Identity and Access Management Glossary
UWM has adopted the InCommon Trust Federation glossary of terms. Below are select local or otherwise missing items from the former.
= H =
- HRSIS - The HR to SIS interface originally developed in collaboration between the APBS implementation team and UW-Milwaukee. After the termination of the APBS project, UW-Milwaukee continued with development to deliver a solution to support the UW-Milwaukee People Registry project.
= I =
- IAM (Identity and Access Management) – The processes, procedures and technologies used to provide secure access to technology solutions needed by the UW-Milwaukee community. Sometimes also called Identity Management (IdM) or Identity, Access and Authorization (IAA) systems. Accomplishes the three goals of establishing an identity, storing that identity in a standard way and providing a framework to plug services into that identity repository.
= O =
- Oracle IAM - A comprehensive suite of applications from Oracle Corporation to facilitate delivery of identity management services for an organization.
= P =
- People Registry - UWM's local identity authoritative source. The People Registry resides in the PAWS system.
- PICH - The interface between HRS and the ePantherACCOUNT People Registry residing in PAWS that replaced HRSIS in 2011.
= R =
- Remote Authentication Dial-In User Service (RADIUS) - a client/server protocol that enables remote access servers to communicate with a central server to authenticate users and authorize their access to the requested system or service. RADIUS allows UWM to maintain user profiles in a central database that remote servers can share. It provides better security, allowing policies applied at a single administered network point. Having a central service also means that it's easier to track usage for security and for keeping network statistics. Eduroam uses RADIUS.
- Relationship with Institution (RWI) - an attribute assignment based on the a persons functional relationship (student, staff person, non-affiliated interested party) with UW-Milwaukee.
- RWI Classification Group - Collections of individual RWI's that have been grouped based on a service requirement. The collections are often used to manage access (authorization) to services.
= S =
- Security Assertion Markup Language (SAML) - An XML-based format from OASIS for exchanging security information for single sign-on. The "assertions" are statements from a SAML authority that authenticate a user, confirm some attribute about the individual and grant or deny authorization. SAML provides only the message format and must be used with protocols that perform the authentication service.
- System Public Visible ID (SPVID) - SPVID is a stable ID that does not change with account renames, id changes or consolidation of duplicates.
= U =
- UW System IAA Identity and Access Management Services - A pair of services consisting of the IAA registry and the Authentication Hub (Auth Hub) chartered by UW System and managed by the UW-Madison DoIT Middleware Team. The IAA registry provides a consolidated identity repository for the UW System community. The Authentication Hub provides a custom federated authentication service for UW System member institutions.