Date

By Whom

What

21 Jan 2001  v00

Jeff Hodges

Created.

8 Feb 2001 v01

Jeff Hodges

Added variouis terms supplied by Bob Blakley and others culled from S2ML 0.8a doc.

9 Feb 2001 v01

Jeff Hodges

Cleaned up refs, added refs, added definitions, enhanced or otherwise mangled others.

AA or AAA

“Authentication and Authorization”, or “Authentication, Authorization, and Accounting (or Auditing)” – each of the “A”s being a general class of security mechanism. These mechanisms are key building blocks for implementing security architectures.

ACI

See Access Control Information

ADF

See Access Decision Function

ADI

See Access Decision Information

AEF

See Access Enforcement Function

AP

See Asserting Party

AAA Administrative Component

An AAA system component whose users are typically administrators and whose function is mangement of various aspects of a AAA system deployment.

AAA Service

A network service providing AAA functionality.

AAA Server

A system entity that is also an AAA system component whose function is to make policy decisions on behalf of requesters. It accepts and answers queries via some network protocol (TBD). It may or may not rely on information stored in a (external) repository, e.g. in a directory service, or a RDBMS, etc. [23]

This component may act in these roles:

AAA System

A set of AAA system components implementing a network service delivering a AAA service. ?

AAA System Component

A system entity that is one of the identifiable components of embodiments of AAA systems. ?

AAA System Deployment

An instance of a deployed AAA system. An AAA System Deployment is typically hosted within and delivers service to a given administrative domain, It also may be utilized to provide services to other administrative domains.

Access

The ability and means to communicate with or otherwise interact with a system in order to use system resources to either handle information or gain knowledge of the information the system contains. (definition from [1] )

Access Control

1. Protection of system resources against unauthorized access; a process by which use of system resources is regulated according to a security policy and is permitted by only authorized system entities (users, programs, processes, or other systems) according to that policy. (definition from [1] )

2. The prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner   [9]

Access Control Decision

? The decision arrived at as a result of evaluating the requester’s identity, the requested operation, and the requested resource in light of applicable security policy. (surprisingly enough, not explicitly defined in [10] )

Access Control Information

Any information used for access control purposes, including contextual information [10].

Access Control Factors

A request, when it is being processed by a server, may be associated with a wide variety of security-related factors (e.g. section 4.2 of [17]). The server uses these factors to determine whether and how to process the request.  These are called access control factors (ACFs).  They might include source IP address, encryption strength, the type of operation being requested, time of day, etc.  Some factors may be specific to the request itself, others may be associated with the connection via which the request is transmitted, others (e.g. time of day) may be "environmental". [25]

Access Control Policy

The set of rules that define the conditions under which an access may take place [10].

Access Control Policy Rules

Security policy rules concerning the provision of the access control service [10].

Access Control Request

See access request.

Access Decision Function

A specialized function that makes access control decisions by applying access control policy rules to an access request, Access Decision Information (of initiators, targets, access requests, or that retained from prior decisions), and the context in which the access request is made [10].

Access Decision Information

The portion (possibly all) of the Access Control Information made available to the Access Decision Function in making a particular access control decision [10].

Access Enforcement Function

A specialized function that is part of the access path between an initiator and a target on each access control request and enforces the decision made by the Access Decision Function [10].

Access Path

? (haven’t been able to find a concise def for this with a modicum of looking)

Access Request

the operations and operands that form part of an attempted access. [10]

Active Role

?   A role that an actor has donned when performing some operation, e.g. accessing a resource.

Actor

? From [2]: A computational entity (i.e. system entity) utilizing security services. Examples of actors include application servers, application programs, security services (?), transport and message-level interceptors etc.

Perhaps actor is effectively synonymous with system entity.

Administrative Domain

An environment or context that is defined by some combination of administrative policies, Internet Domain Name registration(s), civil legal entity(ies) (e.g. individual(s), corporation(s), or other formally organized entity(ies)), plus a collection of hosts, network devices and the interconnecting networks (and possibly other traits). An Administrative Domain may contain or define one or more security domains. An administrative domain may encompass a single site or multiple sites. The traits defining an Administrative Domain may, and in many cases will, evolve over time. Administrative Domains may interact and enter into agreements for providing and/or consuming services across Administrative Domain boundaries.

Administrator

A person who installs, maintains, and/or makes use of the resources of a AAA System Deployment for system management and/or user management and/or content management purposes (as opposed to application purposes. See also End User). An administrator is typically affiliated with a particular administrative domain and may be affiliated with more than one administrative domain. See also deployer, business administrator, and local administrator.

