A-Z Glossary of Terms
Technical jargon definitions for common terms used with IdentityServer, our products and components, and services.
ABAC is an evolution of RBAC (role-based access control). RBAC works well in small, simple deployments but tends to fail when you need to scale up or when you have relationships. For example, allow users in the author role to edit documents, but only if they are in the same department as the creator.
ABAC is policy-based in the sense that it uses policies rather than static permissions to define what is allowed or what is not allowed.
Other examples include:
- A user can view a document if the document is in the same department as the user
- A user can edit a document if they are the owner and if the document is in draft mode
- Deny access before 9am
ASP.NET is an open source web framework developed by Microsoft. It lets developers create modern websites and applications.
Client to Authenticator Protocol (CTAP) is a FIDO standard that defines an application layer protocol for communicating with external FIDO authenticators (security keys).
FIDO is a modern standard for user authentication. A FIDO authenticator allows the generation of a cryptographic private/public key pair. Unlike password-based systems where a shared secret (password) is held by both users and the website, the private key never leaves the user’s possession.
A single sign-on open-source framework that enables you ASP.NET Core website to act as an OpenID Provider and OAuth authorization server.
JWT Access Token
JSON Web Token (JWT, sometimes pronounced JOT) is an internet standard for creating structured, JSON-based tokens. OAuth access tokens are typically JWTs and must be signed by the issuer using a private key and validated by the recipient using a public key, to verify integrity.
The National Institute of Standards and Technology (NIST) is a US standards body, that encompasses topics such as cryptography and web security.
A protected resource is something that is protected by an OAuth authorization server, such as IdentityServer. A protected resource is typically an HTTP API.
Role Based Access Control, provides a security model of assigning users and permissions to a role. All users of a given role obtain the permissions associated with the role. RBAC works well for coarse-grained access control.
SaaS means Software-as-a-service but is also known as "on-demand software". SaaS products are typically licensed on a subscription basis. SaaS is hosted centrally in the cloud to reduce the need to download or self-host these applications and websites.
SSO refers to Single Sign-On. SSO is a user authentication service, which lets a user log in with one set of credentials to multiple applications or websites.
Trusted Platform Module (TPM)
A Trusted Platform Module is a chipset mounted onto the motherboard of the computer. It is an international standard for a secure cryptoprocessor a dedicated microcontroller designed to secure hardware through integrated cryptographic keys.
Two Factor Authentication, 2FA
Two-Factor Authentication (2FA) adds another layer of security to protect an account or system. Users must authenticate using two different factors, such as something you know (a password), something you are (biometrics), and something you have (a FIDO security key).
Also known as Multi-Factor Authentication (MFA)
Universal Second Factor (U2F) is the original technology behind FIDO1. FIDO2 builds upon U2F with wider support and the W3C standard WebAuthn.
EXtensible Access Control Markup Language. Created by OASIS, provides a serialization format for defining Attribute-based Access Control (ABAC) policies.