Sun Java Enterprise System Glossary





(n.) A collection of files and directories. Packaging is a method distributing software for installation. See also assembly, deployment.


(1) (n.) A name-value pair sent from the Java Enterprise System Application Server client, including form field data, HTTP header information, and so on, and encapsulated in a request object. See also attribute, property.

(2) (n.) An argument to a Java method or database-prepared command.

parameter entity

(n.) An entity that consists of DTD specifications, as distinct from a general entity. A parameter entity defined in the DTD can then be referenced at other points, thereby eliminating the need to recode the definition at each location it is used.


(n.) An element in an XML file that contains another element, referred to as a child. See also child.

parent access

(n.) When granted, indicates that users have access to entries below their own position in the directory tree if the bind DN is the parent of the targeted entry.

parsed entity

(n.) A general entity that contains XML and therefore is parsed when inserted into the XML document, as opposed to an unparsed entity.


(n.) A module that reads in XML data from an input source and breaks it into chunks so that your program knows when it is working with a tag, an attribute, or element data. A non-validating parser ensures that the XML data is well formed but does not verify that it is valid. See also validating parser.


See message store partition.


(n.) The process of transferring an enterprise bean from memory to secondary storage. A method of releasing a bean’s resources from memory without destroying the bean. In this way, a bean is made to be persistent and can be recalled without the overhead of instantiation. See also activation.

pass-through authentication

See PTA.

pass-through subtree

(n.) In pass-through authentication, the PTA Directory Server passes through bind requests to the authenticating Directory Server from all clients whose DN is contained in this subtree.

password authentication

(n.) Identification of a user through user name and password. See also certificate-based authentication.

password file

(n.) (UNIX only) A file that stores UNIX user login names, passwords, and user ID numbers. The password file is also known as /etc/passwd because of where the file is located.

password policy

(n.) A set of rules that govern how passwords are used in a given directory.

patch version number

(n.) The last two digits of the patch identifier, for example, “nnnnnn-03”. The number is increased by one each tome a new version of the patch is released.


(n.) A string expression used for matching purposes, such as in Allow and Deny filters.


(n.) A predefined XML tag for parsed character data, in which the normal rules of XML syntax apply, as opposed to character data (CDATA), which means “don't interpret these characters.” See also CDATA.


(personal digital certificate) (n.) An electronic certificate attached to a message that authenticates a user. A personal digital certificate can be created by correctly entering a user ID and password or by using an SSL certificate request that in turn uses the security certificate of the server through which the user is connected.


(n.) A subcategory that has the same parent category as another.

permanent failure

(n.) An error condition that occurs during message handling. When a permanent failure occurs, the message store deletes its copy of an email message. The MTA bounces the message back to the sender and deletes its copy of the message.


(1) (n.) A set of privileges granted or denied to a user or group. This information includes the user or group name, valid email address or addresses, and how and where email is delivered.

(2) (n.) In the context of access control, the permission states whether access to the directory information is granted or denied and the level of access that is granted or denied. See also access rights.

(3) (n.) The settings that control the access to a calendar. For example, in Calendar Express, permissions include Availability, Invite, Read, Delete, and Modify. Calendar Server administrators set permissions as ACE strings using command-line utilities. See also ACL.


(1) (n.) For components, the protocol for transferring the state between instance variables and an underlying database. See entity bean. See also transience.

(2) (n.) For sessions, the session storage mechanism. See also session, failover, session failover.

persistence manager

(n.) The manager responsible for the persistence of an EJB 1.x or 2.x entity bean.

persistent field

(n.) A virtual field of an EJB 2.1 entity bean that has container-managed persistence; it is stored in a database.

persistent state

(n.) Where the state of an object is kept in persistent storage, usually a database.

personal digital certificate

See PDC.

personal folder

(n.) A folder that can be read only by the owner. See also shared folder


(n.) The software utility required to export the certificate and key databases from your internal machine and import them into an external PKCS#11 module.


(public key infrastructure) (n.) Enables the identity of a user to be linked to a browser or mobile device. Wireless PKI refers to certificate-based authentication that occurs on the handset.


