Sun Java Enterprise System Glossary


abstract schema

(n.) The part of an entity bean's deployment descriptor that defines the bean's persistent fields and relationships. See entity bean, persistence. See also schema.

abstract schema name

(n.) A logical name that is referenced in EJBTM QL queries.

access control

(1) (n.) The means of securing a server by controlling access to the server.

(2) (n.) The methods by which interactions with resources are limited to collections of users or programs for the purpose of enforcing integrity, confidentiality, or availability constraints.

access control entry

See ACE.

access control instruction

See ACI.

access control list

See ACL.

access control rules

(n.) Rules specifying user permissions for a given set of directory entries or attributes.

access domain

(n.) A domain that limits access to certain Messaging Server operations from within a specified domain. For example, an access domain can be used to limit where mail for an account can be collected.


(n.) A connector layer that interfaces directly with a directory source over protocols such as LDAP. Identity Synchronization for Windows has separate accessor implementations for Directory Server, Active Directory, and Windows NT. The accessor is often referenced in log messages about an action.

access rights

(n.) Access rights specify the level of access control granted or denied. Access rights are related to the type of operation that can be performed on the directory. The following rights can be granted or denied: read, write, add, delete, search, compare, selfwrite, proxy, and all.


(n.) Information that defines a specific user or user group. This information includes the user name or group name, valid email address or addresses, and how and where email is delivered.

account inactivation

(n.) The disabling of a single user account, or set of accounts, so that all authentication attempts are automatically rejected.


(access control entry) (1) (n.) A single item of information from an access control list. Also called access control information.

(2) (n.) A hierarchy of rules that the web server uses to evaluate incoming access requests.

(3) (n.) A string that provides access control for calendars, calendar properties, and calendar components such as events and tasks.


(access control instruction) (n.) An instruction that grants or denies permissions to entries in the directory.


(adj.) The acronym for the four properties guaranteed by a transaction: atomicity, consistency, isolation, and durability.


(access control list) (1) (n.) The mechanism for controlling access to your directory. In Directory Server, an ACL is an ACI attribute in a directory entry.

(2) (n.) A collection of ACEs. An ACL is a mechanism for defining which users have access to your server. You can define ACL rules that are specific to a particular file or directory, granting or denying access to one or more users and groups.

(3) (n.) A set of ACE strings that collectively provide access control for calendars, calendar properties, and calendar components such as events and tasks.

(4) (n.) A set of data associated with a directory that defines the permissions that users, groups or users and groups have for accessing the directory. An ACL is composed of one or more ACE strings.

account federation

See identity federation.

accumulated patch

(n.) A patch which combines the fixes from a previous patch (or patches), any previous versions of the same patch and the current set of fixes being released.


(n.) The process of transferring an enterprise bean's state from secondary storage to memory. See also passivation.

active boot environment

(n.) The environment that is currently up and running.

active node

(n.) An HADB node that contains session data. If an active node fails, a spare node copies data from the mirror node and becomes active. See also HADB node, spare node, mirror node, and data redundancy unit.


(n.) Information in an email message that determines where and how the message must be sent. Addresses are found both in message headers and in message envelopes. Envelope addresses determine how the message gets routed and delivered. Header addresses are present merely for display purposes.

address handling

(n.) The actions performed by the MTA to detect errors in addressing, to rewrite addresses if necessary, and to match addresses to recipients.

addressing protocol

(n.) The addressing rules that make email possible. RFC 822 is the most widely used protocol on the Internet and the protocol supported by Messaging Server. Other protocols include X.400 and UUCP.

address token

(n.) The address element of a rewrite rule pattern.

admin console

(n.) The set of browser-based forms used to configure, administer, monitor, maintain, and troubleshoot a JavaTM Enterprise System server and its components.

(n.) The administrator’s Directory Server Access Management Edition GUI interface to Portal Server 6.0.

administered object

(n.) A pre-configured Java Enterprise System object (a connection factory or a destination) created by an administrator for use by one or more JMS clients.

The use of administered objects isolates Java Message Service (JMS) clients from the proprietary aspects of a provider. These objects are placed in a Java Naming and Directory InterfaceTM (JNDI) namespace by an administrator and are accessed by JMS clients using JNDI lookups.

administration console

See admin console.

administration domain

See domain.

administration interface

See admin console.

administration node

(n.) A Web Server node that can communicate with the remote administration server. Each node in a cluster or server farm has an administration server or administration node running on it. Of these nodes, one is configured to be the master server, referred to as the administration server, and the rest are configured to be slave servers, referred to as administration nodes.

administration privileges

(n.) A set of privileges that define a user’s administrative role.

administration server

(n.) A special server that provides the administrative functions of a Java Enterprise System component product.

administration server administrator

(n.) A user who has administrative privileges to start or stop a server even when there is no Java Enterprise System Directory Server connection. The administration server administrator has restricted server tasks (typically only Restart Server and Stop Server) for all servers in a local server group. When an administration server is installed, this administrator\qs entry is automatically created locally. This administrator is not a user in the user directory.

administrative domain

See domain.


