Sun Java Enterprise System Glossary





(SOAP with Attachments API for Java) (n.) The basic package for SOAP messaging, SAAJ contains the API for creating and populating a SOAP message.


(server application function) (n.) A function that participates in request processing and other server activities.

safe file system

(n.) A file system that performs logging so that if a system crashes the system can roll back the data to a pre-crash state and restore all data. An example of a safe file system is Veritas File System, VxFS.


(simple authentication and security layer) (n.) A means for controlling the mechanisms by which POP, IMAP or SMTP clients identify themselves to the server. Java Enterprise System Messaging Server support for SMTP SASL use complies with RFC 2554 (ESMTP AUTH). SASL is defined in RFC 2222. See also POP3 and IMAP4.


(Simple API for XML) (n.) An event-driven interface in which the parser invokes one of several methods supplied by the caller when a parsing event occurs. Events include recognizing an XML tag, finding an error, encountering a reference to an external entity, or processing a DTD specification.


(1) (n.) Definitions describing what types of information can be stored as entries in the directory. When information that does not match the schema is stored in the directory, clients attempting to access the directory might be unable to display the proper results.

(2) (n.) The structure of the tables and columns in a database. In the Application Server, a schema can be automatically generated from an entity bean.

(3) (n.) A database-inspired method for specifying constraints on XML documents using an XML-based language. Schemas address deficiencies in DTD files, such as the inability to put constraints on the kinds of data that can occur in a particular field. Because schemas are founded on XML, they are hierarchical. Thus it is easier to create an unambiguous specification, and it is possible to determine the scope over which a comment is meant to apply.

schema checking

(n.) A verification process which ensures that entries added or modified in the directory conform to the defined schema. Schema checking is on by default and users receive an error if they try to save an entry that does not conform to the schema.

schema name

(n.) The schema or type of a SOIF. For example, a SOIF for a document has the schema name @DOCUMENT, while a SOIF for a resource description message header has the schema name @RDMHeader.


See service control manager.


(n.) Restrictions placed on the resource descriptions imported by an import agent. The syntax used is the same as that for user searches.

search base

See base DN.

Search database

(n.) A searchable database of resource descriptions usually generated by a robot. See also robot.

search data hiding rule

(n.) A rule that determines how Directory Proxy Server should filter and return the result of a search operation to a client.

Search Engine

(n.) A search feature incorporated into Portal Server 6.0. Previously called Compass Server (Portal Server 3.0). The Search Server holds a database of resource descriptions gathered by robots, usually categorized. Users can search the resource descriptions or browse through the categories to locate particular resources.

secondary data view

(n.) One of two Directory Proxy Server data views that makes up a join data view. The secondary data view generally provides additional information about entries in the primary data view. See also primary data view.

secondary directory server

(n.) A master directory server master instance in multimaster replication environment that Identity Synchronization for Windows can use when the preferred directory server is not available. While the preferred directory server is unavailable, Identity Synchronization for Windows can synchronize changes made in Active Directory or Windows NT to the secondary directory server, but changes made at the secondary server or any other directory server master will not be synchronized until the preferred directory server is available.

Secure Remote Access (SRA)

(n.) SRA allows most client devices access to personalized portal applications, content, files and services through a secure connection. Also called Sun JavaTM System Portal Secure Remote Access (SRA).

secure socket layer

See SSL.


(n.) A screening mechanism that ensures that application resources are only accessed by authorized clients.

security attribute

(n.) An attribute associated with a principal. Security attributes can be associated with a principal by an authentication protocol or by a J2EE product provider or both.

security constraint

(n.) A declarative way to annotate the intended protection of web content. A security constraint consists of a web resource collection, an authorization constraint, and a user data constraint.

security context

(n.) An object that encapsulates the shared state information regarding security between two entities.

security-module database

(n.) A file that contains information describing hardware accelerators for SSL ciphers. Also called secmod.

security permission

(n.) A mechanism defined by J2SE, and used by the J2EE platform to express the programming restrictions imposed on application component developers.

security permission set

(n.) The minimum set of security permissions that a J2EE product provider must provide for the execution of each component type.

security policy domain

See realm.

security role

See role.

security technology domain

(n.) A scope over which the same security mechanism is used to enforce a security policy. Multiple security policy domains can exist within a single technology domain.

security view

(n.) The set of security roles defined by the application assembler.

self access

(n.) When granted, indicates that users have access to their own entries if the bind DN matches the targeted entry.

self-generated certificate

(n.) Public key value only used when entities are named using the message digest of their public value and when these names are securely communicated. See also issued certificate.


