absolute path The full path of an object that begins with the root directory.
abstract syntax notation one (ASN.1) In the Distributed Computing Environment (DCE), a data representation scheme that enables complicated types to be defined and enables values of these types to be specified.
access control lists (ACL) A file attribute that contains the basic and extended permissions that control access to the file.
adapter A part that electrically or physically connects a device to a computer or to another device.
agent A function that represents a requester to a server. An agent can be present in both a source and a target system.
algorithm A finite set of well-defined rules for the solution of a problem in a finite number of steps.
alias An alternative name that can be used instead of the primary name.
APache eXtenSion (APXS) A support program that simplifies the creation of dynamic shared object (DSO) files for Apache modules (especially for third-party modules). It can be used to build DSO-based modules outside of the Apache source tree.
argument An expression that is passed to a function or subroutine for evaluation.
asymmetric keys In computer security, the two keys in a key pair. The keys are called asymmetric because one key holds more of the encryption pattern than the other does.
attribute (1) A characteristic that identifies and describes a managed object. The characteristic can be determined, and possibly changed, through operations on the managed object. (2) Information within a managed object that is visible at the object boundary. An attribute has a type, which indicates the range of information given by the attribute, and a value, which is within that range.
authentication In computer security, verification of the identity of a user or the user's eligibility to access an object.
base64 Base64 is a command line utility which encodes and decodes files in this format. It can be used within a pipeline as an encoding or decoding filter, and is most commonly used in this manner as part of an automated mail processing system.
basic encoding rules (BER) A set of rules used to encode abstract syntax notation one (ASN.1) values as strings of octets.
Boolean A value of 0 or 1 represented internally in binary notation. Any operation in which each of the operands and the result take one of two values.
browser A client program that initiates requests to a Web server and displays the information that the server returns.
buffer A routine or an area of storage that compensates for the different speeds of data flow or timings of events, when transferring data from one device to another.
cache To place, hide, or store frequently used information locally for quick retrieval.
cache accelerator Provides support for caching on multiple Web servers and on servers with multiple IP addresses.
certificate authority (CA) In computer security, an organization that issues certificates. The certificate authority authenticates the certificate owner's identity and the services that the owner is authorized to use. It also manages the issuance of new certificates and revokes certificates from unauthorized users who are no longer authorized to use them. A certificate authority is considered to be trusted when a user accepts any certificate issued by that certificate authority as proof of the certificate owner's identity.
certificate revocation list (CRL) A list of certificates that need to be revoked before their expiration date.
cipher In Cryptographic Support, data that is unintelligible to all except those who have the key to decode it to plaintext.
ciphertext In Cryptographic Support, data that is unintelligible to all except
those who have the key to decode it to plaintext.
class (1) In object-oriented design or programming, a model or template that can be instantiated to create objects with a common definition and therefore, common properties, operations, and behavior. An object is an instance of a class. (2) In the AIX operating system, pertaining to the I/O characteristics of a device. System devices are classified as block or character devices
Common Gateway Interface (CGI) A standard for the exchange of information between a Web server and computer programs that are external to it. The external programs can be written in any programming language that is supported by the operating system on which the Web server is running.
component A reusable object or program that performs a specific function and is designed to work with other components and applications.
connector In a query management command, the TO word in the EXPORT command, the FROM word in the IMPORT command, or the AS word in the SAVE DATA command.
container A Java run-time environment for enterprise beans. A container, which runs on an Enterprise JavaBeans server, manages the life cycles of enterprise bean objects, coordinates distributed transactions, and implements object security.
conversational monitor system An operating system that provides general interactive time sharing, problem solving, and program development capabilities, and operates only under the control of the VM control program.
cryptographic support The IBM licensed program that provides support for the encryption and decryption of data, according to the Data Encryption Algorithm, and for the management of cryptographic keys and personal identification numbers (PINs).
daemon A program that runs unattended to perform continuous or periodic systemwide functions, such as network control.
