diff --git a/Glossary.md b/Glossary.md index 71227af..bb16874 100644 --- a/Glossary.md +++ b/Glossary.md @@ -1,74 +1,3 @@ # Glossary of Tailscale Terminology -## ACL - -Access Control List. They are the input rules to a firewall that define which nodes/users can access each other. See https://tailscale.com/kb/1018/acls - -## ACL Tag, TAG - -A node can be run with one or more "ACL Tags". If any tag(s) are present, the node then runs with the permission of the tag(s), not the user who brought it up. See https://tailscale.com/kb/1068/acl-tags. - -## API - -Application programming interface. Tailscale's API is in development. For now, the `tailscale status --json` output from the CLI is sufficient for some people's needs. - -## CLI - -Command Line Interface. On Linux, macOS, and Windows, [Tailscale comes with a CLI interface](https://tailscale.com/kb/1080/cli) to control -Tailscale that offers a few more options than are available with the GUI (Graphical User Interface) clients. - -## Domain -(Also referred to as "tailnet".) - -A Tailscale Domain is a network. Each email domain is (currently) its own domain. So users `foo@example.com` and `bar@example.com` are both in the `example.com` domain and can potentially access each others' nodes (subject to the domain's ACL). Shared email providers like `@gmail.com` are treated specially and each email address is considered its own isolated domain. - -See https://tailscale.com/kb/1013/sso-providers - -## Firewall - -A firewall limits what network traffic can pass between two points. Firewalls can be hardware-based or software-based. Tailscale includes a built-in firewall, defined by the domain's ACLs. - -## Identity Provider - -Somebody who proves you are who you say you are: Google, Okta, Microsoft, etc. Tailscale is not an identity provider (there are no Tailscale passwords, for instance); we're a "relying party" of other identity providers. - -See https://tailscale.com/kb/1013/sso-providers for supported identity providers. - -## Machine - -A specific physical device, regardless of who uses it. - -## Machine Key - -A public/private keypair per machine. Multiple users can use a single machine (e.g. different logins on that mac/windows/linux desktop) but they'll all have the same machine key. Each user on that machine is then a unique Node. - -## SSO - -Single Sign-On. A way to log in to site B using the identity of site A. See [Identity Provider](#identity-provider). - -## NAT - -[Network Address Translation](https://en.wikipedia.org/wiki/Network_address_translation). To see how Tailscale gets through NATs and Firewalls, see [How NAT Traversal Works](https://tailscale.com/blog/how-nat-traversal-works/). - -## Node - -A combination of a user & machine. - -## Peer - -Another node that your node is trying to talk to. They might be part of your domain or not. - -## Tailnet -A Tailscale network. See [domain](#domain). - -## Tailscalar -A Tailscale employee. - -## Tunnel - -In VPNs, the term "tunnel" usually refers to a virtual tunnel between the your machine and a peer you're trying to talk to. - -## WireGuard - -WireGuard is the underlying cryptographic protocol that Tailscale speaks. See https://www.wireguard.com/ - +See the [Terminology and concepts](https://tailscale.com/kb/1155/terminology-and-concepts/) article on the Tailscale.com site. \ No newline at end of file