|Oracle® Collaboration Suite Administrator's Guide
10g Release 1 (10.1.2) for Windows or UNIX
Part Number B25490-05
application programming interface (API)
A series of software routines and development tools that comprise an interface between a computer application and lower-level services and functions (such as the operating system, device drivers, and other software applications). APIs serve as building blocks for programmers putting together software applications. For example, LDAP-enabled clients access Oracle Internet Directory information through programmatic calls available in the LDAP API.
application service provider
Application Service Providers (ASPs) are third-party entities that manage and distribute software-based services and solutions to customers across a wide area network from a central data center. In essence, ASPs are a way for companies to outsource some or almost all aspects of their information technology needs.
The tier of Oracle Collaboration Suite that runs the server applications that provide specific functionality to end users. The term "Applications tier" replaces the term "middle tier" that was used in previous releases. Each Applications tier corresponds to an instance of Oracle Application Server. See also Oracle Collaboration Suite Applications.
The ability of a system to grant or limit access to specific data for specific clients or groups of clients.
Directory attributes hold a specific data element such as a name, phone number, or job title. Each directory entry is comprised of a set of attributes, each of which belongs to an object class. Moreover, each attribute has both a type, which describes the kind of information in the attribute, and a value, which contains the actual data.
attribute configuration file
In an Oracle Directory Integration and Provisioning environment, a file that specifies attributes of interest in a connected directory.
Attribute types specify information about a data element, such as the data type, maximum length, and whether it is single-valued or multivalued. The attribute type provides the real-world meaning for a value, and specifies the rules for creating and storing specific pieces of data, such as a name or an e-mail address.
An Oracle Internet Directory feature that ensures that no two specified attributes have the same value. It enables applications synchronizing with the enterprise directory to use attributes as unique keys.
The process of verifying the identity of a user, device, or other entity in a computer system, often as a prerequisite to granting access to resources in a system. A recipient of an authenticated message can be certain of the message's origin (its sender). Authentication is presumed to preclude the possibility that another party has impersonated the sender.
Permission given to a user, program, or process to access an object or set of objects. In Oracle, authorization is done through the role mechanism. A single person or a group of people can be granted a role or a group of roles. A role, in turn, can be granted other roles. The set of privileges available to an authenticated entity.
The root of a subtree search in an LDAP-compliant directory.
In an Oracle Directory Integration and Provisioning environment, the directory that acts as the central repository. In an Oracle Directory Integration and Provisioning environment, Oracle Internet Directory is the central directory.
An ITU X.509 Version 3 standard data structure that securely binds an identify to a public key.
A certificate is created when an entity's public key is signed by a trusted identity, a certificate authority. The certificate ensures that the entity's information is correct and that the public key actually belongs to that entity.
A certificate contains the entity's name, identifying information, and public key. It is also likely to contain a serial number, expiration date, and information about the rights, uses, and privileges associated with the certificate. Finally, it contains information about the certificate authority that issued it.
A trusted third party that certifies that other entities—users, databases, administrators, clients, servers—are who they say they are. When it certifies a user, the certificate authority first seeks verification that the user is not on the certificate revocation list (CRL), then verifies the user's identity and grants a certificate, signing it with the certificate authority's private key. The certificate authority has its own certificate and public key which it publishes. Servers and clients use these to verify signatures the certificate authority has made. A certificate authority might be an external company that offers certificate services, or an internal organization such as a corporate MIS department.
A mechanism that computes a value for a message packet, based on the data it contains, and passes it along with the data to authenticate that the data has not been tampered with. The recipient of the data recomputes the cryptographic checksum and compares it with the cryptographic checksum passed with the data; if they match, it is "probabilistic" proof the data was not tampered with during transmission.
A client relies on a service. A client can sometimes be a user, sometimes a process acting on behalf of the user during a database link (sometimes called a proxy).
The tier of Oracle Collaboration Suite that consists of the end-user applications that reside on client devices, such as desktops, laptops, wireless phones, and PDAs. See also Oracle Collaboration Suite Applications.
