​An encoding standard to store (binary) data in ASCII (American Standard Code for Information Interchange) format, i.e. using only a printable sub-set of those 7-Bit characters that ASCII comprises.


​See Certification Authority.

​CA Evaluation and Accreditation Team

​eduPKI PMA forms the CA Evaluation and Accreditation Team which will evaluate an applying CA in regards to its conformance with a chosen eduPKI Trust Profile. The CA Evaluation and Accreditation Team is responsible for accreditation of conforming CAs as well as suspension and withdrawal of such accreditation.


​See X.509 digital Certificate.

​Certificate Policy

​The main governing document for a CA defining its standards and conditions for issuing X.509 digital Certificates.

​Certificate Revocation List

​An electronically signed list of revoked X.509 digital Certificates issued by a CA.

​Certification Authority

​A Certification Authority issues X.509 digital Certificates and publishes revocation and status information about the issued Certificates.

​Certification Practice

​Statement Based on the CP. The Certification Practice Statement of a CA contains detailed information, specifications, CA procedures and security measures for the issuance of X.509 digital Certificates by the CA.

​Conforming CA

​A Certification Authority acting in compliance with an implied or explicitly named eduPKI Trust Profile.


​See Certificate Policy.


​See Certification Practice Statement.


​See Certificate Revocation List.


​See Distinguished Encoding Rules.

​Distinguished Encoding Rules

​A standard derived from the Basic Encoding Rules (BER) standard to encode Certificates and CRLs when stored in binary form, e.g. in files.


​Federation of organisations mutually providing their users access to the Internet connectivity.

​eduroam® Service Provider

​RADIUS/TLS server operated by a network visited by a user registered within a different network.

​eduroam® Identity Provider

​RADIUS/TLS server operated by the network managing an account for a user visiting a different network.


​See eduPKI Policy Management Authority.

​eduPKI PMA Board

​The eduPKI PMA board consists of a chair and a co-chair as well as further members coordinating and performing the work of the eduPKI PMA.

​eduPKI PMA Charter

​The main governing document defining rules for the eduPKI PMA.

​eduPKI Policy Management Authority

​The authority that is managing and coordinating PKI, policy and trust matters between the GÉANT community as Relying Parties and CAs as identity assurers.

eduPKI Trust Anchor Repository eduPKI is using TACAR to provide a trusted download location for the Trust Anchors of CAs.

​eduPKI Trust Profile

​Definition of minimum requirements of a GÉANT Service in regards to the quality of identity assertions and vetting procedures as well as the supporting assertion infrastructure.

​Federal Information Processing Standards (USA)

​Standards issued by NIST for processing information on U.S. federal computer systems in U.S. government environments.


​See Federal Information Processing Standards (USA).


​The fast and reliable pan-European communications infrastructure serving Europe’s research and education community.

​GÉANT Service

​A service offered by GÉANT participants to the GÉANT community.

​GÉANT Service Area

​The GÉANT Service Area is a common pan-European service infrastructure that enables a range of advanced network services and applications to be offered at a national level by NRENs.

​GÉANT's Multi-Domain Network Services

​These are network related services with the objective of being available seamlessly in the different management domains across the GÉANT Service Area. Example of such services are I-SHARe and perfSONAR.

​Identity assertion

​An identity assurer, e.g. a CA, issues an identity assertion, e.g. a certificate, once the assurer has vetted the identity of the entity described in the certificates distinguished name for assertions issued to persons or the assurer vetted the identity of the certificate requester for other kinds of certificates, e.g. server certificates.

​Identity assurer

​An identity assurer, e.g. a CA, issues identity assertions once the identity assurer has vetted the identity that is or owns the subject described by the identity assertion.


​See Internet Engineering Task Force.

​Information Sharing across Heterogeneous Administrative Regions

​A collaborative tool to support operations in the management of end-to-end (E2E) network link services in a multi-domain environment. I-SHARe enables the seamless delivery of multi-domain E2E network link services as well as the provision of a consistent operational support system across multiple domains by simplifying collaboration between those participating domains and such making it easier to establish and manage E2E network links.

​Internet Engineering Task Force

​A community of network designers, operators, vendors and researchers fostering the evolution of the Internet architecture and caring for a smooth operation of the Internet.


