Glossary of Identity Management (IDM) Terms

More commonly referred to as Access Control in the realm of IDM it is the ability to permit or deny the use of a particular resource by a particular entity. Access control mechanisms can be used in managing physical resources (such as a movie theater, to which only ticket holders should be admitted), logical resources (a bank account, with a limited number of people authorized to make a withdrawal), or digital resources (for example, a private text document on a computer, which only certain users should be able to read).

Personal identifying information (PII) selectively exposed over a network. Using defined guidelines on protecting PII and the risk of "identity theft".

The virtual reunion, or assembled identity, of a person's user information (or principal), stored across multiple distinct Identity Management systems. Data is joined together by use of the common token, usually the user name. A user's authentication process across multiple IT systems or even organizations.

Biometrics refers to methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology, in particular, biometrics is used as a form of identity access management and access control.

Identity Management or "IDM" is a term related to how humans are identified and authorized across computer networks. It covers issues such as how users are given an identity, the protection of that identity and the technologies supporting that protection such as network protocols, digital certificates, passwords and so on.

Information security (ISec) describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure or damage. Information security management (ISM) describes controls that an organization needs to implement to ensure that it is sensibly managing these risks.

More commonly referred to as Password Synchronization within the IDM realm it is defined as any process or technology that helps users to maintain a single password that is subject to a single security policy, and changes on a single schedule across multiple systems. It's a type of Identity Management software and it's considered as easier to implement than enterprise single sign-on (SSO), as there is no client software deployment, and user enrollment can be automated.

Information security policies are a special type of documented business rule for protecting information and the systems which store and process the information. Information security policies are usually documented in one or more information security policy documents. Within an organization, these written policy documents provide a high-level description of the various controls the organization will use to protect information.

Single sign-on (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them. Single sign-off is the reverse property whereby a single action of signing out terminates access to multiple software systems. As different applications and resources support different authentication mechanisms, single sign-on has to internally translate to and store different credentials compared to what is used for initial authentication.

An authentication factor is a piece of information and process used to authenticate or verify the identity of a person or other entity requesting access under security constraints. Two-factor authentication (T-FA) is a system wherein two different factors are used in conjunction to authenticate. Using two factors as opposed to one factor generally delivers a higher level of authentication assurance. Using more than one factor is sometimes called strong authentication. However, strength is always bound to secrecy under which the factors are kept and protected against any third party challenge.