Service Definitions

authoritative source / Data owner

The organization that maintains the official copy of any given piece of data. Permission to view any piece of data must be given by the authoritative source / Data Owner


Kerberos is an authentication technology out of MIT based on a 3rd party authentication agent called a KDC. Kerberos uses secret key cryptography, and ensures that no passwords are transmitted over the network.


LDAP (Lightweight Directory Access Protocol) is a lightweight directory designed to provide fast read access. UTORable is an LDAP directory since day-to-day operations only include users querying for information.


A server-side scripting language widely used in the web-development world.


PubCookie is an open-source package that provides a common interface to a a number of different authentication services (like Kerberos, LDAP or NIS). There are currently modules for Apache and Microsoft IIS. The U of T  Weblogin server implemented with Pubcookie.


Shibboleth is an open source software product that implements SAML (Security Assertion Markup Language). For more information see the following page.


The primary UofT photo identification smart card.


UTORauth’s unique identifier. Each person at the university is assigned a UTID when they appear in one of the data feeds that UTORauth receives. People do not know their UTID though; it is primarily used as a means of communication between machines.


UTORable referrs to the LDAP directory containing a person’s state flags. It is queried in real-time to compute the authorization requirements for your application.


If you haven’t figured out what UTORauth is yet, this definition isn’t going to help… 🙂


You can think of this as the public version of the UTID; it is the network ID that users will use to log into services around campus.


UTORauth’s central point of single-sign-on authentication.