The network access but also the access and/or access possibility to data stored in a memory.
Access Control Entries- ACE
Is an entry in an access control list and describes the access rights that belong to a specific security ID (SID). The access control entry is evaluated by the operating system to determine the effective access for a particular program based on the permission.
Access Control List- ACL
Is a software technique used by operating systems and application programs to restrict access to data and functions. An ACL determines the extent to which individual users and system processes have access to certain objects.
Access Management grants authorized users the right to use a service while preventing unauthorized users from accessing it.
Access Service Provider
Entity that performs the entire authentication and authorization process and makes the final decision about access based on the credentials, etc. provided. The access service provider also provides the data required for accounting, billing, and usage-based licensing.
Access and/or access authorization to an IT system. Such a user account consists of a user name and a password.
Adaptiv Access Control- AAC
Adaptive Access Control - an instance of CAAC
An actor abstracted from real users of an information system. It stands for a role that a real user plays in the context of a transaction with the information system.
Application Programming Interface- API
Is a program part that is made available by a software system to other programs for connection to the system.
Artefacts include documents, programs and source codes and deliver intermediate results that are important steps towards a finished and functioning software.
An assurance that a particular user has been successfully authenticated.
Also referred to as inventory management. Is a set of business practices that involve all business areas of the company. Assets include all elements of software and hardware located in the business environment.
In general, the attribute is a characteristic. Attributes are used to describe properties and states of objects.
Attribute / Attributes
Semantic image of a property assigned to a subject that describes the subject in more detail. The identifier and credentials are also attributes. An attribute consists of the meta-attributes attribute name (e.g. "shoe size"), attribute type (e.g. "integer") and attribute value (e.g. "39"). In the case of substitution, the eIdentity of the substitute has a set of attributes of the eIdentity of the represented subject for a certain time.
Attribute Authority (AA)
An attribute authority is a tab or directory containing an attribute service for maintaining attributes and an attribute assertion service for issuing attribute assertions.
Confirmation of an attribute by an Attribute Authority. Corresponds to a SAML 2.0 Attribute Assertion.
A technical entity (service) that issues attributes assertions via a defined interface.
Attribute Based Access Control- ABAC
Bei der attribut basierten Zugriffskontrolle wird den Benutzern auf Grund ihrer Attribute dynamisch Zugang/Zugriff zu den Ressourcen gewährt. vgl. RBAC
Processes for defining, managing and using attributes.
The service attribute maintains one or more up-to-date attributes for defined subjects.
An audit examines whether processes, requirements and guidelines meet the required standards. Such an examination procedure often takes place within the framework of quality management.
a) Verification of policy conformity b) Recording of all actions and decisions to ensure traceability
A confirmation of the successful authentication of a subject.
A technical entity (service) that offers authentication as a service and issues authentication assertions for subjects.
Is the proof (verification) of an asserted property (claim) of an entity, which can be, for example, a human being, a device, a document or information. Authentication is a check of the claimed authentication. Authentication is now the turn of the verifier. He checks the authenticity of the data. In terms of time, "authentication" therefore takes place after "authentication".
The authentication feature can be based on knowledge (password, PIN), ownership (certificate, private key) or on a property (biometric feature e.g. voice, iris image, fingerprint) or on a combination of these features.
Authentication is evidence that a person is actually the person he or she claims to be.
It refers to the ability of a thing, person or organization to be authentic.
Entity that offers authorization as a service.
At runtime, the Service checks compliance with the rights to use the e-resource and allows the subject to use it if it has the appropriate rights.
Authorization is the granting of special rights. If the identification of a person was successful, it does not automatically mean that this person is allowed to use provided services. This is decided by authorization.
Using the bottom-up approach, the existing authorizations on the target systems are analyzed with regard to similarities and standards and assigned to the roles.
Bring your own identity- BYOI
e.g. from Twitter, Facebook, LinkeIn...
This service mediates between the subject, resources and the services of execution time.
