Glossary

A

  • API (Application Programming Interface)

    A set of rules and tools that allows different software applications to communicate and interact with each other.

  • Access Token

    A piece of data primarily used to access protected resources on behalf of an authenticated user. These tokens contain information about the user, such as their identity and potentially additional claims, and they are presented to resource servers to gain access to specific resources.

  • Authentication

    The process of verifying the identity of a user, ensuring they are who they claim to be.

  • Authorization

    The granting of permissions or access rights to a user based on their authenticated identity.

C

  • Custom Domain

    A custom domain refers to the ability for users to use their own personalized web address (URL) instead of the default address provided by PlusAuth. This allows businesses or individuals to brand their online presence with a domain name that reflects their identity rather than using the generic domain which is plusauth.com.

F

  • Financial-grade API (FAPI)

    It refers to a set of specifications developed by the OpenID Foundation to enhance the security and interoperability of APIs in the financial industry. FAPI provides a standardized framework for securing the access and use of financial data through APIs, ensuring a high level of trust and security.

H

  • Hash Algorithm

    A hash algorithm is a mathematical function that takes input data (often of arbitrary size) and produces a fixed-size string of characters, which is typically a hash value or hash code. The key characteristic of a hash algorithm is that it should be a one-way function, meaning it should be computationally infeasible to reverse the process and obtain the original input data from the hash value. Hash algorithms are widely used in computer science for various purposes, including data integrity verification, password hashing, and digital signatures.

I

  • Id Token

    An ID Token is a compact, digitally-signed JSON web token (JWT) issued by an OpenID Connect Provider (OP) during the authentication process. It contains identity information about the authenticated user, such as their unique identifier and other relevant claims. The ID Token serves as a means for client applications to obtain verified information about the user and to establish their identity within the context of a user authentication flow.

  • Identity Provider (IdP)

    A service that manages and verifies user identities, often used for single sign-on (SSO) solutions.

J

  • JSON Web Key Set (JWKS)

    It is a JSON (JavaScript Object Notation) data structure that represents a set of cryptographic keys in a standardized format. JWKS is commonly used in the context of JSON Web Tokens (JWTs) and various web security protocols.

M

  • Multi Factor Authentication (MFA)

    A security process that requires users to provide multiple forms of identification before granting access.

O

  • OAuth 2

    An industry-standard protocol used for authorization, enabling secure and delegated access to resources.

  • OpenID Connect

    An identity layer built on top of the OAuth 2.0 protocol, providing a standardized and secure way for applications to authenticate users. It allows a user to log in to one website or application and then share their identity information with other websites or applications without the need to expose their credentials. OpenID Connect facilitates single sign-on (SSO) and enables applications to obtain user profile information in a standardized format. It incorporates identity token (ID token) issuance, making it a comprehensive framework for user authentication and information sharing in a decentralized and interoperable manner.

P

  • Password Hash Function

    A type of cryptographic hash function specifically designed for securing passwords. It takes a user's password as input and produces a fixed-size string of characters, known as the password hash. The primary goal of using password hash functions is to protect user passwords by making it computationally difficult for attackers to reverse the process and obtain the original passwords from the stored hash values. This helps enhance the security of user accounts and sensitive information in the event of a data breach or unauthorized access.

  • Password Policy

    A set of rules and requirements governing the creation and use of passwords for user accounts.

  • Passwordless Login

    An authentication method that allows users to access their accounts without entering a traditional password. Instead of relying on a password, passwordless login methods typically leverage alternative authentication factors, such as SMS, Email Magic Links, Biometrics, Push Notification

R

  • Refresh Token

    A long lived token that allows a client application to obtain a new Access Token without requiring the user to re-authenticate. Refresh Tokens enhance security and user experience by enabling the client to maintain continued access to protected resources even after the original Access Token has expired.

  • Role Based Access Control (RBAC)

    A system that restricts system access based on the roles of individual users within an organization.

S

  • SAML

    An XML-based open standard for exchanging authentication and authorization data between parties, typically between an identity provider (IdP) and a service provider (SP). SAML enables single sign-on (SSO) functionality, allowing a user to log in once to access multiple applications without the need for separate credentials for each application. It operates by exchanging XML-formatted security assertions that contain information about a user's identity and their authentication status. SAML is widely used in web-based authentication scenarios, promoting interoperability and secure information exchange in a federated identity environment.

  • Session Management

    The control and monitoring of user sessions to ensure secure and efficient access to the platform.

  • Single Sign-On (SSO)

    A mechanism that allows users to authenticate once and access multiple applications without the need to log in again.

T

  • Tenant

    A tenant serves as your own isolated environment within PlusAuth. Each tenant has its own configuration settings, user data, authentication methods, and security policies. This isolation ensures that the resources and data associated with one tenant are segregated from those of other tenants, providing security and privacy.

  • Token

    A piece of data representing the authorization granted to a user for accessing a resource.

U

  • User Management

    The administration and control of user accounts, including creation, deletion, and modification of user profiles.

W

  • WebAuthN

    A web standard developed by the World Wide Web Consortium (W3C) and the FIDO Alliance. It provides a secure and standardized method for users to authenticate to web applications using public key cryptography.

  • Web Services Federation (WSFed)

    A protocol used for federated identity and single sign-on (SSO) in web applications. It is based on web services and allows different organizations to share user authentication and authorization information. With WS-Federation, a user can log in to one web application and then access other applications within the federation without the need to re-enter credentials. This protocol relies on XML-based security tokens and helps establish trust relationships between identity providers and service providers, enabling a seamless and secure user experience across multiple web applications within a federation.