Anonymity

The quality or state of being anonymous.

Anonymous

The condition of having a name [or identity] that is unknown or concealed. [1]

Application Server

A software system run on a host that provides an execution environment for higher-level applications, for example business-oriented apps.

Assertion

? A piece of data constituting a declaration of identity or authorizations. See also: credential.

"Data that is transferred to establish the claimed identity of an entity." [9]

Asserting Party

?  An AAA system component performing a role wherein it generates assertions on behalf of other actors.

Attack

An assault on system security that derives from an intelligent threat, i.e., an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system. (definition from [1]).

Attribute

A distinct characteristic of an object. An object’s attributes are said to describe the object. Objects’ attributes are often specified in terms of their physical traits, such as size, shape, weight, and color, address, phone number, etc., for real-world objects. Objects in cyberspace might have attributes describing size, type of encoding, network address, etc. Which  attributes of an object are salient is decided by the beholder.

Attributes are of various types, and are often represented by an attribute name along with one or more attribute values. See also Attribute Value Assertion, entry. [11] [17]

Attribute Name

The human-palatable name associated with a particular attribute type. 

Attribute List

A data structure consisting of lists of  attribute value assertions (aka name-value pairs).  [12]

Attribute Type

An attribute type typically governs whether an attribute is single- or multi-valued, the syntax to which the values must conform, the kinds of matching which can be performed on values of that attribute, and other functions. [17]

Attribute Value

An attribute value is one or more pieces of data, encoded according to the syntax of the attribute’s type. [17]

Attribute Value Assertion

An Attribute Value Assertion is an assertion with the general abstract form of “attribute type IS attribute value”. [17]

Audit

Independent review and examination of records and activities to determine compliance with established usage policies and to detect possible inadequacies in product technical security policies of their enforcement. [8]

Audit Identity

An identity attribute containing an identity used only for accountability purposes (ECMA 219). [13]

Authc

See Authentication

Authn

See Authentication

Authz

See Authorization

Authentication

Authentication is the process of confirming an entity’s asserted identity with a specified, or understood, level of confidence. [7]

The process of verifying an identity claimed by or for a system entity. [12]

Authority

An identified computer-based entity which implements a security service (e.g. creation of PACs). [12]

Authorization

?   The process of determining what types of activities are permitted. Usually, authorization is in the context of authentication. Once you have authenticated an entity, the entity may be authorized different types of access or activity.  [8]

<rough>The “act of authorization” is when an AEF acts upon information received from an ADF.</rough>

The granting of access rights to a subject (for example, a user, or program). [12]

Authorization Assertion

? In concept an authorization assertion is a statement of policy about a resource, such as:

the user "noodles" is granted "execute" privileges on the resource "/usr/bin/guitar.”

Authorization Identity

? import from rfc2829 and rfc2222

Authorized

A system entity or actor is “authorized” if it is granted a right or a permission or a capability to access a system resource. See also authorization.

Capability

A token that gives its holder the right to access a system resource. Possession of the token is accepted by the access control mechanism as proof that the holder has been authorized to access the resource named or indicated by the token. [12]

Clearance

Initiator-bound ACI that can be compared with security labels of targets [10].

Context

See Contextual Information.

Contextual Information

Information about or derived from the context in which an access request is made (e.g. time of day). [10]. Effectively synonymous with access control factors.

Control Attribute

Attributes, associated with a security object that, when matched against the privilege attributes of a security subject, are used to grant or deny access to the security object. [19]  ?

Credential

Data that is transferred or presented to establish either a claimed identity or the authorizations of a system entity. (See also: assertion, authentication information, capability, ticket.)  [1]

"Data that is transferred to establish the claimed identity of an entity." [9]

Decision

The response of an Access Decision Function to a decision request [12].

Decision Request

The message an Access Enforcement Function sends to an Access Decision Function to ask it whether a particular access request should be granted or denied [12].

Deployer

An administrator in the act of, and/or (sometimes) primarily responsible for deploying a particular system or systems in an administrative domain’s network infrastructure.

Deployment Time

The time at which a product is actually configured, tested, and/or put to use, as opposed to its being in the vendor’s development pipeline or in transit between the vendor and a customer. See also site-specific.

DMZ

“DMZ” is from the military term for an area between two opponents where fighting is prevented. See also [6] and DMZ network.