Business Process Execution Language- BPEL
Is an XML-based language used to describe business processes whose individual activities are implemented through Web services.
Business Process Integration- BPI
Is an extension of the internal application integration, in the context of which business applications of different enterprises are integrated.
Business Process Management- BPM
Is a systematic method to make business processes in companies more effective, so that they can be adapted to short-term changes. The goal of BPM is to minimize human errors and misunderstandings so that participants can concentrate on the requirements of their task in the company.
Business Process Modeling Language- BPML
Is an XML-based platform-independent meta language for the description of business process models.
Business Process Reengineering- BPR
This refers to the reorganization of business processes in a company.
A digital certificate that certifies the identity of an organization that can issue digital certificates.
Certificate Authority- CA
A certification authority is an organization that issues digital certificates. A digital certificate is used to assign a specific public key to a person or organization. This assignment is authenticated by the certification authority by providing it with its own digital signature.
Certification Authority (CA)
Body that confirms data within an electronic environment and issues digital certificates for this purpose. Synonym: Certification Service Providers (CSP)
Here, all tasks, measures and activities can be summarized that are intended to bring about a comprehensive, cross-departmental and far-reaching change - to implement new strategies, structures, systems, processes or behaviors - in an organization.
A claim is an assertion about a subject that has been confirmed as correct by an official, trustworthy body. Claims can be attributes of a subject or a resource, e.g. "Subject is physician". Claims can also be derived from their attributes, e.g. "subject is 18 years old". Note: The term is currently no longer used in the eCH IAM environment.
Claim Assertion Infrastructure CAI
Infrastructure which is used to securely make available attributes (claims) of users stored in directories or registers with the formal consent of the users.
Claim Assertion Service (CAS)
The Claim Assertion Service is a special Attribute Authority. Its task is to allow the user to confirm properties assigned to him by an organization or registry.
Claim Assertion Service CAS
Term from the SuisseID environment and corresponds to the term Security Token Service STS from OASIS.
A claim set is a collection of claims which, like a single claim, has been confirmed as correct by an official, trustworthy body.
The observance of rules in the form of law and order. IT compliance describes compliance with legal, internal and contractual regulations in the IT landscape.
Means proof of identity and is the umbrella term for means that use systems to identify, authenticate and authorize users who wish to gain access to the system, e.g. RFID badges, PKI chip cards, passwords, PIN codes, one-time passwords, security issues.
Processes for creating and allocating credentials
The Credential Service issues and manages credentials. The credentials can be of different types. A credential refers to an eIdentity and is issued to a specific subject.
Credential Service Provider
Entity that acts as a trusted issuer of electronic certificates or other security tokens (credentials).
Customer Identity and Access Management- CIAM
CIAM systems support the balance between compliance, user consents and an optimal customer experience. In contrast to a classical IAM solution, such a system is not directed inwards but outwards and designed for masses.
Automatic evaluation of large amounts of data to determine certain regularities, laws and hidden correlations
Delegated Management can be used to assign limited management rights to selected users in the organization who are not administrators.
Term for the automated provisioning of IT resources. These can then be released again by deprovisioning.
Real people are represented in the virtual world by their digital identity.
An asymmetric cryptosystem in which a sender uses a secret signature key to calculate a value for a digital message.
Structured data that confirms the owner and other properties of a public key (also certificate or PublicKey certificate).
The directory server is a directory system that contains references to other computer files and possibly to other directories. On many computers, directories are also called folders.
Also called directory domain. Is an authentication database that increases the searchability of structured information offers. Targets directories and lists precisely.
The schema of a directory is a ruleset that defines all object classes and their attributes, such as users, groups, computers, printers, domains, and so on.
A directory service provides a central collection of data of a certain type in a network. The data stored in a hierarchical database can be compared, searched, created, modified and deleted according to the client-server principle.
Directory Service Markup Language- DSML
Administrative / technical community or organization with a common policy.