(n.) A user with a defined set of administrative privileges. See also configuration administrator, Directory Manager, administration server administrator, server administrator family group administrator, mail list owner.


(n.) The user name and password file for the Sun EnterpriseTM Administrator Server superuser.

adoption scenario

An overall reason for deploying Java Enterprise System software, characterizing the software system you start with and the goal you are trying to achieve. There are four basic Java Enterprise System adoption scenarios: new system, replacement, extension, and upgrade.


(n.) An affiliation is a group of providers formed without regard to their particular authentication domain. It is formed and maintained by an affiliation owner. An affiliation document describes a group of providers collectively identified by their providerID. Members of an affiliation may invoke services either as a member of the affiliation (by virtue of their Affiliation ID) or individually (by virtue of their Provider ID).


(1) (n.) Software that runs the network-management software in a network device, such as a router, host, or X terminal. See also intelligent agent, node agent.

(2) (n.) In Identity Synchronization for Windows, an agent is a connector component that interfaces with Message Queue and translates attributes between their Directory Server names and Windows names. The agent is often referenced in log messages about an action.

alarm event

(n.) An event generated and sent by the Calendar Server ENS. When an alarm event occurs, a message reminder is sent to specific recipients.


(n.) Time-critical messages that users instantly receive in a pop-up window. The sender knows who has received the message and is notified that the message is read when the alert is either closed or clicked, as long as the “Show message status” option was used. If the alert message requires a response, right clicking on the alert brings up a contextual menu with an option to Chat with Sender.

alias file

(n.) A file used to set aliases not set in a directory, such as the postmaster alias.


(n.) Substituting one item for another in the Java Enterprise System Portal Server Search Engine which uses aliasing when importing resource descriptions from another Search Engine that has a different schema.

All IDs threshold

(n.) A size limit that is globally applied to every index managed by the Java Enterprise System Directory Server. When the size of an entry ID list reaches this limit, the server replaces that entry ID list with an All IDs token.

All IDs token

(n.) A mechanism that causes the server to assume that all directory entries match the index key. In effect, the All IDs token causes the Java Enterprise System Directory Server to perform an unindexed search to match the index key.

allowed attributes

(n.) Optional attributes that can be present in entries using a particular object class. See also attribute, required attributes.

Allow filter

(n.) A Java Enterprise System Messaging Server access-control rule that identifies clients that are to be allowed access to one or more POP, IMAP, or HTTP services. See also deny filter.

alternate address

(n.) A secondary address for an account, generally a variation on the primary address. In some cases, it is convenient to have more than one address for a single account.

alternate root

(n.) The location of the root file system on a client on which a package is installed. The alternate root is normally supplied by using pkgadd -R.


(abstract markup language) (n.) A mobile device markup language that is independent of specific vendors or models.

anonymous access

(1) (n.) Accessing a resource without authentication.

(2) (n.) Access, when granted, that allows anyone to access directory information without providing credentials and regardless of the conditions of the bind.


(application programming interface) (1) (n.) A set of instructions that a computer program can use to communicate with other software or hardware that is designed to interpret that API.

(2) (n.) A set of calling conventions or instructions defining how programs invoke services in existing software packages.


(authenticated post office protocol) (n.) Similar to POP, but instead of using a plaintext password for authentication, APOP uses an encoding of the password together with a challenge string.

applet container

(n.) A container that includes support for the applet programming model.

application assembler

(n.) A person who combines J2EETM components and modules into deployable application units.

application client

(n.) A first-tier J2EE client component that executes in its own Java virtual machine. Application clients have access to some J2EE platform APIs.

application client container

(n.) A container that supports application client components. See container.

application client module

(n.) A software unit that consists of one or more classes and an application client deployment descriptor.

application component

See component.

application component provider

(n.) A vendor that provides the Java classes that implement components' methods, JSP page definitions, and any required deployment descriptors.

application configuration resource file

(n.) An XML file used to configure resources for a JavaServer Faces application, to define navigation rules for the application, and to register converters, validators, listeners, renderers, and components with the application.

