The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.
Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network.
A directory service or name service maps the names of network resources to their respective network addresses.
A directory service is a critical component of a network operation system.
A directory server or name server is a server which provides such a service. Each resource on the network is considered an object by the directory server.
A network operating system (NOS) is a specialized operating system for a network device such as a router, switch or firewall.
Active Directory is a directory service developed by Microsoft for Windows domain networks.
It is included in most Windows Server operating systems as a set of process and services.
A Windows domain is a form of a computer network in which all user accounts, computers, printers and other security principals, are registered with a central database located on onw or more clusters of central computers known as domain controllers.
Authentication takes place on domain controllers.
The concept of Windows domain is in contrast with that of a workgroup in which each computer maintains its own database of security principals.
A principal in computer security is an entity that can be authenticated by a computer system or network.
It is referred to as a security principal in Java and Microsoft literature.
From microsoft, Security principals are any entity that can be authenticated by the operating system, such as a user account, such as user account, a computer accout, or a thread or process that runs in the security context of a user or computer account, or the security groups for these accounts.
Computer security, cybersecurity or information technology security (IT security) is the protection of computer systems and networks from the theft of or damage to their hardware, software, or electronic data.
On Microsoft Servers, a domain controller (DC) is a server computer that responds to security authentication requests within a Windows domain.
A domain is a concept introduced in Windows NT whereby a user may be granted access to a number of computer resources with the use of a single username and password conbination.
Windows NT is a family of operating systems produced by Microsoft.
-
PKI(Public Key Infrastructure)
A public key infrastracture (PKI) is a set of roles, policies, hardware, software and proceduces needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption.
-
RBAC(Role-Based Access Control)
Role-based access control (RBAC) or role-based security is an approach to restricting system access to authorized users.
RBAC is a policy-neutral access-control mechanism defined around roles and privileges.
-
SAML(Security Assertion Markup Language)
Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.
SAML is an XML-based markup language for security assertions.
Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.