Data Encryption Standard (DES) In computer security, the National Institute of Standards and Technology (NIST) Data Encryption Standard, adopted by the U.S. government as Federal Information Processing Standard (FIPS) Publication 46, which allows only hardware implementations of the data encryption algorithm.
data link control (DLC) The protocol layer used by nodes on a data link to accomplish an orderly exchange of information.
decrypt In cryptographic support, to convert ciphertext into plaintext.
default A value, attribute, or option that is automatically supplied or assumed by the system or program when no value is specified by the user.
delimited identifier A sequence of characters enclosed within double quotation marks (").
digest Data that has been organized into a format that provides for quick access to each piece of data.
digital certificate A form of personal identification that can be verified electronically. Only the certificate owner who holds the corresponding private key can present a certificate for authentication through a Web browser session. Anyone can verify that the certificate is valid by using a readily available public key.
digital signature Information that is encrypted with an entity private key and is appended to a message to assure the recipient of the authenticity and integrity of the message. The digital signature proves that the message was signed by the entity that owns, or has access to, the private key or shared secret symmetric key.
directive A statement that is used in the configuration file for a Web server to define a particular setting for the server.
Directory Access Protocol (DAP) The X.500 protocol that a directory user agent uses to obtain directory information from a remote directory system agent.
distinguished name (DN) In computer security, information that uniquely identifies the owner of a certificate.
domain An object, icon, or container that contains other objects representing the resources of a domain. You can use the domain object to manage those resources.
dynamic link library (DLL) A file containing executable code and data bound to a program at load time or run time, rather than during linking. Several applications can share the code and data in a dynamic link library simultaneously.
dynamic shared object (DSO) A mechanism which provides a way to build a piece of program code in a special format for loading at run time into the address space of an executable program. The DSO gets knowledge of the executable program symbol set as if it had been statically linked with it in the first place
dump (1) To record, at a particular instant, the contents of all or part of one storage device in another storage device. Dumping is usually for the purpose of debugging. (2) To copy data in a readable format from main or auxiliary storage onto an external medium such as tape, diskette, or printer. (3) To copy the contents of all or part of virtual storage for the purpose of collecting error information.
emulation The imitation of one computing system by another system through the use of software and hardware that allow the latter to run programs written for the former.
encoding The underlying part of a code page that defines: a) the coding space (the number and allowable value of code points in a code page); b) the rules for sharing the coding space between control and graphic characters; and c) the rules related to the specific options permitted in that scheme.
encrypt In Cryptographic Support, to systematically scramble information so that it cannot be read without knowing the coding key.
enterprise bean A nonvisual software component that conforms to the Sun Microsystems, Inc. Enterprise JavaBeans architecture. An enterprise bean is designed to be installed on a server and accessed remotely from a client. It realizes the standard component architecture for building distributed object-oriented business applications in the Java programming language.
entity Any concrete or abstract thing of interest, including associations among things; for example, a person, object, event, or process that is of interest in the context under consideration, and about which data may be stored in a database.
environment variable A variable that specifies how an operating system or another program runs, or the devices that the operating system recognizes.
error A discrepancy between a computed, observed, or measured value or condition and the true, specified, or theoretically correct value or condition.
error log (1) A data set or file in a product or system where error information is stored for later access. (2) A form in a maintenance library that is used to record error information about a product or system. (3) A record of machine checks, device errors, and volume statistical data.
extension A class of objects designated by a specific term or concept; denotation.
Fast Common Gateway Interface Protocol (FastCGI) The Fast Common Gateway Interface (FastCGI) is an enhancement to the existing Common Gateway Interface (CGI), which is a standard for interfacing external applications with Web servers.
filter (1) A device or program that separates data, signals, or material in accordance with specified criteria. (2) On the AIX operating system, a command that reads standard input data, modifies the data, and sends it to the display screen.
firmware Proprietary code that is usually delivered as microcode as part of an operating system. Firmware is more efficient than software loaded from an alterable medium and more adaptable to change than pure hardware circuitry.
flag 1) To mark an information item for selection for further processing. (2) A character that signals the occurrence of some condition, such as the end of a word.
folder A container used to organize objects.
fully qualified domain name (FQDN) In the Internet suite of protocols, the name of a host system that includes all of the subnames of the domain name. An example of a fully qualified domain name is mycomputer.city.company.com.
