| Previous Contents DocHome Index Next |
| iPlanet Web Server: Plug-in for Trustbase services 1.0 Installation, Configuration and Developer's Guide |
Glossary and References
The objectives of this chapter are to cover
Software Platform
Java Development Kit 1.2.1
http://java.sun.com/products/jdk/
Java interface
http://java.sun.com/products/jndi/index.html
iPlanet Web Server
http://www.iplanet.com/products/iplanet_web_enterprise/home_2_1_1m.html
Hardware Security nCipher KeySafe 1.0 and CAFast
http://www.ncipher.com
Oracle 8I
http://www.oracle.com
GemSAFE IS SmartCard tool
http://www.gemplus.com
OCSP
http://www.imc.org/ietf-pkix/http://www.ietf.org/rfc/rfc2560.txt
SmartCard Standard
http://www.rsa.com/rsalabs/pubs/PKCS/html/pkcs-11.html
Certificate requests and responses
PKCS10 requests RFC2314 can be found in http://www.ietf.org/rfc.htmlPKCS7 responses RFC2315 can be found in http://www.ietf.org/rfc.html
HTML
HTML 3.2 as specified in http://www.w3.org/TR/REC-html32.html
HTTP
HTTP/1.0 or 1.1 pro-tocolhttp://www.w3.org/Protocols/rfc1945/rfc1945.txt
Identrus
http://www.identrus.com
LDAP
LDAP client protocol specified in RFC 1777 and RFC 1778, as supported by the JNDI API http://www.cis.ohio-state.edu/htbin/rfc/rfc1777.html
AIA. Authority Information Access
Application protocol. An application protocol is a protocol that normally layers directly on top of the transport layer (e.g., TCP/IP). Examples include HTTP, TELNET, FTP, and SMTP.
ASN.1. Abstract Syntax Notation One.
Authentication. Authentication is the ability of one entity to determine the identity of another entity. i.e. in the case of NetMail Lite, you know who your email message came from.
base64. A representation of characters in digital format using a 65 character subset of U.S. ASCII.
BBS. A random number generating algorithm.
BER. Basic encoding Rules used with X509.
Block cipher. A block cipher is an algorithm that operates on plaintext in groups of bits, called blocks. 64 bits is a typical block size.
Bulk cipher. A symmetric encryption algorithm used to encrypt large quantities of data.
Cipher Block Chaining Mode (CBC). CBC is a mode in which every plaintext block encrypted with the block cipher is first eXclusive-OR-ed with the previous ciphertext block (or, in the case of the first block, with the initialisation vector).
Certificate. As part of the X.509 protocol (a.k.a. ISO Authentication framework), certificates are assigned by a trusted Certificate Authority and provide verification of a party's identity and may also supply its public key.
Certificate Authority. An organisation authorised to issue certificates (as in CA).
Client. The application entity that initiates a connection to a server.
CN. Common Name See for instance http://www.itu.int/itudoc/itu-t/rec/x/x500up/x500.html for definition.
Connection. A connection is a transport (in the OSI layering model definition) that provides a suitable type of service. For SSL, such connections are peer to peer relationships. The connections are transient. Every connection is associated with one session.
CRL. Certificate Revocation List. A list of certificates that have been declared invalid by their issuing CA before their expiry dates
Data Encryption Standard (DES). DES is a very widely used symmetric encryption algorithm. DES is a block cipher.
DER. Distinguished Encoding rules used in X509.
DH. A public-key cryptographic algorithm for encrypting and decrypting data.
Digital Signature Standard (DSS). A standard for digital signing, including the Digital Signing Algorithm, approved by the National Institute of Standards and Technology, defined in NIST FIPS PUB 186, "Digital Signature Standard," published May, 1994 by the U.S. Dept. of Commerce.
DSMS . Digital Signature Message System
Digital signatures. Digital signatures utilise public key cryptography and one-way hash functions to produce a signature of the data that can be authenticated, and is difficult to forge or repudiate.
DN. Distinguished Name. See for instance http://www.itu.int/itudoc/itu-t/rec/x/x500up/x500.html or http://search.ietf.org/internet-drafts/draft-zeilenga-ldapv3bis-rfc2253-00.txt for definition.
DSA. Digital Signature Algorithm.
EE. End Entities are customers. i.e. the last person in the certificate chain.
Handshake. An initial negotiation between client and server that establishes the parameters of their transactions.
HSM. Hardware Security Module.
HTML. HyperText Markup Language.
IDEA. A 64-bit block cipher designed by Xuejia Lai and James Massey.
Integrity i.e.. You know your email message has not changed.
IP. Issuing Participant Bank (or other financial institution) issuing smart cards containing private keys and certificates to Subscribing Customers.
iAS. iPlanet Application Server
iWSPTS . iPlanet Web Server Plugin for Trustbase Services
key. The key used to encrypt data written by the client.
LDAP. Lightweight Directory Access Protocol
Message Authentication Code (MAC). A Message Authentication Code is a one-way hash computed from a message and some secret data. Its purpose is to detect if the message has been altered.
MD5. MD5 is a secure hashing function that converts an arbitrarily long data stream into a digest of fixed size.
MIME. MultiPURPOSE Internet Mail Extension
Non-repudiation. A process set up to ensure that the sender cannot disavow a message
OCSP. Online Certificate Status Protocol
OU. Organisation Unit See for instance http://www.itu.int/itudoc/itu-t/rec/x/x500up/x500.html or http://search.ietf.org/internet-drafts/draft-zeilenga-ldapv3bis-rfc2253-00.txt for definition.
PBE. Password based encryption
Public Key Infrastructure (PKI). Defines protocols to support online interaction.
Public key cryptography. A class of cryptographic techniques employing two-key ciphers. Messages encrypted with the public key can only be decrypted with the associated private key. Conversely, messages signed with the private key can be verified with the public key.
OSI. Open Systems Inter-Connection.
RC2, RC4. Proprietary ciphers from RSA Data Security, Inc. RC2 is block cipher and RC4 is a stream cipher.
RC. Relying Customer Party with whom the Subscribing Customer initiates a signed transaction.
RC Host. Server software that performs the role of the RC in the identrus certificate status check scheme. In the case of this document this is the Web server.
RC NetMail Lite or RC Mail. The client software interface that a customer uses to send and receive messages. In the case of this document this is NetMail Lite.
RP. Relying Participant Bank with which the Relying Customer communicates to obtain some level of trust in the signed data received from the Subscribing Customer.
RSA. A very widely used public-key algorithm that can be used for either encryption or digital signing.
Server. The server is the application entity that responds to requests for connections from clients. The server is passive, waiting for requests from clients.
SC. Subscribing Customer. Member of the Issuing Participant bank authorised to participate in Identrus activities.
Session. A SSL session is an association between a client and a server. Sessions are created by the handshake protocol. Sessions define a set of cryptographic security parameters, which can be shared among multiple connections. Sessions are used to avoid the expensive negotiation of new security parameters for each connection.
SmartCard. A hardware token that incorporates one or more integrated circuit (IC) chips to implement cryptographic functions and that possesses some inherent resistance to tampering.
SHA. The Secure Hash Algorithm is defined in FIPS PUB 180-1. It produces a 20-byte output.
Stub. The Java interface to support communication with the CAFast hard server
X509. An authentication framework based on ASN.1 BER and DER and base64
Previous Contents DocHome Index Next
Copyright © 2001 Sun Microsystems, Inc.
Last Updated September 24, 2001