Glossary

Authentication and Authorisation for Research and Collaboration (AARC) is an initiative founded in 2015 to address the increased need for federated access, and for authentication and authorisation mechanisms by research and e-infrastructure.

The AARC Blueprint Architecture (BPA) is a set of software building blocks that can be used to implement federated access management solutions for international research collaborations. 

Defines an administrative, policy and technical boundary between the internal/external services and resources.

Authentication is the process of determining whether someone or something is, in fact, who or what it says it is. Authentication technology provides access control for systems by checking to see if a user’s credentials match the credentials in a database of authorised users or in a data authentication server.

…is the process of enforcing policies: determining what types or qualities of activities, resources, or services a user is permitted.

An environment where multiple research services are connected together through a single sign-on.

A group of users, organised with a common purpose, and jointly granted access to the infrastructure. It may act as the interface between individual users and the infrastructure.

Components related to managing and providing information (attributes) about users, such as community group memberships and roles, on top of the information that might be provided directly by the identity providers from the user identity layer.

…where the external services interact with the other elements of the authentication and authorisation infrastructure (AAI).

Identity and access management (IAM) is a framework of business processes, policies and technologies that facilitates the management of electronic or digital identities. This layer enables the implementation of a single point for a discovery service, a group management system, and a place to manage user consent/acceptance.

An identity federation protocol allows the decoupling of the authentication and the authorisation functions, removes the security risk for managing multiple credentials by the organisation users and creates a safe channel for identities to be shared across different domains.

An entity responsible for storing, managing and security of users’ identity and their access data while providing services to relying party applications within a federation or a distributed network.

All of the IT hardware, software, networks, data, facilities, processes and any other elements that together are required to develop, test, deliver, monitor, control or support services.

The collection of the various boards, committees, groups and individuals mandated to oversee and control the infrastructure.

An entity providing, using, managing, operating, supporting or coordinating one or more service(s).

…with one login,  users get access to multiple connected resources.

An infrastructure component fulfilling a need of the users, such as computing, storage, networking or software systems.

An entity responsible for the management, deployment, operation and security of a service. SP receives the authentication assertion released by an identity provider.

…is a collection of technologies and policies that manages access to the resources through establishing trust between identity providers and service providers in a collaborative environment.

An individual or an organisation authorised to access and use services.

Services which provide electronic identities that can be used by users participating in international research collaborations.