|Oracle® Fusion Middleware Administrator's Guide for Oracle HTTP Server
11g Release 1 (11.1.1)
Part Number E10144-05
|PDF · Mobi · ePub|
Apache HTTP Server is an open source web server originally derived from the National Center for Supercomputing Applications (NCSA).
The process of verifying the identity of a user, device, or other entity in a host system, often as a prerequisite to granting access to resources in a system. A recipient of an authenticated message can be certain of the message's origin (its sender). Authentication is presumed to preclude the possibility that another party has impersonated the sender.
The percentage or amount of scheduled time that a computing system provides application service.
Also called a digital certificate. An ITU x.509 v3 standard data structure that securely binds an identity to a public key.
A certificate is created when an entity's public key is signed by a trusted identity, a certificate authority The certificate ensures that the entity's information is correct and that the public key actually belongs to that entity.
A certificate contains the entity's name, identifying information, and public key. It is also likely to contain a serial number, expiration date, and information about the rights, uses, and privileges associated with the certificate. It also contains information about the certificate authority that issued it.
A trusted third party that certifies that other entities—users, databases, administrators, clients, servers—are who they say they are. When it certifies a user, the certificate authority first seeks verification that the user is not on the certificate revocation list (CRL), then verifies the user's identity and grants a certificate, signing it with the certificate authority's private key. The certificate authority has its own certificate and public key which it publishes. Servers and clients use these to verify signatures the certificate authority has made. A certificate authority might be an external company that offers certificate services, or an internal organization such as a corporate MIS department.
Common Gateway Interface (CGI) is the industry-standard technique for transferring information between a Web server and any program designed to accept and return data that conforms to the CGI specifications.
Data that has been encrypted. Ciphertext is unreadable until it has been converted to plain text (decrypted) with a key. See decryption.
The art of protecting information by transforming it (encrypting) into an unreadable format. See encryption.
A database access descriptor (DAD) is a set of values that specify how an application connects to an Oracle database to fulfill an HTTP request. The information in the DAD includes the username (which also specifies the schema and the privileges), password, connect-string, error log file, standard error message, and national language support (NLS) parameters such as NLS language, NLS date format, NLS date language, and NLS currency.
The process of converting a message thereby rendering it unreadable to any but the intended recipient. Encryption is performed by converting data into code that cannot be understood by unauthorized people or systems. There are two main types of encryption: public-key encryption (also known as asymmetric-key encryption) and symmetric-key encryption.
In the context of a directory service, entries are the building blocks of a directory. An entry is a collection of information about an object in the directory. Each entry is composed of a set of attributes that describe one particular trait of the object. For example, if a directory entry describes a person, that entry can have attributes such as first name, last name, telephone number, or e-mail address.
The ability to reconfigure a computing system to utilize an alternate active component when a similar component fails.
Hypertext Transfer Protocol (HTTP) is the underlying format used by the Web to format and transmit messages and determine what actions Web servers and browsers should take in response to various commands. HTTP is the protocol used between Oracle Fusion Middleware and clients.
A standard, extensible directory access protocol. It is a common language that LDAP clients and servers use to communicate. The framework of design conventions supporting industry-standard directory products, such as the Oracle Internet Directory.
Modules extend the basic functionality of a Web server, and support integration between Oracle HTTP Server and other Oracle Fusion Middleware components.
Oracle Enterprise Manager Fusion Middleware Control (Fusion Middleware Control) provides Web-based management tools designed specifically for Oracle Fusion Middleware. Using Fusion Middleware Control, you can monitor and configure the components of your application server, such as deploy applications, manage security, and create and manage Oracle Fusion Middleware clusters.
Privacy-enhanced Electronic Mail. An encryption technique that provides encryption, authentication, message integrity, and key management.
PL/SQL is the Oracle proprietary extension to the SQL language. PL/SQL adds procedural and other constructs to SQL that make it suitable for writing applications.
A module that adds a specific feature or service to a larger system. For example, Oracle Proxy Plug-in or Oracle SSO Plug-in.
A proxy server typically resides on a network firewall and allows clients behind the firewall to access Web resources. All requests from clients go to the proxy server rather than directly to the destination server. The proxy server forwards the request to the destination server and passes the received information back to the client. The proxy server channels all Web traffic at a site through a single, secure port; this allows an organization to create a secure firewall by preventing Internet access to internal systems, while allowing Web access.
The process where the sender of a message encrypts the message with the public key of the recipient. Upon delivery, the message is decrypted by the recipient using its private key.
A set of two numbers used for encryption and decryption, where one is called the private key and the other is called the public key. Public keys are typically made widely available, while private keys are held by their respective owners. Though mathematically related, it is generally viewed as computationally infeasible to derive the private key from the public key. Public and private keys are used only with asymmetric encryption algorithms, also called public-key encryption algorithms, or public-key cryptosystems. Data encrypted with either a public key or a private key from a key pair can be decrypted with its associated key from the key-pair. However, data encrypted with a public key cannot be decrypted with the same public key, and data encrypted with a private key cannot be decrypted with the same private key.
A public-key encryption technology developed by RSA Data Security. The RSA algorithm is based on the fact that it is laborious to factor very large numbers. This makes it mathematically unfeasible, because of the computing power and time required to decode an RSA key.
A measure of how well the software or hardware product is able to adapt to future business needs.
Secure Sockets Layer (SSL) is a standard for the secure transmission of documents over the Internet using HTTPS (secure HTTP). SSL uses digital signatures to ensure that transmitted data is not tampered with.
Single sign-on enables a you to authenticate once, combined with strong authentication occurring transparently in subsequent connections to other databases or applications. It lets you access multiple accounts and applications with a single password, entered during a single connection.
See Secure Sockets Layer.
Also called a digital wallet. A wallet is a data structure used to store and manage security credentials for an individual entity. It implements the storage and retrieval of credentials for use with various cryptographic services. A Wallet Resource Locator (WRL) provides the necessary information to locate the wallet.
A wallet resource locator (WRL) provides all necessary information to locate a wallet. It is a path to an operating system directory that contains a wallet.