| iPlanet Portal Server 3.0 Service Pack 5 Installation Guide |
Glossary
access control Implements the privileges granted by authorization.
address In networking, a unique code that identifies a node to the network. Names like portal.demo.sesta.com are translated to “dotted quad” addresses (10.0.24.15) by the Domain Name Service. (DNS).
administration console The administrator’s GUI interface to iPlanet™ Portal Server.
API Application Program Interface, a set of calling conventions or instructions defining how programs invoke services in existing software packages.
applet A program written in the Java™ programming language to run within a Web browser. An example would be the Java front ends to iPlanet Portal Server’s NetMail and NetFile applications.
attribute A configurable parameter of a profile.
ASP Application Service Provider. A company that, for a fee, provides access to applications that users can run without owning their own copies. See ISP.
authentication The process of verifying a user’s identity.
authentication module An authentication module controls a specific authentication process. For example, iPlanet Portal Server provides authentication modules for Microsoft Windows NT, UNIX, S/key, and others, as well as opening the authentication API so other authentication modules can be written as needed.
authorization The process of granting specific access privileges to a user. Authorization is based on authentication and enforced by access control.
CA See Certificate Authority.
cache In Web browsers, the archive of recently visited Web pages, graphics, or other files that is stored in memory or on users’ disks.
CDP Certificate Discovery Protocol. Request and response protocol used by two parties to transfer certificates.
certificate A set of data that identifies a person, machine, or application.
certificate identifier (ID) Generic naming scheme term used to identify a particular self-generated or issued certificate. It effectively decouples the identification of a key for purposes of key lookup and access control from issues of network topology, routing, and IP addresses.
Certificate Authority (CA) Trusted network entity that digitally signs a certificate containing information identifying the user; such as the user’s name, the issued certificate, and the certificate’s expiration date. Verisign is one of the best known CA’s.
component An application or a service in iPlanet Portal Server. Components have attributes and privileges, much like users.
content filtering Practice of allowing or disallowing traffic based on the content of the data being sent.
cookie General mechanism that server-side connections can use to store and retrieve information on the client side of the connection. Cookies are small data files written to a user’s hard drive by some Web sites when viewed in a Web browser. These data files contain information the site can use to track such things as passwords, lists of pages visited, and the date when a certain page was last looked at.
data compression Application of an algorithm to reduce the space required to store or the bandwidth required to transmit data.
decryption Process of decrypting information that has been encrypted. See encryption.
demilitarized zone (DMZ) Small protected network between the public Internet and a private intranet, usually demarcated with firewalls on both ends. This area is used to provide limited public access to resources such as Web servers, FTP servers, and other information resources.
desktop What the end user sees on the screen. This usually includes a preferred set of applications and access privileges.
digital signatures Data added to a document to identify the sender using a public-key encryption scheme.
DMZ See demilitarized zone.
DNS Domain Name Service is a distributed name and address lookup mechanism used to translate domain names (portal.demo.sesta.com) to IP addresses (10.23.134.24). It also allows reverse lookup, to translate IP addresses back into names.
domain The last part of a fully qualified domain name that identifies the company or organization that owns the domain name (for example, sesta.com, sesta.co.uk).
encryption Process of protecting information from unauthorized use by making the information unintelligible. Some encryption methods employ codes, called keys, which are used to encrypt the information. Contrast with decryption.
firewall Computer located between an internal network and the rest of the network that filters packets as they go by according to user-specified criteria. Firewalls are normally used to protect systems on one side from unauthorized access by users on the other side.
File Transfer Protocol (FTP) A file transfer protocol often used on TCP/IP networks to copy files to and from remote computers.
fully qualified domain name The complete domain name of a system, including the hostname, network name if applicable, and domain; for example west.sesta.comsesta.com.
gateway A system that provides and controls connections to another network. See VPN.
host Name of a device on a TCP/IP network that has an IP address.
HTML Hypertext Markup Language. A file format, based on SGML, for hypertext documents on the Internet.
HTTP Hypertext Transfer Protocol, which describes how Web browsers and Web servers exchange information. See URL.
HTTPS Hypertext Transfer Protocol Secure, which describes the use of HTTP over an SSL connection, usually on port 443.
ICMP Internet Control Message Protocol. IP protocol that handles errors and control messages, to enable routers to inform other routers (or hosts) of IP routing problems or make suggestions of better routes. See ping.
IMAP Internet Message Access Protocol allows remote access to mailboxes and folders. IMAP clients usually leave some or all messages and folders on the server, unlike POP, in which all messages are downloaded.
Internet Protocol Protocol within TCP/IP suite used to link networks worldwide, developed by the United States Department of Defense and is used on the Internet. The prominent feature of this suite is the IP protocol.