(n.) (UNIX only) A common MTA. In most applications, Java Enterprise System Messaging Server can be used as a drop-in replacement for sendmail.

serializable object

(n.) An object that can be deconstructed and reconstructed, which enables it to be stored or distributed among multiple servers.


(n.) A multi-threaded software process (as distinguished from a hardware server) that provides a distributed or cohesive set of services for clients that access the service by way of an external interface.

server administrator

(n.) The person who performs server management tasks. The server administrator provides restricted access to tasks for a particular server, depending upon task ACIs. The configuration administrator must assign user access to a server. Once a user has server access permissions, that user is a server administrator who can provide server access permissions to users.

server assembly

(n.) A group of Java Enterprise System servers dependent on one another or closely enough related to be installed or deployed as a unit.

server authentication

(n.) A method of authentication which allows a client to make sure that it is connected to a secure server, preventing another computer from impersonating the server or attempting to appear secure when the server is not secure.

server certificate

(n.) Used with the HTTPS protocol to authenticate web applications. The certificate can be self-signed or approved by a certificate authority (CA). The HTTPS service of the Application Server will not run unless a server certificate has been installed.

server daemon

(n.) A process when running that listens for and accepts requests from clients.

server farm

(n.) In Web Server, a server farm is a network of one or more nodes running different configurations. In contrast, a cluster is a network of nodes running with identical configurations and web applications.

server instance

(1) (n.) An Application Server can contain multiple instances in the same installation on the same machine. Each instance has its own directory structure, configuration, and deployed applications. Each instance can also contain multiple virtual servers. See also virtual server.

(2) (n.) An instance of Directory Server or Directory Proxy Server. An instance is defined by an instance path, and has related database and configuration files. Multiple instances can be run on a single host system.

Server Message Block protocol

(n.) A protocol that provides a method for client applications in a computer to read and write to files on and to request services from server programs in a computer network. The SMB protocol can be used over the Internet on top of its Transmission Control Protocol or on top of other network protocols such as Internetwork Packet Exchange and NetBEUI. Java Enterprise System Portal Server uses SMB for NetFile.

server plug-in API

(n.) An extension that allows you to extend and customize the core functionality of Java Enterprise System servers and provide a scalable, efficient mechanism for building interfaces between the HTTP server and back-end applications. Also known as NSAPI.

server principal

(n.) The operating system principal that the server is executing as.

server process

(n.) A self-contained, fully functional execution environment set up by an operating system. Each instance of an application typically runs in a separate process.

server root

(1) (n.) A directory on the server machine dedicated to holding the server program and configuration files, maintenance files, and information files. Also known as ServerRoot or the domain directory.

(2) (n.) A directory location relative to other files on a server. For example, the default Calendar Server installation for Solaris systems uses the path /opt/SUNWics5/ as the server root.

(3) (n.) The directory into which all Java Enterprise System servers associated with a given Java Enterprise System Administration Server on a given host are installed. See also installation directory and instance directory.

server-side rules

(n.) A set of rules for enabling server-side filtering of mail. Based on the Sieve mail filtering language.


(1) (n.) A function provided by a server. For example, Java Enterprise System Messaging Server provides SMTP, POP, IMAP, and HTTP services.

(2) (n.) A software function performed for one or more clients. This function might be at a very low level, such as a memory management, or at a high level, such as a credit check business service. A high-level service can consist of a family of individual services. Services can be local (available to local clients) or distributed (available to remote clients).

service control manager

(n.) (Windows NT only) An administrative program for managing services.

service element

(n.) A representation of the combination of one or more connector components that share a single engine component for processing incoming requests.

service endpoint interface

(n.) A Java interface that declares the methods that a client can invoke on a web service.

service quality component

(n.) One of a number of kinds of system components included in Java Enterprise System. Support components, which include access components and administrative components, provide support for system service

service-oriented architecture

See SOA.

service provider

(n.) Commercial or not-for-profit organizations that offer web-based services. Can include internet portals, retailers, transportation providers, financial institutions, entertainment companies, libraries, universities, and governmental agencies.

