure or service membership policies. |
| eduGAIN | A SAML inter-federation combining multiple national federations to enable global trust. It publishes metadata of trusted IdPs and SPs, enabling cross-border access to research infrastructure services. |
| Federation | A group of Identity Providers (IdPs) and Service Providers (SPs) that trust each other through shared policies and contracts, enabling authentication, identity verification, and access control. |
| Identity and Access Management (IAM) | A general term for systems that manage digital identities and access, including provisioning, de-provisioning, single sign-on, and authorisation. |
| Identity Assurance | The process of ensuring that a user account corresponds to a real-world identity, combining identity vetting and authentication strength (e.g. MFA usage). |
| Identity Provider (IdP) | An entity responsible for storing, managing, and securing user identities and providing identity services to relying applications within a federation or distributed network. |
| Infrastructure | IT hardware, software, networks, data, facilities, and processes required to develop, deliver, and support services, often with governance and integration across services. |
| Infrastructure service | A service provided by a research infrastructure or e-infrastructure to members of one or more communities, typically receiving user attributes through an infrastructure proxy. |
| MFA | Multi-Factor Authentication, an authentication method requiring two or more independent verification factors. |
| OAuth 2.0 | An open standard authorisation protocol that allows applications limited access to user resources without sharing login credentials, using secure token-based access. |
| OIDC | OpenID Connect, an interoperable authentication protocol built on OAuth 2.0 that enables identity verification and retrieval of user profile information. |
| OIDFed | OpenID Federation, a federation protocol enabling OpenID Connect to leverage identity federations such as eduGAIN. |
| RAF | REFEDS Assurance Framework, which defines assurance levels for identity attributes. |
| REFEDS | The Research and Education FEDerations group, which develops recommendations and best practices for operating identity management federations. |
| Role Based Access Control / Management (RBAC / RBAM) | An access control model in which permissions are assigned to roles rather than individual users, simplifying access management and ensuring consistency. |
| SAML | Security Assertion Markup Language, a standard for exchanging authentication and authorisation data between Identity Providers and Service Providers. |
| SAML Federation | A collection of SAML entities whose metadata is curated and published by a federation, typically organised at a national level. |
| Service (End Service) | A collaboration or infrastructure element that fulfils a user need, such as computing, storage, networking, or software systems. |
| Service Provider (SP) | An entity responsible for the management, deployment, operation, and security of a service. |
| Single Sign-On | A system allowing users to authenticate once and access multiple services within a session. |
| SP-IdP-Proxy | A component that sits between service providers and identity providers, simplifying trust relationships by acting as a single intermediary. |
| User | An individual authorised to access and use services. |
| User identifier | An attribute that uniquely identifies a user within a specific domain or system. A user may have multiple identifiers across domains. |
| WAYF | “Where Are You From”, an AAI component allowing users to select their authentication source (e.g. home organisation). Also known as a Discovery Service. |