Skip to main content

Identity and Access Management: Terms and Definitions

Term Definition
Access Management Technology by which a system responds to a request by a person for information or services based upon business rules and the known characteristics of that person.
AD Microsoft Active Directory, a Microsoft, Inc. database service structure for storing and querying information key to making authentication and authorization decisions.
Authentication A process component of access management which confirms, to an understood level of trustworthiness, that a person requesting services is a unique individual.
Authorization A process component access management which grants a person certain permissions within a system based upon the known characteristics of that person.
Credential An item which is presented by a person as a confidential assertion that the corresponding identifier is in his or her possession.  A password is a credential which accompanies a NetID to assert identity when requesting access to a system.
Credential Trustworthiness A dimensionless measure of confidence that a credential is within the control of the original person to whom it was issued with the corresponding identity.  Trust may be low for a password (which can be shared), higher for a physical object like a Wildcard (which might still be misplaced), and higher still for a fingerprint.
IAM Identity and Access Management, and industry phrase describing software and business procedures to create unique credentials for each person to be served within a defined group, manage the lifecycle of those credentials, and enable authorization decisions from identity characteristics.
Identity Assurance A dimensionless measure of confidence that a given electronic identity was originally created for a real person and the correct person.  A low assurance lacks confidence, while a high assurance results from multiple independent attestations of identity for the person at the time the identity is issued.
LDAP Lightweight Directory Access Protocol, an industry-defined database service structure for storing and querying information key to making authentication and authorization decisions.
SNAP Simplified Network Account Program (the original Northwestern IAM system)
SSO Single Sign-On, an industry term for a consistent and convenient application experience where multiple systems honor a single authentication step through cached indicators of the types of credentials used.

Last Updated: 23 March 2017

Get Help Back to top