Service Registry

(n.) The ebXML registry product included in Java Enterprise System.

service stack

(n.) A layering of distributed services that are needed to support distributed enterprise applications. The layering reflects the dependency of higher-level services on the services below them in the stack.


(1) (n.) A server-side program written in the Java programming language that extends the functionality of a Web server, generating dynamic content and interacting with Web applications using a request-response paradigm. Servlets are similar to applets in that they run on the server-side, but servlets do not use a user interface.

(2) (n.) An instance of the Servlet class. A servlet is a reusable application that runs on a server. In the Java Enterprise System Application Server, a servlet acts as the central dispatcher for each interaction in an application by performing presentation logic, invoking business logic, and invoking or performing presentation layout.

servlet container

(n.) A container that provides the network services over which requests and responses are sent, decodes requests, and formats responses. All servlet containers must support HTTP as a protocol for requests and responses but can also support additional request-response protocols, such as HTTPS.

servlet container, distributed

(n.) A servlet container that can run a web application that is tagged as distributable and that executes across multiple Java virtual machines running on the same host or on different hosts.

servlet context

(n.) An object that contains a servlet's view of the web application within which the servlet is running. Using the context, a servlet can log events, obtain URL references to resources, and set and store attributes that other servlets in the context can use.

servlet engine

(n.) An internal object that handles all servlet metafunctions. Collectively, a set of processes that provide services for a servlet, including instantiation and execution.

servlet mapping

(n.) Defines an association between a URL pattern and a servlet. The mapping is used to map requests to servlets.

servlet runner

(n.) The part of the servlet engine that invokes a servlet with a request object and a response object. See session bean.


(1) (n.) An object used by a servlet or stateful session bean to track a user’s interaction with a J2EE or web application across multiple HTTP requests. See also persistence.

(2) (n.) An instance of a client-server connection. See also client-server model

(3) (n.) For Java Enterprise System Portal Server, a sequence of interactions between a user and one or more applications, starting with login and ending with logout or timeout.

(4) (n.) For Message Queue, a single threaded context for sending and receiving messages. This can be a queue session or a topic session.

session bean

(n.) An enterprise bean that is created by a client and usually exists for the duration of a single client-server session only. A session bean performs operations for the client, such as calculations or accessing other enterprise beans. While a session bean can be transactional, a session bean is not recoverable if a system crash occurs. Session bean objects can be either stateless (not associated with a particular client) or stateful (associated with a particular client), so they can maintain conversational state across methods and transactions. See also stateful session bean.

session cookie

(n.) A cookie that is returned to the client containing a user session identifier. See also sticky cookie.

session failover

(n.) A failover implementation in Access Manager that uses Sun Java System Message Queue as the communications broker and the Berkeley DB as the session store database. This implementation does not use any web container session management facilities. Access Manager session failover retains a user's authenticated session state in the event of a single hardware or software failure, which allows the user's session to fail over to a secondary Access Manager instance without losing any session information or requiring the user to log in again. See also failover, persistence.

session key

(n.) A common cryptographic technique to encrypt each individual conversation between two people with a separate key.

session timeout

(n.) A specified duration after which a sever can invalidate a user session.


(Standard Generalized Markup Language) (n.) The parent of both HTML and XML. Although HTML shares SGML's propensity for embedding presentation information in the markup, XML is a standard that allows information content to be totally separated from the mechanisms for rendering that content.

shared component

(n.) One of a number of kinds of system components included in Java Enterprise System. Shared components, usually libraries, provide local services to other system components. By contrast, a system service provides distributed infrastructure services to other system components (or to application components).

shared component descriptor file

(n.) A file containing metadata for a given shared component (usually in XML format).

shared folder

(n.) A folder that can be read by more than one person. Shared folders have an owner who can specify read access to the folder and who can delete messages from the shared folder. The shared folder can also have a moderator who can edit, block, or forward incoming messages. Only IMAP folders can be shared. See also personal folder, public folder.

shared-key cryptography

(n.) A type of cryptography where each party must have the same key to encrypt or decrypt ciphertext. Also known as symmetric key cryptography.


(server-side include Hypertext markup language) (n.) An HTML file that includes embedded server-side includes (SSIs).


