1.1 Glossary

  • Article

This document uses the following terms:

authentication: The act of proving an identity to a server while providing key material that binds the identity to subsequent communications.

authentication server: The entity that verifies that a person or thing is who or what it claims to be (typically using a cryptographic protocol) and issues a ticket or token attesting to the validity of the claim.

Authentication Service (AS): A service that issues ticket granting tickets (TGTs), which are used for authenticating principals within the realm or domain served by the Authentication Service.

client: The software that is used by a user to access the service. It represents the user in [MS-PASS]. A synonym is client application.

co-branding: The inclusion of a party's logo, text, or other branding content in a second party's software or site.

configuration server: The service or server that serves configuration data (packaged in HTTP headers) describing the topography of the network. It includes information on the distribution of member accounts among the Authentication Services (AS) and the URLs of particular resources in each AS.

configuration version: Integer value indicating the version of the configuration data given out by the configuration server.

cookie: An HTTP header that carries state information between participating origin servers and user agents. For more information, see [RFC2109].

credential: Previously established, authentication data that is used by a security principal to establish its own identity. When used in reference to the Netlogon Protocol, it is the data that is stored in the NETLOGON_CREDENTIAL structure.

partner: In the context of [MS-PASS], an organization in a business relationship with the Authentication Service (AS). A partner needs to be able to access the token issued by the AS. Typically, a partner site is the actual service or site a consumer visits and, in the process, is authenticated by the AS. Examples of partners are the MSN Money and MSN Messenger sites.

partner server: The server or service used by a partner to represent it in the Passport SSI Version 1.4 Protocol.

realm: A collection of users, partners, and authentication servers bound by a common authentication policy.

resource: An object that a client is requesting access to, typically referenced by a Uniform Resource Locator (URL) or Uniform Resource Identifier (URI), as specified in [RFC3986].

token: A block of data that is issued to a user on successful authentication by the authentication server. Such a token is presented to a service to prove one's identity and attributes to a service. The token is used in the process of determining the user's authorization and access privileges.

Uniform Resource Locator (URL): A string of characters in a standardized format that identifies a document or resource on the World Wide Web. The format is as specified in [RFC1738].

user: The real person who has a member account. The user is authenticated by being asked to prove knowledge of the secret password associated with the user name.

UTF-8: A byte-oriented standard for encoding Unicode characters, defined in the Unicode standard. Unless specified otherwise, this term refers to the UTF-8 encoding form specified in [UNICODE5.0.0/2007] section 3.9.

MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as defined in [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.