Attribute

A piece of information about an object, usually a user, supplied by an identity provider to a service provider.

Authentication & authorisation

Authentication is the checking of user credentials. In federated access the identity provider does this part. Authorisation is whether (or not) they can access a thing, and the service provider does that based on the user's scope and attributes.

Deep linking

Where a link can send the user straight to the signed-in version of a page. Sometimes called 'article level linking'

Discovery

In this case it means organisation discovery. It's the way a user accessing a service provider (SP) tells that SP which identity provider they are from. 

Entity

An identity provider or service provider within a federation. Some members have more than one entity, such as when a service provider has several products.

EntityID

The identifier of an entity within metadata. An identity provider will have one of these but may have many scopes. These usually look like a secure URI on a domain owned by the identity provider, but do not have to be a real web page - e.g:

Identity Provider (IdP)

The organisation that issues identities to its users, e.g. a library.

Metadata

Information about entities so that each end knows how to talk to each other.
A federation will publish a set of aggregated metadata that all parties can trust.

OpenAthens Redirector

When a resource supports both deep linking and wayfless access, you can use our redirector to make simple links

SAML

Security Assertion Markup Language. The standard upon which most federations work.

Scope

The identifier of an organisation or part of an organisation. It is expressed as an internet domain owned by the identity provider. Organisation parts would usually add a 'subdomain' as the thing that tells them apart.  in the OpenAthens federation it generally a number. E.g:
The scope is supplied as part of the scopedAffiliation attribute (see below)

scopedAffiliation

The friendlier name for an attribute with the charming name of urn:oid:1.3.6.1.4.1.5923.1.1.1.9. It's a user's roll, such as member, staff, student, combined with your scope. E.g:

Service provider (SP)

The resource provider that authorises entry based on the scope and attributes of the user attempting access. SP is the SAML term, but you may recognise them as vendors or publishers.

Shibboleth

An open source software developed originally by Internet2 and supported by the Shibboleth Foundation. Since federation operators can talk about it without appearing to endorse any particular supplier, they do that

targetedID

The friendlier name for urn:oid:1.3.6.1.4.1.5923.1.1.1.10. It is a pseudonymous identifier for an individual user that is consistent every time the user visits an SP but different for each separate SP

WAYFless URL

An access URL that includes the entityID of a user's IdP so that the user does not have to stop and tell the resource where they are from when signing in.