group A collection of users who can share access authorities for protected resources.
handler A function that is registered by the application programmer that the system or the application calls when certain events occur in the system or application.
handshake A Secure Sockets Layer (SSL) session always begins with an exchange of messages called the SSL handshake. The handshake allows the server to authenticate itself to the client by using public key techniques, and then allows the client and the server to cooperate in the creation of symmetric keys used for rapid encryption, decryption, and tamper detection during the session that follows. Optionally, the handshake also allows the client to authenticate itself to the server.
hashing Link sequences are of length log n. Hashing is a method which overcomes the log n barrier. The idea is that the position of a key within the data structure is computed directly from the value of the key.
header System-defined control information that precedes user data.
hierarchical A way to organize data on computer systems using a hierarchy of containers, often called folders (directories) and files. In this scheme, folders may contain other folders and files. The successive containment of folders within folders creates the levels of organization, which is the hierarchy.
host name In the Internet suite of protocols, the name that is given to a machine. Sometimes, host name is used to mean fully qualified domain name (FQDN). Other times, it is used to mean the most specific subname of a fully qualified domain name. For example, if rchland.vnet.ibm.com is the fully qualified domain name, either of the following can be considered the host name: (a) rchland.vnet.ibm.com, or (b) rchland.
Hypertext Transfer Protocol (HTTP) In the Internet suite of protocols, the protocol that is used to transfer and display hypertext documents.
Hypertext Transport Protocol Secure (HTTPS) A TCP/IP protocol that is used by World Wide Web servers and Web browsers to transfer and display hypermedia documents securely across the Internet.
instance In object-oriented programming, an object created by instantiating a class.
invocation The activation of a program or procedure.
Java An object-oriented programming language for portable interpretive code that supports interaction among remote objects. Java was developed and specified by Sun Microsystems, Incorporated.
Java Development Kit (JDK) A software package that can be used to write, compile, debug, and run Java applets and applications.
Java Runtime Environment (JRE) A subset of the Java Development Kit (JDK) that contains the core executables and files that constitute the standard Java platform. The JRE includes the Java Virtual Machine (JVM), core classes, and supporting files.
Java Virtual Machine (JVM) A software implementation of a central processing unit (CPU) that runs compiled Java code (applets and applications).
kernel The part of an operating system that performs basic functions such as allocating hardware resources.
key In computer security, a sequence of symbols that is used with a cryptographic algorithm for encrypting or decrypting data.
key database Exists as a file that the server uses to store one or more key pairs and certificates. You can use one key database for all your key pairs and certificates, or create multiple databases.
key file In the Distributed Computing Environment (DCE), a file that contains encryption keys for noninteractive principals.
key pair In computer security, a public key and a private key. When the key pair is used for encryption, the sender uses the public key to encrypt the message, and the recipient uses the private key to decrypt the message. When the key pair is used for signing, the signer uses the private key to encrypt a representation of the message, and the recipient uses the public key to decrypt the representation of the message for signature verification.
key ring In computer security, a file that contains public keys, private keys, trusted roots, and certificates.
Layered Service Provider (LSP) A service provider is an installed protocol stack, not to be confused with a service, which is a server application. A base protocol is a protocol (such as TCP) capable of performing data communications with a remote endpoint. A layered protocol is a protocol that cannot stand alone; it relies on a base protocol for services. SSL is an example of a layered protocol. Layered protocols are only used through an interface for service providers. These are layered service providers.
Lightweight Directory Access Protocol (LDAP) In TCP/IP, a protocol that enables users to locate people, organizations, and other resources in an Internet directory or intranet directory.
local area network (LAN) (1) A computer network located on a user's premises within a communication across the LAN boundary may be subject to some form of regulation. (2) A network in which a set of devices are connected to one another for communication and that can be connected to a larger network.
long name The expanded name of the presentation space or emulation session.
machine translation A translation productivity tool that works by breaking down sentences or other text segments, analyzing them in context and then recreating their meaning in the target language. Machine translation works best on large volumes of well written texts from narrow subject areas.
