Appendix - Common Terms and Standards

Terms:

• Advanced Encryption Standard (AES) - A specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.
• Authentication - Verifying that someone is indeed who they claim to be.
• Authorization - Deciding which resources a certain user should be able to access, and what they should be allowed to do with those resources.
• Cypher Block Chaining (CBC) - A block cipher mode of operation where each block of plaintext is XORed with the previous ciphertext block before being encrypted.
• Identity Provider (IDP) - A system entity that creates, maintains and manages identity information for principals while providing authentication services to relying party applications with a federation or distributed network.
• Role-Based Access Control (RBAC) - A method of access security that is based on a person's role within a business. Users only have access to information/entities that they need to do their jobs.
• Single Sign-On (SSO) - Allows a user to enter one username and password in order to access multiple applications.

Standards:

• JSON Web Token (JWT) - A JSON-based open standard for creating access tokens that assert some number of claims.
• OAuth2 - An open standard for authorization where any third party application (client) can take actions or access resources from a service on behalf of a user, without the user sharing their credentials with the client.
• OpenID - An open standard and decentralized authentication protocol which allows users to be authenticated by co-operating sites (known as relying parties, or RP) using a third-party service.
• OpenID Connect (OIDC) - The current version of OpenID utilizing a simple authentication layer on top of OAuth2 (authorization) and supporting a range of clients, including Web-based, mobile, and JavaScript.