Authentication.md

@@ -2,13 +2,13 @@
 
 ![B2ACCESS integration - sequence diagram](https://raw.githubusercontent.com/wiki/EUDAT-B2SAFE/B2SAFE-core/eudat_aai-b2safe_sequence.png)  
 
-1a) Authorization scripts, scheduled periodically, fetches the user attributes from Unity (B2ACCESS), 
+1a) Authorization scripts, scheduled periodically, fetches the user attributes from Unity ([B2ACCESS](https://eudat.eu/services/b2access)), 
 via REST admin interface, providing username/password. It gets the attributes of all the registered users.  
 In particular it gets the unique id associated to each user which, combined with the EUDAT CA distinguished name and 
-the username, will form the distinguished name of any X.509 SLC (Short Living Credential) token released for that user. The attributes are stored in a local cache, implemented by a json file.  
+the username, will form the distinguished name of any [X.509](https://www.itu.int/rec/T-REC-X.509) SLC (Short Lived Credential) token released for that user. The attributes are stored in a local cache, implemented by a json file.  
 2a) The same set of authorization scripts synchronize periodically the local cache with the B2SAFE service, which associates the Global DN to the local iRODS username.  
 
-1b) The user from her browser initiates the flow via the Web portal to request a resource (x.509 slc),  
+1b) The user from her browser initiates the flow via the Web portal to request a resource (X.509 SLC),  
 2) she doesn't have an access token and she is not authenticated, therefore request for an access token from oauth-as (B2ACCESS) through the Web portal,  
 3) since she is not authenticated, she is redirected to her external IDP (IDentity Provider) via Unity (goes
 through [SAML](https://www.oasis-open.org/standards#samlv2.0) Web SSO (Single Sign On) sequences),