Oracle® Fusion Middleware
Glossary of Terms

The Admin Node Manager is an Oracle API Gateway component that is responsible for managing API Gateway instances in a domain. For example, this includes collecting monitoring information, managing dynamic settings, and deploying API and policy configuration. There must be only one Admin Node Manager in each domain. The Admin Node Manager must be running to use the API Gateway management tools that connect to it (for example, Policy Studio and API Gateway Manager).

See Also Node Manager , Domain.

An Application Programming Interface (API) is a set of business services that an enterprise can expose to external customers, partners, or employees using a range of different technologies on a range of different devices. For example, APIs typically support HTTP requests and JSON or XML responses to enable mobile clients.

A server-side application that manages, delivers, and secures APIs. The Oracle API Gateway provides services such as the following:

A method of encoding 8-bit characters as ASCII printable characters. It is typically used to encode binary data so that it may be sent over text-based protocols such as HTTP and SMTP. Base64 is a scheme where 3 bytes are concatenated, and then split to form 4 groups of 6-bits each. Each 6-bits gets translated to an encoded printable ASCII character, using a table lookup. The specification is described in RFC 2045.

A Certificate Authority (CA) issues digital certificates (especially X.509 certificates), and vouches for the binding between the data items in a certificate.

A file used to keep the root certificates of signing authorities. The default password is changeit. It is typically stored in c:\jdk1.6\jre\lib\security\cacerts. Each entry is identified by a unique alias, and is a key entry or a certificate entry. Key entries consist of a key pair, whereas certificate entries consist of just a certificate.

Because you implicitly trust all the Certificate Authorities in the cacerts file for code signing and verification, you must manage the cacerts file carefully. The cacerts file should contain only certificates of the CAs you trust.

A Certificate Revocation List (CRL) is a signed list indicating a set of certificates that are no longer considered valid by the certificate issuer. CRLs may be used to identify revoked public-key certificates or attribute certificates, and may represent revocation of certificates issued to authorities or to users. The term CRL is also commonly used as a generic term applying to different types of revocation lists.

A Distinguished Name (DName or DN) is an identifier that uniquely represents an object in the X.500 Directory Information Tree (DIT). A DName a set of attribute values that identify the path leading from the base of the DIT to the object that is named. An X.509 public-key certificate or CRL contains a DName that identifies its issuer, and an X.509 attribute certificate contains a DN or other form of name that identifies its subject.

An API Gateway domain consists of multiple groups of API Gateways spanning multiple host machines. A domain is a distinct administrative entity, which is managed separately by API Gateway tools such as API Gateway Manager and API Gateway Analytics.

See Also Admin Node Manager .

A Document Type Definition (DTD) defines a formal grammar for specifying the structure of an XML document. An XML document is said to be valid if it conforms to the syntax rules specified in the DTD.

An API Gateway filter is an executable rule that performs a specific type of processing on a message. For example, the Message Size filter rejects messages that are greater or less than a specified size. There are many categories of message filters available with the API Gateway (for example, Authentication, Authorization, Content filtering, Conversion, and Trust). In Policy Studio, a filter is displayed as a block of business logic that forms part of an execution flow known as a policy.

Hypertext Transfer Protocol (HTTP) is a protocol for distributed hypermedia systems. HTTP is the foundation of data communication for the World Wide Web. For more details, see http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol.

Hypertext Transfer Protocol Secure (HTTPS) is a protocol for secure communication over a computer network, and which is widely deployed on the Internet. It is the result of layering HTTP on top of the SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications. For more details, see http://en.wikipedia.org/wiki/HTTP_Secure.

The International Organization for Standardization (ISO) is a worldwide consortium of national standards bodies from more than 140 countries. The goal of ISO is to promote standardization in the world with a view to facilitating the international exchange of goods and services, and to develop cooperation in scientific, technological and economic activity.

Java Message Service (JMS) is a messaging standard that enables application components based on the Java 2 Enterprise Edition (J2EE) to create, send, receive, and read messages. It enables the communication between different components of a distributed application to be loosely coupled, reliable, and asynchronous. For more details, see http://en.wikipedia.org/wiki/Java_Message_Service.

JavaScript Object Notation (JSON) is a lightweight data-interchange format, which is easy for humans to read and write, and easy for machines to parse and generate. JSON is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition, December 1999. Its text format is programming language independent, but uses conventions that are familiar to programmers of the C family of languages (for example, C, C++, C#, Java, JavaScript, Perl, and Python). For more details, see http://www.json.org.

The keystore file of the JDK contains your public and private keys. It has a file name of .keystore (the leading dot makes the file read-only in Unix). It is stored in PKCS #12 format, contains both public and private keys, and is protected by a passphrase.

LDAP is a lightweight version of Directory Access Protocol (DAP), which is part of X.500, a standard for directory services in a network. An LDAP directory stores information on resources in a hierarchical fashion, which makes data retrieval very efficient.

A Node Manager is an Oracle API Gateway component that is responsible for managing API Gateway instances on a host machine. There must be one Node Manager on each managed host machine. A single Admin Node Manager communicates with all Node Managers in a domain to perform management operations.

See Also Admin Node Manager , Domain.

