Previous section.

X/Open Single Sign-on Service (XSSO) -<br> Pluggable Authentication Modules

X/Open Single Sign-on Service (XSSO) -
Pluggable Authentication Modules
Copyright © 1997 The Open Group


access control

The prevention of unauthorized use of a resource including the prevention of use of a resource in an unauthorized manner (see ISO/IEC 7498-2).

access control information

(ACI) - any information used for access control purposes, including contextual information (see ISO/IEC 10081-3).

access control policy

The set of rules that define the conditions under which an access may take place (see ISO/IEC 10081-3).


The property that ensures that the actions of an entity may be traced to that entity (see ISO/IEC 7498-2).


Access control information.


Access control list.


The operations and operands that form part of an attempted access (see ISO/IEC 10081-3).

active threat

The threat of a deliberate unauthorized change to the state of the system

administrative security information

Persistent information associated with entities; it is conceptually stored in the Security Management Information Base. Examples are:


Application Programming Interface.

The interface between the application software and the application platform, across which all services are provided.

The application programming interface is primarily in support of application portability, but system and application interoperability are also supported by a communication API (see POSIX.0).


Explicit statement in a system security policy that security measures in one security domain constitute an adequate basis for security measures (or lack of them) in another (see CESG Memo).


See Security Audit (see ISO/IEC 7498-2).

audit authority

The manager responsible for defining those aspects of a security policy applicable to maintaining a security audit (see ISO/IEC 10081-7).

audit trail

See Security Audit Trail (see ISO/IEC 7498-2).

authenticated identity

An identity of a principal that has been assured through authentication (see ISO/IEC 10081-2).


Verify claimed identity; see data origin authentication, and peer entity authentication (see ISO/IEC 7498-2).

authentication certificate

Authentication information in the form of a security certificate which may be used to assure the identity of an entity guaranteed by an authentication authority (see ISO/IEC 10081-2).

authentication exchange

A sequence of one or more transfers of exchange authentication information (AI) for the purposes of performing an authentication (see ISO/IEC 10081-2).

authentication information (AI)

Information used to establish the validity of a claimed identity (see ISO/IEC 7498-2).

authentication initiator

The entity which starts an authentication exchange (see ISO/IEC 10081-2).

authentication method

Method for demonstrating knowledge of a secret. The quality of the authentication method, its strength is determined by the cryptographic basis of the key distribution service on which it is based. A symmetric key based method, in which both entities share common authentication information, is considered to be a weaker method than an asymmetric key based method, in which not all the authentication information is shared by both entities.


The granting of rights, which includes the granting of access based on access rights (see ISO/IEC 7498-2).

authorization policy

A set of rules, part of an access control policy, by which access by security subjects to security objects is granted or denied. An authorization policy may be defined in terms of access control lists, capabilities or attributes assigned to security subjects, security objects or both (see ECMA TR/46).


The property of being accessible and usable upon demand by an authorized entity (see ISO/IEC 7498-2).

claim authentication information

(Claim AI) - information used by a claimant to generate exchange AI needed to authenticate a principal (see ISO/IEC 10081-2).

clear text

Intelligible data, the semantic content of which is available (see ISO/IEC 7498-2).


These operations occur between a pair of communicating independent peer processes. The peer process initiating a service request is termed the client. The peer process responding to a service request is termed the server. A process may act as both client and server in the context of a set of transactions.


The property that information is not made available or disclosed to unauthorized individuals, entities, or processes (see ISO/IEC 7498-2).

contextual information

Information derived from the context in which an access is made (for example, time of day) (see ISO/IEC 10081-3).

corporate security policy

The set of laws, rules and practices that regulate how assets including sensitive information are managed, protected and distributed within a user organization (see ITSEC).


The deployment of a set of security services to protect against a security threat.


Data that is transferred to establish the claimed identity of an entity (see ISO/IEC 7498-2).

data integrity

The property that data has not been altered or destroyed in an unauthorized manner (see ISO/IEC 7498-2).

data origin authentication

The corroboration that the entity responsible for the creation of a set of data is the one claimed.

denial of service

The unauthorized prevention of authorized access to resources or the delaying of time-critical operations (see ISO/IEC 7498-2).

digital fingerprint

A characteristic of a data item, such as a cryptographic checkvalue or the result of performing a one-way hash function on the data, that is sufficiently peculiar to the data item that it is computationally infeasible to find another data item that possesses the same characteristics (see ISO/IEC 10081-1).

