Identity and Access Management Glossary

UWM has adopted the InCommon Trust Federation glossary of terms.  Below are select local or otherwise missing items from the former.

= H =

  • HRSIS - The HR to SIS interface originally developed in collaboration between the APBS implementation team and UW-Milwaukee. After the termination of the APBS project, UW-Milwaukee continued with development to deliver a solution to support the UW-Milwaukee People Registry project. 

= I =

  • IAM (Identity and Access Management) – The processes, procedures and technologies used to provide secure access to technology solutions needed by the UW-Milwaukee community. Sometimes also called Identity Management (IdM) or Identity, Access and Authorization (IAA) systems. Accomplishes the three goals of establishing an identity, storing that identity in a standard way and providing a framework to plug services into that identity repository.

= O =

  • Oracle IAM - A comprehensive suite of applications from Oracle Corporation to facilitate delivery of identity management services for an organization.

= P =

  • People Registry - UWM's local identity authoritative source. The People Registry resides in the PAWS system.
  • PICH - The interface between HRS and the ePantherACCOUNT People Registry residing in PAWS that replaced HRSIS in 2011.

= R =

  • Remote Authentication Dial-In User Service (RADIUS)  - a client/server protocol that enables remote access servers to communicate with a central server to authenticate  users and authorize their access to the requested system or service. RADIUS allows UWM to maintain user profiles in a central database that remote servers can share. It provides better security, allowing policies  applied at a single administered network point. Having a central service also means that it's easier to track usage for security and for keeping network statistics. Eduroam uses RADIUS.
  • Relationship with Institution (RWI) - an attribute assignment based on the a persons functional relationship (student, staff person, non-affiliated interested party) with UW-Milwaukee.
  • RWI Classification Group - Collections of individual RWI's that have been grouped based on a service requirement. The collections are often used to manage access (authorization) to services.

= S =

  • Security Assertion Markup Language (SAML) - An XML-based format from OASIS for exchanging security information for single sign-on. The "assertions" are statements from a SAML authority that authenticate a user, confirm some attribute about the individual and grant or deny authorization. SAML provides only the message format and must be used with protocols that perform the authentication service.

  • System Public Visible ID (SPVID) - SPVID is a stable ID that does not change with account renames, id changes or consolidation of duplicates.

= U =

  • UW System IAA Identity and Access Management Services - A pair of services consisting of the IAA registry and the Authentication Hub (Auth Hub) chartered by UW System and managed by the UW-Madison DoIT Middleware Team. The IAA registry provides a consolidated identity repository for the UW System community. The Authentication Hub provides a custom federated authentication service for UW System member institutions.