Glossary of Information Security Terms (GIST), v0.7
RFC 2828 and other security glossaries and lexicons amalgamated and an(t)notated

This glossary gathers together definitions from the following cannonical security glossaries and lexicons:

• ISO/IEC 2382-8:1998 ― ISO/IEC 2382-8:1998 Information technology – Vocabulary – Part 8: Security (Second Edition) (1998) (following the text of a parallel Estonian and English version once published by Imprimaatur ).
• iAfB-ICSA 1999 ― International Association for Biometrics (iAfB) and International Computer Security Association (ICSA) 1999 Glossary of Biometric Terms. (iAfB has been superseded by the Intellect Association for Biometrics .)
• RFC 2828 (2000) ― RFC 2828 Internet Security Glossary (May 2000).
  • An HTML version of RFC 2828 (excepting the definitions themselves) can be found here .
• SC 27 SD 6 (2002) ― SC 27 Standing Document 6 (SD 6), Glossary of IT Security Terminology (SC 27 N 2776) (31 March 2002) (Newer versions are available, but, sadly, only to ISO members…)
• OASIS SAML 2.0 (2005) ― Glossary for the OASIS Security Assertion Markup Language (SAML) V2.0 – OASIS Standard [PDF]  (15 March 2005)
• modonis^IDM (2005) ― Common Terminological Framework for Interoperable Electronic Identity Management v2.01 [PDF] , Modonis-IDM (consultation paper; 23 November 2005)
• NIST IR 7298 (2006) ― Glossary of Key Information Security Terms [PDF] , edited by Richard Kissel (25 April 2006)
• JTC 1/SC 37 ― JTC 1/SC 37 Agreed Harmonized Core Biometric Terms and Definitions: extracted from SC 37 Standing Document 2 version 6 (July 2006); Standing Document 2 (SD 2) Version 10, Harmonized Biometric Vocabulary [PDF]  (August 2008) – Changes from version 6 to version 10 are shown thus: deleted inserted
• SCA ISCTAG (2007) ― Identity and Smart Card Technology and Application Glossary [PDF] , Smart Card Alliance Identity Council (April 2007)

Other sources

• BEM (2002) ― Common Criteria – Common Methodology for Information Technology Security Evaluation – Biometric Evaluation Methodology Supplement [PDF]  (2002)
• IBG ― International Biometrics Group Biometrics Reports and Research  (various documents) ― biometrics terminology
• OASIS XACML 2.0 (2005) ― eXtensible Access Control Markup Language (XACML) Version 2.0 — OASIS Standard [PDF]  (1 Feb 2005)
• IAEG LIAF (2008) ― Liberty Identity Assurance Framework [PDF] , Liberty Alliance Identity Assurance Expert Group (IAEG) (2008)
• NIST SP 800-63-1 DRAFT (2008) ― Electronic Authentication Guideline [PDF] (20 February 2008) – Definitions supersede those from NIST SP 800-63 (via NIST IR 7298) and changes are shown thus: deleted inserted

Caveat lector

I’ve tried to minimise the number of entries by placing congruent definitions under a common heading, while showing the term from the source document ahead of the definition itself.

One of the consequences of this is that there are sometimes chains of cross-references. I’m (continually) trying to eradicate these for the next version…

An(t)notations

My annotations are shown in the following ways.

Lorem ipsum dolor sit amet, consectetuer adipiscing elit a small modification praesent ut purus ut quam pharetra molestie. (Simple formatting changes are not highlighted!)

Quisque tristique lectus a nulla. A brief in-line comment. Donec sed mauris quis neque mattis porttitor. Pellentesque quam pede, interdum ut, semper ut, elementum eu, nunc.

A longer comment on a definition from one of the sources.

An “original” definition or a longer discussion of a term and/or its usage…

… which might continue over a few paragraphs.

Core terms

• access
• algorithm, usually in the sense of cryptographic algorithm
• cryptography, both asymmetric and symmetric
• automated information system (AIS) [RFC 2828], data processing system [ISO/IEC 2382-8:1998], system [RFC 2828]
• certificate, usually in the sense of digital certificate
• certificate revocation list (CRL)
• certification authority (CA)
• client and server
• computer network
• computer security
• cryptographic key, usually just key
• data
• encrypt(ed), encryption (also decrypt(ed) and decryption)
• entity [ISO/IEC 2382-8:1998], system entity [RFC 2828]
• firmware
• hardware
• information
• Internet
• Internet Standard
• protocol
• resource [ISO/IEC 2382-8:1998], system resource [RFC 2828]
• software
• subject and object