(n.) A proposed language for filtering mail.

Simple API for XML

See SAX.

simple authentication and security layer


simple index

(n.) A type of directory listing that displays only the names of the files without any graphical elements. The opposite of fancy indexing.

Simple Mail Transfer Protocol


Simple Network Management Protocol


Simple Object Access Protocol



(n.) Solstice Internet Mail ServerTM and Sun Internet Mail ServerTM.

single field substitution string

(n.) In a rewrite rule, part of the domain template that dynamically rewrites the specified address token of the host and domain address. See also domain template.

single identity

(n.) An identity that a user has by virtue of a single user entry in a Java Enterprise System directory. Based on this single user entry a user can be allowed access to various Java Enterprise System resources, such as a portal, web pages, and services such as messaging, calendar, and instant messaging.

single logout

(n.) The ability of a user to log out from an identity provider or a service provider, and to be logged out from all service providers or identity providers in that authentication domain.

single sign-on (SSO)

(1) (n.) A feature that allows a user’s authentication to one service in a distributed system to be automatically applied to other services in the system.

(2) (n.) A situation where a user’s authentication state can be shared across multiple J2EE applications in a single virtual server instance. See SSO.

(3) (n.) The authentication process established when a user with a federated identity authenticates to an identity provider. Because the user has a federated identity, the user can access affiliated service providers without having to reauthenticate.


(n.) A location on the network where the robot goes to look for resources. You determine the address of the site and the kinds of documents you want to index there in a site definition.

site configuration

(n.) A capability that provides a simplified configuration allowing Access Manager clients to communicate with multiple load-balanced Access Manager instances. Site configuration supports deployments with multiple load balancers and firewalls around each site.

site definition

(n.) Constraints placed on where a robot can go to locate resources. Using site definitions, you can limit a robot to a particular server, a specified group of servers, or a domain. A site definition includes filters that describe what types of documents the robot should index from the site.


(n.) An SMTP extension enabling a client to declare the size of a particular message to a server. The server might indicate to the client that it is or is not willing to accept the message based on the declared message size. The server can declare the maximum message size it is willing to accept to a client. Defined in RFC 1870.


(n.) (Windows only) The process or service responsible for all actions of the Directory Server. On UNIX systems, the equivalent is ns-slapd.

slave channel program

(n.) A channel program that accepts transfers initiated by a remote system. See also master channel program.

smart host

(n.) The mail server in a domain to which other mail servers forward messages if they do not recognize the recipients.

SMB protocol

See Server Message Block protocol.


(Simple Mail Transfer Protocol) (n.) The email protocol most commonly used by the Internet and the protocol supported by the Java Enterprise System Messaging Server. Defined in RFC 821, with associated message format descriptions in RFC 822.



SMTP proxy

(n.) A variant of SMTP that sends messages from one computer to another on a network and is used on the Internet to route email.

sn attribute

(n.) LDAP alias for surname.


(Simple Network Management Protocol) (n.) A protocol used to exchange data about network activity. With SNMP, data travels between a managed device (anything that runs SNMP such as hosts, routers, your web server, and other servers on your network) and an NMS.

SNMP master agent

(n.) Software that exchanges information between the various subagents and the NMS.


(n.) Firewall software that establishes a connection from inside a firewall to the outside when direct connection would otherwise be prevented by the firewall software or hardware, for example, the router configuration.

SNMP subagent

(n.) Software that gathers information about the managed device and passes the information to the master agent.


(service-oriented architecture) (n.) Describes a composite application made up of consumers and providers of services. The consumers and providers can exchange messages without reference to one another's concrete location. The architecture also isolates the core processes of an application from other service providers and consumers.


(Simple Object Access Protocol) (n.) A lightweight protocol intended for exchanging structured information in a decentralized, distributed environment. It defines, using XML technologies, an extensible messaging framework containing a message construct that can be exchanged over a variety of underlying protocols.

SOAP with Attachments API for Java


soft restart

(n.) A way to restart the server that causes the server to internally restart by rereading its configuration files. A soft restart sends the process the HUP signal (signal number one). The process itself does not die, as it does in a hard restart.


