OAuth_SAML_Flashcards
What is the Resource Owner in OAuth?
The entity capable of granting access to a protected resource (e.g., the user).
What is the Client in OAuth?
The application requesting access to resources on behalf of the resource owner (e.g., a mobile app or website).
What is the Authorization Server in OAuth?
The server issuing tokens after successfully authenticating and authorizing the resource owner.
What is the Resource Server in OAuth?
The server hosting the protected resources and validating access tokens to ensure authorization.
What is the Access Token in OAuth?
A credential used to access protected resources, issued by the authorization server.
What is the Refresh Token in OAuth?
A credential used to obtain a new access token without requiring the resource owner’s reauthentication.
What is the Scope in OAuth?
The specific permissions or access rights requested by the client for the resource.
What is the Redirect URI in OAuth?
The URI where the authorization server redirects the user after the authorization process.
What is the Subject in SAML?
The user whose identity is being authenticated.
What is the Identity Provider (IdP) in SAML?
The system authenticating the user and issuing SAML assertions.
What is the Service Provider (SP) in SAML?
The application or system that consumes SAML assertions to grant access to resources.
What is the Assertion in SAML?
A statement issued by the IdP containing the user’s identity and attributes.
What is the Relay State in SAML?
A mechanism to pass additional state information between the IdP and SP.
What is Metadata in SAML?
Configuration information shared between IdP and SP, defining endpoints and security settings.
What is Single Logout (SLO) in SAML?
A mechanism to log out a user from all connected systems via the IdP.
What is Binding in SAML?
The communication protocol used to transmit SAML messages (e.g., HTTP-POST, HTTP-Redirect).
What is the Relying Party in SAML?
Another name for the Service Provider (SP) in the context of SAML.