IP See Internet Protocol.
ISP Internet Service Provider. A company providing Internet access. This service often includes a phone number access code, username, and software—all for a provider fee.
issued certificate Certificate that is issued by a Certificate Authority. See self-generated certificate.
ISV Independent Software Vendor. Third-party software developer.
Java™ Object-oriented, platform independent programming language developed by Sun Microsystems to solve a number of problems in modern programming practice.
JDK Java Development Kit. Software tools used to write Java applets or application programs.
key Code for encrypting or decrypting data.
LAN Local area network, a private network at a single location. Multiple LANs can be interconnected to form a WAN.
LDAP Lightweight Directory Access Protocol. One of the protocols used in iPlanet™ Portal Server to resolve profile attributes and privileges.
load balancer A load balancer controls connections to multiple gateway machines to allow approximately equivalent loads on each of the available systems.
NAT See network address translation.
Netlet A Java applet used in iPlanet Portal Server to allow any TCP/IP-based applications to securely connect to servers through an authenticated iPS connection.
network address translation (NAT) Function used when packets passing through a firewall have their addresses changed (or translated) to different network addresses. Address translation can be used to translate unregistered addresses into a smaller set of registered addresses, thus allowing internal systems with unregistered addresses to access systems on the Internet.
network mask Number used by software to separate the local subnet address from the rest of a given IP address.
NFS™ Network File System. A file system distributed by Sun Microsystems that enables a set of computers to cooperatively access each others files in a transparent manner.
NIS and NIS+ Network Information Service. NIS+ is a newer version (with a lookup service) for Solaris 2.x, with enhanced security.
node A transfer point within a network. Data is passed from node to node in a network until the data reaches its final destination.
passphrase Collection of characters used in a similar manner to, although typically longer than, a password. See password.
password Unique string of characters that a user types as an identification code; a security measure to restrict access to computer systems and sensitive files.
personal digital certificate (PDC) An electronic certificate attached to a message that authenticates a user. A personal digital certificate can be created by correctly entering a userID and password, or by using an SSL certificate request that in turn uses the security certificate of the server through which the user is connected.
PDC See personal digital certificate.
ping A TCP/IP command that verifies a connection to another host.
plaintext Unencrypted message.
Point-to-Point Protocol (PPP) PPP (the successor to SLIP) provides router-to-router and host-to-network connections over both synchronous and asynchronous circuits. Used for TCP/IP connectivity, usually for PC’s over a telephone line. Also known as PPTP.
POP Post Office Protocol; defines a mechanism with which Internet users can connect to and download their waiting email messages.
PPP See Point-to-Point Protocol.
port The location (or socket) to which TCP/IP connections are made. Web servers traditionally use port 80, while FTP uses port 21 and telnet uses port 23. iPlanet Portal Server uses some special ports, particularly on client systems, to securely communicate through the iPS session to servers.
preference A user-specified choice about what appears or doesn’t appear on the desktop, and how it appears, or other traits such as timeout settings.
private network A network of computers that is inaccessible unless you have appropriate access privileges. Private networks may be as small as a one-office LAN or as large as a multi-country enterprise network. See also public network.
privilege A type of access right that is granted to a user, a set of users, or a resource that is specified by the particular type of authorization implemented.
profile The attributes and privileges for an iPS entity, such as user, role, domain, or component.
profile server A special segment of iPlanet™ Portal Serverthat is devoted to storing profile information.
protocol A formal description of messages to be exchanged and rules to be followed for two or more systems to exchange information.
provider
A Java class that can write HTML content to a mini-frame in the desktop. Providers (also called content providers) are used to create information in specific areas of a user’s desktop.
proxy A proxy is an intermediary program that makes and services requests on behalf of clients. Proxies act as servers and clients in turn, and are used to control the content of various network services. See reverse proxy.
public-key certificate A data structure containing a user’s public key, as well as information about the time and date during which the certificate is valid.
public-key cryptography Also known as asymmetric key cryptography. In public-key cryptosystems, everyone has two related complementary keys: a publicly revealed key and a secret key (also frequently called a private key). Each key unlocks the code that the other key makes. Knowing the public key does not help you deduce the corresponding secret key. The public key can be published and widely disseminated across a communications network. This protocol provides privacy without the need for the secure channels that a conventional cryptosystem requires.
public network Like the Internet, a public network carries traffic from a variety of companies, individuals, and sources and is inherently insecure. Contrast with private network.
query Process for extracting particular data.
reverse proxy A proxy which performs bi-directional URL rewriting and translation between clients and servers. Unlike a proxy, which exists at the client side, a reverse proxy exists at the server side of the network. In iPlanet Portal Server, the reverse proxy exists on theiPS gateway.
role A role defines all aspects of a user’s experience when running in the iPlanet Portal Server environment. A role can, for instance, correspond to a job title (manager, engineer, sales, etc.) or can be defined other ways, such as a full member of a working group or an observer. A role determines what a user sees and can use.
router Intermediary device responsible for deciding which of several paths network (or Internet) traffic will follow.
secret key In public-key cryptography, a private key that is never disclosed to the public. See public-key cryptography.