A collection of interconnected usable whole computers that is used as a single computing resource. Hardware clusters provide high availability and scalability.
Collaboration Suite Database
The default database shipped with Oracle Collaboration Suite to hold application data.
A specially formatted description of the destination for a network connection. A connect descriptor contains destination service and network route information. The destination service is indicated by using its service name for Oracle databases. The network route provides, at a minimum, the location of the listener through use of a network address. See connect identifier
A connect descriptor or a name that maps to a connect descriptor. A connect identifier can be a net service name, database service name, or net service alias. Users initiate a connect request by passing a user name and password along with a connect identifier in a connect string for the service to which they wish to connect:
In an Oracle Directory Integration and Provisioning environment, an information repository requiring full synchronization of data between Oracle9i Application Server and itself—for example, an Oracle human resources database.
A username, password, or certificate used to gain access to the database.
A configuration file for Oracle HTTP Server that is used to configure a database access descriptor (DAD).
See Oracle Delegated Administration Services. (DAS).
database access descriptor (DAD)
Database connection information for a particular Oracle Collaboration Suite component, such as the OracleAS Single Sign-On schema.
(1) A person responsible for operating and maintaining an Oracle Server or a database application. (2) An Oracle username that has been given DBA privileges and can perform database administration functions. Usually the two meanings coincide. Many sites have multiple DBAs.
See net service name
A network object stored in the local database or in the network definition that identifies a remote database, a communication path to that database, and optionally, a username and password. Once defined, the database link is used to access the remote database.
A public or private database link from one database to another is created on the local database by a DBA or user.
A global database link is created automatically from each database to every other database in a network with Oracle Names. Global database links are stored in the network definition.
default identity management realm
In a hosted environment, one enterprise—for example, an application service provider—makes Oracle components available to multiple other enterprises and stores information for them. In such hosted environments, the enterprise performing the hosting is called the default identity management realm, and the enterprises that are hosted are each associated with their own identity management realm in the directory information tree (DIT).
Delegated Administration Services
directory information base (DIB)
The complete set of all information held in the directory. The DIB consists of entries that are related to each other hierarchically in a directory information tree (DIT).
directory information tree (DIT)
A hierarchical tree-like structure consisting of the DNs of the entries in an LDAP directory. See distinguished name (DN)
directory integration and provisioning server
In an Oracle Directory Integration and Provisioning environment, the server that drives the synchronization of data between Oracle Internet Directory and a connected directory.
directory integration profile
In an Oracle Directory Integration and Provisioning environment, an entry in Oracle Internet Directory that describes how Oracle Directory Integration and Provisioning communicates with external systems and what is communicated.
directory provisioning profile
A special kind of directory integration profile that describes the nature of provisioning-related notifications that Oracle Directory Integration and Provisioning sends to the directory-enabled applications.
directory server instance
A discrete invocation of a directory server. Different invocations of a directory server, each started with the same or different configuration set entries and startup flags, are said to be different directory server instances.
directory-specific entry (DSE)
An entry specific to a directory server. Different directory servers may hold the same directory information tree (DIT) name, but have different contents—that is, the contents can be specific to the directory holding it. A DSE is an entry with contents specific to the directory server holding it.
directory synchronization profile
A special kind of directory integration profile that describes how synchronization is carried out between Oracle Internet Directory and an external system.
directory user agent (DUA)
The software that accesses a directory service on behalf of the directory user. The directory user may be a person or another software element.
distinguished name (DN)
A X.500 distinguished name (DN) is a unique name for a node in a directory tree. A DN is used to provide a unique name for a person or any other directory entry. A DN is a concatenation of selected attributes from each node in the tree along the path from the root node to the named entry's node. For example, in LDAP notation, the DN for a person named John Smith working at Oracle's US office would be: "cn=John Smith, ou=People, o=Oracle, c=us".
