When you first dive into a complex field like software engineering or security, the jargon can feel overwhelming. New acronyms like ABAC, OIDC, and the ubiquitous phrase Zero Trust fly around, often without clear context.
As engineers, we often pride ourselves on logic, mathematics, and code—but I’ve learned that the true skill in engineering, much like in philosophy, starts with asking "Why" and understanding the foundational language we use. A technical solution, a principle, or even a system architecture is meaningless without a shared, precise definition.
The landscape of software security has fundamentally changed. We’ve moved away from simple, network-based firewalls toward complex, identity-centric systems. This shift means that concepts that were once secondary, like Least Privilege and Attribute Based Access Control (ABAC), are now the main drivers of our system design.
The purpose of the terms collected in this section (covering the CIA principle, Access Control Models, Authentication Protocols, and Cryptography) is to provide a rock-solid vocabulary. You can't design a reliable system if you confuse OAuth2 (Authorization) with OpenID Connect (Authentication), or if you treat Hashing as an encryption method.
This is more than a glossary; it's a foundational framework.
By internalizing these terms, you achieve three goals:
Clarity in Design: You can articulate and defend architectural decisions precisely.
Efficient Debugging: You immediately know where to look when a system fails (e.g., a failure is an ABAC policy mismatch, not just a generic "access denied").
Future-Proofing: You have the semantic tools necessary to evaluate and adopt future security paradigms, staying one step ahead of the moving target that is "trouble."
Let’s start building this essential security foundation, one clear definition at a time.