This page reviews commonly referred to words and acronyms and attempts to explain them in a simple manner without deprecating their meaning. The list is amended on an ad hoc basis and by request. Please send us feedback!
CA = Common acronym for “Certification Authority”.
Certificate = A digitally signed data structure. Typically an x509 public key.
Certification Authority – An entity that issues (digitally signs) certificates.
CMS = Card Management System is a server that is purpose-built with key capabilities to issue and manage smart cards and their respective attributes in a secure and efficient manner.
CP = Certificate Policy. A names set of rules that indicates the applicability of a certificate to a particular community or class of applications with a common security requirement.
CPS = Certificate Practice Statement. An artifact that is a detailed description of practices to define how a CA achieves its CP.
FBCA = Federal Bridge Certification Authority facilitates interoperability between the PKIs of the U.S. Federal Government and other Entity PKI domains.
FICAM = Federal Identity Credential Access Management.
FIPS201 = A large volume of prescriptive technical and policy standards that define implementation of Federal infrastructure, deployment, and approach to information processing. See NIST.
FRAC = First Responder Access Card. A variation of PIV-I card specifically for the emergency response community. Applies to a broad range of police, fire, and health professionals, See PIV-I
HSPD12 = Homeland Security Presidential Directive. Called for common strong identity throughout the Federal Government in the wake of 9/11 to enable trust and efficiency.
IAF = Identity Application Framework. A set of working certifiable specifications that enables the utilization, acceptance and interoperability between various IdP’s, LOA’s, and relying parties. See Kantara
IDM = Identity Management System. Sometimes referred to as an IDMS. An application, or set of applications used to manage digital identity authoritative sources, provision, apply rules and workflows, and policies related to one’s identity. In the authentication world, this is sometimes referenced as (or confused with) a CMS, although they are not the same.
idP = Identity Provider. An entity that issues credentials.
Kanatara Initiative = An open working group of identity experts focused on solving complex and disparate identity ecosystems and standards into a flexible interoperable approach across industries entities. See IAF.
LOA = Level of Assurance. Levels 1-4 as defined by NIST, is a trust paradigm by which relying parties can request a certain level of assurance of who someone is and to what degree the person proves it, by presenting a credential that matches the LOA requirement. A credential attains an LOA at the time of issuance. For example a Level 4 credential is issued via a strictly defined policy by NIST (and the issuer certified) and therefore all relying parties that require LOA-4 can be assured that any credential issued externally that meets these requirements can be trusted as such. Lower levels of assurance have fewer policies and less trust to varying degrees. See NSTIC for other Levels.
Medium Hardware = A device form factor that has a certificate stored within it whereby that certificate has been issued by a CA that trusted by the Federal Bridge (FBCA). However, the device itself may not meet requirements of other government specifications and overall issuance such as PIV-I.
NIST = National Institute of Standards & Technology. Standards definition body for the U.S. Federal Government (has defined FIP201, PIV, etc.).
PACS = Physical Access Control System. An authorization system for using building access cards.
PIDS = An effort by the Kantara Initiative to develop a patient identity architecture model.
PIN = Personal Identification Number
PIV = Personal Identity Verification. Prescriptive standards defined by NIST that meets FIPS201 standards for issuing high-level assurance identity cards for use of Federal Employees or contractors to Federal systems.
PIV-I = “I” for Interoperable, referring to a PIV card that is not issued by the Federal Government, rather an “NFI” (non-federal issuer). Such instances may be a government contractor organization that has chosen to setup its own issuance infrastructure that complies with and is certified to the same specifications as PIV and can therefore be trusted. The card is basically the same with the exception of a few low level differences in keys and OID. While trusted, it does not mean it has the same exact privileges to the same systems as a PIV Card. See OID
PKI = Public Key Infrastructure
S/MIME = Secure Multipurpose Internet Mail Extensions
SaaS = Software-as-a-service
SCIP = Statewide Communications Interoperability Plans. http://www.safecomprogram.gov
SHA1 = Secure Hash Algorithm 1. Federal Government has mandated that it be phased out from issuance and usage, and transition to SHA2 which has created compatibility challenges with legacy infrastructure and has therefore created a stopgap approach by setting up a separate SHA1 FBCA until December 21, 2013. Outside of the Federal Government, this will be a problem, and support for both SHA1 and SHA2 should be accommodated beyond Federal standards to leverage, rather than replace, internal agency legacy infrastructure.
SHA-256 = (“SHA2”). Secure Hash Algorithm 2/256-bit
NSTIC = National Strategy for Trusted Identities in Cyberspace = Is a steering group directed by the EOP (Executive Office of the President) to create policies for a working open ecosystem by which various LOA’s can be generated and accepted across the Internet between common citizens and relying parties. Core to this approach is to enable private entities issue credentials, citizens to reuse them, and relying parties accept/leverage them by referring to an LOA model that also incorporates lower assurance for a variety of applications, commerce, and transactions.
OCSP = Online Certificate Status Protocol. Checks the validity of a certificate.
OID = Object Identifier. A numerical value embedded in a certificate that enables programs to determine whether a certificate is valid for a particular use. As in PIV and PIV-I, they have different OIDs.
OTP = One-Time Password (Token). Generated code that can be used for authentication (password). The next generated code is uniquely different from the previous and is conceptually not predictable. Beneficial in that they can be used in the same paradigm as passwords but on the downside cannot perform crypto and have limited trust models.