Xem mẫu

Glossary 397 bean provider Arole in an EJB lifecycle that is responsible for producing enter-prise beans in the form of EJB JAR files containing one or more enterprise beans. The JAR files include Java classes that implement the enterprise bean’s business methods, definitions of the bean’s remote and home interfaces, and the deploy-ment descriptor. class Anamed description of a set of objects that share the same attributes, oper-ations, relationships, and semantics. client stub An element generated by the IDL compiler as part of the client code that acts as a proxy of the object for the client. The client code calls a locally residing stub, which makes calls on the rest of the ORB, using interfaces that are private to, and presumably optimized for, the particular ORB core. COM+ The next generation (after COM) in the evolution of Microsoft distributed computing architecture. It integrates Microsoft Transaction Server into COM and provides a messaging alternative, based on Microsoft Message Queue tech-nology, for COM calls. component The fundamental building block of distributed software applications. Each component has one or more interfaces that provide the points of entry for calling programs. An interface, which is defined in terms of operations (also called methods), encapsulates a component and ensures that a component is modular. composite delegation Aform of delegation in which both the client privileges and the immediate invoker’s privileges are passed to the target, so that both the client privileges and the privileges from the immediate source of the invocation can be individually checked. confidentiality Asecurity property ensuring that information is disclosed only to the authorized subjects. constrained delegation Synonymous with controlled delegation. container Arich runtime environment that provides an array of application ser-vices, allowing the application developer to concentrate on building the applica-tion rather than the supporting infrastructure. controlled delegation Aform of delegation in which a client can impose con-straints on what privileges can be delegated to what intermediates. Also known as constrained delegation or restricted delegation. cookie Asmall piece of information sent by a Web server to be stored on a Web browser so it can later be read back from that browser. 398 Glossary CORBA Common Object Request Broker Architecture. CORBAis an open, ven-dor-independent specification for an architecture and infrastructure that com-puter applications use to work together over networks. CORBA Security (CORBASec) The CORBASecurity service as defined in OMG 2000a. credentials Acontainer for a subject’s security attributes. CSIv2 Common Secure Interoperability version 2 (CSI, 2000). Arecent addition to the CORBAsecurity specification that defines a protocol for transmitting authentication and authorization data over IIOP. DAC See Discretionary Access Control. Data Encryption Standard (DES) Apopular encryption algorithm standardized by the U.S. National Bureau of Standards. It is a product cipher that operates on 64-bit blocks of data, using a 56-bit key. It is defined in the Federal Information Processing Standards (FIPS) 46-1 (1988), which supersedes FIPS 46 (1977). DES is identical to the ANSI standard Data Encryption Algorithm (DEA) defined in ANSI X3.92-1981 (FOLDOC 2002). data tier Atier in the enterprise computing architecture that usually consists of database servers and mainframe-based repositories providing access to data. DCE See Distributed Computing Environment. DCOM See Distributed Component Object Model. delegation Afeature of distributed systems that allows intermediate servers to act on behalf of the originating subject. demilitarized zone (DMZ) Apart of the network that is neither part of the internal network nor directly part of the private network. Typically, this is the area between the public network (such as the Internet) access router and the enterprise bastion host, although it can be located between any two policy-enforcing areas. denial of service Prevention of authorized access to a system resource or the delaying of system operations and functions (TIS 2000). deployer See bean deployer. deployment descriptor Afile that provides both the structural and application assembly information about the enterprise beans in the EJB JAR file. Glossary 399 DES see Data Encryption Standard. digital certificate Acertificate document in the form of a digital data object (a data object used by a computer) to which is appended a computed digital signa-ture value that depends on the data object (TIS 2000). digital signature Avalue computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data’s origin and integrity (TIS 2000). directory service Adistributed service that provides the ability to look up objects by their keys or attributes. Discretionary Access Control (DAC) An access control model based on “restrict-ing access to objects based on the identity of subjects or the groups to which they belong. The controls are discretionary in the sense that a subject with a cer-tain access permission is capable of passing that permission (perhaps indirectly) on to any other subject” (DoD 1985). Distributed Component Object Model (DCOM) Microsoft’s extension of their Component Object Model (COM) to support objects distributed across a network. DCOM has been