Try OpenEdge Now
skip to main content
OpenEdge Authentication Gateway Guide
Overview : Glossary of Terms

Glossary of Terms

The following is a list of definitions of the terms used in this document.
The secure recoding of security-related events across an application, its utilities, and/or its databases
To confirm an individuals assertion of identity as a precursor to issuing them a security token
The process of verifying the identity of a user and issuing them a security token as a precursor to authorizing their access to protected resources
Authentication system
In OpenEdge an authentication system is a configurable Domain plug-in that is used by its authentication processes to authenticate a user’s identity as a member of that Domain
Authentication Provider
The Spring Security framework’s equivalent to an OpenEdge Domain’s authentication system plug-in
Grant/deny access to a protected resource
Authorization (process)
The process of using a user’s security token to Authorize their access to some protected resource
Client-side security
The execution of authentication, authorization and auditing processes by application/database clients
An ABL language handle used to access the contents of an OpenEdge security token
Connection Role
A Role whose access rights include physically connecting to an OpenEdge database and/or changing an existing connection’s user identity
Database connection
A persistent connection of a client to an OpenEdge database server for the purpose of accessing the database stored data.
The physical connection to an OpenEdge database uses an OpenEdge security token to grant/deny individual users the ability to establish a connection and/or change its current user identity
A collection of users, objects, or resources that conform to a common policy
Domain access code
An OpenEdge domain’s unique secret key that is used to seal an OpenEdge security token so that it may be authorized by OpenEdge resources
Domain registry
aka OpenEdge Domain Registry, a configuration of OpenEdge domains that includes its authentication system, authentication process options, and a unique domain access code used by OpenEdge resources to authorize access
OpenEdge database enhanced connection security
A collection of interdependent OpenEdge product security features first available in OpenEdge 11.6.2 that provide a greater degree of database connection security
OpenEdge Domain
aka Domain, used to identify a set of users that share a common authentication process and set of rights for access to OpenEdge resources (such as a database)
OpenEdge Authentication Gateway
A Progress Application Server (PAS) for OpenEdge instance configured for secure execution of a Security Token Service (STS) application
OpenEdge security token
A security token native to all OpenEdge component’s authentication and authorization processes
PAS for OpenEdge
A Progress Application Server (PAS) extended to execute one or more ABL AppServer / WebSpeed applications
Progress Application Server (PAS)
A Progress Web application server based on Apache Tomcat that used by multiple Progress products
Protected Resource
A physical something in a computer system whose access is limited to certain authorized users. Examples would be an OS server, database, data records, file system, etc.
Acronym for Role Based Access Control
A group attribute that binds individual users to a certain set of right(s)
Role Based Access Control (RBAC)
A model for controlling access to protected resources based on a user’s granted role rather than their individual identity
Role Membership
The inclusion of an individual user in a role that will be used by RBAC
Security Token
A token that contains verifiable proof of a user’s identity and granted role(s), and is used by an authorization process
Security Token Service (STS)
A Web application that runs in a PAS for OpenEdge server that provides authentication and security token services for OpenEdge distributed applications and databases
Spring Security
An industry-recognized authentication and authorization framework used in Java applications, featuring a direct-injection architecture
STS Client
An (authorized) client of an STS application
STS Client Key
A key (aka credentials) established by an administrator, holding ownership of a STS Key, for authorizing individual OpenEdge installation’s access to an STS application
Functionality in an STS application that is used to selectively grant OpenEdge ABL client and/or database rights to use its authentication and security token services
STS Server Key
A key (aka credentials) that uniquely identifies and instance of an STS application, and is used to generate and authorize STS client access via STS Client Keys
Server-side security
The authentication, authorization, and auditing processes executed by server processes
Something that uniquely identifies an authenticated users identity