1.1 Glossary

This document uses the following terms:

authentication: The ability of one entity to determine the identity of another entity.

authentication server: The entity that verifies that a person or thing is who or what it claims to be (typically using a cryptographic protocol) and issues a ticket or token attesting to the validity of the claim.

authenticator: The entity requesting the authentication of a peer.

code page: An ordered set of characters of a specific script in which a numerical index (code-point value) is associated with each character. Code pages are a means of providing support for character sets and keyboard layouts used in different countries. Devices such as the display and keyboard can be configured to use a specific code page and to switch from one code page (such as the United States) to another (such as Portugal) at the user's request.

dictionary attack: A technique for defeating an authentication mechanism by systematically searching through a large number of possibilities to deduce shared secrets.

EAP: See Extensible Authentication Protocol (EAP).

EAP method: An authentication mechanism that integrates with the Extensible Authentication Protocol (EAP); for example, EAP-TLS, Protected EAP v0 (PEAPv0), EAP-MSCHAPv2, and so on.

EAP peer: A network access client that is requesting access to a network using EAP as the authentication method

EAP server: The backend authentication server; typically a RADIUS (as specified in [RFC2865]) server.

EAP-CHAP: The Extensible Authentication Protocol for the Microsoft Challenge Handshake Authentication Protocol.

encryption: In cryptography, the process of obscuring information to make it unreadable without special knowledge.

Extensible Authentication Protocol (EAP): A framework for authentication that is used to provide a pluggable model for adding authentication protocols for use in network access authentication, as specified in [RFC3748].

Group Policy: A mechanism that allows the implementer to specify managed configurations for users and computers in an Active Directory service environment.

master session key: A temporary cryptographic key that is used to derive other cryptographic keys to be used to encrypt and decrypt parts of a session-based protocol.

mutual authentication: A mode in which each party verifies the identity of the other party, as described in [RFC3748] section 7.2.1.

peer: The entity being authenticated by the authenticator.

session: A collection of multimedia senders and receivers and the data streams that flow between them. A multimedia conference is an example of a multimedia session.

user: The real person who has a member account. The user is authenticated by being asked to prove knowledge of the secret password associated with the user name.

MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as defined in [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.