Glossary #

RBAC: Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an enterprise

ABAC: Attribute-based access control, also known as policy-based access control for IAM, defines an access control paradigm whereby access rights are granted to users through the use of policies that combine attributes.
UBAC: User-based access control.
Key-tree: A tree that just contains keys, but does not provide any value for keys.
Organization-tree (org-tree): Hierarchy of the organization roles and permissions that we want to use to limit access.
Realm: An entity to isolate resources, roles, and policies for each service.
Role: An entity to store a group of resources in it and assign to users.
User: An entity to store real user’s data.
Subject: A user or Non-person entity that has access to some resources.
Resource: An entity that we want to check if the subject (e.g., user) has permission to it.
Policy: A rule that we create to specify if a user has permission to some resources.
Scope: Actions that users can do on resources are specified by scopes. E.g., edit, delete, or view.
Service: A service on the Shield platform (to isolate resources, roles and policies).
ServiceAccount: An account type that we create for services (It’s just a type of Subject that requests resources).
id_token: The token which contains user info and generate as a result of openID flow.
access_token: The token which generate for authentication and authorization as a result of OAuth2 flow.
refresh_token: The token which we can use to refresh to access_token.