Previous
Contents
DocHome
|
| iPlanet Trustbase Transaction Manager 3.0.1 Beta Configuration and Installation |
| Symbols | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z |
Glossary and References
The objectives of this chapter are to cover
Software Platform
Transport Protocols
Glossary
Software Platform
Solaris 8
http://www.sun.com/software/solaris/cover/sol8.html
iPlanet Application Server 6.5
http://www.iplanet.com/products/infrastructure/app_servers/index.html
iPlanet Web Server 6.0 SP2
http://www.iplanet.com/products/infrastructure/web_servers/index.html
Oracle 8.1.7
http://www.oracle.com
Hardware Security nCipher KeySafe 1.0 and CAFast
http://www.ncipher.com
HTTP
HTTP/1.0 or 1.1 pro-tocol:
http://www.w3.org/Protocols/rfc1945/rfc1945.txt
http://www.ietf.org/rfc/rfc1945.txt
SMTP RFC821
ftp://ftp.isi.edu/in-notes/rfc821.txt http://www.imc.org/ietf-smtp/
S/MIME Version 2 Message Specification
ftp://ftp.isi.edu/in-notes/rfc2311.txt
http://www.ietf.org/rfc/rfc2311.txt
DOMHASH
http://www.ietf.org/rfc/rfc2803.txt
OCSP
http://www.ietf.org/rfc/rfc2560.txt
Certificate requests and responses
PKCS10 requests RFC2314 can be found in
PKCS7 responses RFC2315 can be found in
Identrus
http://www.identrus.com
Transaction Coordinator requirements (IT-TCFUNC)
Core messaging specification (IT-TCMPD)
Certificate Status Check Messaging specification (IT-TCCSC)
DOM
http://www.w3.org/TR/REC-DOM-Level-1/
DTD
http://www.w3.org/XML/1998/06/xmlspec-v20.dtd
XML
http://www.w3.org/TR/REC-xml
XML Syntax Processing specification
http://www.w3.org/TR/xmldsig-core
http://www.w3.org/TR/REC-html32.html
AIA. Authority Information Access
Application protocol. An application protocol is a protocol that normally layers directly on top of the transport layer (e.g., TCP/IP). Examples include HTTP, TELNET, FTP, and SMTP.
ASN.1. Abstract Syntax Notation One.
Authentication. Authentication is the ability of one entity to determine the identity of another entity. i.e. in the case of NetMail Lite, you know who your email message came from.
base64. A representation of characters in digital format using a 65 character subset of U.S. ASCII.
BBS. A random number generating algorithm.
BER. Basic encoding Rules used with X509.
Block cipher. A block cipher is an algorithm that operates on plaintext in groups of bits, called blocks. 64 bits is a typical block size.
Bulk cipher. A symmetric encryption algorithm used to encrypt large quantities of data.
Cipher Block Chaining Mode (CBC). CBC is a mode in which every plaintext block encrypted with the block cipher is first eXclusive-OR-ed with the previous ciphertext block (or, in the case of the first block, with the initialisation vector).
Certificate. As part of the X.509 protocol (a.k.a. ISO Authentication framework), certificates are assigned by a trusted Certificate Authority and provide verification of a party's identity and may also supply its public key.
Certificate Authority. An organisation authorised to issue certificates (as in CA).
Client. The application entity that initiates a connection to a server.
CN. Common Name See for instance http://www.itu.int/itudoc/itu-t/rec/x/x500up/x500.html for definition or http://docs.sun.com/source/816-5613-10/contents.htm
Connection. A connection is a transport (in the OSI layering model definition) that provides a suitable type of service. For SSL, such connections are peer to peer relationships. The connections are transient. Every connection is associated with one session.
CRL Certificate Revocation List. A list of certificates that have been declared invalid by their issuing CA before their expiry dates
Data Encryption Standard (DES). DES is a very widely used symmetric encryption algorithm. DES is a block cipher.
DER. Distinguished Encoding rules used in X509.
DH. A public-key cryptographic algorithm for encrypting and decrypting data.
Digital Signature Standard (DSS). A standard for digital signing, including the Digital Signing Algorithm, approved by the National Institute of Standards and Technology, defined in NIST FIPS PUB 186, "Digital Signature Standard," published May, 1994 by the U.S. Dept. of Commerce.
