7. Glossary#

School Authority#: In context of this document School Authority subsumes the various institutions which serve one or several schools with IT infrastructure, which includes that the School Authority holds the Identity Store for all learners and teachers of an environment. This can be a single School, a School Authority with several schools, or an environment hosting services for a federal state. Typically these are environments hosting a UCS@school domain.
Identity Provider (IDP)#: Instance that provides information to authenticate and authorize identities. In case of ID Broker scenarios typically an SAML or OpenID Connect IDP hosted by a School Authority.
Service Provider (SP)#: Instance that provides a service that are configured for an Single Sign-On with the ID Broker, typically content providers or applications for pupils and teachers.
Provisioning API#: REST API of the ID Broker which is used by School Authorities to push pseudonyms and a limited set of meta information of users and groups to the ID Broker.
Self-disclosure API#: REST API of the ID Broker which allows retrieval of meta information of an authorized user (focus is role of the user and the assigned learning groups). The API is derived from an API introduced by Bettermarks and sometimes referred to as “Bettermarks API”.

ID Broker operations manual