Skip to main content
Version: 1.2

Glossary of Acronyms

ADActive Directory
ALFAAbbreviated Language for Authorisation - a JSON-like policy language for defining fine-grained authorisation rules.
AMR / ACRAuthentication Methods Reference captures authentication process (e.g. MFA)
APIApplication Programming Interface
ASCIIAmerican Standard Code for Information Interchange
CACertificate Authority
CDNContent Delivery Network
CIBAClient Initiated Backchannel Authentication - a decoupled grant flow that lets the end user use their mobile device to authenticate and approve transactions.
ClaimA piece of information asserted about a subject, typically conveyed in a token. For example, an ID Token can contain a claim called mobile which asserts the subject's mobile phone number.
CSRFCross Site Request Forgery
DHEDiffie-Hellman Ephemeral
DMZDemilitarized Zone
DoSDenial of Service - an attack where the goal is to bring down service by flooding with it malformed, illegitimate requests
DDoSDistributed Denial of Service - an DoS attack launched simultaneously from a multitude of locations, to amplify the attack
DPoPDemonstrated Proof of Possession
ECDHEElliptic Curve DHE
FAPIFinancial-grade API
FHIRFast Healthcare Interoperability Resources - an HL7 standard describing data formats and elements and API for digital exchange of health information
HATEOASHypermedia As The Engine Of Application State
HEARTHealth Relationship Trust
HPPHTTP Parameter Pollution
HTTPHyperText Transfer Protocol
IETFInternet Engineering Task Force
JSONJavaScript Object Notation
JWAJSON Web Algorithm - defines the algorithm for encrypting the JWT.
JWEJSON Web Encryption - provides integrity validation and can be used with or without digital signatures
JWSJSON Web Signature
JWTJSON Web Token - designed to be compact representation of trusted information used in authentication processing
LDAPLightweight Directory Access Protocol
MACMessage Authentication Code
MFAMulti-Factor Authentication - method of confirming a user’s claimed identity by using two or more pieces of evidence from (something they know, something they have and something they are)
MTLSMutual Transport Layer Security
OAuth"Open Authorization" - Internet standard for authorization flows
OIDFOpenID Foundation
OWASPOpen Web Application Security Project
PBDPrimary Business Data
PHIProtected Health Information
PIIPersonally Identifiable Information
RAMLRest API Modelling Language
RESTRepresentative State Transfer
RFCRequest for Comments (IETF)
ROResource Owner
RSResource Server
SAMLSecurity Assertion Markup Language - legacy standard for exchange of authentication and authorisation data
SCIMSystem for Cross-domain Identity Management - a RESTful-API alternative to SPML for provisioning users
SEOSearch Engine Optimization
SLAService Level Agreement
SOAPSimple Object Access Protocol
SPMLService Provisioning Markup Language - facilitates exchange of provisioning information (creates,updates and deletes) on user objects (in an LDAP Directory for example)
SQLStructured Query Language
SSOSingle Sign On
STSSecurity Token Service
TBCTo Be Completed
TBDTo Be Done
TOTPTime-based (or HTOP -- HMAC-based) One-Time Password - second factors that can be used in authentication processes
TLSTransport Layer Security (superseded SSL)
Two-factor AuthenticationSee MFA
UMAUser-Managed Access - extends OAuth 2.0 to provide additional delegated authorisation capabilities.
URLUniform Resource Locator
URIUniform Resource Identifier
U2FUniversal 2nd Factor is an open authentication standard that can be incorporated into an API security framework
WSDLWeb Service Definition Language
WADLWeb API Description Language
XACMLeXtensible Access Control Markup Language - defines a fine-grained attribute-based access control policy language
XMLeXtensible Markup Language
XSDXML Schema Definition
YAMLYAML Ain't Markup Language