Any tree or subtree within the Domain Name System (DNS) namespace. Domain most commonly refers to a group of computers whose host names share a common suffix, the domain name.
domain component attribute
The domain component (dc) attribute can be used in constructing a distinguished name (DN) from a domain name. For example, using a domain name such as "oracle.com", one could construct a DN beginning with "dc=oracle, dc=com", and then use this DN as the root of its subtree of directory information.
Domain Name System (DNS)
A system for naming computers and network services that is organized into a hierarchy of domains. DNS is used in TCP/IP networks to locate computers through user-friendly names. DNS resolves a friendly name into an IP address, which is understood by computers.
In Oracle Net Services, DNS translates the host name in a TCP/IP address into an IP address.
An entry is a unique record in a directory that describes an object, such as a person. An entry consists of attributes and their associated attribute values, as dictated by the object class that describes that entry object. All entries in an LDAP directory structure are uniquely identified through their distinguished name (DN).
In an Oracle Directory Integration and Provisioning environment, an agent that exports data out of Oracle Internet Directory.
export data file
In an Oracle Directory Integration and Provisioning environment, the file that contains data exported by an export agent.
See export data file.
Applications that do not delegate authentication to the OracleAS Single Sign-On server. Instead, they display HTML login forms that ask for application user names and passwords. At the first login, users can choose to have the OracleAS Single Sign-On server retrieve these credentials for them. Thereafter, they are logged in to these applications transparently.
FTP, the File Transfer Protocol, is one of three protocols supported by Oracle Content Services. It is used for file transfers across Wide Area Networks such as the Internet. FTPS, also known as secure FTP, is also supported by Oracle Content Services.
In a hosted environment, one enterprise—for example, an application service provider—makes Oracle components available to multiple other enterprises and stores information for them. In such an environment, a global administrator performs activities that span the entire directory.
global unique identifier (GUID)
An identifier generated by the system and inserted into an entry when the entry is added to the directory. In a multimaster replicated environment, the GUID, not the DN, uniquely identifies an entry. The GUID of an entry cannot be modified by a user.
global user inactivity timeout
An optional feature of Oracle Application Server Single Sign-On that forces users to re authenticate if they have been idle for a pre configured amount of time. The global user inactivity timeout is much shorter than the single sign-out session timeout.
globally unique user ID
A numeric string that uniquely identifies a user. A person may change or add user names, passwords, and distinguished names, but her globally unique user ID always remains the same.
A computing architecture that coordinates large numbers of servers and storage to act as a single large computer. Oracle Grid Computing creates a flexible, on-demand computing resource for all enterprise computing needs. Applications running on the Oracle 10g grid computing infrastructure can take advantage of common infrastructure services for failover, software provisioning, and management. Oracle Grid Computing analyzes demand for resources and adjusts supply accordingly.
group search base
In the Oracle Internet Directory default directory information tree (DIT), the node in the identity management realm under which all the groups can be found.
Hypertext Transfer Protocol: The set of rules for exchanging files (text, graphic images, sound, video, and other multimedia files) on the World Wide Web. Relative to the TCP/IP suite of protocols (which are the basis for information exchange on the Internet), HTTP is an application protocol.
See Oracle HTTP Server.
The file used to configure Oracle HTTP Server.
The process by which the complete security life cycle for network entities is managed in an organization. It typically refers to the management of an organization's application users, where steps in the security life cycle include account creation, suspension, privilege modification, and account deletion. The network entities managed may also include devices, processes, applications, or anything else that needs to interact in a networked environment. Entities managed by an identity management process may also include users outside of the organization, for example customers, trading partners, or Web services.
identity management infrastructure database
The database that contains data for OracleAS Single Sign-On and Oracle Internet Directory.
identity management realm
A collection of identities, all of which are governed by the same administrative policies. In an enterprise, all employees having access to the intranet may belong to one realm, while all external users who access the public applications of the enterprise may belong to another realm. An identity management realm is represented in the directory by a specific entry with a special object class associated with it.
identity management realm-specific Oracle Context
An Oracle Context contained in each identity management realm. It stores the following information:
User naming policy of the identity management realm—that is, how users are named and located.
Mandatory authentication attributes.
Location of groups in the identity management realm.
