Glossary

This page lists the definitions of a number of terms commonly used within the Athens website. An Athens 'Frequently Asked Questions' document compiled from questions asked by Athens administrators is also available online.

AAP

Athens Authentication Point. The location where users are authenticated for Athens SSO services.

administrator

An administrator is someone who controls Athens accounts. This person can be either a 'domain administrator', in which case they manage the accounts for an entire organisation, or a 'sub-administrator' delegated by a domain administrator to take responsibility for a portion of the organisation's accounts (e.g. the accounts for a single Department or School).

administration interface

The screens viewable via the web which give an Athens administrator the ability to manipulate the accounts under their control.

Athens

Developed by Eduserv with the support of JISC funding, Athens combines an online authentication service with an online service access management interface (see above). Its features are a 'single password sign-on' to multiple online services, together with a distributed management of user accounts. See http://www.athensams.net.

Athens account

An Athens account either gives users access to Athens online services (access and personal accounts), or allows an administrator to manage other Athens accounts (administrator account).

AthensDA

Athens Devolved Authentication (AthensDA) enables organisations to use their own set of usernames and passwords for access to Athens protected resources. It integrates with a local application such as a VLE or portal, or an organisation's authentication system such as an LDAP.

 

Athens agent software

Software used by a content provider to communicate with the Athens servers.

Athens domain

Refers to the organisation (college, university, health organisation, etc) who registers for the use of online services, access to which is controlled through Athens. Each domain has its domain administrator who provides top-level control and support for all users in his or her domain.

API

Application Programming Interface. It is a set of routines, protocols, and tools for building software applications. Athens provides an authentication API for close integration into proprietary services.

attribute

An attribute is a part of an Athens user record that can be set by Athens administrators, and which content providers can see when a user logs in (subject to the user's approval). Examples of attributes are: role, e.g. staff, student; department, e.g. humanities, personnel; etc.

authentication

Authentication is the process of identifying a user. Usernames and passwords are the most common method of authentication.

authorisation

The process of granting or denying access to a network resource. It allows the user access to various online services based on the user's identity.

biometrics

Authentication techniques that rely on physical characteristics that can be automatically checked (fingerprints, speech, retina, etc.)

bulk deletion

The facility provided by Athens for the removal of many accounts in one operation.

bulk upload

The facility provided by Athens for the creation, deletion and updating of many accounts and user groups in a single operation.

cascade

An online facility for Athens administrators to allocate online services to every single user at their site in one single operation.

certificate authority

An internal entity or trusted third party that issues, signs, revokes, and manages digital certificates.

Classic Athens

Classic Athens is a managed service complete with full infrastructure. It provides organisations with the tools necessary to create and manage usernames for single sign-on access to protected web resources.

credentials

Evidence or testimonials concerning the user's right to access certain systems (e.g. username, password, etc)

cipher text

Data that has been encrypted. Cipher text is unreadable until it has been converted into plain text (decrypted) with a key.

decryption

The process of transforming cipher text into readable text.

demote

An online facility for Athens administrators to move accounts within their site from one administrator to another administrator at a lower hierarchical level in the accounts tree.

DNS

Domain Name System. The Internet system of holding a distributed register of entity names. The domain is the part of the address to the right of the `@', e.g. `anytown.ac.uk'.

DSP

Data Service Provider also referred to as Content Providers. Providers of online services authenticated by Athens.

encryption

Encryption is the process of using a formula, called an encryption algorithm, to translate plain text into an incomprehensible cipher text for transmission.

expiry date

The date on which an account or a username becomes invalid. Set by an administrator for the purposes of time-controlling access to accounts - for example, for students who need access only for the duration of a summer school.

firewall

Software or hardware that creates a barrier between a trusted and an untrusted network (e.g. the Internet), allowing or forbidding data to cross the barrier based on a set of rules that an administrator has configured.

impersonating

Administrators (usually domain administrators) can 'impersonate' other administrators to whom they have delegated part of their responsibility for Athens accounts. Impersonation allows the administrators higher up the hierarchy to act as though they were the lower-level administrators, and carry out actions on that administrator's accounts.

http
Hyper-Text Transfer Protocol used by the Internet. HTTP defines how data is fetched or transmitted on the Internet and what actions should be taken by web servers and and browsers.

https

Secure Hyper-Text Transfer Protocol using SSL.

IP address

Internet Protocol Address. The unique identifier of any machine connected to the Internet. IP addresses are made up of four groups of numbers separated by points, e.g. 128.128.25.3. IP addresses are said to be 'fully-qualified' when all four groups are specified; a 'range' of IP addresses is indicated by asterisks, e.g. 128.28.25.*, meaning that the last position can be filled by any number between 0-255. Administrators must specify a host address (preferably fully-qualified) in order to gain access to this administration area. Access accounts, in turn, must have at least range of host addresses specified (e.g. 128.128.*).

JANET

The Joint Academic NETwork in the UK. The term is used to cover the different physical networks: X.25, JIPS, SuperJANET etc.

Organisation

Within Athens, a site is the name given to an organisation (college, university, health organisation, etc) registered under Athens under one sitecode.

password

A series of characters that enables a user to access specific files, computers, or programs. The password helps ensure that unauthorized users do not access the computer. Within Athens, a password together with a username (and the host address depending on the type of account) ensure that unauthorized users do not access the online services.

Permission set

An Athens permission set defines a set of online resources that users have permission to access with their Athens accounts.

PGP

Pretty Good Privacy. A set of programs for exchanging encrypted and authenticated e-mail messages and files.

private key

One of two keys used in public key cryptography. The private key is known only to the owner and is used to sign and decrypt messages.

promote

An online facility for Athens administrators to move accounts within their site from one administrator to another administrator at a higher hierarchical level in the accounts tree.

public key

One of two keys used in public key cryptography. The public key can be known to anyone and is used to verify signatures and encrypt messages.

resource

An online service (database, set of documents) which a user accesses with an Athens account.

self-registration

The process whereby a user uses an self-registration account to create his or her own personal account. Self-registration allows an administrator to provide the potential of access to Athens, which can be taken up by the user on a need basis.

Shibboleth

Shibboleth is an architecture that enables organisations to build single sign-on environments that allow users to access web-based resources using a single login. Shibboleth uses open standards (such as SAML) and was developed by the Internet2 middleware group.

SSL

Secure Sockets Layer. A protocol developed by Netscape that enables secure transactions via the Internet. URLs that require an SSL connection start with https: instead of 'http:'.

SSO

Single Sign On. The user only needs to login once to access various services.

URL

Uniform Resource Locator. The global address of documents and other resources on the web, e.g. http://www.athensams.net. The first part indicates the protocol to be used (http) and the second part shows the domain where the document is located.

user group

A collection of Athens accounts. Grouping of accounts is useful since it allows changes to be made to all accounts in the group in one operation.

username

The unique name which identifies each account under Athens. Note that a username may not necessarily be owned by one person alone: access accounts provide, under one username, the potential to create many more accounts (the total number is set by the administrator who creates such an account).