Terminology

SAML
  • Security Assertion Markup Language (SAML) - Provides an open standard for XML-based confirmation of identity and transfer of identity attributes between an Identity Provider and Service Provider
  • Identity Provider (IDP) - An application with the capability to authenticate a user's identity (i.e. allow the user to login), and confirm authentication and identity attributes to a Service Provider
  • Service Provider (SP) - An application which defers to an Identity Provider for authentication of a user, and allows this user access to protected resources or capabilities based on this authentication
  • SAML Request - The structured XML message sent by the Service Provider to an Identity Provider, identifying itself and requesting authentication of the user
  • SAML Response - The XML message sent by the Identity Provider to the Service Provider identifying itself as the issuer, indicating the status of the authentication attempt, and including the SAML Assertion if this can be issued (typically signed with the Identity Provider's certificate)
  • SAML Assertion - The portion of the SAML Response which confirms identity attributes of the authenticated user

OpenID Connect

Note that terms below are specific to the OpenID Connect specific aspects of the identity exchange. For details on other elements of OAuth 2.0 relevant to OIDC, check the OAuth 2.0 terminology page.

  • OpenID Connect (OIDC) - An identity extension to the OAuth 2.0 framework which specifies a JSON Web Token structure for confirmation of identity and communication of identity attributes
  • OpenID Connect Provider (OP) - The application with the ability to authenticate a user and confirm identity attributes and authentication event information to a Relying Party. This application is playing the role of Authorisation Server in the terminology of OAuth 2.0
  • Relying Party (RP) - The application deferring to the OpenID Connect Provider for an end user's authentication and authorisation, and providing an authenticated service to the user once identity and authorisation is confirmed. This application is playing the role of Client in the terminology of OAuth 2.0
  • ID Token - The JSON Web Token (JWT) structure used to communicate identity attributes from the OpenID Connect Provider to the Relying Party
  • UserInfo Endpoint - Protected resource at the OpenID Connect Provider which will validate an access token and return authorised information about the user this token relates to