Appendix Common Terms and Standards - thinkhr-code/developer-hub GitHub Wiki
Appendix - Common Terms and Standards
Terms:
- Advanced Encryption Standard (AES) - A specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.
- Authentication - Verifying that someone is indeed who they claim to be.
- Authorization - Deciding which resources a certain user should be able to access, and what they should be allowed to do with those resources.
- Cypher Block Chaining (CBC) - A block cipher mode of operation where each block of plaintext is XORed with the previous ciphertext block before being encrypted.
- Identity Provider (IDP) - A system entity that creates, maintains and manages identity information for principals while providing authentication services to relying party applications with a federation or distributed network.
- Role-Based Access Control (RBAC) - A method of access security that is based on a person's role within a business. Users only have access to information/entities that they need to do their jobs.
- Single Sign-On (SSO) - Allows a user to enter one username and password in order to access multiple applications.
Standards:
- JSON Web Token (JWT) - A JSON-based open standard for creating access tokens that assert some number of claims.
- OAuth2 - An open standard for authorization where any third party application (client) can take actions or access resources from a service on behalf of a user, without the user sharing their credentials with the client.
- OpenID - An open standard and decentralized authentication protocol which allows users to be authenticated by co-operating sites (known as relying parties, or RP) using a third-party service.
- OpenID Connect (OIDC) - The current version of OpenID utilizing a simple authentication layer on top of OAuth2 (authorization) and supporting a range of clients, including Web-based, mobile, and JavaScript.