(summary object interchange format) (n.) A syntax for transmitting resource descriptions and other kinds of structured objects. Each resource description is represented as a list of attribute-value pairs. SOIF handles both textual and binary data as values and with some minor extensions multi-valued attributes. SOIF is a streaming format that allows bulk transfer of many resource descriptions in a single, efficient stream.

SOIF attribute

(n.) A type of data base attribute. Each resource description in the search database has multiple attributes or fields. These attributes are known as SOIF attributes.

SolarisTM logical name

(n.) The name typically used to manage Solaris Operating System devices. For disks, these usually look something like /dev/rdsk/c0t2d0s2. For each Solaris logical device name, there is an underlying Solaris physical device name. See also Solaris physical name.

Solaris physical name

(n.) The name that is given to a device by its device driver in the Solaris Operating System. The name shows up on a Solaris machine as a path under the /devices tree. For example, a typical SI disk has a Solaris physical name similar to devices/sbus@1f,0/SUNW,fas@e,8800000/sd@6,0:c,raw. See also SolarisTM logical name.

solution life cycle

(n.) A tool for planning and tracking a deployment project. The life cycle structures the preparation, analysis, and design necessary for successful deployment planning into a series of ordered phases. Each phase consists of related tasks that result in outputs that are carried forward as inputs to subsequent phases. The tasks within each phase are iterative, requiring thorough analysis and design before generating the outputs for that phase.

spare node

(n.) An HADB node that can replace a failed active node. If an active node fails, a spare node copies data from the mirror node and becomes active. See also HADB node,active node, mirror node, and data redundancy unit.


See robot.


(n.) A form of network attack in which a client attempting to access or send a message to a server misrepresents its host name.


(structured query language) (n.) The standardized relational database language for defining database objects and manipulating data. SQL2 and SQL3 designate versions of the language.


(n.) A set of standards that includes specifications for embedding SQL statements in methods in the Java programming language and specifications for calling Java static methods as SQL stored procedures and user-defined functions. An SQL checker can detect errors in static SQL statements at program development time, rather than at execution time as with a JDBC driver.


(secure socket layer) (n.) A form of secure, low-level encryption that is used by other protocols like HTTP and FTP. The SSL protocol includes provisions for server authentication, encryption of data in transit, and optional client authentication. The protocol allows client-server applications to communicate in a way that cannot be eavesdropped upon or tampered with.

SSL authentication

(n.) A method of authentication which confirms users’ identities with security certificates by using the information in the client certificate as proof of identity, or verifying a client certificate published in an LDAP directory.

SSL certificate

(n.) An electronic token that means you or a vendor have given approval to encrypt and decrypt your secure transactions using PKI. You create a self-signed SSL Certificate when you install Java Enterprise System Portal Server software. However, you can also obtain an SSL Certificate from a certificate vendor who authorizes secure communications services over the Internet.


See single sign-on (SSO).


See server root.

standard index

(n.) Indexes that are maintained by default.

starting points

(n.) The list of sites that a Search Engine robot visits to begin enumeration of resources.


(1) (n.) The circumstances or condition of an entity at any given time.

(2) (n.) A distributed data storage mechanism that you can use to store the state of an application using the Java Enterprise System Application Server feature interface IState2. See also conversational state, persistent state.

stateful session bean

(n.) A session bean that represents a session with a particular client and which automatically maintains conversational state across multiple client-invoked methods.

stateless session bean

(n.) A session bean that represents a stateless service. A stateless session bean is completely transient and encapsulates a temporary piece of business logic needed by a specific client for a limited time span. All instances of a stateless session bean are identical.

static group

(n.) A mail group defined statically by enumerating each group member. See also dynamic group.

static web content

(n.) Static HTML files, images, applet Java archive (JAR) files, and anything else that can be served up directly by the web server without using the Java web container. For Java Enterprise System Portal Server, the web files are installed in the web server (same place as dynamic web application).

status event

(n.) Status of a user including whether online.

sticky cookie

(n.) A cookie that is returned to the client to force the client to always connect to the same server process. See also session cookie.

sticky load balancing

(n.) A method of load balancing where an initial client request is load balanced, but subsequent requests are directed to the same process as the initial request.

stop word

(n.) A word identified to the search function as a word on which the search function should not search, for example, words such as “the,” “a,” “an,” and “and.” Also known as a drop word.

stored procedure

(n.) A block of statements written in SQL and stored in a database. You can use stored procedures to perform any type of database operation, such as modifying records, inserting records, or deleting records. The use of stored procedures improves database performance by reducing the amount of information that is sent over a network.


