Access Control

An access control limits the use of a resource. Only those people, programs or devices that are specifically permitted to use the resource will have access. In addition, an access control will usually limit use to specific types of access; someone can read a file but not change it, for example.

Access Management

Access Management is the set of technologies, processes, rules, policies, etc. that provides the real-time enforcement of access control. That is, the mechanisms and procedures by which access to systems, applications, services, etc. is permitted to some users and not to others. This can operate at the macro level:

E.G. all state employees (and only state employees) may access a given resource. It can also be implemented

with fine granularity: e.g. certain people in the organization are permitted access to the priveleged Groups Management System, but of these only a few may create new Groups, and once a Group is created, only a subset of those people are permitted to manage content on the Group site.

Authentication

Validation of identification credentials. This is a process where a person, device or a computer program proves their identity in order to access environments, systems, resources and information. The person’s identity is a simple assertion, the login ID for a particular computer application, for example. Proof is the most important part of the concept and that proof is generally something known, like a password; something possessed, like your ATM card; or something unique about your appearance or person, like a fingerprint.

Authorization

The act of granting a person or other entity permission to use resources in a secured environment. This is usually tightly linked to authentication. A person or other identity first authenticates and then is given pre-determined access rights. They now have the authority to take specific actions.

CA

A certification authority holds a trusted position because the certificate that it issues binds the identity of a person or business to the public and private keys (asymmetric cryptography) that are used to secure most internet transactions.

Credentials

Credentials are the components or attributes of identity that are assessed to prove a person, device, or computer program is who they claim to be. Common credential stores include databases, directories and smart cards.

Digital Certificate

In general use, a certificate is a document issued by some authority to attest to a truth or to offer certain evidence. A digital certificate is commonly used to offer evidence in electronic form about the holder of the certificate. In PKI it comes from a trusted third party, called a certification authority (CA) and it bears the digital signature of that authority.

Directory Service

A directory service, in the technical sense, is very much like a directory service in the real world. A real-world directory service lets you look up a telephone number when you know someone’s name and location.

In the same way, directory services on computers let you look for other computers, e-mail addresses, files and folders, and many other objects and attributes.

Identification

Represents the use of an identifier that allows a system to recognize a particular subject and distinguish it from other users of the system.

Identity Attributes

Identity information collected during identity proofing for future use by the system. In this instance, identifying information (i.e., employer name, job title, affiliations, etc) carried in a claim to help distinguish an individual’s rights to a system.

Identity Management

Identity Management is the set of technologies, practices, and procedures that create and assign an identity credential to an individual person, computer, or asset. These may include: identity proofing procedures, account provisioning/credential creation and issuance, password setup, password strength rules, level-of-assurance assessment, password change management (self-service, helpdesk-mediated), password expiration, identity matching, authentication role management, rights management, metadirectory management, etc. All of this serves to support a more or less reliable assertion that a given credential belongs to a known person, and to the extent they keep their credential private, is used only by that person.

Identity Proofing

Identity proofing is the process of validating the claimed identity of an individual. It is central to a secure and authoritative process for the issuance and use of identity credentials.

Identity proofing can be accomplished through a variety of processes that establish a history of identity by collecting identity information (e.g. personal, demographic, and biographical information) and validating the accuracy and legitimacy of the information collected by conducting a face-to-face interaction and/or verifying the validity of identity source documents against third-party databases.

Level of Assurance

Level of Assurance describes the degree of certainty that the user has presented a valid set of identifier attributes (credentials, etc.) that refer to his or her identity. In this context, assurance is defined as:

The degree of confidence in the vetting process used to establish or validate the identity of the individual to whom the credential was issued, therefore establishing the degree of confidence (assurance) the person who accepts the credential should have, that the provider is the individual to whom the credential was issued.

Metadirectory Management

The set of technologies, processes, rules, policies, etc. that facilitate the consolidation, creation and management of central repositories for verification of user identity, data and access control). This can be a physical or virtual directory implementation.

Password Management

Processes, functions and features involved in the creation, issuance, control and change of identity

credentials.

Provisioning

Account provisioning describes the tasks and framework for authorizing and documenting access, privileges and rights. Provisioning components span across both Administration (IdM systems) and Real-Time Enforcement (Access Management).

PKI

Public-Key Infrastructure is the infrastructure needed to support asymmetric cryptography. At a minimum, this includes the structure and services needed to do the following:

• Register and verify identities

• Build and store credentials

• Certify the credentials (issue digital certificates)

• Disseminate the public key

• Secure the private key and yet make it available for use

Role-Based Security

Authorization to system resources based on a users defined role within the system. Role definitions are typically unique to a system (i.e., Admin, Reader, Writer, etc) and provide access control to restricted resources. Additionally, Group Security is the ability to assign a role or access controls to a group of users.

Role Management

The creation and management of user roles, affiliations, relationships, etc. that drive access rights and entitlements.

SSO

Single sign-on describes the ability to use one set of credentials, an ID and password or a passcode for example, to authenticate and access information across system, application and even organizational boundaries. It may be called Web SSO when everything is accessed through a browser.

Tier one

Business processes, data, or technologies that are common for the state. The various elements that are defined in the statewide Enterprise Architecture are comprised of business processes, data, or technologies.

Those EA elements can be categorized into different tiers depending on the degree to which they should be common, and what other en
tities with which they should be common. A description of the state’s Tiers is available at: http://isb.wa.gov/committees/enterprise/concepts/

Token

A token (sometimes called a security token) is an object that controls access to a digital asset. Traditionally, this term has been used to describe a hardware authenticator, a small device used in a networked environment to create a one-time password that the owner enters into a login screen along with an ID and a PIN. However, in the context of web services and with the emerging need for devices and processes to authenticate to each other over open networks, the term token has been expanded to include software mechanisms, too.

www.bestitdocuments.com