digital signature

Data appended to, or a cryptographic transformation (see cryptography) of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery for example, by the recipient (see ISO/IEC 7498-2).

discretionary access control

A discretionary authorization scheme is one under which any principal using the domain services may be authorized to assign or modify ACI such that he may modify the authorizations of other principals under the scheme. A typical example is an ACL scheme which is often referred to as Discretionary Access Control (DAC).

distinguishing identifier

Data that unambiguously distinguishes an entity in the authentication process. Such an identifier shall be unambiguous at least within a security domain (see ISO/IEC 10081-2).

distributed application

A set of information processing resources distributed over one or more open systems which provides a well-defined set of functionality to (human) users, to assist a given (office) task (see ECMA TR/46).

exchange authentication information

(Exchange AI) - information exchanged between a claimant and a verifier during the process of authenticating a principal (see ISO/IEC 10081-2).


The assignment of a name by which an entity can be referenced. The entity may be high level (such as a user) or low level (such as a process or communication channel.

identity-based security policy

A security policy based on the identities or attributes of users, a group of users, or entities acting on behalf of the users and the resources or targets being accessed (see ISO/IEC 7498-2).


An entity (for example, human user or computer based entity) that attempts to access other entities (see ISO/IEC 10081-3).


See Data Integrity (see ISO/IEC 7498-2).


The unauthorized pretence by an entity to be a different entity (see ISO/IEC 7498-2).

non-discretionary access control

A non-discretionary authorization scheme is one under which only the recognized security authority of the security domain may assign or modify the ACI for the authorization scheme such that the authorizations of principals under the scheme are modified.

off-line authentication certificate

A particular form of authentication information binding an entity to a cryptographic key, certified by a trusted authority, which may be used for authentication without directly interacting with the authority (see ISO/IEC 10081-2).

on-line authentication certificate

A particular form of authentication information, certified by a trusted authority, which may be used for authentication following direct interaction with the authority (see ISO/IEC 10081-2).

operational security information

Transient information related to a single operation or set of operations within the context of an operational association, for example, a user session. Operational security information represents the current security context of the operations and may be passed as parameters to the operational primitives or retrieved from the operations environment as defaults.

organizational security policy

Set of laws, rules, and practices that regulates how an organization manages, protects, and distributes sensitive information (see Federal Criteria).


Confidential authentication information, usually composed of a string of characters (see ISO/IEC 7498-2).

peer-entity authentication

The corroboration that a peer entity in an association is the one claimed (see ISO/IEC 7498-2).

physical security

The measures used to provide physical protection of resources against deliberate and accidental threats (see ISO/IEC 7498-2).

platform domain

A security domain encompassing the operating system, the entities and operations it supports and its security policy.


See security policy (see ISO/IEC 7498-2).

primary service

An independent category of service such as operating system services, communication services and data management services. Each primary service provides a discrete set of functionality. Each primary service inherently includes generic qualities such as usability, manageability and security.

Security services are therefore not primary services but are invoked as part of the provision of primary services by the primary service provider.


An entity whose identity can be authenticated (see ISO/IEC 10081-2).


The right of individuals to control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.
because this term relates to the right of individuals, it cannot be very precise and its use should be avoided except as a motivation for requiring security (see ISO/IEC 7498-2).

quality of protection

A label that implies methods of security protection under a security policy. This normally includes a combination of integrity and confidentiality requirements and is typically implemented in a communications environment by a combination of cryptographic mechanisms.


Denial by one of the entities involved in a communication of having participated in all or part of the communication (see ISO/IEC 7498-2).

rule-based security policy

A security policy based on global rules imposed for all users. These rules usually rely on a comparison of the sensitivity of the resources being accessed and the possession of corresponding attributes of users, a group of users, or entities acting on behalf of users (see ISO/IEC 7498-2).


A cryptographic checkvalue that supports integrity but does not protect against forgery by the recipient (that is, it does not support non-repudiation). When a seal is associated with a data element, that data element is sealed (see ISO/IEC 10081-1).

secondary discretionary disclosure

An example of the misuse of access rights. It occurs when a principal authorized to access some information copies that information and authorizes access to the copy by a second principal who is not authorized to access the original information.

secret key

In a symmetric cryptographic algorithm the key shared between two entities (see ISO/IEC 10081-1).

secure association

An instance of secure communication (using communication in the broad sense of space and/or time) which makes use of a secure context.

secure context

The existence of the necessary information for the correct operation of the security mechanisms at the appropriate place and time.

secure interaction policy

The common aspects of the security policies in effect at each of the communicating application processes (see CESG Memo).