Privilege assignments for the identity management realm—for example: who has privileges to add more users to the realm.
Application specific data for that realm including authorizations.
Internet Message Access Protocol is an Internet protocol for accessing e-mail on a remote server from a local client. It enables efficient operation such as downloading only essential data by first getting the e-mail header before the actual e-mail download. This makes the protocol well suited to remote environments.
The tier of Oracle Collaboration Suite that consists of the components that provide services, such as identity management and metadata storage, for the Applications tier. Components of the Infrastructure tier include Oracle Collaboration Suite Database and Oracle Identity Management. See also Oracle Collaboration Suite Infrastructure.
Every running Oracle database is associated with an Oracle instance. When a database is started on a database server (regardless of the type of computer), Oracle allocates a memory area called the System Global Area (SGA) and starts an Oracle process. This combination of the SGA and an Oracle process is called an instance. The memory and the process of an instance manage the associated database's data efficiently and serve the one or more users of the database.
Interactive Voice Response (IVR)
Interactive Voice Response The IVR plays messages, transfers calls, searches the user directory, offers simple DTMF (Dual-Tone Multifrequency) menus, and integrates with the Recording Service and Retrieval Service. Sometimes referred to as an auto attendant.
Internet Message Access Protocol (IMAP)
A protocol allowing a client to access and manipulate electronic mail messages on a server. It permits manipulation of remote message folders, also called mailboxes, in a way that is functionally equivalent to local mailboxes.
IVR (Interactive Voice Response) Service
The IVR Service runs simple call answering programs that administrators can define and customize. The IVR Service supports multiple administrator-defined IVR deployment items, each of which may specify a behavior for business hours, non-business hours, holidays, and special times that fit none of these categories.
Java 2 Platform, Enterprise Edition (J2EE)
Java 2 Platform, Enterprise Edition (J2EE) is an environment for developing and deploying enterprise applications, defined by Sun Microsystems Inc. The J2EE platform consists of a set of services, application programming interfaces (APIs), and protocols that provide the functionality for developing multi tiered, Web-based applications.
Java Database Connectivity (JDBC)
An industry-standard Java interface for connecting to a relational database from a Java program, defined by Sun Microsystems.
Java Server Page (JSP)
JavaServer Pages (JSP), a server-side technology, are an extension to the Java servlet technology that was developed by Sun Microsystems. JSPs have dynamic scripting capability that works in tandem with HTML code, separating the page logic from the static elements (the design and display of the page). Embedded in the HTML page, the Java source code and its extensions help make the HTML more functional, being used in dynamic database queries, for example.
A file created by Oracle Net Configuration Assistant that contains the following directory server access information:
LDAP connection cache
To improve throughput, the OracleAS Single Sign-On server caches and then reuses connections to Oracle Internet Directory.
LDIF (LDAP Data Interchange Format)
The set of standards for formatting an input file for any of the LDAP command-line utilities.
Lightweight Directory Access Protocol (LDAP)
A set of protocols for accessing information in directories. LDAP supports TCP/IP, which is necessary for any type of Internet access. Its framework of design conventions supports industry-standard directory products, such as Oracle Internet Directory. Because it is a simpler version of the X.500 standard, LDAP is sometimes called X.500 light.
A process that resides on the server whose responsibility is to listen for incoming client connection requests and manage the traffic to the server.
Every time a client requests a network session with a server, a listener receives the actual request. If the client information matches the listener information, then the listener grants a connection to the server.
A configuration file for the listener that identifies the:
Protocol addresses that it is accepting connection requests on
Services it is listening for
listener.ora file typically resides in
/network/admin on UNIX platforms and
\network\admin on Windows.
Hardware devices and software that balance connection requests between two or more servers, either due to heavy load or failover. BigIP, Alteon, or Local Director are all popular hardware devices. Oracle Application Server Web Cache is an example of load balancing software.
A module on the Oracle HTTP Server that enables applications protected by OracleAS Single Sign-On to accept HTTP headers in lieu of a user name and password once the user has logged into the OracleAS Single Sign-On server. The values for these headers are stored in the mod_osso cookie.
