| Term/Abbreviation |
Definition |
| AAA |
Authentication, Authorisation and Accounting, a term used for describing a technical and legal environment for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. |
| AAF |
Australian Access Federation Inc. |
| AAI |
Authentication and Authorisation Infrastructure. |
| Access Management System |
The collection of systems and services associated with specific online resources or services that together decide whether to grant a given individual access to those resources or services. |
| Assertion |
The identity information provided by an Identity Provider to a Service Provider. |
| Attribute |
Metadata describing either the End User or services provided under the AAF framework. Attributes are used by Service Providers for service provision, including Authentication, Authorisation and Accounting operations. Service Attributes can also be used by End User systems to assist in selecting appropriate Services. Examples of an attribute are name, phone number and group affiliation. |
| Attribute Release |
The release of Attributes for transfer from an Identity Provider to a Service Provider |
| Australian Access Federation Incorporated |
The legal entity that governs the Federation, enters into agreements with AAF subscribers, determines subscription fees and compliance to the Federation Rules. |
| Authentication |
The process of establishing the digital identity of one entity to another entity. Commonly one entity is a client (an End User, a client computer, etc.) and the other entity is a server (computer). Authentication is accomplished via the presentation of an identity and its corresponding credentials. |
| Authentication Service |
Any activity where an Identity Provider performs the role of End User Authentication and, where relevant, releases the Attributes for its End Users. |
| Authorisation |
The granting of specific types of privileges (including “no privilege”) to an entity or an End User, based on their authentication, what privileges they are requesting, the current system state and authorisation rights previously granted by Service Provider the to the End User. Authorisation may be based on restrictions, for example time-of-day restrictions, or physical location restrictions, or restrictions against multiple logins by the same user. |
| Authorisation Service |
Any activity where a Service Provider grants access to End Users to services or resources made available by that Service Provider. |
| Certificate |
A digital representation of information which at least (1) identifies the certification authority issuing it, (2) names or identifies its Subscriber, (3) contains the Subscriber’s public key, (4) identifies its operational period and (5) is digitally signed by the certification authority issuing it. |
| Certificate Authority (CA) |
A trusted body that issues and signs certificate requests on behalf of organisations. |
| Constitution |
The document which describes the aims and objectives of the Federation, the requirements for governance of the Federation and the articles of association. |
| Core Attributes |
A set of Attributes selected by the Federation that all Identity Providers are required to support. |
| Data |
Digital objects including Attributes, Metadata and Logging information. |
| Discover Service |
The technical term/synonym for WAYF. |
| End User |
Any natural person who is a user of resources or services made available under the Australian Access Federation. An End User must have an association with an Identity Provider registered by the Federation, such that the Identity Provider is authorised by the End User to hold and pass attributes to a Service Provider in order that the End User may gain access to services. |
| Executive Committee |
The governance committee of AAF Inc made up of representatives of relevant stakeholders, in accordance with the AAF Constitution. |
| Federation |
The Australian Access Federation, or AAF. |
| Federation Rules |
The document updated from time to time which defines the Rules for AAF subscribers. |
| Good Practice |
Good practice as generally accepted within the IT industry and determined by the Executive Committee from time to time in the context of the AAF’s required standard covering practices for identity management, authentication and authorisation of users of on-line resources and services. |
| Identity |
The set of information associated with a specific physical person or other entity. Usually not all identity attributes are relevant in any given situation. Typically an Identity Provider will be authoritative for only a subset of a person’s identity information. |
| Identity Provider (IdP) |
Any organisation or institution that has been registered by the Federation and has a legal relationship with an End User to provide an authentication service for that End User. |
| Member |
A research or education organisation or institution that is registered by the Federation as a Member. |
| Metadata |
Structured facts that describe information, or information services as defined by the Federation from time to time. |
| Privacy policy |
A statement to users of what information is collected and what will be done with the information after it has been collected. |
| Service Provider (SP) |
Any organisation or institution that is registered by the Federation and provides end user access to services and resources based on a set of Attributes that satisfy their particular authorisation requirements. |
| Single Sign-On (SSO) |
Enables the user to gain access to multiple resources by authenticating only once. |
| Subscriber |
An identity provider or service provider that subscribes to the Federation. |
| User |
Registered member of a home organisation. |
| Virtual Home Organisation (VHO) |
The Virtual Home Organisation is an identity provider for users who are not in a participating home organisation. |
| WAYF (Where Are You From) |
The WAYF service, also called the discovery service, lets the user choose his home organisation from a list and then redirects the user to that home organisation’s login page for authentication. |
| Working Day |
Any day of the week, other than Saturday, Sunday, Christmas Day, Boxing Day, New Year’s Day, Good Friday, and any Public Holiday given in lieu when any of the above days or other designated Public Holidays fall on a weekend. |
| 