Application Server

(n.) The application server product included in Sun Java Enterprise System.

application server

(n.) A software platform upon which business applications are run. Application servers typically provide high-level services to applications, such as component life cycle, location, and distribution and transactional resource access.

application service

(n.) A component or component assembly that performs business logic on behalf of multiple clients and must therefore be a multithreaded process. An application service can also be a component or component assembly encapsulated as a web service or a stand-alone content server.

application tier

(n.) A conceptual division of a J2EE application:

client tier: The user interface. End users interact with client software (such as a web browser) to use the application.

server tier: The business logic and presentation logic that make up your application, defined in the application’s components.

data tier: The data access logic that enables your application to interact with a data source.

approximate index

(n.) An index that allows for efficient approximate or “sounds-like” searches across the directory information tree.


A design that shows the logical and physical building blocks of a distributed application (or some other software system) and their relationships to one another. In the case of a distributed enterprise application, the architectural design generally includes both the application’s logical architecture and deployment architecture


(n.) The process of saving the state of an object and restoring it.

A record

(n.) A type of DNS record containing a host name and its associated IP address. An A record is used by messaging servers on the Internet to route email. See also domain name system, MX record.


(n.) A build tool, based on Apache Ant, that can be extended using Java classes. The configuration files are XML-based, calling out a target tree where various tasks get executed. See also build file.


(n.) The process of combining discrete components of an application into a single unit that can be deployed. See also deployment.

asynchronous communication

(n.) A mode of communication in which the sender of a message need not wait for the sending method to return before the sender continues with other work.


(1) (n.) A name-value pair in a request object that can be set by a servlet. Also a name-value pair predefined in a DTD file that modifies an element in an XML file. Contrast with property. See also parameter. More generally, an attribute is a unit of metadata.

(2) (n.) A name-value pair that holds descriptive information about an entry. Attributes have a type (name) and a set of values. An attribute type also specifies the syntax for the kind of information that can be stored as values of attributes of that type.

(3) (n.) Defines the parameters that a Java Enterprise System Directory Server Access Management Edition service provides to an organization. The attributes that make up a Java Enterprise System Directory Server Access Management Edition service are classified as one of the following: Dynamic, Policy, User, Organization, or Global. Using these types to subdivide the attributes in each service allows for a more consistent arrangement of the service schema and easier management of the service parameters.

(4) (n.) In the Application Server, a name-value pair that is part of the built-in server configuration. Contrast with property.

attribute provider

(n.) An attribute provider is a web service that hosts attribute data.

attribute list

See optional attribute list and required attribute list.


(n.) The method or methods by which significant events are recorded for subsequent examination, typically in error or security breach situations.


(n.) An SMTP command enabling an SMTP client to specify an authentication method to the server, perform an authentication protocol exchange, and, if necessary, negotiate a security layer for subsequent protocol interactions.

authenticating Directory Server

(n.) In PTA, the authenticating Java Enterprise System Directory Server contains the authentication credentials of the requesting client. A PTA-enabled user directory passes through bind requests to the authenticating directory, which verifies the bind credentials of the requesting client.


(1) (n.) The process that verifies the identity of a user, device, or other entity in a computer system, usually as a prerequisite to allowing access to resources in a system. The Java servlet specification requires three types of authentication (basic, form-based, and mutual) and supports digest authentication. In private and public computer networks, including the Internet, authentication is commonly done through the use of login passwords. Knowledge of the password is assumed to guarantee that the user is authentic.See also basic authentication, form-based authentication, mutual authentication, and digest authentication.

(2) (n.) The process of proving the identity of the client user to the Java Enterprise System Directory Server. Users must provide a bind DN and either the corresponding password or certificate in order to be granted access to the directory. Java Enterprise System Directory Server allows the user to perform functions or access files and directories based on the permissions granted to that user by the directory administrator. See also server authentication.

authentication certificate

(n.) A digital file sent from server to client or client to server to verify and authenticate the other party. The certificate ensures the authenticity of its holder, the client or server. Certificates are not transferable.

authentication domain

(n.) A group of service providers with at least one identity provider that agrees to exchange user authentication information using the Liberty Alliance Project (LAP). Once a circle of trust is established, single sign-on authentication is enabled between all the providers. Also called a circle of trust.


(n.) The process of determining whether a principal can use a service, which objects the principal is allowed to access, and the type of access that is allowed for each object. Authorization depends on the determination of whether the principal associated with a request through authentication is in a given security role. A security role is a logical grouping of users defined by the person who assembles the application. A deployer maps security roles to security identities. Security identities may be principals or groups in the operational environment.

authorization constraint

(n.) An authorization rule that determines who is permitted to access a Web resource collection.

autoreply option file

(n.) A file used for setting options for email autoreply, such as vacation notices.

AutoReply utility

(n.) A utility that automatically responds to messages sent to accounts with the AutoReply feature activated. Every account in Java Enterprise System Messaging Server can be configured to automatically reply to incoming messages.

availability service

(n.) The Application Server feature for enabling high availability on the server instance, web container, EJB container, and also for RMI/IIOP requests.