Authentication and Authorization Infrastructure: The entirety of organizational and technical solutions for verifying the identity of users and their eligibility to access certain services or data in a distributed environment. Usually the prospective users belong to different institutions, and the verification is performed at these institutions directly, or in an automated form of mutual information exchange with the data/service provider.
Access Management System
Access Management System, or Identity management System, is a framework that facilitates the management of electronic identities. The framework includes the technology needed to support Identity Management.
Anonymised data
Data concerning an individual from which the identity of the individual cannot be determined.
Usually standardized way of representing/transmitting additional information about an entity, e.g. a user in a SSO scenario. The information contained in attributes is required for the authentication and authorization process. (Read more)
Authentication is the process of verifying a user’s (or: a subject’s) identity and issuing access credentials. These can be a username and password, digital certificates (X.509), biometrics or others. Authentication is a prerequisite for authorization.
Authorization is the process of assigning users (or: subjects) a certain level of access permissions on the basis of their identity attributes.
Bitstream Preservation
Bitstream Preservation is the process of storing and maintaining digital objects over time, ensuring that there is no loss or corruption of the bits making up those objects.
(source: LIFE Project)
A fixed-size datum computed from an arbitrary block of digital data for the purpose of detecting accidental errors that may have been introduced during its transmission or storage. The integrity of the data can be checked at any later time by recomputing the checksum and comparing it with the stored one. If the checksums match, the data was likely not accidentally altered.
(source: Wikipedia).
Citizen Science
Citizen science (also known as crowd science, crowd-sourced science, civic science, or networked science) is scientific research conducted, in whole or in part, by amateur or nonprofessional scientists, often by crowdsourcing and crowdfunding.
(source: Wikipedia)
A general method for making a program (or other work) free, and requiring all modified and extended versions of the program to be free as well. To copyleft a program, it is first declared as copyrighted; then distribution terms are added, which are a legal instrument that gives everyone the rights to use, modify, and redistribute the program's code, or any program derived from it, but only if the distribution terms are unchanged. Copyleft doesn't mean abandoning the copyright; in fact, doing so would make copyleft impossible.
Any form of verifiable documentation of identity, authority or eligibility. Credentials are usually issued by a third party. Typically, a username/password combination or a digital certificate is being used.
Data Service Infrastructure for the Social Sciences and Humanities (, a project funded by the European Union.
Data controller
A data controller is “a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.“
(source: Information Commissioner's Office)
Data subject
A data subject is “an individual who is the subject of personal data“.
(source: Information Commissioner's Office)
Digital Certificate
A digital certificate is a set of data that verifies the attributes of a person or an object. Its authenticity and integrity can be checked by cryptographic procedures. Frequently used for the authentication of identities are public key certificates that follow the X.509 standard.
(source: Wikipedia)
Digital Identity
Digital identities can be defined as "collections of data about a subject that represent attributes, preferences, and traits" (wind, p. 9). A subject can be a person, but also another entity such as an organisation, a machine or a program.
Digital preservation/long-term preservation
The long-term preservation of digital objects [also: digital preservation] includes all measures aimed at preserving digital objects permanently for future generations. The term is closely related to long-term accessability, although the emphasis of the latter is on the permanent usability of the date. Common long-term preservation strategies include emulation and migration.
(source: nestor2, p. 27)
Digital watermarks
A pattern of bits inserted into a digital image, audio or video file that identifies the file's copyright information (author, rights, etc.). The main purpose of digital watermarks is to provide copyright protection for intellectual property that's in digital format.
(source: Webopedia)
Dublin Core
a) The Dublin Core Metadata Element Set (DCMES) is a vocabulary of fifteen properties for use in resource description. The name "Dublin" is due to its origin at a 1995 invitational workshop in Dublin, Ohio; "core" because its elements are broad and generic, usable for describing a wide range of resources.
b) The Dublin Core Metadata Initiative (DCMI) is an open organization which provides core metadata vocabularies in support of interoperable solutions for discovering and managing resources.
A period during which access is not allowed to certain types of users. The purpose of this is to protect the revenue of the publisher.
(source: Wikipedia)
Employee created works
Work that has been carried out as part of duties of employment usually leaves the copyright with the employer.
Federated Identity Management
Federated identity management (FIM) means that a (service) provider accepts user identities which are provided by another trusted organization, the identity provider. This process is defined or organized through an Identity Federation, which mainly consists of agreements between service providers and identity providers. These agreements facilitate easier and more reliable implementations of Single Sign-on (SSO) solutions for their users.
Identity Federation (IF)
The concept or implementation of mutual agreements between identity providers and service providers regarding the exchange of information on digital user identities. See also federated identity management (FIM).
Identity Provider (IdP)
A trusted institution which provides information on the digital identities of (usually its affiliated) users to other parties, such as Service Providers or Identity Federations, to be used for single sign-on procedures. IdPs are central actors in federated identity management (FIM).
Informed consent
When researchers collect data from people, they are usually expected to obtain their informed consent. Researchers should: - inform participants how research data will be stored, preserved and used in the long-term. - inform participants how confidentiality will be maintained, e.g. by anonymising data. - obtain informed consent, either written or formal. To ensure that consent is informed, consent must be freely given with sufficient information provided on all aspects of participation and data use.