DNS Domäne- DNS
Also referred to as the "Internet phone book". The Domain Name System is a system for resolving computer names into IP addresses and vice versa. DNS does not have a central database. The information is distributed over thousands of DNS servers.
A domain is an area of interest or a sphere of knowledge identified by a name. The knowledge usually refers to program instances or a certain number of network nodes and addresses.
Representation of a subject. An eIdentity (digital identity) has an identifier (unique name), usually together with a set of additional attributes that can be uniquely assigned to a subject within a namespace. A subject can have multiple eIdentities.
The eIdentity Service issues eIdentities to subjects and manages them.
Enterprise Single Sign-On- eSSO
With Enterprise Single Sign-On, the enterprise can streamline end-user management and enterprise-wide Single Sign-On (SSO) management.
An active element of an IT system, e.g. an automated process or a set of processes, a subsystem, a person or a group of persons with defined functionalities.
Authorization management goes one step further than authentication. Authentication is usually about who is allowed into a network or application. In authorization management, the focus shifts to who can do what as soon as they are in the network or application.
Digital representation of a resource. An eResource has an identifier (unique name, often URL/URI) that can be uniquely assigned to a resource within a namespace. A resource can have multiple e-resources.
The eResource service issues and manages eResources to resources.
Temporary authorization that can be assigned to an eIdentity with the verifiable role (function).
Europäische Datenschutz-Grundverordnung- EU-DSGVO
Is a European Union regulation since 28.05.2018. On the one hand, it is intended to ensure the protection of personal data within the European Union and, on the other hand, to guarantee the free movement of data within the European internal market.
eXtensible Access Control Markup Language- XACML
Is an XML-based OASIS standard.
eXtensible Common Biometric Format- XCBF
Biometric data are used to prove identity based on human characteristics such as DNA, fingerprints, iris scans, hand geometry, etc.
Federated Identity- FIM
Manages and rules that users can use the same identity data across multiple organizations.
A computer and/or network provider agreement that collectively agrees on operational standards.
Granting or denying access to individual functions or data provided by a resource.
Federated Identity Management (FIdM)
Federated Identity Management allows the cross-platform use of eIdentities in normally closed domains. FIdM allows the users of one domain to easily and securely access the systems of another domain without establishing redundant user management.
A characteristic that assigns a subject certain tasks, competencies and responsibilities within an organization. A subject can have several functions (see Role). Examples of functions are: Physician, lawyer, policeman, managing director.
In contrast to a user account, a function account is linked to a function or role instead of a person. The associated mailbox is therefore linked to the function and not to a person. This makes teamwork easier if there is a continuous change of people.
General Data Protection Regulation- GDPR
see Basic Data Protection Regulation
Governance Risk Compliance- GRC
Summarises the three most important levels of action of a company for its successful management.
Graphical User Interface- GUI
Graphical user interface also refers to a form of user interface of a computer. Using graphical symbols to make controls or widgets operable.
Granting or denying access to a resource.
A Help Desk is part of customer service. Is a system that is responsible for support and service requests from users and users, mostly in the software or hardware area.
IAM as a Service- IAMaaS
A system that keeps itself up to date, automatically adjusts capacity to provide the highest possible availability.
Example: Identification is a username, authentication is the password. That is, if you want to authenticate yourself to a system, you must first identify yourself by giving the system your username and then authenticate it by sending the system the corresponding password and it can verify that you are who you claim to be.
A string that uniquely identifies an eIdentity or an eResource within a namespace. The identifier of a resource is often a URL/URI.
Identität / Identity
Identity is the totality of the peculiarities that characterize a subject and, as an individual, distinguish it from all other peculiarities. In the IAM context, the eIdentity of a subject is mainly used.
Identity management is primarily concerned in the world of data processing with the administration of user data assigned to individual persons. The larger an organization is, the more identities and permissions need to be managed.
Identity and Access Management- IAM
IAM systems simplify and automate the capture, control and management of users' electronic identities and associated access rights.