User data stored on the HTTP server. The cookie is created when a user authenticates. When the same user requests another application, the Web server uses the information in the mod_osso cookie to log the user in to the application. This feature speeds server response time.
The attribute used to compose the RDN of a new user entry created through Oracle Delegated Administration Services or Oracle Internet Directory Java APIs. The default value for this is
net service name
net service alias
An alternative name for a directory naming object in a directory server. A directory server stores net service aliases for any defined net service name or database service. A net service alias entry does not have connect descriptor information. Instead, it only references the location of the object for which it is an alias. When a client requests a directory lookup of a net service alias, the directory determines that the entry is a net service alias and completes the lookup as if it was actually the entry it is referencing.
A listener on a server that listens for connection requests for one or more databases on one or more protocols. See listener
A named group of attributes. When you want to assign attributes to an entry, you do so by assigning to that entry the object classes that hold those attributes. All objects associated with the same object class share the same attributes.
In LDAP, object classes are used to group information. Typically an object class models a real-world object such as a person or a server. Each directory entry belongs to one or more object classes. The object class determines the attributes that make up an entry. One object class can be derived from another, thereby inheriting some of the characteristics of the other class.
A process by which information is scrambled into a non-readable form, such that it is extremely difficult to de-scramble if the algorithm used for scrambling is not known.
OID Database Password Utility
The utility used to change the password with which Oracle Internet Directory connects to an Oracle Database.
The Oracle Internet Directory component that initiates, monitors, and terminates the Oracle Internet Directory Server processes. It also controls the replication server if one is installed, and Oracle Directory Integration and Provisioning Server.
Oracle Application Server Single Sign-On
OracleAS Single Sign-On consists of program logic that enables you to log in securely to applications such as expense reports, mail, and benefits. These applications take two forms: partner applications and external applications. In both cases, you gain access to several applications by authenticating only once.
Oracle Certificate Authority
Oracle Application Server Certificate Authority is a certificate authority for use within your Oracle Application Server environment. OracleAS Certificate Authority uses Oracle Internet Directory as the storage repository for certificates. OracleAS Certificate Authority integration with OracleAS Single Sign-On and Oracle Internet Directory provides seamless certificate provisioning mechanisms for applications relying on them. A user provisioned in Oracle Internet Directory and authenticated in OracleAS Single Sign-On can choose to request a digital certificate from OracleAS Certificate Authority.
Oracle Collaboration Suite
An integrated suite of software applications to enable communication, messaging, and content sharing in an enterprise environment. At an architectural level, it includes three tiers: an Applications tier, which consists of server applications that provide the basic functionality, a Client tier, which consists of applications on desktops, laptops, and wireless devices, and an Infrastructure tier, which provides centralized services, such as identity management and metadata storage, for the applications.
Oracle Collaboration Suite Applications
The applications that make up Oracle Collaboration Suite, namely:
Oracle Collaboration Suite Search
Oracle Content Services
Oracle Mobile Collaboration
Oracle Real-Time Collaboration
Oracle Voicemail & Fax
Oracle Collaboration Suite Database
The default database included with Oracle Collaboration Suite to hold application data and metadata. The Oracle Collaboration Suite Database is part of the Oracle Collaboration Suite Infrastructure.
Oracle Collaboration Suite Infrastructure
The underlying components that support Oracle Collaboration Suite and provide centralized product metadata and security services, configuration information, and data repositories for Oracle Collaboration Suite Applications. Oracle Collaboration Suite Infrastructure uses and builds on OracleAS Infrastructure. It includes the Oracle Collaboration Suite Database and Oracle Identity Management. See also Infrastructure tier.
Oracle Collaboration Suite Portal
Oracle Containers for J2EE (OC4J)
A lightweight, scalable container for Java 2 Platform, Enterprise Edition (J2EE).
Oracle Content Services
Oracle Content Services is a content management application that provides a secure place to store and share content. It offers collaboration features such as check-in/check-out, role-based security, workflow, custom metadata, and file system access through standard protocols.