memory load control A facility, added in AIX Version 3.2, that detects memory over-commitment and temporarily reduces the number of running processes, thus avoiding thrashing.
method In object-oriented design or programming, the software that implements the behavior specified by an operation.
microcode A code, representing the instructions of an instruction set, that is implemented in a part of storage that is not program-addressable.
mode A method of operation in which the actions that are available to a user are determined by the state of the system.
module A program unit that is discrete and identifiable with respect to compiling, combining with other units, and loading.
name space The scope within which a name provides the intended identification. Here is an analogy: given names are intended to uniquely identify members of a family; in this case, the name space is the family.
native Pertaining to the relationship between a transport user and a transport provider that are both based on the same transport protocol.
net mask A 32-bit mask used to identify the most local portion of a local area network (LAN)
node The smallest unit of valid, complete structure in an XML document. The nodes that include a tag set, along with any required attributes, attribute values, and content, consitute an element.
object (1) In object-oriented design or programming, a concrete realization of a class
that consists of data and the operations associated with that data.
object class A categorization or grouping of objects that share similar behaviors and circumstances.
object identifier (OID) An administratively assigned data value of the type defined in abstract syntax notation 1 (ASN.1).
octet A byte composed of eight binary elements.
Open Systems Interconnection (OSI) The interconnection of open systems in accordance with standards of the International Organization for Standardization (ISO) for the exchange of information.
operand An entity on which an operation is performed.
parse To break down a string of information such as a command or file into its constituent parts.
path A list of one or more directory names and an object name (such as the name of a file) that are separated by an operating system-specific character, such as the slash (/) in UNIX operating systems, the backslash (\) in Windows operating systems, and the semicolon (;) in OS/2 operating systems.
Peripheral Component Interconnect (PCI) A computer bussing architecture that defines electrical and physical standards for electronic interconnection.
permissions In the Distributed Computing Environment (DCE), the modes of access to a protected object. The number and meaning of permissions with respect to an object are defined by the access control list (ACL) manager of the object.
pipeline A serial arrangement of processors or a serial arrangement of registers within a processor. Each processor or register performs part of a task and passes results to the next processor; several parts of different tasks can be performed at the same time.
PKCS12 Sometimes referred to as PFX files; PKCS#12 files are used by several programs including Netscape, MSIE and MS Outlook.
plug-in A self-contained software component that modifies (adds or changes) function in a particular software system. When a user adds a plug-in to a software system, the foundation of the original software system remains intact. The development of plug-ins requires well defined application programming interfaces (APIs).
port (1) A system or network access point for data entry or exit. (2) A connector on a device to which cables for other devices such as display stations and printers are attached. (3) The representation of a physical connection to the link hardware. A port is sometimes referred to as an adapter; however, there can be more than one port on an adapter. One or more ports are controlled by a single data link control (DLC) process. (4) In the Internet suite of protocols, a specific logical connector between the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP) and a higher level protocol or application. (5) To modify a computer program to enable it to run on a different platform.
port number In the Internet suite of protocols, the identifier for a logical connector between an application entity and the transport service.
presentation space A conceptual two-dimensional surface in storage on which data for a portion of the display surface is represented.
principal In DCE Security, an entity that can communicate securely with another entity. In the Distributed computing Environment (DCE), principals are represented as entries in the Registry database and include users, servers, computers, and authentication surrogates.
private key In secure communication, an algorithmic pattern used to encrypt messages that only the corresponding public key can decrypt. The private key is also used to decrypt messages that were encrypted by the corresponding public key. The private key is kept on the user's system and is protected by a password.
process ID A unique number assigned to a process by the operating system. The number is used internally by processes to communicate.
property A characteristic or attribute that describes a unit of information.
proxy server A server that receives requests intended for another server and that acts on the behalf of the client behalf (as the client proxy) to obtain the requested service. A proxy server is often used when the client and the server are incompatible for direct connection. For example, the client is unable to meet the security authentication requirements of the server but should be permitted some services.
public key In secure communication, an algorithmic pattern used to decrypt messages that were encrypted by the corresponding private key. A public key is also used to encrypt messages that only the corresponding private key can decrypt. Users broadcast their public keys to everyone with whom they must exchange encrypted messages.
public key infrastructure (PKI) An infrastructure that supports digital signatures and other public key-enabled security services.
redirect To divert data from a process to a file or device to which it would not normally go.
relative path A path that begins with the working directory.
root certificate In SET programs, the certificate at the top of the certificate chain hierarchy.
root node In a graphical representation of data as a tree, a node that has no parents but typically has children.
scope Specification of the boundary within which system resources can be used.