(source: ukda1, p. 23]
Signifies the organisation and execution of all processes necessary to accept an information object into the archive and for the archive to assume responsibility for it.
(source: nestor2, p. 26)
Intellectual Property Rights
The author’s right to the protection of moral and material rights associated with a product of artistic or scientific creation.
Data representing information about other data by describing e.g. its content, structure, composition, handling, origin etc. The term is used primarily in the digital field (e.g. Dublin Core Metadata), although e.g. title listings in library catalogues, archive catalogue entries etc. can also be regarded as metadata. Metadata should be seen as parts of the conceptual units of transfer, archival and access packages. (source: nestor1, p.42)
File format migration: Conversion of an information object from one data format into another. A preservation measure to adapt a digital object to a changed technical environment. Data carrier migration: Copying an information object to a different data carrier.
(source: nestor2, p. 27)
In this context, this term refers to access monitoring, which implies the recording of user actions and specifically user access to certain or all files hosted by the archive or repository. Access monitoring can be performed
  • for statistical purposes, e.g. to optimize performance,
  • for security purposes, i.e. to ensure that the implemented technical measures for access restrictions are not circumvented by users,
  • to enable subsequent tracking of access to and manipulations of data.
The German competence network for digital preservation,
The Organization for the Advancement of Structured Information Standards (OASIS) is a non-profit consortium that drives the development, convergence and adoption of open standards for the global information society. Examples for such standards are WS-Security or SAML.
(source: OASIS website)
Open Access
The practice of providing unrestricted access to scientific publications, or the movement aiming at this practice. This term is sometimes also used to imply access to research data used for these publications (otherwise addressed by the term “Open Data”).
Personal data
“Any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity”.
(source: Directive 95/46/EC, Ch.I, Art.2(a))
Persistent identifiers (PIDs)
A persistent identifier (PI) is a long-lasting reference to a digital object—a single file or set of files. Noted persistent identifier systems include: Archival Resource Keys (ARKs), Digital Object Identifiers (DOIs), Handles, Persistent Uniform Resource Locators (PURLs), Uniform Resource Names (URNs), Extensible Resource Identifiers (XRIs).
(source: Wikipedia)
Processing of personal data
“Any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction”.
(source: Directive 95/46/EC, Ch.I, Art.2(b))
Public domain
Work where copyright is inapplicable, has been waived or has expired.
Request for Comments
A Request for Comments (RFC) is a publication of the Internet Engineering Task Force (IETF) and the Internet Society.
An RFC is authored by engineers and computer scientists in the form of a memorandum describing methods, behaviours, research, or innovations applicable to the working of the Internet and Internet-connected systems. The IETF adopts some of the proposals published as RFCs as Internet standards.
(source: Wikipedia)
Right of first use
In general, a term for the right of copyright holders to determine who initially shall be allowed to use the result of creative work, or to use it by themselves. In the context of research and data sharing, it applies to retaining the right to use the data results from a scientific endeavour for furhter processing and publications, before other researchers can use them. Usually, a time period of 1-2 years is considered adequate for this period, and it is communicated or enforced by the means of an embargo on the data.
The Security Assertion Markup Language (SAML) is an OASIS standard which provides an XML-based framework for creating and exchanging security information between online partners.
(source: SAML communitiy)
(Read more)
Service Provider (SP)
An entity which offers web access to resources, e.g. data or applications. Commonly used in the context of single sign-on solutions and in federated identity management (FIM) as the party which requests and consumes information on digital identities from an Identity Provider within an Identity Federation.
Shibboleth is a standards based, open source software package for web single sign-on across or within organizational boundaries. The Shibboleth software implements widely used federated identity standards, principally the OASIS Security Assertion Markup Language (SAML), to provide a federated single sign-on and attribute exchange framework.
(source: Shibboleth Consortium)
(Read more)
Single Sign-on (SSO)
Single sign-on (SSO) is an authentication process that allows a user to access multiple applications with one set of login credentials. SSO is a common procedure in enterprises, where a client accesses multiple resources connected to a local area network (LAN).
(source: Techopedia)
(Read more)
SOAP (originally “Simple Object Access Protocol”) is a protocol for exchanging structured information in a computer network.
1) Abbreviation for the "Social Sciences and Humanities", and their scientific communities.
2) A cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers that connects, via a secure channel over an insecure network, a server and a client.
(source: Wikipedia)
In the SSO context, "token" usually refers to a session token or session ID, which stores verified information such as credentials or even attributes for a certain period of time.
Virtual Organization
A Virtual Organization (VO) refers to a group of people or institutions which, although physically separated, operate together by sharing resources. VOs usually have a defined set of rules or conditions to organize their collaboration and the way they interact with others, but they "may vary in size, scope, duration, sociology and structure."
(source: Wikipedia)
A Virtual Research Environment (VRE) helps researchers from all disciplines to work collaboratively by managing the increasingly complex range of tasks involved in carrying out research.
(source: JISC)
X.509 certificates
An X.509 certificate is any certificate under the X.509 specification standard for public key infrastructure. These certificates are used for identity validation and for transmission of encrypted data that only the owner of a specific certificate is able to decrypt and read.
(source: Techopedia)
(Read more)

Contact: hosted by NSD - Norwegian Centre for Research Data