Previous
Contents
DocHome
Index
Next
|
| iPlanet Trustbase Transaction Manager 3.0.1 Beta Developer Guide |
Glossary and References
The objectives of this chapter are to cover
Software Platform
Transport Protocols
Glossary
Security related terms
Software Platform
Solaris 8 and JDK
http://www.sun.com/software/solaris/cover/sol8.html
iPlanet Application Server 4.1
http://www.iplanet.com/products/infrastructure/app_servers/index.html
iPlanet Web Server 6.0
http://www.iplanet.com/products/infrastructure/web_servers/index.html
Oracle 8i
http://www.oracle.com
Hardware Security nCipher KeySafe 1.0 and CAFast
http://www.ncipher.com
HTTP
HTTP/1.0 or 1.1 protocol:
http://www.w3.org/Protocols/rfc1945/rfc1945.txt
http://www.ietf.org/rfc/rfc1945.txt
SMTP RFC821
ftp://ftp.isi.edu/in-notes/rfc821.txt http://www.imc.org/ietf-smtp/
S/MIME Version 2 Message Specification
ftp://ftp.isi.edu/in-notes/rfc2311.txt
http://www.ietf.org/rfc/rfc2311.txt
DOMHASH
http://www.ietf.org/rfc/rfc2803.txt
OCSP
http://www.ietf.org/rfc/rfc2560.txt
Certificate requests and responses
PKCS10 requests RFC2314 can be found in
PKCS7 responses RFC2315 can be found in
Identrus
http://www.identrus.com
Transaction Coordinator requirements (IT-TCFUNC)
Core messaging specification (IT-TCMPD)
Certificate Status Check Messaging specification (IT-TCCSC)
DOM
http://www.w3.org/TR/REC-DOM-Level-1/
DTD
http://www.w3.org/XML/1998/06/xmlspec-v20.dtd
XML
http://www.w3.org/TR/REC-xml
XML Syntax Processing specification
http://www.w3.org/TR/xmldsig-core
http://www.w3.org/TR/REC-html32.html
Application protocol. An application protocol is a protocol that normally layers directly on top of the transport layer (e.g., TCP/IP). Examples include HTTP, TELNET, FTP, and SMTP.
Asymmetric cipher. See Public key cryptography.
ASN.1. Abstract Syntax Notation One.
Authentication. Authentication is the ability of one entity to determine the identity of another entity.
base64. A representation of characters in digital format using a 65 character subset of U.S. ASCII.
BBS. A random number generating algorithm.
BER. Basic encoding Rules used with X509.
Block cipher. A block cipher is an algorithm that operates on plaintext in groups of bits, called blocks. 64 bits is a typical block size.
Bulk cipher. A symmetric encryption algorithm used to encrypt large quantities of data.
Cipher Block Chaining Mode (CBC). CBC is a mode in which every plaintext block encrypted with the block cipher is first eXclusive-OR-ed with the previous ciphertext block (or, in the case of the first block, with the initialization vector).
Certificate. As part of the X.509 protocol (a.k.a. ISO Authentication framework), certificates are assigned by a trusted Certificate Authority and provide verification of a party's identity and may also supply its public key.
Client. The application entity that initiates a connection to a server.
Client write key. The key used to encrypt data written by the client.
Client write MAC secret. The secret data used to authenticate data written by the client.
Connection. A connection is a transport (in the OSI layering model definition) that provides a suitable type of service. For SSL, such connections are peer to peer relationships. The connections are transient. Every connection is associated with one session.
CRL Certificate Revocation List. A certificate that is not valid but still within its expiry date.
Data Encryption Standard (DES). DES is a very widely used symmetric encryption algorithm. DES is a block cipher.
DER. Distinguished Encoding rules used in X509.
DH. A public-key cryptographic algorithm for encrypting and decrypting data.
Digital Signature Standard (DSS). A standard for digital signing, including the Digital Signing Algorithm, approved by the National Institute of Standards and Technology, defined in NIST FIPS PUB 186, "Digital Signature Standard," published May, 1994 by the U.S. Dept. of Commerce.
Digital signatures. Digital signatures utilise public key cryptography and one-way hash functions to produce a signature of the data that can be authenticated, and is difficult to forge or repudiate.
DSA. Digital Signature Algorithm.