Secure Sockets Layer (SSL) A security protocol that provides communication privacy. SSL enables client and server applications to communicate in a way that is designed to prevent eavesdropping, tampering, and message forgery. SSL was developed by Netscape Communications Corporation and RSA Data Security, Inc.
Secure Hash Algorithm (SHA) The current approved hash algorithm produces a message digest of 160 bits.
server-side includes A facility for including dynamic information in documents sent to clients, such as current date, the last modification date of the file, and the size or last modification of other files.
shim A thin, often tapered, piece of material, such as metal, used to fill in space between things for support, adjustment, or leveling.
short name In Personal Communications, the one-letter name (A through Z) of the presentation space or emulation session.
Simple Mail Transfer Protocol (SMTP) In the Internet suite of protocols, an application protocol for transferring mail among users of the Internet.
small computer system interface (SCSI) A standard hardware interface that enables a variety of peripheral devices to communicate with one another.
socket A method of communication between two processes. A socket is an identifier that the application uses to uniquely identify an end point of communications. The user associates a protocol address with the socket by associating a socket address with the socket.
stanza A group of lines in a file that together have a common function or define a part of the system. Stanzas are usually separated by blank lines or colons, and each stanza has a name.
stash file A file that hides other data files within.
string A sequence of elements of the same nature, such as characters considered as a whole. For example, character string, binary string, and hexadecimal string.
subdirective Similar to directives, except that they do not have their own class. The directive is responsible for fetching and processing the subdirective arguments.
subgroup A subset of a group.
subnet An interconnected, but independent segment of a network that is identified by its Internet Protocol (IP) address.
subtree A section of a directory hierarchy, which is also called a directory tree. The subtree typically starts at a particular directory and includes all subdirectories and objects below that directory in the directory hierarchy; that is, any subdirectories or objects connected to the directory, or to any lower level of its subdirectories.
symmetric keys In computer security, the two keys in a key pair. The keys are called symmetric because each key holds as much of the encryption pattern as the other does.
syntax The rules for the construction of a command or statement.
target In advanced program-to-program communications, the program or system to which a request for processing is sent.
thrashing A condition, caused by a high level of memory over-commitment, in which the system is spending all of its time writing out virtual memory pages and reading them back in. The application programs make no progress because their pages do not stay in memory long enough to be used. Memory load control is intended to avoid or stop thrashing.
thread A stream of computer instructions that is in control of a process. A multithread process begins with one stream of instructions (one thread) and can later create other instruction streams to perform tasks.
timeout (1) An event that occurs at the end of a predetermined period of time that began at the occurrence of another specified event. (2) A time interval allotted for certain operations to occur; for example, response to polling or addressing before system operation is interrupted and must be restarted.
token A particular message or bit pattern that signifies permission to transmit.
tree structure A data structure that represents entities in nodes, with at most one parent node for each node, and with only one root node.
trusted root A certificate signed by a certificate authority (CA), designated as a trusted CA on your server.
utility In programming, a program that performs a common service function.
variable A name used to represent data that can be changed while the program or procedure is running.
virtual host Refers to the practice of maintaining more than one server on one machine, differentiated by their apparent host name.
wildcard A special character such as an asterisk (*) or a question mark (?) that you can use to represent one or more characters. Any character or set of characters can replace a pattern matching character.
X.500 The directory services standard of International Telecommunication Union (ITU), International Organization for Standardization (ISO), and International Electrotechnical Commission (IEC).
x509 The x509 command is a multipurpose certificate utility. It can be used to display certificate information, convert certificates to various forms, sign certificate requests, or edit certificate trust settings.