Secure Socket Layer (SSL) A form of secure, low-level encryption that is used by other protocols like HTTP and FTP. The SSL protocol includes provisions for server authentication, encryption of data in transit, and optional client authentication. The version used in iPlanet Portal Server uses RSA’s public and private key encryption, as well as a digital certificate.
self-generated certificate Public key value only used when entities are named using the message digest of their public value, and when these names are securely communicated. See issued certificate.
session An iPlanet Portal Server session is a sequence of interactions between a user and one or more applications, starting with login and ending with logout or timeout.
session key Common cryptographic technique to encrypt each individual conversation between two people with a separate key.
SGML Standard Generalized Markup Language. Method of tagging a document to apply to many format elements.
shared-key cryptography Also known as symmetric key cryptography. Cryptography where each party must have the same key to encrypt or decrypt ciphertext.
smart card A plastic card with a magnetized strip that is used for authentication.
SMTP Simple Mail Transfer Protocol. Used on the Internet to route email.
SMTP proxy A variant of SMTP that sends messages from one computer to another on a network and is used on the Internet to route email.
SNMP Simple Network Management Protocol. Network management protocol that enables a user to monitor and configure network hosts remotely.
SSL See Secure Socket Layer.
SSL Certificate An electronic token that means you or a vendor have given approval to encrypt and decrypt your secure transactions, using PKI. You create a self-signed SSL Certificate when you install iPlanet Portal Server software. However, you can also obtain an SSL Certificate from a certificate vendor who authorizes secure communications services over the Internet.
subdomain The next-to-last part of a fully qualified domain name that identifies the division or department within a company or organization that own the domain name (for example, eng.sesta.com, sales.sesta.co.uk); not always specified.
subnet Working scheme that divides a single logical network into smaller physical networks to simplify routing.
subnet mask Specifies which bits of the 32-bit IP address represent network information. The subnet mask, like an IP address, is a 32-bit binary number: a 1 is entered in each position that will be used for network information and a 0 is entered in each position that will be used as node number information. See node.
symmetric key cryptography See shared-key cryptography.
TCP See transmission control protocol.
TCP/IP Transmission Control Protocol/Internet Protocol. Protocol suite originally developed for the Internet. It is also called the Internet protocol suite. Solaris networks run on TCP/IP by default.
telnet Virtual terminal protocol in the Internet suite of protocols. Enables users of one host to log in to a remote host and interact as normal terminal users of that host.
telnet proxy An application which sits between the telnet client and telnet server and acts as an intelligent relay.
transmission control protocol (TCP) Major transport protocol in the Internet suite of protocols providing reliable, connection-oriented, full-duplex streams. Uses IP for delivery. Encrypts only IP packet data, but not the headers. Corresponds to the transport layer, which is the fourth of the seven ISO layers. See TCP/IP.
transparent clustering A condition whereby multiple machines will appear to the user to be a single machine. In iPlanet Portal Server, the condition where multiple gateways appear to the user to be a single gateway.
tunneling Process of encrypting an entire IP packet, and wrapping it in another (unencrypted) IP packet. The source and destination addresses on the inner and outer packets may be different.
tunnel address Destination address on the outer (unencrypted) IP packet to which tunnel packets are sent. Generally used for encrypted gateways where the IP address of the host serves as the intermediary for any or all hosts on a network whose topology must remain unknown or hidden from the rest of the world.
URL Uniform Resource Locator. A code that searches for the location of a specific address on the Internet.
user ID Name by which a user is known to the system.
Virtual Private Network A network with the appearance and functionality of a regular network, but which is really like a private network within a public one.
The use of encryption in the lower protocol layers provides a secure connection through an otherwise insecure network, typically the Internet. VPN’s are generally cheaper than true private networks using private lines, but rely on having the same encryption system at both ends. The encryption may be performed by firewall software or possibly by routers.VPN gateway The entry point to a VPN. Typically protected by a firewall.
VPN See Virtual Private Network.
WAN Wide area network, a private network (intranet) spanning more than one physical location.
Watchdog A process that monitors a gateway and restarts the gateway if its processes fail.
Web See World Wide Web.
Web page Document on the Web.
web server An application that responds to web requests such as HTTP, FTP, etc.
World Wide Web Network of servers on the Internet that provide information and can include hypertext links to other documents on that server and often other servers as well.
