| AD | Active Directory |
| ALFA | Abbreviated Language for Authorisation - a JSON-like policy language for defining fine-grained authorisation rules. |
| AMR / ACR | Authentication Methods Reference captures authentication process (e.g. MFA) |
| API | Application Programming Interface |
| ASCII | American Standard Code for Information Interchange |
| CA | Certificate Authority |
| CDN | Content Delivery Network |
| CIBA | Client Initiated Backchannel Authentication - a decoupled grant flow that lets the end user use their mobile device to authenticate and approve transactions. |
| Claim | A piece of information asserted about a subject, typically conveyed in a token. For example, an ID Token can contain a claim called mobile which asserts the subject's mobile phone number. |
| CSRF | Cross Site Request Forgery |
| DHE | Diffie-Hellman Ephemeral |
| DMZ | Demilitarized Zone |
| DoS | Denial of Service - an attack where the goal is to bring down service by flooding with it malformed, illegitimate requests |
| DDoS | Distributed Denial of Service - an DoS attack launched simultaneously from a multitude of locations, to amplify the attack |
| DPoP | Demonstrated Proof of Possession |
| ECDHE | Elliptic Curve DHE |
| FAPI | Financial-grade API |
| FIDO | See U2F |
| FHIR | Fast Healthcare Interoperability Resources - an HL7 standard describing data formats and elements and API for digital exchange of health information |
| HATEOAS | Hypermedia As The Engine Of Application State |
| HEART | Health Relationship Trust |
| HPP | HTTP Parameter Pollution |
| HTOP | See TTOP |
| HTTP | HyperText Transfer Protocol |
| IETF | Internet Engineering Task Force |
| JSON | JavaScript Object Notation |
| JWA | JSON Web Algorithm - defines the algorithm for encrypting the JWT. |
| JWE | JSON Web Encryption - provides integrity validation and can be used with or without digital signatures |
| JWK | JSON Web Key |
| JWS | JSON Web Signature |
| JWT | JSON Web Token - designed to be compact representation of trusted information used in authentication processing |
| LDAP | Lightweight Directory Access Protocol |
| MAC | Message Authentication Code |
| MFA | Multi-Factor Authentication - method of confirming a user’s claimed identity by using two or more pieces of evidence from (something they know, something they have and something they are) |
| MTLS | Mutual Transport Layer Security |
| OAuth | "Open Authorization" - Internet standard for authorization flows |
| OIDF | OpenID Foundation |
| OWASP | Open Web Application Security Project |
| PBD | Primary Business Data |
| PHI | Protected Health Information |
| PII | Personally Identifiable Information |
| RAML | Rest API Modelling Language |
| REST | Representative State Transfer |
| RFC | Request for Comments (IETF) |
| RO | Resource Owner |
| RS | Resource Server |
| SAML | Security Assertion Markup Language - legacy standard for exchange of authentication and authorisation data |
| SCIM | System for Cross-domain Identity Management - a RESTful-API alternative to SPML for provisioning users |
| SEO | Search Engine Optimization |
| SLA | Service Level Agreement |
| SOAP | Simple Object Access Protocol |
| SPML | Service Provisioning Markup Language - facilitates exchange of provisioning information (creates,updates and deletes) on user objects (in an LDAP Directory for example) |
| SQL | Structured Query Language |
| SSO | Single Sign On |
| STS | Security Token Service |
| TBC | To Be Completed |
| TBD | To Be Done |
| TOTP | Time-based (or HTOP -- HMAC-based) One-Time Password - second factors that can be used in authentication processes |
| TLS | Transport Layer Security (superseded SSL) |
| Two-factor Authentication | See MFA |
| UMA | User-Managed Access - extends OAuth 2.0 to provide additional delegated authorisation capabilities. |
| URL | Uniform Resource Locator |
| URI | Uniform Resource Identifier |
| U2F | Universal 2nd Factor is an open authentication standard that can be incorporated into an API security framework |
| WSDL | Web Service Definition Language |
| WADL | Web API Description Language |
| XACML | eXtensible Access Control Markup Language - defines a fine-grained attribute-based access control policy language |
| XML | eXtensible Markup Language |
| XSD | XML Schema Definition |
| YAML | YAML Ain't Markup Language |