DMZ network

DMZ network is a commonly-used, equivalent term for (see also) perimeter network.

DNS

See Domain Name System.

Domain Name System

The general-purpose distributed, replicated, data query service used on the Internet for translating host names into Internet addresses. See [6].

End User

An entity, usually a human individual, that makes use of resources for application purposes (as opposed to system management purposes. See Administrator).

End User’s Computer

A host that an end user makes use of for general computational, application, and communication purposes.

End User Profile

Variouis attributes and attribute values, mapped to a given end user. User attributes are stored in the profile, e.g. identifier(s), name(s), contact information, organizational information, computing infrastructure information, etc.

End User System

Typically the combination of: an End User, plus the End User’s computer, plus the browser running on that computer. The term “EU System” is used in this document, rather than just the terms “client” or “user” because given the many-tiered architecture, there are many components that act as clients of other components.

Entitlement

A data structure containing Access Decision Information and/or access control policy rule information in a form which can be used by applications to customize their behavior based on access control policy or to make access control decisions in their own code [12].

Entity

See System Entity.

EU System

A contraction for End User System.

EUS

See End User System.

External Network(s)

Networks outside one’s administrative domain and (in typical usage of the term) with which one’s networks are connected.

Extranet

The part of a company or organization's computer network which is available to outside users, for example, information services for customers and/or suppliers (definition from [14] ). See also extranet in [6].

Firewall

A firewall is a device that gives an administrative domain a means to control how their internal network(s) interact with external networks.

Firewall boundary

A commonly-used term referring to a security perimeter that is largely defined by the existence of a firewall.

Host

A computer that is attached to a communication subnetwork or internetwork and can use services provided by the network to exchange data with other attached systems. A host is distinguished from other similarly connected and addressable devices on the network, e.g. routers, in that it doesn’t forward Internet Protocol packets that are not addressed to it. A host may be either an end user’s computer or a server.

HTTP

See Hypertext Transfer Protocol.

Hypertext Transfer Protocol

A protocol for distributed, collaborative, hypermedia information systems. It is the protocol used by web browsers to communicate with web servers, when the browsers process URLs specified as  “http://host…”. See also RFC1945 [15] and RFC2616. [16]

Identity

A representation (e.g. a string) uniquely mapped to an entity (e.g. an end user, an administrator, or some process, or some network device).

Initiator ACI passed to the aznAPI. [aznAPI] uses the term to describe anything used as initiator ACI, including names, identity certificates, and capabilities. Note that this usage is unique to [aznAPI] and should not be confused with other uses of the term "identity" in other systems [12].

IETF

See Internet Engineering Task Force.

Initiator

An entity (e.g. human user or computer-based entity) that attempts to access other entities [10].

Intermediary

An entity which, after receiving an access request from an initiator, issues another access request on that initiator’s behalf [12].

Internal Network

See Intranet.

Intranet

A local area network which may not be connected to the Internet, but which has some similar functions. Some organizations set up World Wide Web servers on their own internal networks so employees have access to the organization's Web documents. (definition from [14]) See also intranet in [6].

IP

Internet Protocol. See also TCP/IP.

Label

A marking that is bound to a protected resource and that names or designates the security-relevant attributes of that resource (derived from [9]).

LDAP

See Lightweight Directory Access Protocol.

Lightweight Directory Access Protocol

A directory access protocol defined in IETF RFCs 2251..2256 (for LDAP version 3). It is largely based on X.500. [17]

MIME

Multipurpose Internet Mail Extensions [18] -- a standard for imparting structure within otherwise “flat” ascii text.

Network-based security

The notion of controlling network access and usage, and consequently protecting hosts from attack, via network routing configuration and filtering, the use of firewalls and similar devices, or some combination thereof. See also [5].

Network Device or Network Element

For the purposes of this document, one of routers, bridges, repeaters, hubs, switches, etc.

Network Service

Work performed (or offered) by a server over a network. This may mean simply serving simple requests for data to be sent or stored (as with web servers); or it may be more complex work, such as that of print servers, distributed file servers, X Windows servers, or application servers. (definition largely from [6])

Network Topology

A configuration of network devices and hosts, and their interconnections.

Operation

The action that an initiator’s access request asks to have performed on a protected resource [12].

Origin Server

The server on which a given resource resides or is to be created.

Origin Site, Originating Site

? The site where the origin server resides.

PAC

See Privilege Attribute Certificate.

Package

= assertions [+ entitlements] + payload  ?

