Identity & Access terms

40 terms

• Identity and Access Management (IAM)

  A discipline and set of technologies for defining digital identities and controlling which resources each identity may access under which conditions.

• Authentication

  The process of verifying that an entity — user, device or service — really is who or what it claims to be before granting access.

• Authorization

  The process of deciding what an already-authenticated identity is allowed to do — which resources, actions and conditions are permitted.

• Accounting (AAA)

  The third pillar of the AAA framework: recording what an authenticated identity did, when, from where and to which resources, for audit and billing purposes.

• AAA Framework

  A foundational access-control model built on three layered functions: Authentication, Authorization and Accounting.

• Single Sign-On (SSO)

  An authentication scheme that lets a user sign in once at a trusted identity provider and then access many applications without re-entering credentials.

• Federated Identity

  An arrangement in which separate organizations or domains trust a common identity provider so users can use one identity across all of them.

• SAML

  An XML-based open standard for exchanging authentication and authorization assertions between an identity provider and a service provider.

• OAuth 2.0

  An open authorization framework that lets a resource owner grant a third-party application limited, scoped access to an API without sharing credentials.

• OpenID Connect (OIDC)

  An identity layer built on top of OAuth 2.0 that lets clients verify a user's identity and obtain basic profile information via signed ID tokens.

• Multi-Factor Authentication (MFA)

  An authentication method that requires two or more independent factors — typically from different categories — before granting access.

• Two-Factor Authentication (2FA)

  A specific form of multi-factor authentication that requires exactly two factors — usually a password plus a second factor — to verify identity.

• One-Time Password (OTP)

  A short numeric code that is valid for only a single login attempt or a brief time window, typically used as a second authentication factor.

• Time-Based One-Time Password (TOTP)

  A one-time password algorithm defined in RFC 6238 that derives a short code from a shared secret and the current time, rotating every 30 seconds.

• HMAC-Based One-Time Password (HOTP)

  An event-based one-time password algorithm defined in RFC 4226 that derives a short code from a shared secret and a monotonically increasing counter.

• Push Authentication

  Push Authentication — definition coming soon.

• Passkey

  Passkey — definition coming soon.

• FIDO2

  FIDO2 — definition coming soon.

• WebAuthn

  WebAuthn — definition coming soon.

• U2F (Universal 2nd Factor)

  U2F (Universal 2nd Factor) — definition coming soon.

• Biometric Authentication

  An authentication method that verifies identity based on unique physical or physiological traits such as fingerprints, faces, irises, or voice patterns.

• Behavioral Biometrics

  A continuous-authentication technique that profiles unique user behaviors — typing rhythm, mouse movements, gait, or touchscreen gestures — to detect impostors.

• Role-Based Access Control (RBAC)

  An authorization model that grants permissions to roles rather than directly to users, so users inherit access by virtue of their role assignments.

• Attribute-Based Access Control (ABAC)

  An authorization model that evaluates policies over attributes of the subject, resource, action, and environment to decide whether to allow an access request.

• Mandatory Access Control (MAC)

  An access-control model in which a central policy — not the resource owner — enforces access decisions based on classifications and clearances assigned to subjects and objects.

• Discretionary Access Control (DAC)

  An access-control model in which the owner of a resource decides who can access it and what operations they can perform.

• Principle of Least Privilege

  A security principle that grants every user, process, or service only the minimum privileges strictly required to perform its function — no more.

• Just-in-Time Access

  An access model that grants elevated or sensitive permissions only for a limited time and a specific task, then revokes them automatically.

• Privileged Access Management (PAM)

  A set of practices and tools that secure, control, monitor, and audit access to accounts and systems with elevated administrative privileges.

• Service Account

  A non-human identity used by an application, script, or service to authenticate to other systems, typically without interactive login.

• Machine Identity

  The cryptographic identity of a non-human entity — workload, device, container, or API client — used to authenticate and establish trust with other systems.

• Kerberos

  A ticket-based network authentication protocol that uses symmetric cryptography and a trusted Key Distribution Center to enable secure single sign-on across services.

• NTLM Authentication

  A legacy Windows challenge-response authentication protocol that proves a user's identity from a stored password hash, now considered weak by modern standards.

• LDAP

  LDAP — definition coming soon.

• Active Directory

  Active Directory — definition coming soon.

• Password

  Password — definition coming soon.

• Passphrase

  Passphrase — definition coming soon.

• Password Manager

  Password Manager — definition coming soon.

• Credential Vault

  Credential Vault — definition coming soon.

• Session Management

  Session Management — definition coming soon.