Identity Access and Governance- IAG
IAM umfasst heute mehr als nur Access Management. Omada prägte in den letzten Jahren darum den Ausdruck IAG, welcher das Governance einschliesst.
Identity Governance and Administration- IGA
IAM umfasst heute mehr als nur Access Management. Gartner prägte in den letzten Jahren darum den Ausdruck IGA, welcher das Governance und die Administration einschliesst.
Identity Management System- IMS
Management of all identities and accesses to systems.
Identity Provider- IdP
Is a central logon system to which users of service provider services log on.
Identity Provider (IdP)
Entity that manages and publishes eIdentity. An IdP provides an Authentication Service and usually also an Attribute Assertion Service.
Enable the use and maintenance of identity information across multiple directories.
Als Informationssicherheit bezeichnet man Eigenschaften von informationsverarbeitenden und -lagernden ‚ Systemen, die die Schutzziele Vertraulichkeit, Verfügbarkeit und Integrität sicherstellen. Informationssicherheit dient dem Schutz vor Gefahren bzw. Bedrohungen, der Vermeidung von wirtschaftlichen Schäden und der Minimierung von Risiken.
The installation or implementation of defined structures and processes in a system, taking into account the general conditions, rules and objectives.
Information Life Cycle Management- ILM
Information lifecycle management also includes strategies, methods and applications for providing, developing and storing information automatically and optimally on the most cost-effective storage medium in accordance with its value and use.
Information Security Policy- ISP
Policies issued by an organization to ensure that all information technology users within the domain of the organization or its networks comply with the rules and policies that apply to the security of digitally stored information at any point on the network or within the network.
Inconsistency of data the inconsistency between the data and also the inconsistency of the data to the semantic requirements of this data.
Besides availability and confidentiality, it is one of the three classic goals of information security.
IT Infrastructure Library- ITIL
The Information Technology Infrastructure Library (ITIL) is a collection of pre-defined processes, functions and roles that typically occur in every IT infrastructure of medium-sized and large enterprises.
Word that serves as a label with the aim of correct assignment.
Is a distributed authentication service (network protocol) for open and insecure computer networks.
The Lightweight Directory Access Protocol is an application protocol from network technology. It allows the retrieval and modification of information from a directory service (a hierarchical database distributed in the network) via an IP network.
Life Cycle Management
The administration of an identity at company entry up to change of job or dismissal.
Lightweight Directory Access Protocol- LDAP
Is a network protocol for querying and modifying information from distributed directory services.
In a cross-organizational context, linkedID allows eIdentities from different domains to be related to each other. eIdentities can be linked with linkedIDs to any directed graph.
To log the operation in a computer system to a special service.
Mandatory Access Control describes a system-specific, rule-based access control strategy and is a generic term for concepts for controlling access rights, especially on IT systems. Decisions about access rights are made not only on the basis of the identity of the actor (user, process) and the object (resource to be accessed), but also on the basis of additional rules and properties (such as categorizations, labels, and code words).
Structured data that contains information about characteristics of other data.
A means to enable trust and technical interoperability between SAML components (entities). Can also be used to exchange attribute information.
Consolidates multiple databases into a single, enterprise-wide, consistent LDAP directory. This makes it possible to synchronize multiple directory services.
Domain that controls the collaboration between two or more domains.
metaHub serves as a hub for automated data exchange between the IT systems of various institutions.
Microsoft Identity Manager
Is the latest version of the Microsoft Identity and Access Management product suite and replaces Forefront Identity Manager.
Application-neutral programs that mediate between applications in such a way that the complexity of these applications and their infrastructure are hidden.
Also: two-factor authentication. The access authorization is checked by several independent features (factors).
Scope of application (e.g. a company, a state, a professional community, a language community) for which the meaning of a character string (e.g. identifier) is defined.
OAuth is an open protocol that allows standardized, secure API authorization for desktop, web, and mobile applications. Using this protocol, an end user (user) can allow an application (consumer) to access (authorize) his data managed by another application (service) without revealing all details of his access authorization to the other application (authentication). In this way, the end user can instruct and authorize third parties to increase the utility value of applications. Typically, the transmission of passwords to third parties is avoided.