Oracle Content Services domain
An Oracle Content Services domain is a logical grouping of Oracle Content Services nodes, and an Oracle database instance (called the Collaboration Suite Database) that contains the Oracle Content Services data.
Oracle Content Services nodes
An Oracle Content Services node is the application software that comprises the product, along with the underlying Java Virtual Machine (JVM) required to support the software at runtime. There are two types of nodes: regular nodes, and HTTP nodes. Each node is based on a particular node configuration.
An entry in an LDAP-compliant internet directory called
cn=OracleContext, under which all Oracle software relevant information is kept, including entries for Oracle Net Services directory naming and checksumming security.
Oracle Database Advanced Replication
A feature in the Oracle Database that enables database tables to be kept synchronized across two Oracle databases.
Oracle Delegated Administration Services
A set of individual, pre-defined services—called Oracle Delegated Administration Services units—for performing directory operations on behalf of a user. Oracle Internet Directory Provisioning Console makes it easier to develop and deploy administration solutions for both Oracle and third-party applications that use Oracle Internet Directory.
Oracle Directory Integration and Provisioning
A collection of interfaces and services for integrating multiple directories by using Oracle Internet Directory and several associated plug-ins and connectors. A feature of Oracle Internet Directory that enables an enterprise to use an external user repository to authenticate to Oracle products.
Oracle Directory Integration and Provisioning Server
In an Oracle Directory Integration and Provisioning environment, a daemon process that monitors Oracle Internet Directory for change events and takes action based on the information present in the directory integration profile.
Oracle Directory Integration Platform
A component of Oracle Internet Directory. It is a framework developed to integrate applications around a central LDAP directory like Oracle Internet Directory.
Oracle Directory Manager
A Java-based tool with a graphical user interface for administering Oracle Internet Directory.
Oracle Enterprise Manager
Oracle Enterprise Manager is the Oracle integrated management solution for managing the Oracle environment.
Oracle HTTP Server
Software that processes Web transactions that use the Hypertext Transfer Protocol (HTTP). Oracle uses HTTP software developed by the Apache Group.
Oracle Identity Management
An integrated set of components that provide distributed security to Oracle products and make it possible to centrally and securely manage enterprise identities and their access to applications in the enterprise. It includes the following components: Oracle Internet Directory, Oracle Directory Integration and Provisioning, Oracle Delegated Administration Services, OracleAS Single Sign-On, and Oracle Application Server Certificate Authority.
Oracle Internet Directory
A general purpose directory service that enables retrieval of information about dispersed users and network resources. It combines Lightweight Directory Access Protocol (LDAP) Version 3 with the high performance, scalability, robustness, and availability of the Oracle Database.
Oracle Internet Directory Self-Service Console
An interface constructed using Oracle Delegated Administration Services; a single graphical interface for end users to manage their personal profile, including password, photo, time zone, and resource access information. When administrators, with the required privileges, log in they instead see the Oracle Internet Directory Provisioning Console.
Oracle Internet Directory Provisioning Console
An interface constructed using Oracle Delegated Administration Services; a single graphical interface for managing user accounts and user groups, setting user attribute defaults, creating, enabling, disabling, locking, de-provisioning, and deleting user accounts, and managing identity management realms. When users lacking provisioning privileges log in to the console, they instead see the Oracle Internet Directory Self-Service Console.
Oracle Net Services
An Oracle product that enables two or more computers that run the Oracle server or Oracle tools such as Designer/2000 to exchange data through a third-party network. Oracle Net Services support distributed processing and distributed database capability. Oracle Net Services is an open system because it is independent of the communication protocol, and users can interface Oracle Net to many network environments.
Oracle Process Manager and Notification Server (OPMN)
Oracle Process Manager and Notification Server (OPMN) manages Oracle HTTP Server and OC4J processes within an application server instance as well as other processes such as the Oracle Voicemail & Fax services. It acts as a manager daemon to restart managed services, when necessary.
