Identity and Access Management Glossary

= H =

HRSIS - The HR to SIS interface originally developed in collaboration between the APBS implementation team and UW-Milwaukee. After the termination of the APBS project, UW-Milwaukee continued with development to deliver a solution to support the UW-Milwaukee People Registry project.

IAM (Identity and Access Management) – The processes, procedures and technologies used to provide secure access to technology solutions needed by the UW-Milwaukee community. Sometimes also called Identity Management (IdM) or Identity, Access and Authorization (IAA) systems. Accomplishes the three goals of establishing an identity, storing that identity in a standard way and providing a framework to plug services into that identity repository.

Oracle IAM - A comprehensive suite of applications from Oracle Corporation to facilitate delivery of identity management services for an organization.

People Registry - UWM's local identity authoritative source. The People Registry resides in the PAWS system.
PICH - The interface between HRS and the ePantherACCOUNT People Registry residing in PAWS that replaced HRSIS in 2011.

Remote Authentication Dial-In User Service (RADIUS) - a client/server protocol that enables remote access servers to communicate with a central server to authenticate users and authorize their access to the requested system or service. RADIUS allows UWM to maintain user profiles in a central database that remote servers can share. It provides better security, allowing policies applied at a single administered network point. Having a central service also means that it's easier to track usage for security and for keeping network statistics. Eduroam uses RADIUS.
Relationship with Institution (RWI) - an attribute assignment based on the a persons functional relationship (student, staff person, non-affiliated interested party) with UW-Milwaukee.
RWI Classification Group - Collections of individual RWI's that have been grouped based on a service requirement. The collections are often used to manage access (authorization) to services.

Security Assertion Markup Language (SAML) - An XML-based format from OASIS for exchanging security information for single sign-on. The "assertions" are statements from a SAML authority that authenticate a user, confirm some attribute about the individual and grant or deny authorization. SAML provides only the message format and must be used with protocols that perform the authentication service.
System Public Visible ID (SPVID) - SPVID is a stable ID that does not change with account renames, id changes or consolidation of duplicates.

UW System IAA Identity and Access Management Services - A pair of services consisting of the IAA registry and the Authentication Hub (Auth Hub) chartered by UW System and managed by the UW-Madison DoIT Middleware Team. The IAA registry provides a consolidated identity repository for the UW System community. The Authentication Hub provides a custom federated authentication service for UW System member institutions.