Handshake. An initial negotiation between client and server that establishes the parameters of their transactions.
Initialization Vector (IV). When a block cipher is used in CBC mode, the initialisation vector is eXclusive-OR-ed with the first plaintext block prior to encryption.
IDEA. A 64-bit block cipher designed by Xuejia Lai and James Massey.
Message Authentication Code (MAC). A Message Authentication Code is a one-way hash computed from a message and some secret data. Its purpose is to detect if the message has been altered.
Master secret. Secure secret data used for generating encryption keys, MAC secrets, and IVs.
MD5. MD5 is a secure hashing function that converts an arbitrarily long data stream into a digest of fixed size.
MIME. MultiPURPOSE Internet Mail Extension
Message digest. A digest algorithm converts data of any size, via a one-way hashing function, into a small fixed size unique representation. Message digests are used extensively in the generation of digital signatures and integrity checking of data.
PBE. Password based encryption
Public Key Infrastructure (PKI). Defines protocols to support online interaction.
Public key cryptography. A class of cryptographic techniques employing two-key ciphers. Messages encrypted with the public key can only be decrypted with the associated private key. Conversely, messages signed with the private key can be verified with the public key.
One-way hash function. A one-way transformation that converts an arbitrary amount of data into a fixed-length hash. It is computationally hard to reverse the transformation or to find collisions. MD5 and SHA are examples of one-way hash functions.
OSI. Open Systems Inter-Connection.
RC2, RC4. Proprietary bulk ciphers from RSA Data Security, Inc. RC2 is block cipher and RC4 is a stream cipher.
RFC. A series of authoritative discussion documents. Requests for Comments.
RSA. A very widely used public-key algorithm that can be used for either encryption or digital signing.
Salt. Non-secret random data used to make export encryption keys resist pre-computation attacks.
Server. The server is the application entity that responds to requests for connections from clients. The server is passive, waiting for requests from clients.
Server write key. The key used to encrypt data written by the server.
Server write MAC secret. The secret data used to authenticate data written by the server.
Session. A SSL session is an association between a client and a server. Sessions are created by the handshake protocol. Sessions define a set of cryptographic security parameters, which can be shared among multiple connections. Sessions are used to avoid the expensive negotiation of new security parameters for each connection.
Session identifier. A session identifier is a value generated by a server that identifies a particular session.
SHA. The Secure Hash Algorithm is defined in FIPS PUB 180-1. It produces a 20-byte output
Stream cipher. An encryption algorithm that converts a key into a cryptographically-strong keystream, which is then eXclusive-OR-ed with the plaintext.
Symmetric cipher. See Bulk cipher.
X509. An authentication framework based on ASN.1 BER and DER and base64.
Abstract class. A class that contains one or more abstract methods, and therefore can never be instantiated. Abstract classes are defined so that other classes can extend them and make them concrete by implementing the abstract methods.
Abstract method. A method that has no implementation.
API Application Programming Interface. The specification of how a programmer writing an application accesses the behaviour and state of classes and objects.
Applet. A program written in Java to run within a Java-compatible web browser, such as HotJavaTM or Netscape NavigatorTM.
Atomic. Refers to an operation that is never interrupted or left in an incomplete state under any circumstance.
Bean. A reusable software component. Beans can be combined to create an application.
Class. In Java, a type that defines the implementation of a particular kind of object. A class definition defines instance and class variables and methods, as well as specifying the interfaces the class implements and the immediate superclass of the class. If the superclass is not explicitly specified, the superclass will implicitly be Object.
Classpath. A classpath is an environmental variable that tells the Java Virtual Machine and other Java applications (for example, the Java tools located in the JDK1.1.X\bin directory) where to find the class libraries, including user-defined class libraries.
Codebase. Works together with the code attribute in the <APPLET> tag to give a complete specification of where to find the main applet class file: code specifies the name of the file, and codebase specifies the URL of the directory containing the file.
Core class. A public class (or interface) that is a standard member of the Java Platform. The intent is that the Java core classes, at minimum, are available on all operating systems where the Java Platform runs. A 100%-pure Java program relies only on core classes, meaning it can run anywhere.
Critical section. A segment of code in which a thread uses resources (such as certain instance variables) that can be used by other threads, but that must not be used by them at the same time.
