|
Auditing
|
The secure recoding of security-related events across an application, its utilities, and/or its databases
|
|
Authenticate
|
To confirm an individuals assertion of identity as a precursor to issuing them a security token
|
|
Authentication
|
The process of verifying the identity of a user and issuing them a security token as a precursor to authorizing their access to protected resources
|
|
Authentication system
|
In OpenEdge an authentication system is a configurable Domain plug-in that is used by its authentication processes to authenticate a user’s identity as a member of that Domain
|
|
Authentication Provider
|
The Spring Security framework’s equivalent to an OpenEdge Domain’s authentication system plug-in
|
|
Authorize
|
Grant/deny access to a protected resource
|
|
Authorization (process)
|
The process of using a user’s security token to Authorize their access to some protected resource
|
|
Client-side security
|
The execution of authentication, authorization and auditing processes by application/database clients
|
|
Client-Principal
|
An ABL language handle used to access the contents of an OpenEdge security token
|
|
Connection Role
|
A Role whose access rights include physically connecting to an OpenEdge database and/or changing an existing connection’s user identity
|
|
Database connection
|
A persistent connection of a client to an OpenEdge database server for the purpose of accessing the database stored data.
The physical connection to an OpenEdge database uses an OpenEdge security token to grant/deny individual users the ability to establish a connection and/or change its current user identity
|
|
Domain
|
A collection of users, objects, or resources that conform to a common policy
|
|
Domain access code
|
An OpenEdge domain’s unique secret key that is used to seal an OpenEdge security token so that it may be authorized by OpenEdge resources
|
|
Domain registry
|
aka OpenEdge Domain Registry, a configuration of OpenEdge domains that includes its authentication system, authentication process options, and a unique domain access code used by OpenEdge resources to authorize access
|
|
OpenEdge database enhanced connection security
|
A collection of interdependent OpenEdge product security features first available in OpenEdge 11.6.2 that provide a greater degree of database connection security
|
|
OpenEdge Domain
|
aka Domain, used to identify a set of users that share a common authentication process and set of rights for access to OpenEdge resources (such as a database)
|
|
OpenEdge Authentication Gateway
|
A Progress Application Server (PAS) for OpenEdge instance configured for secure execution of a Security Token Service (STS) application
|
|
OpenEdge security token
|
A security token native to all OpenEdge component’s authentication and authorization processes
|
|
PAS for OpenEdge
|
A Progress Application Server (PAS) extended to execute one or more ABL AppServer / WebSpeed applications
|
|
Progress Application Server (PAS)
|
A Progress Web application server based on Apache Tomcat that used by multiple Progress products
|
|
Protected Resource
|
A physical something in a computer system whose access is limited to certain authorized users. Examples would be an OS server, database, data records, file system, etc.
|
|
RBAC
|
Acronym for Role Based Access Control
|
|
Role
|
A group attribute that binds individual users to a certain set of right(s)
|
|
Role Based Access Control (RBAC)
|
A model for controlling access to protected resources based on a user’s granted role rather than their individual identity
|
|
Role Membership
|
The inclusion of an individual user in a role that will be used by RBAC
|
|
Security Token
|
A token that contains verifiable proof of a user’s identity and granted role(s), and is used by an authorization process
|
|
Security Token Service (STS)
|
A Web application that runs in a PAS for OpenEdge server that provides authentication and security token services for OpenEdge distributed applications and databases
|
|
Spring Security
|
An industry-recognized authentication and authorization framework used in Java applications, featuring a direct-injection architecture
|
|
STS Client
|
An (authorized) client of an STS application
|
|
STS Client Key
|
A key (aka credentials) established by an administrator, holding ownership of a STS Key, for authorizing individual OpenEdge installation’s access to an STS application
|
|
STS Key
|
Functionality in an STS application that is used to selectively grant OpenEdge ABL client and/or database rights to use its authentication and security token services
|
|
STS Server Key
|
A key (aka credentials) that uniquely identifies and instance of an STS application, and is used to generate and authorize STS client access via STS Client Keys
|
|
Server-side security
|
The authentication, authorization, and auditing processes executed by server processes
|
|
Token
|
Something that uniquely identifies an authenticated users identity
|