Terminology
- hlf
Owned by hlf
This page defines some of the commonly used terminology throughout the Moonshot specifications and documentation.
| Term | Explanation |
|---|---|
| ABFAB | Moonshot is based on the ABFAB set of open standards, developed by the ABFAB working group of the IETF. |
| EAP | The Extensible Authentication Protocol is "an authentication framework which supports multiple authentication methods," defined by RFC 3748 and updated by RFC 5247 and RFC 7057. |
| GSS-API | The Generic Security Service Application Program Interface (GSS-API or GSSAPI) is an API for applications to use to access security services, defined as a standard by the IETF in RFC 2743. Moonshot is a GSS-API implementation and uses this API to interface between applications and the relying party. Note that GSS is not the only API supported for use within Moonshot - SASL and SSPI work as well. |
| GSS-EAP | A GSS-API Mechanism for the Extensible Authentication Protocol, as defined by the IETF in RFC 7055. EAP provides a standard to encapsulate credentials, and protect them from being read by anything but the IdP - even the RP. EAP also provides “channel bindings” (see RFC 6677) - allowing the IdP to verify the user is connecting to the RP they think they are. |
| IETF | The Internet Engineering Task Force is a standards organisation that creates and promotes internet standards. Moonshot is based on the IETF's Application Bridging for Federated Access Beyond web (abfab) working group. |
| Janet | Janet is a private, UK government-funded organisation, which provides computer network and related collaborative services to UK research and education. |
| Moonshot | Moonshot is Janet's implementation of the ABFAB standards. |
| NAI | Network Access Identifier - A standardised way of identifier a user from a particular organisation, represented as "user@realm" (e.g. johnsmith@example.com). The NAI is an IETF standard, defined in RFC 4282. |
| RADIUS | The Remote Authentication Dial In User Service (RADIUS) is a protocol that provides a centralised Authentication, Authorisation, and Accounting (AAA) system. RADIUS is an IETF standard, defined in various RFCs, including RFC 2865. Moonshot uses RADIUS, and its more secure sibling RadSec, to provide rich authentication abilities. |
| RadSec | RadSec is a variant of RADIUS that transports RADIUS datagrams over TCP and TLS, instead of UDP. RadSec is an IETF standard, defined in RFC 6684. Moonshot uses RadSec to transport credentials between a Relying Party and the Identity Provider. |
| SAML | The Security Assertion Markup Language (SAML) is an XML-based open standard data format for exchanging authentication and authorisation data between parties. SAML is a product of the OASIS Security Services Technical Committee. Moonshot uses SAML to provide rich authorisation abilities. |
| SASL | The Simple Authentication and Security Layer (SASL) is a framework for providing authentication and data security services in connection-oriented protocols via replaceable mechanisms. This technology is described in RFC 4422. |
| SPNEGO | Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) - RFC 4178 – Is this the standard used, or was Moonshot built off a derivation? |
| SSPI | The Security Support Provider Interface - Is this the best link? http://technet.microsoft.com/en-us/library/bb742535.aspx |
| TLS | Transport Layer Security (TLS) is a cryptographic protocol that is designed to provide for secure communications over a network. TLS is an IETF standard, currently defined in RFC 5246. Moonshot uses TLS to provide secure communication tunnels between entities. |
| Trust Router | The Trust Router is a trusted introducer service for federated entities that have never communicated before. |