Getting your Geneva Terms Straight

| | Comments (0) | TrackBacks (1)
As someone just getting started with Geneva Framework, I have had to learn out a lot of new terms.  The curve associated with this is steepened by the fact that many of the terms used in the framework, WS-Trust, and WS-Federation are synonyms of each other.  In some cases, the two standards refer to the same things differently (different authors, publication dates, knowledge bases, etc.).  Because the Geneva Framework has support for both protocols, it uses terms from each and even creates new, generic ones to describe shared notions.  For example, WS-Federation uses the word realm (and wtrealm) when speaking about the relying party to which a security token is being requested of the STS.  Conversely, the WS-Trust spec uses the term AppliesTo for this idea.  Geneva Framework uses these is some places and also uses the more generic term scope to convey this concept.  This overloading of terms takes some time and digging to wrap your head around.  To help with that, I present my best understanding of some of the different terms you'll encounter when working with the Geneva Framework. 

  • ActAs - An optional element that can be included in an RST to indicate to the STS that claims are being requested by a subject who is acting as someone else.  The result is the ability to delegate authority to another party.
  • AppliesTo - The URI of the relying party which is used to check that the requested security token is to be created for a trusted RP.
  • Audience URI - The name of the party that is the meant to receive an issued token.  It is used to determine if a token is intended for the receiver or not.  This is sometimes called the audience restriction condition as well.
  • Claim - An assertion made by an issuer about a subject as a triple {A, B, C} where A is the dialect, B is the claim type (a unique string that's typically a URI), and C is the right or claim value.
  • OnBehalfOf - An optional element of an RST that indicates that the requestor is making the request on behalf of another.
  • Realm - A term that comes from WS-Federation that means the same things as AppliesTo (from WS-Trust)
  • Scope - A generic term that means the same thing as AppliesTo (from WS-Trust) and realm and wtrealm (from WS-Federation).

This isn't all of the terms you'll run into, but it's a start.  I'll add more, like proof key, as I figure them out.