security architecture

A high level description of the structure of a system, with security functions assigned to components within this structure (see CESG Memo).

security attribute

A security attribute is a piece of security information which is associated with an entity.

security audit

An independent review and examination of system records and operations in order to test for adequacy of system controls, to ensure compliance with established policy and operational procedures, to detect breaches in security and to recommend any indicated changes in control, policy and procedures (see ISO/IEC 7498-2).

security audit trail

Data collected and potentially used to facilitate a security audit (see ISO/IEC 7498-2).

security auditor

An individual or a process allowed to have access to the security audit trail and to build audit reports (see ISO/IEC 10081-7).

security aware

The caller of an API that is aware of the security functionality and parameters which may be provided by an API.

security certificate

A set of security-relevant data from an issuing security authority that is protected by integrity and data origin authentication, and includes an indication of a time period of validity (see ISO/IEC 10081-1).
All certificates are deemed to be security certificates (see the relevant definitions in 7498-2). The term "security certificate" is adopted in order to avoid terminology conflicts with [X.509 | ISO 9594-8] (that is, the directory authentication standard). [ISO/IEC CD 10181-1:Dec 1992]

security domain

A set of elements, a security policy, a security authority and a set of security-relevant operations in which the set of elements are subject to the security policy, administered by the security authority, for the specified operations (see ISO/IEC 10081-1).

security event manager

An individual or process allowed to specify and manage the events which may generate a security message and to establish the action or actions to be taken for each security message type (see ISO/IEC 10081-7).

security label

The marking bound to a resource (which may be a data unit) that names or designates the security attributes of that resource (see ISO/IEC 7498-2).
The marking may be explicit or implicit.

security policy

The set of criteria for the provision of security services (see also identity-based and rule-based security policy).

security service

A service which may be invoked directly or indirectly by functions within a system that ensures adequate security of the system or of data transfers between components of the system or with other systems.

security state

State information that is held in an open system and which is required for the provision of security services.

security token

A set of security-relevant data that is protected by integrity and data origin authentication from a source that is not considered a security authority (see ISO/IEC 10081-1).

security unaware

The caller of an API that is unaware of the security functionality and parameters which may be provided by an API.

service domain

A security domain encompassing an application, the entities and operations it supports and its security policy.


See digital signature (see ISO/IEC 7498-2).

strength of mechanism

An aspect of the assessment of the effectiveness of a security mechanism, namely the ability of the security mechanism to withstand direct attack against deficiencies in its underlying algorithms, principles and properties (see ITSEC).

system security function

A capability of an open system to perform security-related processing (see CESG Memo).


An entity to which access may be attempted (see ISO/IEC 10081-3).


A potential violation of security (see ISO/IEC 7498-2).
An action or event that might prejudice security (see ITSEC).

trap door

A hidden software or hardware mechanism that permits system protection mechanisms to be circumvented. It is activated in some non-apparent manner (for example, special "random" key sequence at a terminal) (see TCSEC).

trojan horse

Computer program containing an apparent or actual useful function that contains additional (hidden) functions that allow unauthorized collection, falsification or destruction of data (see Federal Criteria).


A relationship between two elements, a set of operations and a security policy in which element X trusts element Y if and only if X has confidence that Y behaves in a well defined way (with respect to the operations) that does not violate the given security policy (see ISO/IEC 10081-1).

trusted computing base (TCB)

The totality of protection mechanisms within an IT system, including hardware, firmware, software and data, the combination of which is responsible for enforcing the security policy.

trusted functionality

That which is perceived to be correct with respect to some criteria, for example, as established by a security policy (see ISO/IEC 7498-2).

trusted path

Mechanism by which a person using a terminal can communicate directly with the TCB (see Federal Criteria).
Trusted path can only be activated by the person or the TCB and cannot be imitated by untrusted software.

trusted third party

A security authority or its agent, trusted by other entities with respect to security-related operations (see ISO/IEC 10081-1).

verification AI

Information used by a verifier to verify an identity claimed through exchange AI (see ISO/IEC 10081-2).


An entity which is or represents the entity requiring an authenticated identity. A verifier includes the functions necessary for engaging in authentication exchanges (see ISO/IEC 10081-2).


Weakness in an information system or components (for example, system security procedures, hardware design, internal controls) that could be exploited to produce an information-related misfortune (see Federal Criteria).
Why not acquire a nicely bound hard copy?
Click here to return to the publication details or order a copy of this publication.

Contents Index