(n.) A method for transmitting data. The definition depends on the context. With secure socket layer, plaintext passwords are encrypted and are therefore not sent as cleartext. With SASL, plaintext passwords are hashed, and only a hash of the password is sent as text.

plaintext authentication

See password authentication.

pluggable authentication

(n.) A mechanism that allows J2EE applications to use the JavaTM Authentication and Authorization Service (JAAS) software from the J2SETM platform. Developers can plug in their own authentication mechanisms.


(1) (n.) A code extension to the browser that displays or executes content inside a web page. Plug-ins enable the browser to display page content elements that the browser would otherwise not be able to display.

(2) (n.) An accessory program that can be loaded and then used as part of the overall system. For example, the Calendar Server can use a plug-in to access a non-LDAP directory service.


(Portable Object Adapter) (n.) A CORBA standard for building server-side applications that are portable across heterogeneous ORBs.

pointer CoS

(n.) A pointer class of service which identifies the template entry using the template DN only.

point-to-point delivery model

(n.) A model where message producers address messages to specific message queues and message consumers extract messages from queues established to hold their messages. A message is delivered to one message consumer only.


(1.) (n.) A rule that describes who is authorized to access a specific resource under specific conditions. The rule can be based on groups of users or roles in an organization.

(2) (n.)In Directory Server Access Management Edition, defines rules to help protect an organization’s web resources. Policies are assigned to organizations and roles only.


(n.) The function in Instant Messaging Server that enables you to ask users for their response to a question. You can send a question and possible answers to selected users, and they respond with their selected answer.


(n.) The process of providing a number of pre-configured resources to improve performance. If a resource is pooled, a component can use an existing instance from the pool rather than instantiating a new one. In the Java Enterprise System Application Server, database connections, servlet instances, and enterprise bean instances can all be pooled.


(Post Office Protocol Version 3) (n.) A protocol that provides a standard delivery method and that does not require the MTA to have access to a user’s mail folders. Not requiring access is an advantage in a networked environment where often the mail client and the message transfer agent are on different computers.


(n.) The location (socket) to which Transmission Control Protocol/Internet Protocol connections are made. Web servers traditionally use port 80, FTP uses port 21, and telnet uses port 23. Java Enterprise System Portal Server uses special ports, particularly on client systems, to securely communicate through the Portal Server session to servers.


(n.) An entry point to a set of resources that an enterprise wants to make available to the portal’s users. For some consumer portals, the set of resources includes the entire World Wide Web, but for most enterprises, the set of resources includes information, applications, and other resources that are specific to the relationship between the user and the enterprise. The Portal Server Desktop is the application used to generate the portal in Portal Server.

Portal Desktop

(n.) Any one of the desktops generated by Portal Server.

Portal Server

(n.) A software product that enables remote users to securely access their organization’s network and the network’s services over the Internet. Creates a secure Internet portal, providing access to content, applications, and data to any targeted audience, including employees, business partners, or the general public. Referred to as the core part of the complete Sun Java System Portal Server product solution that is shared among all Portal Server packs.

Portal Server Desktop

(n.) Provides the primary end-user interface and a mechanism for extensible content aggregation through the content provider interface (PAPI). Often referred to as “Desktop.” The Desktop includes a variety of providers that provide a container hierarchy and the basic building blocks for building some types of channels. The Desktop implements a display profile data storage mechanism on top of a Directory Server Access Management Edition service for storing content provider and channel data. The Desktop also includes an admin console module for editing the display profile and other Desktop service data.

Portal Server Instant Collaboration Pack

(n.) A server instant messaging product that includes the server, multiplexor, and Instant Messaging components. Also known as Instant Messaging Server.

Portal Server Pack

(n.) A generic term that refers to an add-on product for Portal Server.

portal node

(n.) A physical machine that is running Portal Server software or Portal Server Pack software. Also called a host.

port number

(n.) A number that specifies an individual Transmission Control Protocol/Internet Protocol application on a host machine. Provides a destination for transmitted data.


