“Authentication is the process where a network user establishes a right to an identity -- in essence, the right to use a name.” (Lynch, 1998)
“Authentication is the process of establishing whether or not a real-world subject is who or what its identifier says it is. Identity can be proven by: Something you know, like a password; Something you have, as with smartcards, challenge-response mechanisms, or public-key certificates; Something you are, as with positive photo identification, fingerprints, and biometrics.” (I2-Authentication, 2004)
“The process of verifying an identity claimed by or for a system entity… An authentication process consists of two steps: 1. Identification step: Presenting an identifier to the security system. … 2. Verification step: Presenting or generating authentication information that corroborates the binding between the entity and the identifier.” (Shirey, 2000)
“Authorization is the process of determining whether an identity (plus a set of attributes associated with that identity) is permitted to perform some action, such as accessing a resource. Note that permission to perform an action does not guarantee that the action can be performed; for example, a common practice in cross-organizational licensing is to further limit access to a maximum number of concurrent users from among an authorized user community.” (Lynch, 1998)
“It will drive permissions for accessing networked resources, allow us to control and delegate electronic responsibilities, and serve as the basis for future administrative applications. It will allow us to convert our complex legal policies into automated systems in a easily scalable fashion.” (I2-Authorization, 2004)
“(1.) An "authorization" is a right or a permission that is granted to a system entity to access a system resource. (2.) An "authorization process" is a procedure for granting such rights. (3.) To "authorize" means to grant such a right or permission.” (Shirey, 2000)
Credentials: “Data that is transferred or presented to establish either a claimed identity or the authorizations of a system entity. (See: authentication information, capability, ticket.)” (Shirey, 2000)
Access Control: “Protection of system resources against unauthorized access; a process by which use of system resources is regulated according to a security policy and is permitted by only authorized entities (users, programs, processes, or other systems) according to that policy.” (Shirey, 2000)
Provisioning: “The process of managing attributes and accounts within the scope of a defined business process or interaction. Provisioning an account or service may involve the Creation, modification, deletion, suspension, restoration of a defined set of accounts or attributes.” (Rolls, 2003)
Attributes: “A distinct characteristic of an object. An object’s attributes are said to describe the object. Objects’ attributes are often specified in terms of their physical traits, such as size, shape, weight, and color, etc., for real-world objects. Objects in cyberspace might have attributes describing size, type of encoding, network address, etc. Which attributes of an object are salient is decided by the beholder.” (Rolls, 2003)
Licensee institution: “organizations such as universities or public libraries that arrange for access to resources on behalf of their user communities” (Lynch, 1998)
Origin: “a site with administrative authority over users who access resources at remote providers” (Cantor, and Erdos, 2002, Section 2.2.1)
End user: “General usage: A system entity, usually a human individual, that makes use of system resources, primarily for application purposes as opposed to system management purposes.” (Shirey, 2000)
Client: “A program that establishes connections for the purpose of sending requests.”(Fielding, Gettys, Mogul, Nielsen, Masinter, Leach, and Berners-Lee, 1999)
Resource operator: “publishers, web site operators, and other content providers (including libraries and universities in their roles as providers of content)” (Lynch, 1998)
Target: “An entity, or collection of entities, which is affected by a policy. For example, the "targets" of a policy to reconfigure a network device are the individual services that are updated and configured.” (Westerinen, 2001)
Server: “An application program that accepts connections in order to service requests by sending back responses.”(Fielding et al., 1999)
Origin server: “The server on which a given resource resides or is to be created.” (Fielding et al., 1999)
Proxy: “An intermediary program which acts as both a server and a client for the purpose of making requests on behalf of other clients. Requests are serviced internally or by passing them on, with possible translation, to other servers. A proxy MUST implement both the client and server requirements of this specification. …” (Fielding et al., 1999)
Surrogate: “A gateway co-located with an origin server, or at a different point in the network, delegated the authority to operate on behalf of, and typically working in close co-operation with, one or more origin servers. Responses are typically delivered from an internal cache.” (Cooper, Melve, and Tomlinson, 2001)
Firewall: “A system designed to prevent unauthorized access to or from a private network…. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. There are several types of firewall techniques: Packet filter…, Application gateway…, Circuit-level gateway…, and Proxy server….” (firewall, 2003)
Privacy: “The right of an entity (normally a person), acting in its own behalf, to determine the degree to which it will interact with its environment, including the degree to which the entity is willing to share information about itself with others. (See: anonymity.)” (Shirey, 2000)
Anonymous: “The condition of having a name that is unknown or concealed.” (Shirey, 2000)
