Glossary

authentication: In computer security, verification of the identity of a user or the user's eligibility to access an object.
cache: To place, hide, or store frequently used information locally for quick retrieval.
cache accelerator: Provides support for caching on multiple Web servers and on servers with multiple IP addresses.
certificate authority (CA): In computer security, an organization that issues certificates. The certificate authority authenticates the certificate owner's identity and the services that the owner is authorized to use. It also manages the issuance of new certificates and revokes certificates from unauthorized users who are no longer authorized to use them. A certificate authority is considered to be trusted when a user accepts any certificate issued by that certificate authority as proof of the certificate owner's identity.
certificate revocation list (CRL): A list of certificates that need to be revoked before their expiration date.
cipher: In Cryptographic Support, data that is unintelligible to all except those who have the key to decode it to plaintext.
cipher specifications: Indicate the data encryption algorithm and key size to use for secure connections.
cryptographic support: The IBM® licensed program that provides support for the encryption and decryption of data, according to the Data Encryption Algorithm, and for the management of cryptographic keys and personal identification numbers (PINs).
Data Encryption Standard (DES): In computer security, the National Institute of Standards and Technology (NIST) Data Encryption Standard, adopted by the U.S. government as Federal Information Processing Standard (FIPS) Publication 46, which allows only hardware implementations of the data encryption algorithm.
digital certificate: A form of personal identification that can be verified electronically. Only the certificate owner who holds the corresponding private key can present a certificate for authentication through a Web browser session. Anyone can verify that the certificate is valid by using a readily available public key.
digital signature: Information that is encrypted with an entity private key and is appended to a message to assure the recipient of the authenticity and integrity of the message. The digital signature proves that the message was signed by the entity that owns, or has access to, the private key or shared secret symmetric key.
directive: A statement that is used in the configuration file for a Web server to define a particular setting for the server.
distinguished name (DN): In computer security, information that uniquely identifies the owner of a certificate.
dynamic shared object (DSO): A mechanism which provides a way to build a piece of program code in a special format for loading at run time into the address space of an executable program. The DSO gets knowledge of the executable program symbol set as if it had been statically linked with it in the first place
encrypt: In Cryptographic Support, to systematically scramble information so that it cannot be read without knowing the coding key.
environment variable: A variable that specifies how an operating system or another program runs, or the devices that the operating system recognizes.
Fast Common Gateway Interface Protocol (FastCGI): The Fast Common Gateway Interface (FastCGI) is an enhancement to the existing Common Gateway Interface (CGI), which is a standard for interfacing external applications with Web servers.
handshake: A Secure Sockets Layer (SSL) session always begins with an exchange of messages called the SSL handshake. The handshake allows the server to authenticate itself to the client by using public key techniques, and then allows the client and the server to cooperate in the creation of symmetric keys used for rapid encryption, decryption, and tamper detection during the session that follows. Optionally, the handshake also allows the client to authenticate itself to the server.
Java™: An object-oriented programming language for portable interpretive code that supports interaction among remote objects. Java was developed and specified by Sun Microsystems, Incorporated.
Java Development Kit (JDK): A software package that can be used to write, compile, debug, and run Java applets and applications.
Java Runtime Environment (JRE): A subset of the Java Development Kit (JDK) that contains the core executables and files that constitute the standard Java platform. The JRE includes the Java Virtual Machine (JVM), core classes, and supporting files.
Java Virtual Machine (JVM): A software implementation of a central processing unit (CPU) that runs compiled Java code (applets and applications).
key: In computer security, a sequence of symbols that is used with a cryptographic algorithm for encrypting or decrypting data.
key database: Exists as a file that the server uses to store one or more key pairs and certificates. You can use one key database for all your key pairs and certificates, or create multiple databases.
key file: In the Distributed Computing Environment (DCE), a file that contains encryption keys for noninteractive principals.
key pair: Contains a public, distributed key and a private key. A key pair is issued by a public key cryptography system and is used in combination with each other to validate and authenticate a connection between a client and server for secure connections.
Lightweight Directory Access Protocol (LDAP): In TCP/IP, a protocol that enables users to locate people, organizations, and other resources in an Internet directory or intranet directory.
module: A program unit that is discrete and identifiable with respect to compiling, combining with other units, and loading.
password stashing: The password is encrypted in a file or on a hard drive. Your keydb password needs to reside in a file in order to use secure sockets layer (SSL).
PKCS12: Sometimes referred to as PFX files; PKCS#12 files are used by several programs including Netscape, MSIE and MS Outlook.
plug-in: A self-contained software component that modifies (adds or changes) function in a particular software system. When a user adds a plug-in to a software system, the foundation of the original software system remains intact. The development of plug-ins requires well defined application programming interfaces (APIs).
port: (1) A system or network access point for data entry or exit. (2) A connector on a device to which cables for other devices such as display stations and printers are attached. (3) The representation of a physical connection to the link hardware. A port is sometimes referred to as an adapter; however, there can be more than one port on an adapter. One or more ports are controlled by a single data link control (DLC) process. (4) In the Internet suite of protocols, a specific logical connector between the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP) and a higher level protocol or application. (5) To modify a computer program to enable it to run on a different platform.
port number: In the Internet suite of protocols, the identifier for a logical connector between an application entity and the transport service.
private key: In secure communication, an algorithmic pattern used to encrypt messages that only the corresponding public key can decrypt. The private key is also used to decrypt messages that were encrypted by the corresponding public key. The private key is kept on the user's system and is protected by a password.
public key: In secure communication, an algorithmic pattern used to decrypt messages that were encrypted by the corresponding private key. A public key is also used to encrypt messages that only the corresponding private key can decrypt. Users broadcast their public keys to everyone with whom they must exchange encrypted messages.
public key infrastructure (PKI): An infrastructure that supports digital signatures and other public key-enabled security services.
Secure Sockets Layer (SSL): A security protocol that provides communication privacy. SSL enables client and server applications to communicate in a way that is designed to prevent eavesdropping, tampering, and message forgery. SSL was developed by Netscape Communications Corporation and RSA Data Security, Inc.
stash file: A file that hides other data files within.
symmetric keys: In computer security, the two keys in a key pair. The keys are called symmetric because each key holds as much of the encryption pattern as the other does.
trust policy: Contains a trusted list of certificates that are used to control the trust and validity period of certificates. It enables one to limit the trust of certificates issued by a certificate authority.
trusted root: A certificate signed by a certificate authority (CA), designated as a trusted CA on your server.
virtual host: Refers to the practice of maintaining more than one server on one machine, differentiated by their apparent host name.
X.500: The directory services standard of International Telecommunication Union (ITU), International Organization for Standardization (ISO), and International Electrotechnical Commission (IEC).