(n.) A stage of the Java Enterprise System solution life-cycle process in which distributed applications are started up, monitored, tuned to optimize performance, and dynamically upgraded to include new functionality.

postinstallation configuration

(n.) Access Manager configuration tasks that you perform after you run the Java Enterprise System installer (often with the Configure Later option). Usually, you perform postinstallation tasks only a few times. For example, you might deploy an additional instance of a product or configure a product for session failover. See also configuration.

postmaster account

(n.) An alias for the email group and email addresses that receive system-generated messages from the Messaging Server. The postmaster account must point to a valid mailbox or mailboxes.

Post Office Protocol Version 3

See POP3.


(n.) A stage of the Java Enterprise System solution life-cycle process in which business needs are translated into a deployment scenario: a logical architecture

preferred directory server

(n.) A directory server master instance used by Identity Synchronization for Windows to detect and apply changes to user entries. While this server is available, Identity Synchronization for Windows will not communicate with any other directory server masters.

prepared command

(n.) A database command in SQL that is precompiled to make repeated execution more efficient. Prepared commands can contain parameters. See also prepared statement.

prepared statement

(n.) A class that encapsulates a QUERY, UPDATE, or INSERT statement that is used repeatedly to fetch data. A prepared statement contains at least one prepared command.

presence index

(n.) A filtering method which enables efficient searching for entries that contain an attribute of a specified type, regardless of the value of the attribute in the entry.

presentation layout

(n.) The format of web page content.

presentation logic

(n.) Activities that create a page in an application, including processing a request, generating content in response, and formatting the page for the client. Usually handled by a web application.

preset message

(n.) Short messages that can be written and saved as Portal Server Mobile Access mobile preferences for later use with a mobile mail application.

primary data view

(n.) One of two Directory Proxy Server data views that makes up a join data view. The primary data view is the authoritative source of entries by default. See also secondary data view.

primary document directory

See document root.

primary key

(n.) The unique identifier that enables the client to locate a particular EJB 2.1 entity beanwithin a home.

primary key class name

(n.) A variable that specifies the fully qualified class name of a bean’s primary key. Used for Java Naming and Directory Interface TM (JNDI) lookups.


(n.) The identity assigned to a user as a result of authentication. A principal can acquire a federated identity capable of making decisions, and authenticated actions can be done on its behalf. Examples of principals include an individual user, a group of individuals, a corporation, other legal entities, or a component of the Liberty architecture.

private key

See public-key cryptography.


(n.) A type of access right that is granted to a user, a set of users, or a resource. This security attribute does not have the property of uniqueness and can be shared by many principals.


(1) (n.) A self-contained, fully functional execution environment set up by an operating system. Each instance of an application typically runs in a separate process.

(2) (n.) Execution sequence of an active program. A process is made up of one or more threads.

processing instruction

(n.) Information contained in an XML structure that is intended to be interpreted by a specific application.


(v.) To pass a message to the client runtime for delivery to a destination.


(n.) An object (MessageProducer) created by a session that is used for sending messages to a destination. In the point-to-point delivery model, a producer is a sender (QueueSender). In the publish/subscribe delivery model, a producer is a publisher (TopicPublisher).

production environment

(n.) A stage of the application life-cycle process, in which distributed applications are started up, monitored, tuned to optimize performance, and dynamically upgraded to include new functionality.

programmatic security

(n.) The process of controlling security explicitly in code rather than allowing the component’s container, a bean’s container, or a servlet engine, for instance, to handle it. Opposite of declarative security. Programmatic security is useful when declarative security alone is not sufficient to express the security model of an application.

programmer-demarcated transaction

See bean-managed transaction.


(n.) The part of an XML document that precedes the XML data. The prolog includes the declaration and an optional DTD.

propagation behavior

(n.) The synchronization process between a consumer and a supplier.


(1) (n.) A single name-value pair that defines the behavior of an application component. See also parameter.

(2) (n.) A name-value pair that modifies an element in an XML file, but that is not predefined in the DTD file. Contrast with attribute.

(3) (n.) In the Application Server, a name-value pair that is not part of the built-in server configuration. Contrast with attribute.


(1) (n.) A set of rules that describes how devices on a network exchange information.

(2) (n.) A formal description of messages to be exchanged and rules to be followed for two or more systems to exchange information.


