Content Delivery System (CDS)
The CDS manages experience content by providing APIs for publishing, retrieving, updating, and deleting experience content. It provides access control capabilities that can be used to control the actions users can perform on content.
Federated Experience Service
When an Experience Service is federated, authorized users are allowed access to multiple applications and domains using a single set of credentials.
Identity Directory
A third-party database that stores and maintains information about users and resources. For example, LDAP or Microsoft Active Directory.
Identity Provider (IdP)
An Identity Provider (IdP) is used to store user credentials and authenticate users attempting to access an organization’s network.
In an SSO implementation, the IdP works to maintain information about the users (name, email address, credentials, permissions, etc.) in a secure manner.
Identity Resolution Service (IRS)
The Identity Resolution Service (IRS) manages mappings that are used to link the identities of things to content managed by the CDS. The mappings are used to associate experiences with things.
The mappings can provide direct links from identifiers to experiences or create a chain of mappings between multiple identifiers that eventually leads to an experience. When queried for the set of experiences associated with a particular identifier, the IRS navigates all links, including chains of links, to find all experiences associated with that identifier.
Lightweight Directory Access Protocol (LDAP)
LDAP is a standard protocol designed to maintain and access directory services within a network. A directory service can be thought of as similar to a telephone book for different network resources like files, printers, users, devices, and servers. For example, a directory service might be used to store user information (attributes, credentials, permissions, etc.).
Secure LDAP, or LDAPS, is the same protocol, but unlike LDAP, it uses TLS as the transmission protocol.
Resource Server
An application where protected information is maintained. For example, ThingWorx.
Service Provider
A service provider requests authentication from an IdP to validate an authenticated user’s access to an application. Examples of service providers include:
Ping Identity
Microsoft ADFS
Microsoft Entra ID
In an SSO implementation, a service provider may act as a broker to any number of different IdPs so that the following remains true:
The authentication and authorization of users is secure and maintained in the IdP.
Credentials are not revealed to the service provider or any systems accessing the service provider.
Transport Layer Security (TLS)
Transport Layer Security (TLS) is a protocol that encrypts data that is sent over the Internet to ensure secure communication on a network.