Deprecation. Refers to a class, interface, constructor, method or field that is no longer recommended, and may cease to exist in a future version.
Derived from. Class X is "derived from" class Y if class X extends class Y. See also Extends.
Exception. An event, during program execution, that prevents the program from continuing normally; generally, an error. Java supports exceptions with the try, catch, and throw keywords. See also Exception handler.
Exception handler. A block of code that reacts to a specific type of exception. If the exception is for an error that the program can recover from, the program can resume executing after the exception handler has executed.
Extends. Class X extends class Y to add functionality, either by adding fields or methods to class Y, or by overriding methods of class Y. An interface extends another interface by adding methods. Class X is said to be a subclass of class Y. See also Derived from.
GUI. Graphical User Interface. Refers to the techniques involved in using graphics, along with a keyboard and a mouse, to provide an easy-to-use interface to some program.
HotJavaTM Browser. An easily customisable Web browser developed by Sun Microsystems that is written in Java.
HTML HyperText Markup Language. This is a file format, based on SGML, for hypertext documents on the Internet. It is very simple and allows for the embedding of images, sounds, video streams, form fields and simple text formatting. References to other objects are embedded using URLs.
HTTP Hypertext Transfer Protocol. The Internet protocol, based on TCP/IP, used to fetch hypertext objects from remote hosts. See also TCP/IP.
IDL Java Interface Definition Language. Java API's that provide standards-based interoperability and connectivity with CORBA (Common Object Request Broker Architecture).
Instance. An object of a particular class. In Java programs, an instance of a class is created using the new operator followed by the class name.
Interface. In Java, a group of methods that can be implemented by several classes, regardless of where the classes are in the class hierarchy.
IP Internet Protocol. The basic protocol of the Internet. It enables the unreliable delivery of individual packets from one host to another. It makes no guarantees about whether or not the packet will be delivered, how long it will take, or if multiple packets will arrive in the order they were sent. Protocols built on top of this add the notions of connection and reliability. See also TCP/IP.
JAR file format. JAR (Java Archive) is a platform-independent file format that aggregates many files into one. Multiple Java applets and their requisite components (.class files, images, sounds and other resource files) can be bundled in a JAR file and subsequently downloaded to a browser in a single HTTP transaction. It also supports file compression and digital signatures.
JavaBeansTM. A portable, platform-independent reusable component model.
Java Database Connectivity (JDBCTM). An industry standard for database-independent connectivity between Java and a wide range of databases. The JDBCTM provides a call-level API for SQL-based database access.
JavaTM Development Kit (JDKTM). A software development environment for writing applets and application in Java.
JavaTM Foundation Class (JFC). An extension that adds graphical user interface class libraries to the Abstract Windowing Toolkit (AWT).
Java Platform. The JavaTM Virtual Machine and the Java core classes make up the Java Platform. The Java Platform provides a uniform programming interface to a 100% Pure Java program regardless of the underlying operating system.
Java Remote Method Invocation (RMI). A distributed object model for Java-to-Java applications, in which the methods of remote Java objects can be invoked from other Java virtual machines, possibly on different hosts.
Java Runtime Environment (JRE). A subset of the JavaTM Development Kit for end-users and developers who want to redistribute the JRE. The JRE consists of the Java Virtual Machine, the Java Core Classes, and supporting files.
JavaScriptTM. A Web scripting language that is used in both browsers and Web servers. It's only loosely related to Java and the name causes unnecessary confusion. Like any scripting language, it's used mostly to tie other components together or to accept user input.
JavaTM Virtual Machine (JVM). The part of the Java Runtime Environment responsible for interpreting Java bytecodes.
JDKTM JavaTM Development Kit. A software development environment for writing applets and application in Java.
JFC JavaTM Foundation Class. An extension that adds graphical user interface class libraries to the Abstract Windowing Toolkit (AWT).
JRE Java Runtime Environment. A subset of the Java Developer Kit for end-users and developers who want to redistribute the JRE. The JRE consists of the Java Virtual Machine, the Java Core Classes, and supporting files.
Just-in-time (JIT) Compiler. A compiler that converts all of the bytecode into native machine code just as a Java program is run. This results in run-time speed improvements over code that is interpreted by a Java Virtual Machine.
JVM Java Virtual Machine. The part of the Java Runtime Environment responsible for interpreting Java bytecodes.