Oracle Records Management
Oracle Records Management is a new component of Oracle Content Services that provides support for compliance solutions like enforced recordization and retention policies. Records Administrators can use Oracle Records Management to specify file plans and create record categories.
A Java-based graphical user interface application that enables you to install Oracle components from a CD, multiple CDs, or the Web. It is used for installing or upgrading all Oracle products, including Oracle Collaboration Suite, Oracle Application Server, Oracle Database 10g, and the various components of each of those products.
An OracleAS Single Sign-On partner application that provides a mechanism for integrating files, images, applications, and Web sites. The External Applications portlet provides access to external applications.
In Oracle Collaboration Suite, Oracle Collaborative Portlets provides access to the Oracle Collaboration Suite applications via a set of ready-made portlets.
An Oracle Application Server application or non-Oracle application that delegates the authentication function to the OracleAS Single Sign-On server. This type of application spares users from re authenticating by accepting mod_osso headers.
Applications in an environment where user and group information is centralized in Oracle Internet Directory. These applications are typically interested in changes to that information in Oracle Internet Directory.
In Oracle Collaboration Suite, provisioned applications include:
Oracle Content Services
Oracle Real-Time Collaboration
Oracle Voicemail & Fax
If Oracle Discussions is configured, it is provisioned whenever Oracle Mail is provisioned.
The process of providing users with access to configured Oracle Collaboration Suite applications.
provisioning integration profile
A special kind of directory integration profile that describes the nature of provisioning-related notifications that Oracle Directory Integration and Provisioning sends to the directory-enabled applications.
A process typically employed in an environment with a Applications tier such as a firewall, wherein the end user authenticates to the Applications tier, which thence authenticates to the directory on the user's behalf—as its proxy. The Applications tier logs into the directory as a proxy user. A proxy user can switch identities and, once logged into the directory, switch to the end user's identity. It can perform operations on the end user's behalf, using the authorization appropriate to that particular end user.
A server between a client application, such as a Web browser, and a real server. It intercepts all requests to the real server to see if it can fulfil the requests itself. If not, it forwards the request to the real server. In OracleAS Single Sign-On, proxies are used for load balancing and as an extra layer of security.
See also: load balancer.
Short for identity management realm.
realm Oracle Context
A structured collection of data that stores data in tables consisting of one or more rows, each containing the same set of columns. Oracle makes it very easy to link the data in multiple tables. This is what makes Oracle a relational database management system, or RDBMS. It stores data in two or more tables and enables you to define relationships between the tables. The link is based on one or more fields common to both tables.
relative distinguished name (RDN)
The local, most granular level entry name. It has no other qualifying entry names that would serve to uniquely address the entry. In the example,
cn=Smith,o=acme,c=US, the RDN is
root Oracle Context
In the Oracle Identity Management infrastructure, the root Oracle Context is an entry in Oracle Internet Directory containing a pointer to the default identity management realm in the infrastructure. It also contains information on how to locate an identity management realm given a simple name of the realm.
The ability of a system to provide throughput in proportion to, and limited only by, available hardware resources.
1. Database schema: A named collection of objects, such as tables, views, clusters, procedures, packages, attributes, object classes, and their corresponding matching rules, which are associated with a particular user. 2. LDAP directory schema: The collection of attributes, object classes, and their corresponding matching rules.
Secure Sockets Layer (SSL)
An industry standard protocol designed by Netscape Communications Corporation for securing network connections. SSL provides authentication, encryption, and data integrity using public key infrastructure (PKI).
1. A network resource used by clients; for example, an Oracle database server.
2. An executable process installed in the Windows registry and administered by Windows. Once a service is created and started, it can run even when no user is logged on to the computer.
Single Sign-On (SSO)
The ability of a user to authenticate once, combined with strong authentication occurring transparently in subsequent connections to other databases or applications. Single sign-on lets a user access multiple accounts and applications with a single password, entered during a single connection. Single password, single authentication. Oracle Advanced Security supports Kerberos, DCE, and SSL-based single sign-on.
