Skip to content

Latest commit

 

History

History
125 lines (64 loc) · 7.2 KB

glossary.md

File metadata and controls

125 lines (64 loc) · 7.2 KB

Glossary

Below is a list of definitions for important terms in common use related to FedCM. Many of the definitions are intended to match existing terms in identity standards, in some cases adapted and constrained for relevance in the context of FedCM.

This document is continually evolving. Feedback is welcome.

Definitions

Authentication

  • Process used by an Identity Provider to achieve sufficient confidence in the binding between the user and a presented identity.

Note that in some discussions and documentation, the term authentication is used to refer to the federated sign-in process. However, the user does not authenticate to the RP during federated sign-in. The user authenticates to the IdP, which then provides a claim to the RP asserting the user’s identity. The user does not prove their identity to the RP directly.

External references: OIDC terminology, OIDC authentication, SAML glossary

Authorization

References: OAuth 2.0, SAML glossary

Browser-mediated

Ceremony

References: WebAuthn glossary

Consent

  • A part of a ceremony that comprises a user interaction with a clear user agent-controlled UI element that can be taken to mean the user accepts privacy risk that has been explained in accompanying text, and the ceremony may proceed accordingly.

Claim

References: OIDC terminology

Consumer (context)

Directed basic profile

This term is novel in FedCM and its details could be subject to change.

Directed identifier

Enterprise (context)

  • Category of use cases that apply to private restricted-access Relying Parties and Identity Providers, in particular where organizations can have provisioning capabilities over user agents. This typically encompasses use cases of corporations, institutions, or government agencies.

Federated sign-in

References: OIDC

Identifier

  • A claim or set of claims that comprises a unique mapping to a user within a given scope, such as for a particular Relying Party.

References: SAML glossary

Identity Provider (IDP)

  • A service that has information about the user and can grant that information to Relying Parties.

References: OIDC terminology

Identity Provider backwards compatibility

Identity Provider blindness

IDP tracking

  • A privacy threat in which an Identity Provider is able to surveil or correlate user activity across the web.

References: FedCM Threat Model

Relying Party (RP)

References: OIDC terminology, SAML glossary

Relying Party backwards compatibility

  • The property of a federated sign-in and authorization design that would allow deployment by Relying Parties who use existing standardized federation flows without them having to modify their web properties or account systems. This particularly applies to RPs that import scripts from Identity Providers to implement federation.

Relying Party blindness

RP tracking

  • A privacy threat in which a Relying Party is able to surveil or correlate user activity across the web.

References: FedCM Threat Model

Standard claims

  • A predefined set of claims that are included in a standard OIDC request for the purpose of user identification.

This term is defined as a part of the OpenID Connect specification. The use of this term in FedCM refers to the OIDC definition.

References: OIDC

Verifiably directed identifier

User agent

  • Client software such as a web browser that renders web content and can implement FedCM.