kanidm/book/src/glossary.md

# Glossary

This is a glossary of terms used through out this book. While we make every effort to explains terms
and acronyms when they are used, this may be a useful reference if something feels unknown to you.

## Domain Names

- domain - This is the domain you "own". It is the highest level entity. An example would be
  `example.com` (since you do not own `.com`).
- subdomain - A subdomain is a domain name space under the domain. A subdomains of `example.com` are
  `a.example.com` and `b.example.com`. Each subdomain can have further subdomains.
- domain name - This is any named entity within your domain or its subdomains. This is the umbrella
  term, referring to all entities in the domain. `example.com`, `a.example.com`, `host.example.com`
  are all valid domain names with the domain `example.com`.
- origin - An origin defines a URL with a protocol scheme, optional port number and domain name
  components. An example is `https://host.example.com`
- effective domain - This is the extracted domain name from an origin excluding port and scheme.

## Accounts

- trust - A trust is when two Kanidm domains have a relationship to each other where accounts can be
  used between the domains. The domains retain their administration boundaries, but allow cross
  authentication.
- replication - This is the process where two or more Kanidm servers in a domain can synchronise
  their database content.
- UAT - User Authentication Token. This is a token issue by Kanidm to an account after it has
  authenticated.
- SPN - Security Principal Name. This is a name of an account comprising it's name and domain name.
  This allows distinction between accounts with identical names over a trust boundary

## Internals

- entity, object, entry - Any item in the database. Generally these terms are interchangeable, but
  internally they are referred to as Entry.
- account - An entry that may authenticate to the server, generally allowing extended permissions
  and actions to be undertaken.

### Access Control

- privilege - An expression of what actions an account may perform if granted
- target - The entries that will be affected by a privilege
- receiver - The entries that will be able to use a privilege
- acp - an Access Control Profile which defines a set of privileges that are granted to receivers to
  affect target entries.
- role - A term used to express a group that is the receiver of an access control profile allowing
  it's members to affect the target entries.
Add access rework doc, add domain doc (#1026) 2022-09-09 12:54:55 +02:00			`# Glossary`

docs: reformat book and introduce workflow to ensure it stays formatted (#1286) 2022-12-26 23:52:03 +01:00			`This is a glossary of terms used through out this book. While we make every effort to explains terms`
			`and acronyms when they are used, this may be a useful reference if something feels unknown to you.`
Add access rework doc, add domain doc (#1026) 2022-09-09 12:54:55 +02:00
			`## Domain Names`

docs: reformat book and introduce workflow to ensure it stays formatted (#1286) 2022-12-26 23:52:03 +01:00			`- domain - This is the domain you "own". It is the highest level entity. An example would be`
			`example.com` (since you do not own `.com`).
			- subdomain - A subdomain is a domain name space under the domain. A subdomains of `example.com` are
			`a.example.com` and `b.example.com`. Each subdomain can have further subdomains.
			`- domain name - This is any named entity within your domain or its subdomains. This is the umbrella`
			term, referring to all entities in the domain. `example.com`, `a.example.com`, `host.example.com`
			are all valid domain names with the domain `example.com`.
			`- origin - An origin defines a URL with a protocol scheme, optional port number and domain name`
			components. An example is `https://host.example.com`
			`- effective domain - This is the extracted domain name from an origin excluding port and scheme.`
Add access rework doc, add domain doc (#1026) 2022-09-09 12:54:55 +02:00
			`## Accounts`

docs: reformat book and introduce workflow to ensure it stays formatted (#1286) 2022-12-26 23:52:03 +01:00			`- trust - A trust is when two Kanidm domains have a relationship to each other where accounts can be`
			`used between the domains. The domains retain their administration boundaries, but allow cross`
			`authentication.`
			`- replication - This is the process where two or more Kanidm servers in a domain can synchronise`
			`their database content.`
			`- UAT - User Authentication Token. This is a token issue by Kanidm to an account after it has`
			`authenticated.`
			`- SPN - Security Principal Name. This is a name of an account comprising it's name and domain name.`
			`This allows distinction between accounts with identical names over a trust boundary`
Add access rework doc, add domain doc (#1026) 2022-09-09 12:54:55 +02:00
			`## Internals`

docs: reformat book and introduce workflow to ensure it stays formatted (#1286) 2022-12-26 23:52:03 +01:00			`- entity, object, entry - Any item in the database. Generally these terms are interchangeable, but`
			`internally they are referred to as Entry.`
			`- account - An entry that may authenticate to the server, generally allowing extended permissions`
			`and actions to be undertaken.`
Add access rework doc, add domain doc (#1026) 2022-09-09 12:54:55 +02:00
			`### Access Control`

docs: reformat book and introduce workflow to ensure it stays formatted (#1286) 2022-12-26 23:52:03 +01:00			`- privilege - An expression of what actions an account may perform if granted`
			`- target - The entries that will be affected by a privilege`
			`- receiver - The entries that will be able to use a privilege`
			`- acp - an Access Control Profile which defines a set of privileges that are granted to receivers to`
			`affect target entries.`
			`- role - A term used to express a group that is the receiver of an access control profile allowing`
			`it's members to affect the target entries.`