Glossary

This page provides a list of glossary terms used in this guide.

  • Card Scheme (Network)
    Card network, such as Discover, MasterCard, or Visa, responsible for managing transactions over the network and for arbitration of any disputes.
  • Certificate Authority
    A Certificate Authority is an entity that validates the identities of entities (such as individuals, organizations, or websites) and binds them to cryptographic key pairs through the issuance of digital certificates.
  • Confidential Client
    A client that can maintain the confidentiality of their credentials (e.g., client implemented on a secure server with restricted access to the client credentials), or capable of secure client authentication using other means. For more details, refer to RFC 6749 for the OAuth 2.0 Authorization Framework.
  • External Host Interface (EHI)
    The external system to which Thredd sends real-time transaction-related data. The Program Manager uses their external host system to hold details of the balance on the cards in their programme and perform transaction-related services, such as payment authorisation, transaction matching and reconciliation.
  • Identity Provider (IDP)
    An IDP is a system entity that creates, maintains, and manages identity information for principals and also provides authentication services for relying on applications within a federation or distributed network.
  • Mutual Transport Layer Security (mTLS)
    mTLS is a method for mutual authentication that ensures the parties at each end of a network connection are who they claim to be by verifying that they both have the correct private key. The information within their respective TLS certificates provides additional verification.
  • OAuth OpenID Provider
    An OAuth OpenID Provider (OP) is an entity that has implemented the OpenID Connect and OAuth 2.0 protocols. OPs can also be referred to by the role it plays, such as: a security token service, an identity provider (IDP), or an authorization server.
  • Program Manager
    A customer who manages a card program. The program manager can create branded cards, load funds and provide other card or banking services to their end customers.
  • Scope
    The permissions related to the resources your application is registered to access. Each scope relates to specific endpoints. For example, the cards.encrypted scope gives permission to use the Get Encrypted Data endpoint.
  • Secure Connectivity Framework
    The Secure Connectivity Framework is an umbrella set of rules and standards for identity management, verification, and assurance within a sector. The framework establishes common principles, definitions, and Open Standards for data sharing to create the foundations of a trusted data-sharing ecosystem
  • Smart Client
    Smart Client is a user interface for programme managers to manage their account on the Thredd Platform. Smart Client is installed as a desktop application.
  • Thredd CA
    Thredd CA (Certificate Authority) acts as the Certificate Authority for issuing certificates. You can create applications for your organisation, as well as request Transport and Signing certificates.
  • Transport Certificate
    A Transport Certificate (or TLS Certificate) is a data file that contains important information for verifying a server's or device's identity, including the public key, a statement of who issued the certificate (TLS certificates are issued by a Certificate Authority), and the certificate's expiration date.