|
Oracle® Application Server Certificate Authority Administrator's Guide
10g Release 2 (10.1.2) Part No. B14080-01 |
|
 Previous |
 Next |
|
Oracle® Application Server Certificate Authority Administrator's Guide
10g Release 2 (10.1.2) Part No. B14080-01 |
|
|
Previous |
Next |
Table H-1 lists the glossary items and their definitions. Related topics are also listed: those that are in the table are links; others are accessible through the index.
Table H-1 Definitions for Terms Used in OracleAS Certificate Authority
| Term | Meaning | Related Topics |
|---|---|---|
| Authentication | Authentication is a security measure that establishes the validity of a transmission, message, or originator. It is a means of verifying an individual's authorization to receive specific information. |
|
| Certificate | A certificate is a digital representation that ties the user's identification to the user's public key in a trusted bond. The certificate identifies the certificate authority issuing the certificate, the names of the person, process, or equipment that is the user of the certificate, the user's public key, and is digitally signed by the certificate authority. | Certificate Authority, Code Signing Certificates |
| Certificate Authority | A certificate authority (CA) is an authority trusted by one or more users to issue and manage X.509 public key certificates and certificate revocation lists. | Certificate, Certificate Revocation List |
| Certificate Revocation List | Often abbreviated as CRL, this is a list of revoked certificates published by a certificate authority. Certificates can be revoked before their expiration date for a variety of reasons. For example, a certificate may be revoked if the private key is compromised. If automatic CRL generation is enabled (which then requires an interval for subsequent regenerations), then Oracle Certificate Authority automatically generates a CRL each time the specified interval elapses. | Certificate, Certificate Authority, Setting Up and Enabling Automatic CRL Generation |
| Client Secure Socket Layer Certificates | Used to identify clients to servers through the secure socket layer (client authentication). | Certificate
|
| Code Signing Certificates | Used to identify signers of Java code, JavaScripts, or other signed files. | Certificate
|
| Digital Signatures | A digital signature is an electronic analog of a written signature that is generated from a message prior to its dispatch and can be used to verify to the recipient that the message was signed by the originator.
Digital signature systems require a two-step process:
Digital signatures are a particular application of public key encryption. |
Key Pair, Public Key Encryption |
| Directory | The directory provides a repository from which users can obtain public key certificates for themselves and for other users and where they can verify that certificates have not been revoked. |
|
| Distinguished Name | Distinguished names are used to give the holder of certificates unique identifiable characteristics that distinguish each certificate from all other certificates.
Example: cn=Sara Will, ou=Sales, o=Acme Corporation, c=AU Where cn stands for common name, ou stands for organizational unit, o stands for organization, and c stands for country. Note: Domain component entries in the DN can be used in addition to (or to replace) entries for organization or country. Examples include dc=be (for belgium) or dc=us (for United States) or dc=oracle or dc=com. DN fields must be separated by a comma. For a DN, the DC and EMAIL components must use only printable (ASCII) characters. Even in a locale that uses a multi-byte character set, the DC and EMAIL components for Distinguished Names must still use ASCII characters. |
Domain Component Attributes
|
| Domain Component Attributes | The domain component attribute can be used in constructing a DN from a domain name. For example, an organization named "Acme, Inc.", having registered the domain name "acme.com", could deploy a directory following this naming plan by proceeding as follows: it would construct the DN
dc=acme, dc=com from its domain name, and then use this DN as the root of its subtree of directory information. The DN itself can identify a directory organization object representing information about the organization, so that subordinates of the DN are directory objects related to the organization. The domain component attribute can be used to name subdivisions of the organization, such as organizational units and localities. Acme, for example, might use the domain names "corporate.acme.com" and "richmond.acme.com" to construct the names dc=corporate, dc=acme, dc=com dc=richmond, dc=acme, dc=com under which to place its directory objects. Such subdivisions of the organization could also be assigned RDNs using the conventional X.509 naming attributes, such as ou=corporate, dc=acme, dc=com l=richmond, dc=acme, dc=com. |
Distinguished Name
|
| Encryption Certificate | An encryption certificate is a certificate containing a public key that is used to encrypt electronic messages, files, documents, or data transmission, or to establish or exchange a session key for these same purposes. | Certificate, Public Key |
| Key Pair | A key pair includes two mathematically related keys where one key can be used to encrypt a message that can only be decrypted by using the other key. | Private Key, Public Key |
| Policy Precedence | Policies are applied to incoming requests in the order that they are displayed on the main policy page. When the Oracle Certificate Authority policy processor module parses policies, those that appear toward the top of the policy list are applied to requests first. Those that appear toward the bottom of the list are applied last and take precedence over the others. Note: only enabled policies are applied to incoming requests. |
|
| Predicates | A policy predicate is a logical expression that can be applied to a policy to limit how it is applied to incoming requests or revocations. For example, the following predicate expression specifies that the policy in which it appears can have a different effect for requests or revocations from clients with DNs that include ou=sales,o=acme,c=us:
Type=="client" AND DN=="ou=sales,o=acme,c=us" For detailed information about predicates and predicate expression syntax, see Chapter 5, "Managing Policies in Oracle Application Server Certificate Authority". |
|
| Private Key | The private key is the key of a signature key pair used to create a digital signature, or the key of an encryption key pair used to decrypt confidential information. In both cases, the private key must be kept secret. | Key Pair, Public Key |
| Public Key | The public key is the key of a signature key-pair used to validate a digital signature or the key of an encryption key-pair used to encrypt confidential information. In both cases, this key is made publicly available. | Key Pair, Private Key |
| Public Key Encryption | Public key encryption involves two corresponding keys, commonly known as a key-pair. One of these keys is private (private key) and the other key is widely known (public key). The owner needs to know the private key, and the public key is available and known to anyone. Since only one party needs to know the private key, it does not need to be transmitted between parties. Therefore, the private key is never at the risk of interception. Knowledge of the public key by a third party does not compromise the security of data transmission.
The owner of the private key can digitally sign a document by encrypting a unique digest of the message with the private key. The source of the document can be verified by decrypting the digital signature with the public key and comparing it to the digest of the message.
|
Key Pair, Private Key, Public Key |
| Public Key Infrastructure | Public key infrastructure is a system of hardware, software, policies, and people that can provide a suite of information security assurance that are important in protecting sensitive communications and transactions. |
|
| Root CA | In a hierarchical public key infrastructure, the root certificate authority (CA) is the CA whose public key serves as the most trusted datum for a security domain. | Certificate Authority, Public Key |
| S/MIME | S/MIME (Secure Multipart Internet Mail Extensions) is a protocol that adds digital signatures and encryption to Internet MIME messages. |
|
| Subordinate CA | In a hierarchical public key infrastructure, the subordinate certificate authority (CA) is a CA whose certificate signature key is certified by another CA, and whose activities are constrained by that other CA. | Certificate Authority
|
| X.509 | The International Telecommunications Union Telecommunication Standardization Section recommendation that defines a framework for the provision of authentication services under a central control paradigm represented by a directory. It is the most widely used standard for defining the format for digital certificates and certificate revocation lists. |
|
