Glossary
The official definitions of the terms and abbreviation used in the contents of the HKAF website and documents are summarized in the following table:
| Term /Abbreviation | Definition |
| Agent | The organization operating the Identity Provider (IdP) on behalf of the Home Organization, if applicable. |
| Assertion | A digital statement issued by an IdP, derived from the Digital Identity of an End User. Typically an Assertion is digitally signed and optionally encrypted. |
| Attribute | The End User's personal data as managed by the Home Organization or its Agent, such as (but not limited to) name, e-mail and role in the Home Organization. |
| Attribute Authority | An organization responsible for managing additional Attributes for an End User of a Home Organization. |
| Authentication | Process of proving the identity of a previously registered End User. |
| Authorization | Process of granting or denying access rights to a service for an authenticated End User. |
| Core Attributes | A set of Attributes selected by the Federation that all Home Organizations are REQUIRED to collect or generate for their IdPs. |
| Data Protection Profile | The Data Protection Profile defines the rules that Federation Members SHALL adhere to for their Service Providers wanting to receive via the Federation End Users' Attributes from their Home Organizations or their Agent and /or Attribute Authority for providing access to the protected resources or services. |
| Digital Identity | A set of information that is attributable to an End User. Digital identity consists of Attributes. It is issued and managed by a Home Organization and zero or more Attribute Authorities on the basis of the identification of the End User. |
| End User | Any natural person affiliated with a Home Organization, e.g. as an employee, researcher or student, making use of the service of a Service Provider. |
| Federation | The Hong Kong Access Federation (HKAF). |
| Federation Member | An organization that has joined the Federation by agreeing to be bound by the Federation Policy in writing. Within the federation framework, a Federation Member can act as a Home Organization and /or a Service Provider Organization and/or an Attribute Authority. |
| Federation Operator | The organization managing the day-to-day operations of the Federation, operating the central components and acting as a competence centre. |
| Federation Technology Profile | The federation technology profile specifies how to use the subsets of the specifc federation technology in the context of the HKAF Federation. |
| HKAF Community Group | The group consisting of representatives from all HKAF Federation Members, which is an information channel and provides an opportunity for discussion and feedback on operational or technical issues. |
| HKAF Operator Team | The group consisting of representatives from core members of the Joint Universities Computer Centre Ltd. (JUCC) and appointed by the JUCC Steering Committee, taking up the role of the Federation Operator. |
| HKAF Steering Committee | The governance body of HKAF which is appointed by the Steering Committee of the Joint Universities Computer Centre Ltd. (JUCC) |
| Home Organization | The organization with which an End User is affiliated. It is responsible for authenticating the End User and managing End Users’ digital identity data. |
| Identity Assurance Profile | An Identity Assurance Profile defines the requirements to a Home Organization regarding the Digital Identities it manages and about which its IdP issues Assertions. |
| Identity Management | Process of issuing and managing End Users’ digital identities. |
| Identity Provider (IdP) | The system component that issues Attribute assertions on behalf of End Users who use them to access the services of Service Providers. |
| Identity Provider Management Standard | The Identity Provider Management Standard sets the rules that Federation Members MUST adhere to for their Identity Providers connected to the Federation. |
| Interfederation | Voluntary collaboration of two or more Access (or Identity) Federations to enable End Users in one Access Federation to access services of a SP registered in another Access Federation. |
| Joint Universities Computer Centre Ltd. (JUCC) | The legal entity that owns the HKAF Federation, enters into agreements with Federation Members, appoints the HKAF Steering Committee, Federation Operator and determines the subscription fees. |
| Metadata | The Metadata contains technical details and descriptive information about the IdPs and SPs. For interoperability in a specific context, the Metadata format definition is part of a Federation Technology Profile. |
| Personal Data | Any information relating to an identified or identifiable natural or legal person, if applicable. |
| Service Provider (SP) | The system component which offers the desired service to the End User. It evaluates the authentication outcome and attributes that the IdP of the Home Organization and /or Attribute Authority asserts for the End User for controlling access to the protected services /resources. |
| Service Provider Management Standard | The Service Provider Management Standard sets the rules that HKAF Federation Members that MUST adhere to for their Service Providers connected to HKAF. |
| Service Provider Organization | An organization that is responsible for offering the End User the service he or she desires to use. It may rely on the authentication outcome and attributes that Home Organizations and Attribute Authorities assert for its End Users to its SP. |