Party

? An actor or actors participating in some process, such as accessing a resource. See also: system entity, user.

Passive Role

?   A role that a resource effectively dons when it is the object of some operation.

Payload

The essential data that is being carried within a packet or other transmission unit. The payload does not include the "overhead" data required to get the packet to its destination. Note that what constitutes the payload may depend on the point-of-view. To a communications layer that needs some of the overhead data to do its job, the payload is sometimes considered to include the part of the overhead data that this layer handles. However, in more general usage, the payload is the bits that get delivered to the end user (or whatever entity) at the destination. [26]

Perimeter Network

A network between external networks and internal networks whose explicit role is to facilitate creation and management of additional layer(s) of security (as compared to not having a perimeter network). Also sometimes called a DMZ network. See also [5].

Perimeter Security

Network-based security applied at the perimeter of one’s security domain. See also [5].

Policy, Policies

Concisely, a policy is a mapping of user credentials with authority to act [8]. Policies are often essentially access control lists [8].

Principal

?   A uniquely named client or server instance that participates in a network  communication. [RFC1510]

Privilege Attribute

An attribute associated with an initiator that, when matched against control attributes of a protected resource is used to grant or deny access to that protected resource (derived from ECMA TR/46 definition). [19]

Privilege Attribute Certificate

A data structure containing privilege attributes. May be signed by the authority which generated it [12].

Protected Resource

A target, access to which is restricted by an access control policy [12].

Protected Web Resources

Web resources whose availability to requesters is being managed, i.e. protected, via some access control mechanism.

RP

See Relying Party.

Receiving Site

?    A site that receives, interprets, and acts according to security assertions. Essentially synonymous to relying party.

Relying Party

?   One who is making a decision contingent upon information or advice from another entity. E.g. an entity that is relying upon various security assertions about some other party(ies), made by yet another party(ies).

Resource

Synonymous in this document for System Resource.

Request

?   What clients make to servers. (need to enhance this ;)

Requester

As in “service requester”, or “requester of resources”. A system entity that is utilizing a protocol to request services from a service. Essentially functionally equivalent to the term client.

Risk

(a) In the computer system and networking sense: An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result. (b) More generally: possibility of loss or injury.

Risk Analysis

Risk analysis involves determining what you need to protect, what you need to protect it from, and how to protect it. It is the process of examining all of your risks, then ranking those risks by level of severity. For example, see the Risk Assessment section of Chapter 2 in [22].

Role

?   Dictionaries define a role as “a character or part played by a performer” or “a function or position.” Actors don various types of roles serially and/or simultaneously, e.g. active roles and passive roles. The notion of an Administrator is often an example of a role.

Scrutinize

To examine or observe with great care; inspect critically.

Secure Sockets Layer

A network session-layer protocol which can be sandwiched between application-layer protocols, such as LDAP and HTTP, and the underlying transport protocol, TCP. SSL features facilities for mutual authentication of the client and server, as well as session encryption and integrity protection. See  [20].

Security

Security refers to a collection of safeguards that ensure the confidentiality of information, protect the system(s) or network(s) used to process it, and control access to it (them). Security typically encompasses the concepts/topics/themes of secrecy, confidentiality, integrity, and availability.It is intended to ensure that a system resists potentially correlated attacks. (definition from [7])

Security Architecture

A plan and set of principles for an administrative domain and its security domains that describe (a) the security services that a system is required to provide to meet the needs of its users, (b) the system elements required to implement the services, and (c) the performance levels required in the elements to deal with the threat environment. A complete system security architecture addresses administrative security, communication security, computer security, emanations security, personnel security, and physical security. It prescribes security policies for each. A complete security architecture needs to deal with both intentional, intelligent threats and accidental kinds of threats. A security architecture should explicitly evolve over time as an integral part of its administrative domain’s evolution. (definition largely from [1]) 

Security Assertion

? An assertion that is typically scrutinized in the context of a security policy.

Security Domain

An environment or context that is defined by security policies, security models, and a security architecture, including a set of system resources and set of system entities that are authorized to access the resources. An administrative domain may contain one or more security domains. The traits defining a given security domain typically evolve over time.

Security Mechanism

The logic or algorithm that implements a particular security-enforcing or security-relevant function in hardware and software. [8]

Security Object

An entity in a passive role to which a security policy applies. [19]

Security Package

? one or more security assertions or credentials combined into a single overall, for example, MIME entity.

Security Perimeter

The boundary of a security domain.