Digital signatures. Digital signatures utilise public key cryptography and one-way hash functions to produce a signature of the data that can be authenticated, and is difficult to forge or repudiate.
DN. Distinguished Name. See for instance http://www.itu.int/itudoc/itu-t/rec/x/x500up/x500.html or http://search.ietf.org/internet-drafts/draft-zeilenga-ldapv3bis-rfc2253-00.txt for definition. Also http://docs.sun.com/source/816-5613-10/contents.htm
DSA. Digital Signature Algorithm.
EE. End Entities are customers. i.e. the last person in the certificate chain.
Handshake. An initial negotiation between client and server that establishes the parameters of their transactions.
HSM. Hardware Security Module.
HTML. HyperText Markup Language.
IDEA. A 64-bit block cipher designed by Xuejia Lai and James Massey.
IRCA. Is the certificate for the Identrus root
Integrity. You know your email message has not changed.
IP. Issuing Participant Bank (or other financial institution) issuing smart cards containing private keys and certificates to Subscribing Customers.
key. The key used to encrypt data written by the client.
LDAP. Lightweight Directory Access Protocol
L1CA. Is the purpose ID or attribute for CA certificates
L1IPSC. The purpose ID or attribute of Certificate used for interbank message signing
L1EESSL. The purpose ID or attribute of Certificate used for bank/RC or bank/SC SSL connections - as server
L1EESC. The purpose ID or attribute of Certificate used for bank/RC or bank/SC message signing
Message Authentication Code (MAC). A Message Authentication Code is a one-way hash computed from a message and some secret data. Its purpose is to detect if the message has been altered.
MD5. MD5 is a secure hashing function that converts an arbitrarily long data stream into a digest of fixed size.
MIME. MultiPURPOSE Internet Mail Extension
Non-repudiation. A process set up to ensure that the sender cannot disavow a message
OCSP. Online Certificate Status Protocol
OU. Organisation Unit See for instance http://www.itu.int/itudoc/itu-t/rec/x/x500up/x500.html or http://search.ietf.org/internet-drafts/draft-zeilenga-ldapv3bis-rfc2253-00.txt for definition or http://docs.sun.com/source/816-5613-10/contents.htm
PBE. Password based encryption
Public Key Infrastructure (PKI). Defines protocols to support online interaction.
Public key cryptography. A class of cryptographic techniques employing two-key ciphers. Messages encrypted with the public key can only be decrypted with the associated private key. Conversely, messages signed with the private key can be verified with the public key.
OSI. Open Systems Inter-Connection.
RC2, RC4. Proprietary ciphers from RSA Data Security, Inc. RC2 is block cipher and RC4 is a stream cipher.
RC. Relying Customer Party with whom the Subscribing Customer initiates a signed transaction.
RC Host. Server software that performs the role of the RC in the Identrus certificate status check scheme. In the case of this document this is the portal server.
RC NetMail Lite or RC Mail. The client software interface that a customer uses to send and receive messages. In the case of this document this is NetMail Lite.
RP. Relying Participant Bank with which the Relying Customer communicates to obtain some level of trust in the signed data received from the Subscribing Customer.
RSA. A very widely used public-key algorithm that can be used for either encryption or digital signing.
Server. The server is the application entity that responds to requests for connections from clients. The server is passive, waiting for requests from clients.
SC. Subscribing Customer. Member of the Issuing Participant bank authorised to participate in Identrus activities.
Session. A SSL session is an association between a client and a server. Sessions are created by the handshake protocol. Sessions define a set of cryptographic security parameters, which can be shared among multiple connections. Sessions are used to avoid the expensive negotiation of new security parameters for each connection.
SmartCard. A hardware token that incorporates one or more integrated circuit (IC) chips to implement cryptographic functions and that possesses some inherent resistance to tampering.
SHA. The Secure Hash Algorithm is defined in FIPS PUB 180-1. It produces a 20-byte output.
Stub. The java interface to support communication with the CAFast hard server
UTF8. A multi-byte character encoding format. See http://www.utf-8.org/
X509. An authentication framework based on ASN.1 BER and DER and base64.
Previous Contents DocHome
Copyright © 2001 Sun Microsystems, Inc. Some preexisting portions Copyright © 2001 Netscape Communications Corp. All rights reserved.
Last Updated October 31, 2002