(n.) The programmatic aspect of a channel. Adding configuration data to a provider differentiates it into an instance of a channel. A provider is a Java class and is responsible for converting the content in a file or the output of an application or service into the proper format for a channel. A number of providers are shipped with the Portal Server including a bookmark provider, an application provider, and a notes provider. As the desktop is imaged, each provider is queried in turn for the content of its associated channel. Some providers are capable of generating multiple channels based upon their configuration.

Examples of content providers include the UserInfoProvider and BookmarkProvider. Examples of container providers include the TabContainerProvider and SingleContainerProvider. Examples of leaf providers include the JSPProvider, XMLProvider, URLScraperProvider and SimpleWebServicesProvider.

provider federation

(n.) A group of service providers who contractually agree to exchange authentication information using an architecture based on the Liberty Alliance Project specifications. See also authentication domain.


(n.) The process of adding, modifying or deleting entries in the Java Enterprise System Directory Server. These entries include users and groups and domain information.


(1) (n.) The mechanism whereby one system acts on behalf of another system in responding to protocol requests. Proxy systems are used in network management to avoid having to implement full protocol stacks in simple devices, such as modems.

(2) (n.) An intermediary program that makes and services requests on behalf of clients. Proxies act as servers and clients in turn and are used to control the content of various network services. See also reverse proxy.

proxy authorization

(n.) A special form of authentication where a client binds to the directory with its own identity but is granted the access rights of another user on a per operation basis. This other user is referred to as the proxy user, and its DN is the proxy DN.

proxy DN

(n.) The DN of an entry that has access permissions to the target on which the client application is attempting to perform an operation. Used with proxy authorization


(n.) A dynamic proxy server than runs on a client machine to redirect a URL to the SRA Gateway. See also Secure Remote Access (SRA)


(pass-through authentication) (n.) Mechanism by which one Java Enterprise System Directory Server consults another Directory Server to check bind rules.

PTA Directory Server

(n.) In pass-through authentication, the PTA Directory Server sends (passes through) bind requests it receives to the authenticating Directory Server.


(n.) In pass-through authentication, the URL that defines the authenticating Directory Server, pass-through subtree or subtrees, and optional parameters.

public folder

(n.) A folder with multiple owners that is shared by multiple people who can access it. Depending on the ACLs set for the folder, more than one person can update or administer the folder.

public information directories

(n.) (UNIX only) Directories not inside the document root that are in a UNIX user’s home directory or under the user’s control, or directories that are under the user’s control.

public key

(n.) The encryption key used in public-key encryption.

public-key certificate

(n.) A data structure containing a user’s public key, as well as information about the time and date during which the certificate is valid. Used in client-certificate authentication to enable the server, and optionally the client, to authenticate each other. The public key certificate is the digital equivalent of a passport. It is issued by a trusted organization, called a certificate authority, and provides identification for the bearer.

public-key cryptography

An method of encryption. In public-key cryptosystems, everyone has two related complementary keys: a publicly revealed key and a secret key (also known as a private key). Each key unlocks the code that the other key makes. Knowing the public key does not help you deduce the corresponding secret key. The public key can be published and widely disseminated across a communications network. This protocol provides privacy without the need for the secure channels that a conventional cryptosystem requires. Also known as asymmetric key cryptography.

public-key encryption

(n.) A cryptographic method that uses a two-part key (code) that consists of public and private components. To encrypt messages, the published public keys of the recipients are used. To decrypt the messages, the recipients use their unpublished private keys known only to them.

public key infrastructure

See PKI.

Public Network Management

(n.) Software that uses fault monitoring and failover to prevent loss of node availability because of single network adapter or cable failure. Public Network Management failover uses sets of network adapters called a network adapter failover group to provide redundant connections between a cluster node and the public network. The fault monitoring and failover capabilities work together to ensure availability of resources.

publish and subscribe delivery model

(n.) A messaging system in which publishers and subscribers are generally anonymous and can dynamically publish or subscribe to a specific node in a content hierarchy, called a topic. The system distributes messages arriving from a topic’s multiple publishers to its multiple subscribers.

purge a message

(v.) To permanently remove a message that has been deleted and is no longer referenced in user and group folders. The space is then returned to the message store file system. See also delete a message and expunge a message.