1.1 Glossary
This document uses the following terms:
access control entry (ACE): An entry in an access control list (ACL) that contains a set of user rights and a security identifier (SID) that identifies a principal for whom the rights are allowed, denied, or audited.
access control list (ACL): A list of access control entries (ACEs) that collectively describe the security rules for authorizing access to some resource; for example, an object or set of objects.
Active Directory: The Windows implementation of a general-purpose directory service, which uses LDAP as its primary access protocol. Active Directory stores information about a variety of objects in the network such as user accounts, computer accounts, groups, and all related credential information used by Kerberos [MS-KILE]. Active Directory is either deployed as Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS), which are both described in [MS-ADOD]: Active Directory Protocols Overview.
Active Directory account creation mode: A type of account creation mode that retrieves and uses user accounts in a specific Active Directory Domain Services (AD DS) organizational unit.
anonymous access: A mechanism that does not require users to specify a user name or password for authentication.
anonymous authentication: An authentication mode in which neither party verifies the identity of the other party.
anonymous user: A user who presents no credentials when identifying himself or herself. The process for determining an anonymous user can differ based on the authentication protocol, and the documentation for the relevant authentication protocol should be consulted.
attachment: An external file that is included with an Internet message or associated with an item in a SharePoint list.
authentication: The ability of one entity to determine the identity of another entity.
authorization: The secure computation of roles and accesses granted to an identity.
back-end database server: A server that hosts data, configuration settings, and stored procedures that are associated with one or more applications.
basic authentication scheme: An HTTP-based authentication method that enables a protocol client to authenticate itself by passing a user identifier and password, as described in [RFC2617].
binary large object (BLOB): A discrete packet of data that is stored in a database and is treated as a sequence of uninterpreted bytes.
Central Administration site: A SharePoint site that an administrator can use to manage all of the sites and servers in a server farm that is running SharePoint Products and Technologies.
collection: A grouping of one or more EDM types that are type compatible.
configuration database: A database that is stored on a back-end database server and contains both persisted objects and site collection metadata for lookup purposes.
connection string: A series of arguments, delimited by a semicolon, that defines the location of a database and how to connect to it.
content database: A database that is stored on a back-end database server and contains stored procedures, site collections, and the contents of those site collections.
deployment: A collection of protocol clients and protocol servers that belong to the same enterprise.
digital certificate: See the "digital certificate definition standard," as described in [X509].
directory service (DS): A service that stores and organizes information about a computer network's users and network shares, and that allows network administrators to manage users' access to the shares. See also Active Directory.
display name: A text string that is used to identify a principal or other object in the user interface. Also referred to as title.
document: An object in a content database such as a file, folder, list, or site. Each object is identified by a URI.
document library: A type of list that is a container for documents and folders.
domain: A set of users and computers sharing a common namespace and management infrastructure. At least one computer member of the set must act as a domain controller (DC) and host a member list that identifies all members of the domain, as well as optionally hosting the Active Directory service. The domain controller provides authentication of members, creating a unit of trust for its members. Each domain has an identifier that is shared among its members. For more information, see [MS-AUTHSOD] section 1.1.1.5 and [MS-ADTS].
domain controller (DC): The service, running on a server, that implements Active Directory, or the server hosting this service. The service hosts the data store for objects and interoperates with other DCs to ensure that a local change to an object replicates correctly across all DCs. When Active Directory is operating as Active Directory Domain Services (AD DS), the DC contains full NC replicas of the configuration naming context (config NC), schema naming context (schema NC), and one of the domain NCs in its forest. If the AD DS DC is a global catalog server (GC server), it contains partial NC replicas of the remaining domain NCs in its forest. For more information, see [MS-AUTHSOD] section 1.1.1.5.2 and [MS-ADTS]. When Active Directory is operating as Active Directory Lightweight Directory Services (AD LDS), several AD LDS DCs can run on one server. When Active Directory is operating as AD DS, only one AD DS DC can run on one server. However, several AD LDS DCs can coexist with one AD DS DC on one server. The AD LDS DC contains full NC replicas of the config NC and the schema NC in its forest. The domain controller is the server side of Authentication Protocol Domain Support [MS-APDS].
domain group: A container for security and distribution groups. A domain group can also contain other domain groups.
domain user: A user with an account in the domain's user account database.
email address: A string that identifies a user and enables the user to receive Internet messages.
end-user client: A computer on which an individual user is requesting specific file operations.
event receiver: A structured modular component that enables built-in or user-defined managed code classes to act upon objects, such as list items, lists, or content types, when specific triggering actions occur.