Security Policy

A set of rules and practices specifying the “who, what, when, why, where, and how” of access to system resources by entities (often, but not always, people). Significant portions of security policies are implemented via security services. Security policies are components of security architectures.

Security Requirements

The types and levels of protection necessary for equipment, data, information, applications, and facilities to meet security policy [given the results of a risk analysis]. (definition from [8])

Security Service

A processing or communication service that is provided by a system to give a specific kind of protection to system resources, where said resources may reside with said system or reside with other systems. E.g. an authentication service. Security services typically implement portions of security policies, and are implemented by security mechanisms.

Security Subject

An entity in an active role to which a security policy applies. [19]

Server

Either (1) a host that is used for running applications and or services that are network-accessible. Servers are typically not also used as end users’ computers. See also Server Host; or (2) a process or set of processes running on a host providing a network service.

Server Host

A host on which a network service is being run. For example, the host upon which a web server is being run is a server host.

Service

See Network Service.

Site

A term commonly used to refer to an administrative domain in a geographical sense. Thus site may refer to a particular geographical and/or topological subportion of an administrative domain, or, a site my contain multiple administrative domains, as may be the case at an ASP site.

Site-specific

A thing or a thing’s deployment configuration that is tailored on a site-by-site basis. For example, how a site performs load balancing of incoming HTTP requests to web server hosts is site-specific. From the vendor’s perspective, site-specific decisions are made at deployment time.

SSL

See Secure Sockets Layer.

SSL/TCP/IP

A shorthand notation denoting a protocol stack consisting of the SSL session layer running over the TCP/IP layers. An application layer protocol, e.g. LDAP or HTTP, is typically run on top of the SSL layer (which in turn is running on top of TCP/IP), and uses that layer (SSL) for end-to-end connection security.

Subject

? An identifiable entity. See also security subject.

System Entity

An active element of a system--e.g., an automated process, a subsystem, a person or group of persons--that incorporates a specific set of capabilities. (definition from [1]) 

System Resource

Data contained in an information system (e.g. in the form of files, info in memory, etc); or a service provided by a system; or a system capability, such as processing power or communication bandwidth; or an item of system equipment (i.e., a system component--hardware, firmware, software, or documentation); or a facility that houses system operations and equipment. (definition from [1]) 

Target

An entity to which access may be attempted [10].

A resource an entity attempts to access.

Threat

A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability. A threat can be either "intentional" (i.e., intelligent; e.g., an individual cracker or a criminal organization) or "accidental" (e.g., the possibility of a computer malfunctioning, or the possibility of an "act of God" such as an earthquake, a fire, or a tornado). (definition from [1], See especially [8]) 

TCP or TCP/IP

See Transmission Control Protocol.

Ticket

? Aka a token. Specific example: Kerberos Tickets. See [RFC1510].  A ticket may be a credential.

TLS

See Transport Layer Security.

Token

?  See ticket.

Transmission Control Protocol

The transport-layer protocol used on the Internet and most Internet-connected networks. It is layered on top of the Internet Protocol (IP) and the combination of the two is commonly termed “TCP/IP”.

Transport Layer Security

The IETF version of SSL 3.0. It is essentially/effectively regarded as SSL 3.1. It is specified in RFC2246. A small, but growing, number of servers and clients on the Internet at large presently support it.

Unauthorized

The opposite of a system entity or requester being authorized.

URL

See Uniform Resource Locator.

User

A corporeal human making use of a AAA system component and/or application(s) inhabiting a given administrative domain(s), as a means rather than as an end. (based on “user” from [6]). See also Administrator, End User.

User Profile or User’s Profile

See End User Profile.

Uniform Resource Locator

Defined as “a compact string representation for a resource available via the Internet.” See [21].

Vulnerability

A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy. (definition from [1]) 

Web-based Service

A network service where requesters are typically web browsers being wielded by end-users, and where the content delivered to the end-users’ browsers via the web servers is the network service’s primary end-user interface.

Web Browser

A software application used to locate and display web pages.

Web Resource

Any object (e.g. a file (e.g. a web page), a program, or any other system resource) that is being made available to requesters via a web server. Also known as “web-accessible resource”.

Web Server

A server process running on a server host and answering HTTP requests (at least),and often also several other protocols (e.g. FTP, Gopher). See also HTTP Server in [6]. A web server is typically used to implement a web-based service.

Web Server Host

A host running a web server that is in turn providing some or all of the web resources accessible via the web server. 

Web Service

See Web-based service.