User having privileges only to read and write policy agent profile configuration information, typically created to delegate policy agent profile creation to the user installing a policy agent
The act of confirming the identity of a principal
OpenAM authentication unit that handles one way of obtaining and verifying credentials
A series of authentication modules configured together which a principal must negotiate as configured in order to authenticate successfully
Control to grant or to deny access to a resource
The act of making an account temporarily or permanently inactive after successive authentication failures
Entity with read-only access to multiple agent profiles defined in the same realm; allows an agent to read web service profiles
In the context of OpenAM entitlements, protected resources that share a common set of actions and related policies
Access control that is based on attributes of a user, such as how old a user is or whether she is a paying customer
Positive integer associated with an authentication module, usually used to require success with more stringent authentication measures when requesting resources requiring special protection
The act of determining whether to grant or to deny a principal access to a resource
In OAuth 2.0, issues access tokens to the client after authenticating a resource owner and confirming that the owner authorizes the client to access the protected resource. OpenAM can play this role in the OAuth 2.0 authorization framework.
Arrangement to federate a principal's identity automatically based on a common attribute value shared across the principal's profiles at different providers
Batch job permanently federating user profiles between a service provider and an identity provider based on a list of matched user identifiers that exist on both providers
Group of providers, including at least one identity provider, who have agreed to trust each other to participate in a SAML 2.0 provider federation
In OAuth 2.0, requests protected web resources on behalf of the resource owner given the owner's authorization. OpenAM can play this role in the OAuth 2.0 authorization framework.
Optional conditions under which a policy applies
LDAP directory service holding OpenAM configuration data
OpenAM capability allowing single sign on across different DNS domains
In the context of OpenAM entitlements, a means of granting specific users privileges to manage policies
XACML-based policy
Federation configuration information specific to OpenAM
Standard, XML-based access control policy language, including a processing model for making authorization decisions based on policies
Standardized means for aggregating identities, sharing authentication and authorization data information between trusted providers, and allowing principals to access services across different providers without authenticating repeatedly
Service provider application capable of participating in a circle of trust and allowing federation without installing all of OpenAM on the service provider side; OpenAM lets you create both .NET and Java Fedlets.
Refers to configuration properties for which changes can take effect without restarting the container where OpenAM runs
Set of data that uniquely describes a person or a thing such as a device or an application
Linking of a principal's identity across multiple providers
Entity that produces assertions about a principal (such as how and when a principal authenticated, or that the principal's profile has a specified attribute value)
Data store holding user profiles and group information; different identity repositories can be defined for different realms.
Java web application installed in a web container that acts as a policy agent, filtering requests to other applications in the container with policies based on application resource URLs
Federation configuration information for a provider
Set of rules that define who is granted access to a protected resource when, how, and under what conditions
Entity that manages and stores policy definitions
Agent that intercepts requests for resources, directs principals to OpenAM for authentication, and enforces policy decisions from OpenAM
Entity that evaluates access rights and then issues authorization decisions
Entity that intercepts a request for a resource and then enforces policy decisions from a PDP
Entity that provides extra information such as user profile attributes that a PDP needs in order to make a decision
Entity that can be authenticated (such as a user, a device, or an application)
Agreement among providers to participate in a circle of trust
OpenAM unit for organizing configuration and identity information, making it possible to delegate administration for part of OpenAM configuration; realms can be used for example when different parts of an organization using OpenAM have different policies and different identity repositories
Means to delegate policy management and decision making for a realm
Something a principal can access over the network such as a web page
In OAuth 2.0, entity who can authorize access to protected web resources, such as an end user
In OAuth 2.0, server hosting protected web resources, capable of handling access tokens to respond to requests for such resources
Policy extensions that define additional information to return in an authorization decision beyond "allow" or "deny"
Access control that is based on whether a user has been granted a set of permissions (a role)
Definitions identifying how a policy matches resources to which access is granted or denied
Standard, XML-based language for exchanging authentication and authorization data between identity providers and service providers
Entity that consumes assertions about a principal (and provides a service that the principal is trying to access)
In OpenAM a user session is the interval that starts with the user authenticating through OpenAM and ends when the user logs out, or when her session is terminated. OpenAM manages user sessions across one or more applications by issuing a session token used to identify the session and by tracking the session state in order to handle session events like logout and timeout, to permit session constraints, and to notify applications involved in SSO when a session ends.
Capability to allow another OpenAM server to manage a session when the OpenAM server that initially authenticated the principal goes offline
Unique identifier issued by OpenAM after successful authentication, used to track a principal's session
Capability allowing a principal to end a session once, thereby ending her session across multiple applications
Capability allowing a principal to authenticate once and gain access to multiple applications without authenticating again
Standard federation configuration information that you can share with other access management software
Entity that can request access to a resource
Data storage service holding principals' profiles; underlying storage
can be an LDAP directory service, a relational database, or a custom
IdRepo implementation
Native library installed in a web server that acts as a policy agent with policies based on web page URLs