Are you showing signs of Credentialitis? Get diagnosed and treated →

TRY AEMBIT

KEY CONCEPTS RELATED TO Workload iam

Non-Human Identity Terms: A to Z Glossary

Looking for a straightforward rundown of non-human workload IAM-related terms, from the basic to the advanced? You’re in the right place. We’ve compiled a glossary that covers everything related to secure systems design, identity management, and data protection – from “A”ccess control to “Z”ero Trust.

Whether you’re looking to mature your workload IAM strategy or just need a quick reference or refresher, this glossary is here to make sure you have the precise terminology at your fingertips.

Categories:

No Glossary Found

Token Forging

NHI security threats
A technique where attackers create or manipulate authentication tokens to gain unauthorized access to systems or services. By forging tokens, attackers can impersonate legitimate non-human identities, bypass authentication controls, and escalate privileges within an environment. Proper validation, short token lifespans, and cryptographic integrity checks help mitigate this risk.

Trust Provider

IAM concepts
A Trust Provider is a component that verifies the identity of workloads (applications, services) using cryptographically verifiable methods, such as certificates. Trust Providers are used to ensure that only verified and trusted workloads can access sensitive resources or other services.

Trust Relationship

Security concepts
A mutual agreement or configuration between identity providers and service providers that establishes trust and enables federated identity management. Trust relationships define the rules and protocols for exchanging identity tokens, assertions, and attributes securely.

Two-Factor Authentication (2FA)

Security concepts
An authentication method that requires users to provide two forms of verification to access an account or system. Password managers and vaults often support 2FA to enhance security by requiring an additional factor, such as a code from a mobile app or a hardware token.

Universal Identity and Access Management (IAM)

Identity types
Universal IAM refers to a unified approach to identity and access management that spans multiple environments, platforms, and services. This can also unify user and non-human identities. It enables organizations to manage identities and access controls consistently across on-premises, cloud, and hybrid environments, providing seamless identity lifecycle management and access governance.

Vault

Identity types
A secure repository or container used to store and manage sensitive information, such as passwords, cryptographic keys, certificates, and API tokens. Vaults employ encryption and access control mechanisms to safeguard stored data from unauthorized access or disclosure.

Workload

Identity types
A specific task, application, or process running on a machine or within a computing environment, often associated with cloud-based or distributed systems.

Workload Identity Federation (WIF)

Identity types
Workload Identity Federation allows workloads running in one environment (e.g., on-premises or a third-party cloud) to authenticate and access resources in another environment (e.g., public cloud) without managing long-term credentials. It typically leverages federated trust models like OIDC (OpenID Connect) for secure authentication.

X.509

Identity types
X.509 is a standard defining the format of public key certificates. These certificates are used in cryptographic systems (like SSL/TLS) to securely verify identities through a trusted certificate authority (CA), commonly used in IAM for machine and workload identity verification.

X.509 Certificate

Identity types
An X.509 certificate is a digital certificate that uses the X.509 standard to authenticate the identity of machines, applications, or users. It contains a public key, identity information, and is signed by a trusted certificate authority (CA), making it critical for secure communication in networks.