Skip to Content
    • ABAC

      ABAC is an evolution of RBAC (role-based access control). RBAC works well in small, simple deployments but tends to fail when you need to scale up or when you have relationships.  For example, allow users in the author role to edit documents, but only if they are in the same department as the creator.

      ABAC is policy-based in the sense that it uses policies rather than static permissions to define what is allowed or what is not allowed.

      Other examples include:

      • A user can view a document if the document is in the same department as the user
      • A user can edit a document if they are the owner and if the document is in draft mode
      • Deny access before 9am

      ALFA

      Abbreviated Language for Authorization, created by Pablo Giambiagi to provide a human-readable form of OASIS XACML format for defining ABAC policies.  See Wikipedia for more details

      ASP.NET Core

      ASP.NET is an open source web framework developed by Microsoft. It lets developers create modern websites and applications.

    • CTAP

      Client to Authenticator Protocol (CTAP) is a FIDO standard that defines an application layer protocol for communicating with external FIDO authenticators (security keys).

    • FIDO2

      FIDO is a modern standard for user authentication. A FIDO authenticator allows the generation of a cryptographic private/public key pair. Unlike password-based systems where a shared secret (password) is held by both users and the website, the private key never leaves the user’s possession.

    • IdentityServer

      A single sign-on open-source framework that enables you ASP.NET Core website to act as an OpenID Provider and OAuth authorization server.

    • JWT Access Token

       JSON Web Token (JWT, sometimes pronounced JOT) is an internet standard for creating structured, JSON-based tokens. OAuth access tokens are typically JWTs and must be signed by the issuer using a private key and validated by the recipient using a public key, to verify integrity.

    • NIST

       The National Institute of Standards and Technology (NIST) is a US standards body, that encompasses topics such as cryptography and web security.

    • Protected Resource

       A protected resource is something that is protected by an OAuth authorization server, such as IdentityServer. A protected resource is typically an HTTP API.

    • RBAC

      Role Based Access Control, provides a security model of assigning users and permissions to a role.  All users of a given role obtain the permissions associated with the role.  RBAC works well for coarse-grained access control.  

    • SaaS

      SaaS means Software-as-a-service but is also known as "on-demand software". SaaS products are typically licensed on a subscription basis. SaaS is hosted centrally in the cloud to reduce the need to download or self-host these applications and websites.

      SSO

      SSO refers to Single Sign-On. SSO is a user authentication service, which lets a user log in with one set of credentials to multiple applications or websites.

    • Trusted Platform Module (TPM)

      A Trusted Platform Module is a chipset mounted onto the motherboard of the computer. It is an international standard for a secure cryptoprocessor a dedicated microcontroller designed to secure hardware through integrated cryptographic keys.

      Two Factor Authentication, 2FA

      Two-Factor Authentication (2FA) adds another layer of security to protect an account or system. Users must authenticate using two different factors, such as something you know (a password), something you are (biometrics), and something you have (a FIDO security key).

      Also known as Multi-Factor Authentication (MFA)

    • U2F

       Universal Second Factor (U2F) is the original technology behind FIDO1. FIDO2 builds upon U2F with wider support and the W3C standard WebAuthn.

    • WebAuthn

       WebAuthn is a W3C standard and part of FIDO2. WebAuthn is a JavaScript built into most browsers that allow a FIDO relying party or server, to challenge a FIDO authenticator to register or authenticate.

    • XACML

      EXtensible Access Control Markup Language.  Created by OASIS, provides a serialization format for defining Attribute-based Access Control (ABAC) policies.