7. Glossary#
- Identity Provider (IDP)#
Instance that provides information to authenticate and authorize identities. In case of ID Broker scenarios typically an SAML or OpenID Connect IDP hosted by a school authority.
- Provisioning API#
REST API of the ID Broker which is used by school authorities to send pseudonyms and a limited set of meta information on users and groups to the ID Broker.
- School Authority#
In context of this document school authority subsumes the various institutions which serve one or several schools with IT infrastructure. That includes that the school authority holds the identity store for all learners and teachers of an environment. This can be a single School, a school authority with several schools, or an environment hosting services for a federal state. Typically these are environments hosting a UCS@school domain.
- Self-disclosure API#
REST API of the ID Broker which allows retrieval of meta information of an authorized user (focus is role of the user and the assigned learning groups). The API is derived from an API introduced by Bettermarks and sometimes referred to as Bettermarks API.
- Service Provider (SP)#
Instance that provides a service that is configured for a single sign-on with the ID Broker, typically content providers or applications for pupils and teachers.
- SSO Broker#
The main job of the SSO Broker component is to handle multiple-tenant authentication, using pseudonyms. This involves the student (or her browser) doing the login and passing authentication tokens/tickets back and forth.