Back | Next | Contents Cams Administrator's Guide

Glossary

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A

Access Control Pipeline - The Cams server pluggable request processing pipeline with each security domain.

Access Control List - Identifies the users who may access a resource, and the type of access to that resource, that a user is permitted to have. Once a user is authenticated the ACL controls what they are permitted to do.

Access Control Policy - Defines the resources being protected and the rules that control access to them.

Access Control Request - Information about a request by a user to get access to a resource including a type, a resource id, and an action.

Access Control Response - The information return by the Cams server to an agent regard and access control request.

Access Control Service - A Cams server service that grant or denies access to resources based on an access control policy.

Access Control Rule - The implementation or expression of the business logic for controlling access to protected resources.

Access Control Rule Library - Manages access control rule types and instances.

Access Control Value - A Cams server individual processing node within an access control pipeline. By default, the first access control valve configured in Cams logs the request and the last valve (also referred to as the basic valve) uses the security domain-specific access control policy to grant or deny access.

Access Management - The centralized or unified implementation and management of user authentication and entitlement to a site's secure resources.

Agent - Cams software components that delegate security requests to a Cams server. Also known as a pluggin. Agents are specific to the application (application agent), web server (web agent), or J2EE server (application server agent) that host them.

Audit - An examination of records and activities to ensure compliance with established security controls, policies, and procedures.

Authentication - Identifies an individual or application through the use of username/password, profiles, digital certificates or other means.

Authentication Pipeline - The Cams server pluggable authentication processing pipeline with each security domain.

Authentication Server - The engine within the Cams server that makes authentication decisions based on a security domain's login configuration.

Authentication Service - A Cams server service that verifies the user identity and establishes a session that exists until the user logs out or the session times out due to inactivity.

Authenticated User - A user that has presented valid and accepted login credentials to a resource controller.

Authentication Valve - A Cams server individual processing node within an authentication pipeline. By default, the first authentication valve logs the authentication request and the last valve (also referred to as the basic valve) attempts authentication based on information contained in an authentication request.

Authorization - Develops rules or policies relating to what information users are allowed to view and manipulate (also know as Access Control).

B

Basic authentication - Internet browser managed base64-encoding the username and password and transmitting the result to the server.

C

Callback - Enables underlying security services to interact with a calling application to retrieve specific authentication data such as usernames and passwords, or to display certain information, such as error and warning messages. See Callback.

Callback Handler - Application component that passes authentication credentials from the application to a login module. See CallbackHandler.

Credential - Values (such as a username or password) or tokens (such as a digital certificate) owned by a user and presented to an authentication controller for validation of the user's identity.

E

Engine Layer - Enables a Cams server to host security domain services.

G

Group - A a category of users, classified by common traits to facilitate administration.

L

LDAP - Lightweight Directory Access Protocol. A client-server protocol for accessing a directory service. It runs over TCP and can be used to access a stand-alone LDAP directory service or to access a directory service back-ended by X.509.

Login Configuration - Specifies authentication requirements for a given security domain including login configuration entries, callback handlers, and login parameters.

Login Configuration Entry - Specifies the login modules you will use with Cams. Because LoginModules are pluggable, you can implement them without modification to Cams. Because they are stackable, you can specify how authentication to one or more LoginModules is required to access any resource.

Login Module - The Cams mechanism by which callers prove that they are acting on behalf of specific users or systems. See LoginModule.

Logical Operator - The three Boolean operators AND, OR, and NOT that gather or separate things into neat piles depending on how you use them. Cams uses logical operators between, and in some cases preceding, access control rules.

N

Network Adapter Layer - Enables a Cams server to offer services on different TCP/IP ports and to support network clients that speak different protocols.

P

Permission - Associates a set of resources (defined using a resource pattern) with one of two possible actions: an access control rule that will be evaluated to grant or deny access to the resource, or a security domain to which access control will be delegated.

Policy Server - The components within the Cams server that make access control decisions based on rules and and permissions defined in security domains.

Principal - Any entity such as an individual user, a login id, or groups to which a user belongs.

R

Remote Address - The IP address of the computer on which the browser or client application is running.

Remote Host - The fully qualified DNS hostname of the computer on which the browser or client application is running.

Resource - Content including web pages, files, datasources, Enterprise Java Beans, and more that are network accessible.

Roles - A working description of a user assigned to a user or group at application deployment time. Roles provide users access to application resources or enable programmatic decisions.

S

Security Domain - Enables access management to be partitioned according to organizational or physical boundaries, different security domains may be securely configured and managed by different individuals, departments, and companies.

Security Domain Registry - Maintains basic information about each security domain known to Cams, including the name and location of configuration metadata.

Service Manager Service - A Cams server service that enables custom security domain-specific services to be used/reused via programmer's APIs.

Session - The Cams server metadata assigned to a currently authenticated user.

Session Access Service - A Cams server service that provides information about authenticated users to agents.

Session Control Service - A Cams server service that enables modification and explicit closure (logout) of user sessions.

Session Management - The process of capturing and changing metadata about an authenticated user throughout the login.

Session Manager Service - A Cams server service that manages an authenticated user's session and expires it if inactive for a configurable period.

Session Object - The programmatic object where a user's session metadata is persisted.

Service Provider Layer - Enables a Cams server to provide security services like authentication and access control.

Single Sign-On - Enables a user to authenticate on one web server and access resources hosted on other web servers (or other virtual hosts within the same web server) without having to re-authenticate.

Subject - The container that holds authentication information about the user or service being authenticated, including relevant principals and credentials.

T

Trace Logger - A centralized, security domain specific component that logs information about the startup, shutdown, warnings, and errors of it's services.

U

Users - Accounts that usually represents a person (but could be a system).

User Repository - A LDAP server, a database, or file containing users, passwords, groups, and roles.

Back | Next | Contents