submitted to the IETF as a draft standard (FOLDOC 2002). Distributed Computing Environment (DCE) Acomputing environment stan-dardized by the Open Group that provides the following integrated facilities: Remote Procedure Call, Directory Services, Security Service, Threads, Distrib-uted Time Service, and Distributed File Service. DMZ See demilitarized zone. document type definition (DTD) Adescription of the markup elements avail-able in any specific type of XML or SGML document. DTD See document type definition. EAI See Enterprise Application Integration EASI See Enterprise Application Security Integration e-business The use of the Internet technology to help businesses streamline processes, improve productivity, and increase efficiency. E-business enables companies to easily communicate with partners, vendors, and customers, con-nect back-end systems, and conduct commerce in a secure manner. 400 Glossary ebXML Ajoint activity by OASIS and the United Nations Center For Trade Facil-itation and Electronic Business (UN/CEFACT), whose goal is to define stan-dards for the formatting and transmission of electronic commerce data, describe business processes, and negotiate business terms and responsibilities. It is hoped that by assuming Internet standard protocols and using XML that the cost of implement ebXML will be less than the cost of EDI. e-commerce Commerce conducted electronically with the use of the Internet technology. It includes an online display of goods and services, ordering, billing, customer service, and the handling of payments and transactions. EDI See Electronic Data Interchange. EDIFACT See Electronic Data Interchange for Administration, Commerce and Transport. EJB See Enterprise JavaBeans. electronic data interchange (EDI) The exchange of standardized document forms between computer systems for business use (FOLDOC 2002). Electronic Data Interchange for Administration, Commerce and Transport (EDI-FACT) ISO’s 1988 standard (ISO 9735) for electronic data interchange for administration, commerce and transport. It defines application-layer syntax. It was amended and reprinted in 1990. The document is available from ISO’s Web site (FOLDOC 2002). encryption The cryptographic transformation of data (called “plaintext”) into a form (called “ciphertext”) that conceals the data’s original meaning to prevent it from being known or used. If the transformation is reversible, the corresponding reversal process is called “decryption,” which is a transformation that restores encrypted data to its original state (TIS 2000). Enterprise Application Integration (EAI) Amethodological approach supported by a set of technologies that allows flexible integration of applications in order to support enterprise business processes. Enterprise Application Security Integration (EASI) Aspecial case of Enterprise Application Integration that enables the use of many different security technolo-gies, and, as a result, provides the framework for secure EAI. Enterprise JavaBeans (EJB) Architecture for component-based distributed com-puting from Sun. Enterprise beans are components of distributed transaction-oriented enterprise applications. entitlement Abusiness access rule that describes the decision criteria applied when a user attempts to access an application resource. Glossary 401 entitlement management Administration and maintenance of the various permis-sions, roles, privileges, and login rights for an organization’s information systems users, including suppliers, partners, customers, and employees. Resources include client/server applications, legacy applications, and Web pages. entitlement server Aparticular type of authorization server that can provide entitlement-based fine-grained access control for the mid-tier. eXtensible Access Control Markup Language (XACML) Aspecification for expressing access control policies over the Internet. Extensible Markup Language (XML) Amarkup language standardized by the W3C that defines a simple dialect of SGML suitable for use on the Web. extranet the extension of a company’s intranet out onto the Internet, for example, to allow selected customers, suppliers and mobile workers to access the com-pany’s private data and applications via the World Wide Web. This is in contrast to, and usually in addition to, the company’s public Web site, which is accessible to everyone (FOLDOC 2002). federation Asystem in which each party retains most of its authority and agrees to afford the other limited rights. firewall Ahardware device or a software program running on a secure host com-puter that protects networked computers from intentional hostile intrusion, which could result in a security breach. forward trust evaluation ACSIv2 term that refers to the evaluation of trust based on rules provided by the caller. framework Aset of services, designs, architectures, or systems that embodies an abstract solution to a number of related, concrete problems. hacker Aperson who enjoys the intellectual challenge of creatively overcoming or circumventing limitations (FOLDOC 2002). Frequently, malicious intruders are also called hackers. HTML See Hypertext Markup Language. HTTP See Hypertext Transfer Protocol. HTTPS See Hypertext Transfer Protocol, Secure. Hypertext Markup Language (HTML) Built on top of SGML, a hypertext document format used on the WWW. ... - tailieumienphi.vn
nguon tai.lieu . vn