Multithreaded. Describes a program that is designed to have parts of its code execute concurrently. See also Thread.
NCSA. National Center for Supercomputer Applications.
Package. A group of types. Packages are declared with the package keyword.
Process. A virtual address space containing one or more threads.
RPC. Remote Procedure Call. Executing what looks like a normal procedure call (or method invocation) by sending network packets to some remote host.
Sandbox. Comprises a number of co-operating system components, ranging from security managers that execute as part of the application, to security measures designed into the Java Virtual Machine and the language itself. The sandbox ensures that a distrusted, and possibly malicious, application can't gain access to system resources.
Secure Socket Layer (SSL). A protocol that allows communication between a Web browser and a server to be encrypted for privacy. It can also provide communication between other entities.
Synchronized. A Java keyword that, when applied to a method or code block, guarantees that at most one thread at a time executes that code.
TCP/IP. Transmission Control Protocol based on IP. This is an Internet protocol that provides for the reliable delivery of streams of data from one host to another. See also IP Internet Protocol.
Thin Client. A system that runs a very light operating system with no local system administration and executes Java applications delivered over the network.
Thread. The basic unit of program execution. A process can have several threads running concurrently, each performing a different job, such as waiting for events or performing a time-consuming job that the program doesn't need to complete before going on. When a thread has finished its job, the thread is suspended or destroyed. See also Process.
Unicode. A 16-bit character set defined by ISO 10646. All Java source is written in Unicode.
URL. Uniform Resource Locator. A standard for writing a text reference to an arbitrary piece of data in the WWW. A URL looks like "protocol://host/localinfo" where protocol specifies a protocol to use to fetch the object (like HTTP or FTP), host specifies the Internet name of the host on which to find it, and localinfo is a string (often a file name) passed to the protocol handler on the remote host.
Virtual machine. An abstract specification for a computing device that can be implemented in different ways, in software or hardware. You compile to the instruction set of a virtual machine much like you'd compile to the instruction set of a microprocessor. The Java Virtual Machine consists of a bytecode instruction set, a set of registers, a stack, a garbage-collected heap, and an area for storing methods.
Wrapper. An object that encapsulates and delegates to another object to alter its interface or behaviour in some way.
API. Application Programming Interface,
Attribute. An attribute is a string value that may be used in conjunction with a set of rules by the router to determine the next action to perform. Attributes are used to populate contexts with information about a message.
Business Logic. Business logic is the 'user' code in the system. Business logic executes tasks such as 'debit account', 'retrieve balance' etc.
Configurable Entity. Is any Service or component that uses Configuration Objects and the Configuration Manager.
Configuration Object. Configuration Objects hold persistent configuration data for services.
Configuration Service. Is a Service that implements a read-write interface to the Configuration Object.
Connection Manager. Describes the process with which iPlanet Trustbase Transaction Manager communicates with external entities. It utilises the following objects to accomplish this task... Protocol Maps, Protocol Analysers, Handlers, Message Readers and Writers.
Connector. The Connector is the main Connection Manager interface. It makes requests external to iPlanet Trustbase Transaction Manager. It takes a iPlanet Trustbase Transaction Manager Message containing the request, and a Destination Object describing the endpoint for the request.
Context. Keeps a record of the current state of a given transaction.
Context Directive. The action components that make up a ruleset.
CORBA. Common Object Request Broker Architecture.
Destination. Represents the destination of an external request, made by the Connector. An application specifies an implementation of Destination, and a ProtocolMap that can transform the destination into a ProtocolDescriptor for the Connector, which can then make and manage the actual connection.
Directive. The 'action' part of a rule that is executed when the preconditions are true.
DTD. Data Type Definition or Document Type Definition.
Environment. A set of contexts that are associated with a particular message.
Host Environment Adaptor. The environment adapter forms the interface between a host such as a web server or application server and iPlanet Trustbase Transaction Manager itself.
HSM. Hardware Security Module.
HTML. HyperText Markup Language.
IDL. Interface Definition Language.
JDBC. Java Database Connectivity.
lastService. An attribute containing the nameof the most recently executed service.
MessageType. An attribute contained within a message which holds the type of a given message. Message types are externally defined by the user.
Message. An internal representation of a request from the user or a response from the server. Messages are routed within the system.