[Distributed] Denial of Service (DDoS/DoS) Attack: “…a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. Many DoS attacks, such as the Ping of Death and Teardrop attacks, exploit limitations in the TCP/IP protocols. For all known DoS attacks, there are software fixes that system administrators can install to limit the damage caused by the attacks. But, like viruses, new DoS attacks are constantly being dreamed up by hackers.” (DoS attack, 2002)
E-mail Spoofing: “Forging an e-mail header to make it appear as if it came from somewhere or someone other than the actual source. The main protocol that is used when sending e-mail -- SMTP -- does not include a way to authenticate. There is an SMTP service extension (RFC 2554) that allows an SMTP client to negotiate a security level with a mail server. But if this precaution is not taken anyone with the know-how can connect to the server and use it to send spoofed messages by altering the header information.” (e-mail spoofing, 2003)
Packet Sniffer: “A program and/or device that monitors data traveling over a network. Sniffers can be used both for legitimate network management functions and for stealing information off a network. Unauthorized sniffers can be extremely dangerous to a network's security because they are virtually impossible to detect and can be inserted almost anywhere. This makes them a favorite weapon in the hacker's arsenal. On TCP/IP networks, where they sniff packets, they're often called packet sniffers.” (sniffer, 2004)
Port Scan: “The act of systematically scanning a computer's ports [in … networks, an endpoint to a logical connection]. Since a port is a place where information goes into and out of a computer, port scanning identifies open doors to a computer. Port scanning has legitimate uses in managing networks, but port scanning also can be malicious in nature if someone is looking for a weakened access point to break into your computer.” (port scanning, 2004)
Script Kiddie: “A person, normally someone who is not technologically sophisticated, who randomly seeks out a specific weakness over the Internet in order to gain root access to a system without really understanding what it is s/he is exploiting because the weakness was discovered by someone else. A script kiddie is not looking to target specific information or a specific company but rather uses knowledge of a vulnerability to scan the entire Internet for a victim that possesses that vulnerability.” (script kiddie, 2002)
Social Engineering: “…cracking techniques that rely on weaknesses in [human behavior] rather than software; the aim is to trick people into revealing passwords or other information that compromises a target system's security. Classic scams include phoning up a mark who has the required information and posing as a field service tech or a fellow employee with an urgent access problem.” (Social Engineering, 2004)
Network Address Translation (NAT): “…an Internet standard that enables a local-area network (LAN) to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. A NAT box located where the LAN meets the Internet makes all necessary IP address translations.” (NAT, 2002)
Packet Filtering: “Also referred to as static packet filtering. Controlling access to a network by analyzing the incoming and outgoing packets and letting them pass or halting them based on the IP addresses of the source and destination. Packet filtering is one technique, among many, for implementing security firewalls.” (2001)
(2001) packet filtering. internet.com, Jun 21 2001. Accessed May 1 2004. Available from http://www.webopedia.com/TERM/P/packet_filtering.html.
(2002) DoS attack. internet.com, Oct 21 2002. Accessed May 2 2004. Available from http://www.webopedia.com/TERM/D/DoS_attack.html.
(2002) script kiddie. internet.com, Oct 21 2002. Accessed May 1 2004. Available from http://www.webopedia.com/TERM/S/script_kiddie.html.
(2002) NAT. internet.com, Jan 10 2002. Accessed May 1 2004. Available from http://www.webopedia.com/TERM/N/NAT.html.
(2003) e-mail spoofing. internet.com, Dec 11 2003. Accessed May 1 2004. Available from http://www.webopedia.com/TERM/E/e_mail_spoofing.html.
(2003) firewall. internet.com, Jul 24 2003. Accessed May 1 2004. Available from http://www.webopedia.com/TERM/F/firewall.html.
(2004) Core Middleware -- Authentication. Internet 2, Feb 26 2004. Accessed Mar 24 2004. Available from http://middleware.internet2.edu/core/authentication.html.
(2004) Core Middleware -- Authorization. Internet 2, 2004. Accessed Mar 24 2004. Available from http://middleware.internet2.edu/core/authorization.html.
(2004) sniffer. internet.com, Apr 14 2004. Accessed May 1 2004. Available from http://www.webopedia.com/TERM/s/sniffer.html.
(2004) port scanning. internet.com, Apr 22 2004. Accessed May 1 2004. Available from http://www.webopedia.com/TERM/p/port_scanning.html.
(2004) Social Engineering. hyperdictionary.com, 2004. Accessed May 1 2004. Available from http://www.hyperdictionary.com/computing/social+engineering.
Cantor, S., and Erdos, M. (2002) Shibboleth Architecture. v5. Internet 2, May 2 2002. Accessed April 1 2004. Available from http://shibboleth.internet2.edu/draft-internet2-shibboleth-arch-v05.html.
Cooper, I., Melve, I., and Tomlinson, G. (2001). Internet Web Replication and Caching Taxonomy (Report Number RFC3040). The Internet Society.
Fielding, R. T., Gettys, J., Mogul, J. C., Nielsen, H. F., Masinter, L., Leach, P. J., and Berners-Lee, T. (1999). Hypertext Transfer Protocol -- HTTP/1.1 (Report Number RFC2616). The Internet Society.
Lynch, C. (1998). A White Paper on Authentication and Access Management Issues in Cross-organizational Use of Networked Information Resources. Coalition for Networked Information, Washington, DC.
Rolls, D. (2003). Service Provisioning Markup Language (SPML) Version 1.0 (Report Number cs-pstc-spml-core-1.0.doc). OASIS.
Shirey, R. (2000). Internet Security Glossary (Report Number RFC2828). The Internet Society.
Westerinen, A. S., John; Strassner, John; Scherling, Mark; Quinn, Bob; Perry, Jay; Herzog, Shai; Huynh, An-Ni; Carlson, Mark; Waldbusser, Steve. (2001). Terminology for Policy-Based Management (Report Number RFC3198). The Internet Society.