Omada Identity Suite- OIS
Eine Lösung für ganzheitliches Identity Management & Access Governance.
One time password- OTP
One-time password: Each one-time password is only valid for one use.
Out of Band Authentication - users and servers exchange authentication information via different channels, e.g. login via username/password and additional SMS code.
Open Database Connectivity- ODBC
A standardized database interface that uses SQL as the database language. It therefore provides a programming interface (API) that allows a programmer to develop his application relatively independently of the database management system (DBMS) used, if an ODBC driver exists for it.
Organizational unit consisting of several subjects (legal entity, enterprise, association, office, group of subjects, ...).
Organization for the Advancement of Structured Information Standards- OASIS
Is an international, not-for-profit organization dedicated to the further development of e-business and web services standards.
Also called data owner or data owner. Is responsible for a certain part of the company data. It ensures the implementation of guidelines and standards. It operates within the framework of governance.
Central password management
Also password policies. Passwords must meet a number of guidelines that are considered important for a secure password.
Is a correction delivery to correct errors - usually to close known security gaps - or to retrofit functions that have not been available up to now.
Permission to do/be allowed to do something.
Information about an identified or identifiable person.
a course or principle of action adopted or proposed by an organization or individual.
Written rules and regulations to be observed.
Policy Management Authority- PMA
The PMA is responsible for creating and approving electronic guidelines as well as reviewing the guidelines created by others.
A portal provides its user with various functions, such as personalization, navigation, and user administration.
Proof of Concept- PoC
Part of project development. Serves as a basis for decision-making for the further course of the project.
Manages users, their rights and resources, connections, hardware, software, services, applications, and storage. The goal of an effective provisioning system is to provide the right resources to the right people at the right time.
A person who is able to sustainably improve results for the organization. The ability to build integrated management systems and to conduct coaching sessions.
Public Key Infrastructure- PKI
In cryptology, a system that can issue, distribute and verify digital certificates. The certificates issued within a PKI are used to secure computer-aided communication.
Bei der rollenbasierten Zugriffskontrolle werden Benutzern oder Gruppen von Benutzern eine oder mehrere Rollen zugeordnet. Eine Rolle enthält eine Menge von Berechtigungen (Permissions), die die erlaubten Operationen auf einer Ressource beschreiben. vgl. ABAC
Data structure in which data elements of any data type are combined under a common name. Structuring of data that is related hierarchically. A record that is stored in a file.
A copy of records.
The relationship between tables. Since each table in a database must have a primary key, this primary key can occur in other tables because it is related to data within these tables.
Directories in the administrative language, e.g. the register of residents, the register of lawyers, the register of civil status, the commercial register, etc. As a rule, they are kept by official bodies (authorities).
Registration Authority- RA
The security infrastructure serves as a registration authority for digital certificates. This enables companies and users to exchange information and money securely.
Entry of information in a directory.
Process of a registry in which a subject obtains an eIdentity with associated credential.
Relationales Datenbank-Management-System- RDBMS
Electronic data management. The database language SQL (Structured Query Language) is mainly used for querying and manipulating the data.
Relativ Destinguished Name- RDN
Relative name of an object in an (LDAP) directory service.
Relying Party (RP)
The Relying Party represents the interests of the resource. It uses IAM business services and processes information from IAM service providers to protect its resources. It needs more information about a subject in order to assess the legitimacy of resource access.
The multiple storage of the same data at several different locations or simultaneously on several computers and the synchronization of these data sources.
Directory for storing and describing digital objects for a digital archive.
Service or data that a subject can access once it has authenticated itself and been authorized on the basis of the required attributes. This includes physical resources such as buildings and facilities, the use of which is controlled by IT systems.
Responsible body for the resources managed by the Relying Party (e.g. application manager, service manager, data owner).
also audit-proof archiving
The revocation of an account.
