A-Z Glossary of Terms
Technical jargon definitions for common terms used with IdentityServer, our products and components, and services.
ASP.NET is an open source web framework developed by Microsoft. It lets developers create modern websites and applications.
Client to Authenticator Protocol (CTAP) is a FIDO standard that defines an application layer protocol for communicating with external FIDO authenticators (security keys).
FIDO is a modern standard for user authentication. A FIDO authenticator allows the generation of a cryptographic private/public key pair. Unlike password-based systems where a shared secret (password) is held by both users and the website, the private key never leaves the user’s possession.
A single sign-on open-source framework that enables you ASP.NET Core website to act as an OpenID Provider and OAuth authorization server.
JWT Access Token
JSON Web Token (JWT, sometimes pronounced JOT) is an internet standard for creating structured, JSON-based tokens. OAuth access tokens are typically JWTs and must be signed by the issuer using a private key and validated by the recipient using a public key, to verify integrity.
The National Institute of Standards and Technology (NIST) is a US standards body, that encompasses topics such as cryptography and web security.
A protected resource is something that is protected by an OAuth authorization server, such as IdentityServer. A protected resource is typically an HTTP API.
SaaS means Software-as-a-service but is also known as "on-demand software". SaaS products are typically licensed on a subscription basis. SaaS is hosted centrally in the cloud to reduce the need to download or self-host these applications and websites.
SSO refers to Single Sign-On. SSO is a user authentication service, which lets a user log in with one set of credentials to multiple applications or websites.
Trusted Platform Module (TPM)
A Trusted Platform Module is a chipset mounted onto the motherboard of the computer. It is an international standard for a secure cryptoprocessor a dedicated microcontroller designed to secure hardware through integrated cryptographic keys.
Two Factor Authentication, 2FA
Two-Factor Authentication (2FA) adds another layer of security to protect an account or system. Users must authenticate using two different factors, such as something you know (a password), something you are (biometrics), and something you have (a FIDO security key).
Also known as Multi-Factor Authentication (MFA)
Universal Second Factor (U2F) is the original technology behind FIDO1. FIDO2 builds upon U2F with wider support and the W3C standard WebAuthn.