(n.) A technique for managing how data is communicated through HTTP. When results are streamed, the first portion of the data is available for use immediately. When results are not streamed, the whole result must be received before any part of it can be used. Streaming provides a way to allow large amounts of data to be returned in a more efficient way, improving the perceived performance of the application.

strftime function

(n.) A function that converts a date and a time to a string. This function is used by the server when appending trailers. The strftime function has a special format language for the date and time that the server can use in a trailer to illustrate a file’s last-modified date.


See SNMP subagent.


(n.) The next-to-last part of a gateway that identifies the division or department within a company or organization that owns the domain name (for example, and A subdomain is not always specified.


(n.) The portion of an IP address that identifies a block of host IDs.

subordinate reference

(n.) The naming context that is a child of the naming context held by your directory server. See also knowledge information.


(n.) In Java Enterprise System Directory Server Access Management Edition, an object created under an organization and used by an enterprise for more granular control of its departments and resources. For example, when setting up your Java Enterprise System Portal Server, you might create a suborganization called mycompany under the top-level object isp.

subschema entry

(n.) An entry containing all the schema definitions (definitions of object classes, attributes, matching rules, and so on) used by entries in part of a directory tree.

substring index

(n.) A search filer which allows for efficient searching against substrings within entries. Substring indexes are limited to a maximum of three characters per index key.

sub suffix

(n.) A branch underneath a root suffix.


(n.) The name of the entry in the directory tree below which data is stored. Multiple suffixes are possible within the same directory. Each database only has one suffix.

summary object interchange format


SunTM Cluster software

The Sun Cluster software system that is used to create highly available and scalable services.

Sun Java System Application Server

See Application Server.

Sun Java System Communications Express

See Communications Express.

Sun Java System Compass Server

See Compass Server.

Sun Java System Connector for Microsoft Outlook

See Connector for Microsoft Outlook.

Sun Java System Delegated Administrator

See Delegated Administrator.

Sun Java System Directory Server

See Directory Server.

Sun Java System Instant Messaging Client

See Instant Messaging Client.

Sun Java System Message Queue

See Message Queue.

Sun Java System Portal Secure Remote Access (SRA)

See Secure Remote Access (SRA).

Java System Portal Server

See Portal Server.

Sun Java System Synchronization

(n.) Software that runs on a Microsoft Windows personal computer and enables users to synchronize calendar events and tasks with mobile devices and personal information managers (PIMs) such as Microsoft Outlook.

Sun Java System Web Server

See Web Server.


(n.) A server containing the master copy of directory trees or subtrees that are replicated to consumer servers.

supplier replica

(n.) A replica that contains a master copy of directory information and can be updated. A server can hold any number of master replicas.

supplier directory server

(n.) Any directory server that sends changes to other directory servers. See also consumer directory server.


(n.) (UNIX only) A special file or directory that points to another file or directory so that both files or directories have the same contents.

symmetric encryption

(n.) Encryption that uses the same key for both encrypting and decrypting. The Data Encryption Standard (DES) is an example of a symmetric encryption algorithm.

symmetric key cryptography

See shared-key cryptography.


(1) (n.) The update of data by a master directory server to a replica directory server.

(2) (n.) The update of the MTA directory cache.

Synchronization User List

(n.) Defines users in the Sun and Windows directories to be synchronized. A Synchronization User List can restrict the scope of users to be synchronized based on an LDAP base DN or filter.

system component

(n.) Any software package or set of packages included in the Java Enterprise System and installed by the Java Enterprise System installer. There are several kinds of system components: servers that provide distributed infrastructure services, system services which support the system services components by providing access and administrative services, and shared components that provide local services to other system components.

system index

(n.) An index that cannot be deleted or modified as it is essential to Directory Server operations.

system service

(n.) One or more distributed services that define the unique functionality provided by Java Enterprise System. System services normally require the support of a number of suppliers and/or a number of shared components.

system service component

(n.) One of a number of kinds of system components included in Java Enterprise System. System services components provide the main Java Enterprise System infrastructure services: portal services, communication and collaboration services, identity and security services, web and application services, and availability services.