Glossary

Discover some of the common terms related to our products.

Affinidi Login Service

Affinidi Login Service is designed to make the information the developer can request and validate flexible. Leveraging OID4VP standard, Affinidi Login provides maximum flexibility, privacy, and security during the authentication flow.

Affinidi Vault Browser Extension

Affinidi Vault Browser Extension is a client application that runs in the browsers of end-users and allows them to create their identity, manage data connections and share data with 3rd party applications.

Affinidi Vault Mobile

Affinidi Vault Mobile is a mobile application that runs natively on the mobile devices like smartphones, and tablets of end-users and allows them to create their identity, manage data connections and share data with 3rd party applications.

Affinidi Desktop App

Affinidi Vault Desktop is a native desktop application for end-users and allows them to create their identity, manage data connections and share data with 3rd party applications.

API GW (API Gateway)

API management tool that sits between a client and a collection of backend services. An API gateway acts as a reverse proxy to accept all application programming interface (API) calls, aggregate the various services required to fulfill them, and return the appropriate result.

AuthN (Authentication)

The act of validating a user’s claimed identity.

AuthZ (Authorisation)

Determines what an authenticated user can see and do.

DID (Decentralised Identifier)

DIDs are a type of unique identifiers (URI) that enable entities to generate and control their identifiers in the digital world.

IAM (Identity and Access Management)

IAM is used to administer user identities and control access to enterprise resources. IAM solutions ensure the right individuals have access to the right IT resources, for the right reasons, at the right time. They are a fundamental component of a defense-in-depth security strategy and are critical for defending IT systems against cyberattacks and data loss.

IDP (Identity Provider)

A system that creates, stores, and manages digital identities. The IdP can either directly authenticate the user or can provide authentication services to third-party service providers (apps, websites, or other digital services).

ID Token

Is a response from the OIDC flow from successful authorisation of the user. It usually contains the user’s profile that is sent to the relying party to extract the information and process them based on the business logic.

JSON-LD (JSON for Linking Data)

A lightweight Linked Data format. It is easy for humans to read and write. It is based on the already successful JSON format and provides a way to help JSON data interoperate at Web-scale. JSON-LD is an ideal data format for programming environments, REST Web services, and unstructured databases such as Apache CouchDB and MongoDB.

JSONPath (JSON Path)

A query language for JSON, similar to XPath for XML. It allows you to select and extract data from a JSON document. You use a JSONPath expression to traverse the path to an element in the JSON structure.

OAuth2 (Open Authorisation 2)

A framework that allows a third-party application (called a client) to access resources from a resource server (such as an API) on behalf of a user (called a resource owner). The user grants the client a limited access token, which the client can use to request resources from the resource server. The access token is issued by an authorisation server, which verifies the identity and consent of the user. OAuth2 defines four roles (resource owner, client, resource server, and authorisation server) and four grant types (authorisation code, implicit, resource owner password credentials, and client credentials) for different scenarios of authorisation.

OIDC (OpenID Connect)

A suite of lightweight specifications that provide a framework for identity interactions via REST like APIs. Find out more about OIDC here.

OID4VP (OpenID for Verifiable Presentations)

OpenID for Verifiable Presentations extends OpenID Connect with the ability to request and present verifiable credentials as VP Token.

PEX (Presentation Exchange)

The presentation Exchange Protocol defined by Presentation Exchange Standard allows exchanging Verifiable credentials between parties.

SSO (Single Sign-On)

An authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials.

VC (Verifiable Credential)

Verifiable Credentials are tamper-evident credentials that can be verified cryptographically.

VP (Verifiable Presentation)

A verifiable presentation is the collation of credentials that you want to share with a verifier.

VP Token (Verifiable Presentation Token)

Is a response from the OpenID for VP (OID4VP) flow after successful authorisation from the user. It is a set of Verifiable Presentations from the collection of VCs shared by the user from its Vault.