Terms Deck 5 Flashcards
Open Authorization (OAuth)
A framework used for Internet token-based authorization that provides API authorization between applications.
OpenID
An identity layer based on OAuth 2.0 specifications used for consumer single sign-on.
kerberos
A set of authentication services, including the authentication service (AS) exchange protocol, the ticket-granting service (TGS) exchange protocol, and the client/server (CS) exchange protocol.
attribute-based access control (ABAC)
A logical access control model recommended as the preferred access control model for information sharing among diverse organizations by the Federal Identity, Credential, and Access Management (FICAM) Roadmap.
role-based access control (RBAC)
A security method that combines MAC and DAC. RBAC uses profiles, which are defined for specific roles within a company, and then users are assigned to such roles. This facilitates administration in a large group of users because when you modify a role and assign it new permissions, those settings are automatically conveyed to all users assigned to that role.
rule-based access control
An extension of access control that includes stateful testing to determine whether a particular request for resource access may be granted. When a rule-based method is in force, access to resources might be granted or restricted, based on conditional testing.
mandatory access control (MAC)
A centralized security method in which users are not allowed to change permissions on objects.
discretionary access control (DAC)
An access control method in which access rights are configured at the discretion of accounts with authority over each resource, including the capability to extend administrative rights through the same mechanism.
digital certificate
An electronic document that includes the user’s public key and the digital signature of the certificate authority (CA) that has authenticated the user. The digital certificate can also contain information about the user, the CA, and attributes that define what users are allowed to do with systems they access using the digital certificate.
key management
The process of creating and managing cryptographic keys and digital certificates.
certificate authority (CA)
A system that issues, distributes, and maintains current information about digital certificates. Such authorities can be private (operated within a company or an organization for its own use) or public (operated on the Internet for general public access).
registration authority (RA)
A network authority that provides a CA with authentication of a client’s certificate request and serves as an aggregator of information.
certificate revocation list (CRL)
A list generated by a CA that enumerates digital certificates that are no longer valid and the reasons they are no longer valid.
Online Certificate Status Protocol (OCSP)
An Internet protocol defined by the IETF that is used to validate digital certificates issued by a CA. OCSP was created as an alternative to certificate revocation lists (CRLs) and overcomes certain limitations of CRLs.
certificate signing request (CSR)
A request to apply for a digital certificate
distinguished encoding rules (DER)
The binary form of a PEM certificate.
privacy enhanced mail (PEM)
The most common format and extension for certificates.
personal information exchange (PFX)
A binary certificate format also known as PKCS#12.