​See Information Sharing across Heterogeneous Administrative Regions.

​National Institute of Standards and Technology (USA)

​The USA's national standards and technology body.

​National Research and Education Network

​Provides Internet connectivity as well as additional services to its scientific research and education constituency on a national level.


​See National Institute of Standards and Technology (USA).


​See National Research and Education Network.

​Object Identifier

​A uniquely assigned identifier for a document or object.


​See Online Certificate Status Protocol.


​See Object Identifier.

​Online Certificate Status Protocol

​A protocol defined by the IETF in "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP", RFC 2560, for issuing online queries and receiving responses about the revocation status of an X.509 digital Certificate.


​See Privacy Enhanced Mail.

​Performance Service Oriented Network monitoring Architecture

​The multi-domain monitoring service for the GÉANT Service Area enabling NRENs, Network Operations Centres (NOCs) and Performance Enhancement and Response Teams (PERTs) to collaborate in providing seamless network performance for their network users.


​See Performance Service Oriented Network monitoring Architecture.


​See Public Key Cryptography Standard.


​See Public Key Infrastructure.


​See Public Key Infrastructure for X.509 digital Certificates.


​See Policy Management Authority.

​Policy Management Authority

​A Policy Management Authority manages and coordinates PKI, policy and trust matters between Relying Parties which rely on issued identity assurances and CAs as the identity assurers.

​Privacy Enhanced Mail

​A standard and format to store Certificates and CRLs in Base64 encoded form, e.g. files.

​Public Key Cryptography Standard

​A set of standards for public key cryptography, e.g. PKCS#10 describing Certificate Signing Requests (CSRs), PKCS#11 describing an application programming interface (API) for accessing a cryptographic key token and PKCS#12 describing how to store private key material and associated certificates in pass-phrase protected files.

​Public Key Infrastructure

​Infrastructure for public key cryptography.

​Public Key Infrastructure for X.509 digital Certificates

​PKI especially built around X.509 digital Certificates; name of a working group at the IETF that writes RFCs in regards to implementing PKI with X.509 digital Certificates.


​RADIUS over TLS; a protocol defined by IETF in "TLS encryption for RADIUS", draft-ietf-radext-radsec-09, S. Winter, M. McCauley, S. Venaas, K. Wierenga.

​Relying Party

​A Relying Party relies on issued identity assertions, e.g. on X.509 digital Certificates to authenticate the respective holder of the Certificate.

​Request for Comments

​A series of technical and organisational documents and recommendations about the Internet published by the IETF.


​See Request for Comments.


​Asymmetric cryptographic algorithm developed by R. L. Rivest, A. Shamir and L. Adleman, used for digital signing and encryption.


​Secure Hash Algorithm defined by NIST used to produce cryptographically strong hash sums.


See Trusted Academic CA Repository

​TACAR Trust Category

Each eduPKI Trust Profile has its specific trust category in TACAR and accredited CAs under an eduPKI Trust Profile are tagged with the TACAR Trust Category.

​Trusted Academic CA Repository

​A GÉANT-provided website to download various CA certificates (formerly known as the TERENA Academic CA Repository).


​See Transport Layer Security.


​See eduPKI Trust Profile.

​Transport Layer Security

​A protocol defined by the IETF in "The Transport Layer Security (TLS) Protocol", RFC 5246.

​Trust anchor

​An (often self-signed) X.509 digital Certificate bound to a CA.

​Trust fabric

​A trust fabric is a mesh of PKIs, Policies, CAs and X.509 digital certificates of CAs and end-entities that makes up the environment in which Relying Parties are basing and making their trust decisions for authentications.

​Trust Team

​The eduPKI PMA forms the Trust Team that is assisting GÉANT Services with defining their identity assertion and trust requirements in order to write a Trust Profile document. The Trust Team registers GÉANT Services under Trust Profiles.


​A set of recommendations issued by the International Telecommunication Union's (ITU's) Telecommunications Standardisation Sector (ITU-T) on PKI with digital certificates (and CRLs).

​X.509 digital Certificate

​X.509 digital Certificates are X.509 compliant digitally signed identity assertions issued by an identity assurer, i.e. a CA, expressing the binding of the Certificate holder represented by the Certificate's subject name to the embedded public key.​