Message Analyser. Provides the logic to identify which message reader or writer to use for a particular message based on the transport and the external format of the content.
Message Log Manager. Instantiates and allows access to Message Loggers. The message loggers are accessed according to which mime type they have registered interest in.
Message Logger. Logs incoming and outgoing messages in their raw unprocessed form. The log can then be later queried and manipulated through the logManager or directly through the back end database engine.
Message Reader. A Message Reader parses the remaining content of a Message from the InputStream, into the Message's content field. Message Readers may be a part of an application, and have specific knowledge of Message types, or they may be general purpose and have general knowledge of Message formats
Message Registry. A section of the tbase.properties file that provides a mapping between a message type and the message readers and writers used to process it.
Message Writer. A Message Writer translates processed Message objects into the clients required presentation protocol, and write the results onto an Output Stream, which is provided by the Protocol Analyser.
NAS. Netscape Application Server
OAS. Oracle Application Server.
PKI. Public Key Infrastructure.
Precondition. A precondition is a boolean expression which must be true for its corresponding directive to be executed. Preconditions are expressed in terms of attributes and their values. There are two types of precondition; an assertion that an attribute with a particular name exists and an assertion that the attribute with a given name not only exists but has a specific value.
Private Rule Set Repository. A collection of rule sets that ships with the iPlanet Trustbase Transaction Manager and allows built in services (such as the configuration services) to function.
Protocol Analyser. Provides the logic to identify which protocol handler to use for a particular message type.
Protocol Descriptor. Holds a description of the endpoint, transport and presentation protocols for a connection, in the form of a URL, and the format of the message to be sent, and as a mime type Implements Destination. It can be used with the SimpleProtocolMap for direct Destination addressing.
Protocol Handler. The protocol Handler Component extracts the message type and context ID from the header of a message. There is usually one protocol handler for a particular message class e.g. iPlanet Trustbase Transaction Manager messaging, OFX etc. The protocol handler then routes appropriate protocol to the Message Analyser.
Protocol Map. An application specifies ProtocolMap implementations to map it's Destination implementations to URLs and mime types that the Connector can use to make an actual connection.
Protocol Map Manager. Manages a set of ProtocolMap implementations, selecting an appropriate ProtocolMap to translate a particular Destination implementation into a ProtocolDescriptor.
Public Rule Set Repository. A user configurable collection of user-defined Rule Sets Rules in the private Rule Set Repository take precedence over rules in the public Rule Set Repository.
RMI. Remote Method Invocation.
Role. Role is not set of attributes, it is the name of a particular attribute which the system recognises. There are several such attributes including:
lastService - the nameof the most recently executed service
messageType - the type of a given message
role - a string representing the capacity in which the user is
using the system, e.g. role - operator, role =administrator etc.
Router. The router provides a mechanism for imposing structure and ordering on the execution of services in a secure way which doesn't necessitate code changes.
Rule. A Rule contains three components: a Rule Name, Precondition and Directive. If the precondition is true then the directive is executed.
Rule Name. Every rule has a name. The rule is referred to by its name in the context of a ruleset.
Ruleset. A collection of rules that route messages to one or more services to achieve a given task.
Service. An object implementing business logic. Services are written by the user.
Service Registry. A registry of services! Used to provide a lookup between service names and the classes that implement them.
Session. A session is the container for all of the tasks a user is performing over a period of time.
Skeleton. The server/remote portion of a distributed object under CORBA and RMI. The skeleton is invoked by the Stub. See also Stub.
State. A collection of attributes associated with a task at a given instant in time.
Stub. The client portion of a distributed object using mechanisms such as CORBA or RMI. The Stub is designed to hide the fact that the implementation of it's related object is not locally located. See also Skeleton.
Task. A unit of work at the business level. A ruleset defines how a task will be executed.
TISS. Transport Independent Stub Service
X500. Set of Open Standards for directory services. See, for instance, Country code that is defined as an ISO standard http://www.iso.ch and X500 standard http://www.itu.int/itudoc/itu-t/rec/x/x500up/x500.html
XML. Extensible Markup Language
XSL. Extensible Stylesheet Language
Previous Contents DocHome Index Next
Copyright © 2001 Sun Microsystems, Inc. Some preexisting portions Copyright © 2001 Netscape Communications Corp. All rights reserved.
Last Updated October 31, 2002