| Approval Client | Device using Approval Keys to sign Approval Requests. |
| Approval Key | Key used to approve Key Actions by signing them. |
| Approval Request | A request to authorize a Key Action. |
| Key Action | One of the following operations with the SKA Key: Use the key (signing, decrypting, unwrapping), block/unblock the key, modify the key attributes. |
| Group (of Approval Keys) | List of keys from which a quorum is required to perform an Action. Multiple groups, each with its own quorum can be defined with an AND relationship. |
| Quorum | Required minimum number out of all relevant Approval Keys that need to approve a Key Action for the Key Action to be authorized. |
| Rule | Multiple tokens, defining when a Key Action is permissible. |
| (SKA) Policy | Set of rules, one for each Key Action. |
| SKA Key | Private key that has an SKA Policy associated with it. |
| Timelock | Minimum time between a timestamp obtained for a Key Action from the HSM and submitting an approval for the Action. |
| Timeout | Maximum time between a timestamp obtained for a Key Action from the HSM and submitting an approval for the Action. |
| Token | Set of requirements to perform a Key Action. Includes Timelock, Timeout, and Groups. Multiple Tokens can be defined with OR relationship |