Online Certificate Status Protocol (OCSP) is an automated certificate checking network protocol. A client will query the OCSP responder for the status of a certificate. The responder returns whether the certificate is still trusted by the CA that issued it.

Privacy Enhanced Mail (PEM) was originally intended for securing Internet mail through authentication, message integrity, and confidentiality using various encryption techniques. Its scope was widened in later years for use in a broader range of applications, such as Web Servers. Its format is essentially a base64-encoded certificate wrapped in BEGIN CERTIFCATE and END CERTIFICATE directives.

PKCS#12 is a standard for storing private keys and certificates securely. It is used in (among other things) Netscape and Microsoft Internet Explorer with their import and export options.

A policy is a network of message filters in which each filter is a modular unit that processes a message. A message can traverse different paths through the policy, depending on which filters succeed or fail. For example, this enables you to configure policies that route messages that pass a Schema Validation filter to a back-end system, and route messages that pass a different Schema Validation filter to a different system. A policy can also contain other policies, which enables you to build modular reusable policies. In Policy Studio, the policy is displayed as a path through a set of filters, as shown in the above example.

The secret component of a pair of cryptographic keys used for asymmetric cryptography.

The publicly-disclosable component of a pair of cryptographic keys used for asymmetric cryptography.

Role-Based Access Control (RBAC) restricts system access to authorized users based on their assigned roles. Permissions to perform specific system operations are assigned to specific roles, and system users are granted permission to perform specific operations only through their assigned roles. This simplifies system administration because users do not need to be assigned permissions directly, and instead acquire them through their assigned roles.

Representational State Transfer (REST) is an architectural style for building large-scale distributed software that uses the technologies and protocols of the World Wide Web (for example, JSON/XML and HTTP). For more details, see http://en.wikipedia.org/wiki/Representational_state_transfer.

Security Assertion Markup Language (SAML) is an XML standard for establishing trust between entities. SAML assertions can contain identity information about users (authentication assertions), and also information about the access permissions of users (authorization assertions). The basic idea is that when a user is authenticated at one site, that site issues a SAML authentication assertion and gives it to the user. The user can then use this assertion in requests at other affiliated sites. These sites need only check the details contained within the authentication assertion in order to authenticate the user. In this way, SAML allows authentication and authorization information to be shared between separate sites.

A value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity.

Simple Object Access Protocol (SOAP) is an XML-based object invocation protocol. SOAP was originally developed for distributed applications to communicate over HTTP and through corporate firewalls. SOAP defines the use of XML and HTTP to access services, objects and servers in a platform-independent manner. SOAP provides a way to access services, objects, and servers in a completely platform-independent manner. SOAP is a wire protocol that can be used to facilitate highly ultra-distributed architecture.

SOAP is simple. It is nothing more and nothing less than a protocol that defines how to access services, objects, and servers in a platform-independent manner using HTTP (also SMTP) and XML. See the Simple Object Access Protocol Specification for more details.

Secure Sockets Layer (SSL) is an encrypted communications protocol for sending information securely across the Internet. It sits just above the transport layer, and below the application layer and transparently handles the encryption and decryption of data when a client establishes a secure connection to the server. It optionally provides peer entity authentication between client and server.

Transport Layer Security (TLS) is the successor to SSL 3.0. Like SSL, it allows applications to communicate over a secure channel.

Universal Description, Discovery, and Integration (UDDI) is an XML-based lookup service for locating Web Services in an Internet scenario. See the Universal Description Discovery Integration (UDDI) standard for more details.

Uniform Resource Identifiers (URIs) are a platform-independent way to specify a file or resource somewhere on the web. Strictly speaking, every URL is also a URI, but not every URI is also a URL. Two RFCs specify the format of a URI:

Web Services Description Language (WSDL) is an XML format for describing network services as a set of endpoints operating on messages containing document-oriented or procedure-oriented information. The operations and messages are described abstractly, and then bound to a concrete network protocol and message format to define an endpoint. Related concrete endpoints are combined into abstract endpoints (services).

WSDL is extensible to allow description of endpoints and their messages regardless of what message formats or network protocols are used to communicate, however, the only bindings described in this document describe how to use WSDL in conjunction with SOAP 1.1, HTTP GET/POST, and MIME. See the Web Services Description Language Specification for more details.

X.509 is the standard that defines the contents and data format of a public key certificate.

XML Key Management Specification (XKMS) uses the relative simplicity of XML to provide key management services so that a Web Service can query the trustworthiness of a user's certificate over the Internet. XKMS aims to simplify application building by separating digital-signature handling and encryption from the applications themselves. See the XML Key Management Specification for more details.

eXstensible Markup Language (XML) is a subset of Structured General Markup Language (SGML). Its goal is to enable generic SGML to be served, received, and processed on the Web in the way that is now possible with HTML. See the XML Specification for more details.

XML Path Language (XPath) is a language that describes how to locate and process specific parts of an XML document. See the XML Path Language Specification for more details.

XML Stylesheet Language (XSL) is used to convert XML documents into different formats, the most common of which is HTML. In a typical scenario, an XML document will reference an XSL stylesheet, which will define how the XML elements of the document should be displayed as HTML. Therefore, a clear separation of content and presentation is achieved.

Extensible Stylesheet Language Transformations (XSLT) are used to convert XML documents into other formats.