Simple Mail Transfer Protocol is the main protocol used to control the transfer of electronic mail (e-mail) messages on the Internet. SMTP is the TCP/IP protocol, and this specifies the format of the messages, and how servers and terminals are to interact.
SMTP is usually employed for the sending of the messages, with other protocols used to receive them, for example, POP3 or IMAP, which can save the messages in a mailbox for download from the server to a particular terminal, as required by the user. ESMTP, Extended Simple Mail Transfer Protocol, allows multimedia files to be sent as e-mail.
A section of a directory hierarchy, which is also called a directory information tree (DIT). The subtree typically starts at a particular directory node and includes all subdirectories and objects below that node in the directory hierarchy.
A special directory administrator who typically has full access to directory information.
System Global Area (SGA)
A group of shared memory structures that contain data and control information for one Oracle database instance. If multiple users are concurrently connected to the same instance, the data in the instance SGA is shared among the users. Consequently, the SGA is sometimes referred to as the "shared global area." The combination of the background processes and memory buffers is called an Oracle instance.
system identifier (SID)
A unique name for an Oracle instance. To switch between Oracle databases, users must specify the desired SID. The SID is included in the
CONNECT DATA parts of the connect descriptor in a tnsnames.ora file, and in the definition of the network listener in a listener.ora file.
A file that contains connect descriptors; each connect descriptor is mapped to a net service name. The file may be maintained centrally or locally, for use by all or individual clients. This file typically resides in the following locations depending on your platform:
Uniform Resource Identifier (URI). A way to identify any point of content on the Web, whether it be a page of text, a video or sound clip, a still or animated image, or a program. The most common form of URI is the Web page address, which is a particular form or subset of URI called a URL.
Uniform Resource Locator (URL). The address of a file accessible on the Internet. The file can be a text file, HTML page, image file, a program, or any other file supported by HTTP. The URL contains the name of the protocol required to access the resource, a domain name that identifies a specific computer on the Internet, and a hierarchical description of the file location on the computer.
user search base
In the Oracle Internet Directory default directory information tree (DIT), the node in the identity management realm under which all the users are placed.
Selective presentations of one or more tables (or other views), showing both their structure and their data.
A single physical Web server machine that is hosting one or more Web sites or domains, or a server that is acting as a proxy to other machines (accepts incoming requests and reroutes them to the appropriate server).
In the case of OracleAS Single Sign-On, virtual hosts are used for load balancing between two or more OracleAS Single Sign-On servers. They also provide an extra layer of security.
virtual host name
In an Oracle Application Server Cold Failover Cluster (Identity Management), the host name corresponding to a particular virtual IP address.
virtual IP address
In an Oracle Application Server Cold Failover Cluster (Identity Management), each physical node has its own physical IP address and physical host name. To present a single system image to the outside world, the cluster uses a dynamic IP address that can be moved to any physical node in the cluster. This is called the virtual IP address.
A wallet is a data structure used to store and manage security credentials for an individual entity. A Wallet Resource Locator (WRL) provides all the necessary information to locate the wallet.
Wallet Resource Locator
A wallet resource locator (WRL) provides all necessary information to locate a wallet. It is a path to an operating system directory that contains a wallet.
Web-based Distributed Authoring and Versioning (WebDAV) is one of three protocols supported by Oracle Content Services. It allows clients to browse and edit files on Oracle Content Services as if they were on the local machine. WebDAV is designed for Wide Area Networks such as the Internet. Currently, the most widespread WebDAV client is the Web Folders extension to Windows Explorer, also known as Network Places in Windows 2000/XP.
X.500 is a standard from the International Telecommunication Union (ITU) that defines how global directories should be structured. X.500 directories are hierarchical with different levels for each category of information, such as country, state, and city.
Extensible Markup Language (XML) is a specification developed by the World Wide Web Consortium (W3C). XML is a pared-down version of Standard Generalized Mark-Up Language (SGML), designed especially for Web documents. XML is a metalanguage (a way to define tag sets) that allows developers to define their own customized markup language for many classes of documents.