Role Based Access Control- RBAC
Role-based access control (a method and design pattern for access control and control of files and services).
Role Mining, for example, determines which rights a certain role (and its users) had at certain times. Rights and risks are determined on the basis of the rights currently assigned.
a) Subject: A certain number of functions performed by a subject. A subject can be assigned one or more roles.
(b) eIdentity: attributes representing the role/functions of the subject.
c) Entity: Task and purpose of an entity in a Federation. An entity may be assigned one or more stakeholder roles.
Rollenbasierte Zugriffskontrolle- RBAC
Each user on the network has an assigned role, and each role is associated with a set of access rights to resources within the enterprise.
Person responsible for a role. Each business role has a responsible person, the role owner, who must give approval for changes. In short: Role owner
SAP NetWeaver idM
This identity management enables you to control all identities within your organization, not just employees, but contractors, customers, partners and other identities that need access to your organization's applications.
Software Developper Kit
Secure Identity & Access Management- SIAM
Expansion of the IAM to include the "Security" area.
Secure Sockets Layer- SSL
A network protocol for the secure transmission of data.
The highly secure online storage with password manager. SecureSafe is characterized by multiple encryption, triple data protection and zero knowledge architecture for the highest level of privacy protection.
Security Assertion Markup Language- SAML
To exchange authentication and authorization information.
Security Assertion Markup Language (SAML)
SAML (Security Assertion Markup Language) was specified to enable Single Sign-On regardless of manufacturer. SAML is an XML framework that can be used to exchange authentication and authorization information. SAML was standardized by an international consortium and within the framework of OASIS.
A data packet that can be used to authorize access to a resource.
Security Token Service STS
Security Token Service STS is the name given to the infrastructure that is able to generate, sign and provide security tokens in accordance with international standards.
Self Service Administration
Referral of administrative activities to the end user.
Independently use a service and thus represent an interface between the customer and the provider. (Users can decide for themselves which accesses or access authorisations they require).
Service Level Agreement (SLA)
Denotes a contract between the customer and the service provider for recurring services.
Service Operation ensures that IT services are delivered effectively and efficiently.
Also the performance mandate. Is an order to perform a service. It contains a service job for each task to be executed.
Service Provider SP
Corresponds to the term RP in OASIS.
Service Provisioning Markup Language- SPML
Is an XML-based framework for exchanging user, resource, and service provisioning information between cooperating organizations.
A method developed by Internet2/MACE for distributed authentication and authorization for web applications and web services.
Simplification of the login at several systems with the same login information, since the systems carry out the alignment among themselves.
Single Log-Out- SLO
A behavior pattern that allows a central authentication gateway to log off several services simultaneously.
Single Sign-In- SSI
When authentication is complete, authorization allows something to be worked out in the system.
Also translated as: Single sign-on, denotes an authentication procedure. (SSO is therefore an access method for multiple associated but independent applications, where the user only has to log in once instead of entering his access data for each software individually).
Has an embedded microchip. Smartcards are often used in large companies to confirm identities.
SolarWinds Access Rights Manager
Manage and audit access reports across the entire infrastructure.
Can be developer, customer, department or management. Who are actively involved in a project or whose interests can be positively or negatively influenced as a result of project implementation or completion.
A natural person, organization, or service that accesses or wants to access a resource. A subject is represented by eIdentities.
Swiss Trust IAM- STIAM
Swiss Trust IAM - an IAM to support the Federation within Switzerland for eGovernment.
In contrast to asymmetric encryption methods, symmetric encryption methods have only one key. This key is responsible for the encryption as well as for the decryption.
A development process for software is called top-down if the design begins with abstracted objects that are then concretized; the process is bottom-up if individual detail tasks are assumed that are required to complete higher-level processes.
Total Costs of Ownership- TCO
Total operating costs (e.g. software and hardware).
Eine Transaktion ist eine Abfolge von Aktionen,von denen entweder alle oder gar keine ausgeführt werden.
