Fun with definitions.

sp800-63-3.md

@@ -12,4 +12,5 @@ description: "DRAFT NIST Special Publication 800-63-3"
 {% include_relative sp800-63-3/sec5_DIRM.md %}
 {% include_relative sp800-63-3/sec6_xAL.md %}
 {% include_relative sp800-63-3/sec7_tofedornottofed.md %}
-{% include_relative sp800-63-3/sec8_references.md %}
+{% include_relative sp800-63-3/sec8_references.md %}
+{% include_relative sp800-63-3/definitions.md %}

sp800-63-3/cover.md

@@ -262,4 +262,4 @@ These guidelines are agnostic to the vast array of identity services architectur
 
 [8. References](#references)
 
- 
+[Appendix A. Definitions and Abbreviations](#def-and-acr)

sp800-63-3/index.md

@@ -26,3 +26,5 @@ This document is broken up into sections as follows:
 [7. Federation Considerations](sec7_tofedornottofed.html)
 
 [8. References](sec8_references.html)
+
+[Appendix A. Definitions and Abbreviations](definitions.html)

sp800-63c/sec3_definitions.md

@@ -3,58 +3,4 @@
 
 ## 3. Definitions and Abbreviations
 
-*This section is informative*. 
-
-There are a variety of definitions used in the area of authentication. While many terms are consistent with earlier revisions version of SP 800-63, some have changed in this revision. Since there is no single, consistent definition of many of these terms, careful attention to how the terms are defined here is warranted.
-
-The definitions in this section are primarily those that are referenced in this document. Refer to the other documents in the SP 800-63 document family for additional definitions and abbreviations specific to their content.
-
-#### Assertion
-A statement from a verifier to an RP that contains identity information about a subscriber. Assertions may also contain verified attributes.
-
-#### Assertion Reference
-A data object, created in conjunction with an assertion, which identifies the verifier and includes a pointer to the full assertion held by the verifier.
-
-#### Attribute
-A quality or characteristic ascribed to someone or something.
-
-#### Attribute Claim
-
-A statement asserting a property of a subscriber without revealing all of the information in one or more attributes, independent of format. For example, for the attribute 'birth date', a claim could be 'older than 18' or 'born in December'.
-
-#### Attribute Value
-
-A complete statement asserting a property of a subscriber, independent of format. For example, for the attribute 'birthday', a value could be '12/1/1980' or 'December 1, 1980'.
-
-#### Authenticated Protected Channel
-A communication channel that uses approved encryption where the initiator of the connection (client) has authenticated the recipient (server). Authenticated protected channels provide confidentiality and man-in-the-middle protection and are frequently used in the user authentication process. TLS [[BCP 195]](#bcp195) is an example of an authenticated protected channel when the certificate presented by the recipient is verified by the initiator.
-
-#### Authentication
-The process of establishing confidence in the identity of users or information systems.
-
-#### Authentication Protocol
-A defined sequence of messages between a claimant and a verifier that demonstrates that the claimant has possession and control of one or more valid authenticators to establish their identity. Secure authentication protocols also demonstrate to the claimant that they are communicating with the intended verifier.
-
-#### Back-Channel Communication
-Communication between two systems that relies on a direct connection (allowing for standard protocol-level proxies), without using redirects through an intermediary such as a browser. This can be accomplished using HTTP requests and responses.
-
-#### Bearer Assertion
-An assertion presented by a party as proof of its identity, where possession of the assertion itself is sufficient proof of identity for the bearer of the assertion. 
-
-#### Federation
-A process that allows for the conveyance of identity and authentication information across a set of networked systems. These systems are often run and controlled by disparate parties in different network and security domains.
-
-#### Federation Proxy
-A component that acts as a logical RP to a set of IdPs and a logical IdP to a set of RPs, bridging the two systems with a single component. These are sometimes referred to as "brokers". 
-
-#### Front-Channel Communication
-Communication between two systems that relies on redirects through an intermediary such as a browser. This is normally accomplished by appending HTTP query parameters to URLs hosted by the receiver of the message. 
-
-#### Identity Provider (IdP)
-The party that manages the subscriber's primary authentication credentials and issues assertions derived from those credentials. This is commonly the CSP as discussed within this document suite.
-
-#### Pairwise Pseudonymous Identifier
-An opaque unguessable subscriber identifier generated by a CSP for use at a specific individual RP. This identifier is only known to and only used by one CSP-RP pair.
-
-#### Relying Party (RP)
-In this document, the party that receives and processes the assertion identifying the subscriber.
+See [800-63-3, Appendix A](https://pages.nist.gov/800-63-3/sp800-63-3.html#def-and-acr) for a complete set of definitions and abbreviations.