Formally defined trust relationship between responsible bodies, e.g. the formal description of the criteria that must be met for two domains to trust each other.
Alternative name for a CA (Certification Authority).
Is an administrative and communication link between two domains. Trusting between two domains allows user accounts and global groups to be used in a domain other than the domain in which the accounts are defined.
Der Trust Service pflegt die akzeptierten, vertrauenswürdigen IAM Dienstanbieter.
Trusted Third Party
Trustworthy instance, e.g. for managing public keys or certificates.
Level of trust agreed between the parties, which defines security requirements for the processes and the technological components.
Unified Modeling Language- UML
The Unified Modeling Language, short UML, is a graphical modeling language for the specification, construction and documentation of software parts and other systems.
Also known as public-key procedure. This is not about a key, but about a key pair. Consisting of a public key and a private key.
An application case links all possible scenarios that can occur when an actor tries to achieve a certain technical goal with the help of the system under consideration.
Is a person used for authentication as part of authorization checks.
Also called user administration is an activity of an administrator. He assigns user IDs, grants access rights to systems, services, or applications, and revokes them if necessary.
Validation is defined as "a documented procedure for providing, recording and interpreting the results needed to demonstrate that a procedure is continuously in compliance with the specified specifications".
Formally usually defined in the SLA as a relationship of trust between responsible bodies. e.g. the formal description of the criteria that must be fulfilled for two organisations, entities, domains etc. to trust each other.
Is an arrangement of information that can be displayed in a list according to certain characteristics.
Table of Contents.
A hierarchical structure of the main and subdirectories of a storage medium.
Virtual directory service
Compile identity data from multiple heterogeneous repositories. Virtual directories add value for many large organizations by significantly shortening the delivery cycle of IdM applications
Virtual Private Network- VPN
A private network that allows users to send and receive data securely and encrypted over public or shared networks.
Means to present the general tasks and activities occurring in a design process in a logical order.
Web SSO stands for Web Single Sign-On. Web SSO enables central authentication and authorization of Web-based resources.
A change date is defined if, for example, a user has a range change.
Windows Active Directory- AD
Heisst der Verzeichnisdienst von Microsoft Windows Server.
The analysis, modelling, simulation, control and logging of business processes (workflow) with the involvement of process participants.
WS-Federation defines "mechanisms used to enable the association of identity, account, attribute, authentication, and authorization in various trust bounds" created by BEA, IBM, Microsoft, RSA Security, and VeriSign according to the v1.0 specification.
A certification body is an organization that carries out certifications in specific areas for specific objects.
The service checks compliance with the access rules and allows the subject access if the corresponding rules are met.
Access Control Management
That a computer only allows communication with authorized users or computers. The communication relationship is only continued if the identity check (authentication) is successful.
Resource owners define access rules for their e-resources. The access rules define the conditions under which a subject can gain access to a resource (rough scoring), e.g. after successful authentication and confirmation of certain attributes.
Access Rule Service
The service manages the rules for accessing a resource. The rules are defined on the basis of authentication or attributes.
Interaction with an entity to manipulate and use one or more of its resources. Accesses are stored to ensure traceability and verifiability.
Monitor and control access to resources. The goal is to ensure the integrity, confidentiality and availability of information.
Access Control Management
Access control systems carry out authorization, authentication and, of course, access approval and take care of the responsibilities of the relevant instances. This uses credentials such as passwords, personal identification numbers (PINs), biometric scans, and physical or electronic keys.
Resource owners define access rights for their e-resources. The access rights define the conditions under which a subject may use the various functionalities of a resource (fine authorization), e.g. after successful authentication and confirmation of certain attributes.
Access Rights Service
The service manages the rights to use an e-resource. The rights are defined on the basis of authentication, attributes or own models (groups, roles, individual authorizations).
Rules for accessing resources.
Access control management includes all measures that prevent unauthorized access to facilities and rooms in which service and data processing systems are installed. These include badges, batches, card management systems, locking systems, etc.