farm: A group of computers that work together as a single system to help ensure that applications and resources are available. Also referred to as server farm.
feature identifier: A GUID that identifies a feature.
field: A container for metadata within a SharePoint list and associated list items.
file: A single, discrete unit of content.
file system: A system that enables applications to store and retrieve files on storage devices. Files are placed in a hierarchical structure. The file system specifies naming conventions for files and the format for specifying the path to a file in the tree structure. Each file system consists of one or more drivers and DLLs that define the data formats and features of the file system. File systems can exist on the following storage devices: diskettes, hard disks, jukeboxes, removable optical disks, and tape backup units.
folder: A file system construct. File systems organize a volume's data by providing a hierarchy of objects, which are referred to as folders or directories, that contain files and can also contain other folders.
forest: In the Active Directory directory service, a forest is a set of naming contexts (NCs) consisting of one schema NC, one config NC, and one or more domain NCs. Because a set of NCs can be arranged into a tree structure, a forest is also a set of one or several trees of NCs.
forms authentication: An authentication method in which protocol clients redirect unauthenticated requests to an HTML form by using HTTP. If the protocol client authenticates the request, the system issues a cookie that stores the credentials or a key for reacquiring the identity. In subsequent requests, the cookie is submitted in request headers and the requests are authenticated and authorized by an ASP.NET event handler that uses the validation method that is specified by the protocol client.
front-end web server: A server that hosts webpages, performs processing tasks, and accepts requests from protocol clients and sends them to the appropriate back-end server for further processing.
group: A named collection of users who share similar access permissions or roles.
group object: A database object that represents a collection of user and group objects and has a security identifier (SID) value.
hierarchy: A logical tree structure that organizes the members of a dimension such that each member has one parent member and zero or more child members.
Hypertext Transfer Protocol (HTTP): An application-level protocol for distributed, collaborative, hypermedia information systems (text, graphic images, sound, video, and other multimedia files) on the World Wide Web.
Integrated Windows authentication: A configuration setting that enables negotiation of authentication protocols in Internet Information Services (IIS). Integrated Windows authentication is more secure than Basic authentication, because the user name and password are hashed instead of plaintext.
Kerberos: An authentication system that enables two parties to exchange private information across an otherwise open network by assigning a unique key (called a ticket) to each user that logs on to the network and then embedding these tickets into messages sent by the users. For more information, see [MS-KILE].
Lightweight Directory Access Protocol (LDAP): The primary access protocol for Active Directory. Lightweight Directory Access Protocol (LDAP) is an industry-standard protocol, established by the Internet Engineering Task Force (IETF), which allows users to query and update information in a directory service (DS), as described in [MS-ADTS]. The Lightweight Directory Access Protocol can be either version 2 [RFC1777] or version 3 [RFC3377].
list: A container within a SharePoint site that stores list items. A list has a customizable schema that is composed of one or more fields.
list item: An individual entry within a SharePoint list. Each list item has a schema that maps to fields in the list that contains the item, depending on the content type of the item.
list view: A named collection of settings for querying and displaying items in a SharePoint list. There are two types of views: Personal, which can be used only by the user who created the view; and Public, which can be used by all users who have permission to access to the site.
login name: A string that is used to identify a user or entity to an operating system, directory service, or distributed system. For example, in Windows-integrated authentication, a login name uses the form "DOMAIN\username".
major version: An iteration of a software component, document, or list item that is ready for a larger group to see, or has changed significantly from the previous major version. For an item on a SharePoint site, the minor version is always "0" (zero) for a major version.
membership: The state or status of being a member of a member group. A membership contains additional metadata such as the privacy level that is associated with the membership.
NT LAN Manager (NTLM) Authentication Protocol: A protocol using a challenge-response mechanism for authentication in which clients are able to verify their identities without sending a password to the server. It consists of three messages, commonly referred to as Type 1 (negotiation), Type 2 (challenge) and Type 3 (authentication).
parent site: The site that is above the current site in the hierarchy of the site collection.
path component: Data that identifies a resource within the scope of a scheme and authority in a URI, as described in [RFC3986].
permission: A rule that is associated with an object and that regulates which users can gain access to the object and in what manner. See also rights.
permission level: A set of permissions that can be granted to principals or SharePoint groups on an entity such as a site, list, folder, item, or document.
placeholder: A character or symbol that is used in place of an actual value, text, or object. The actual value that the placeholder represents is unknown or unavailable at the current time, or is not displayed for security reasons.
pluggable security authentication: The ability to support alternate mechanisms for determining the identity of another entity.
query: A formalized instruction to a data source to either extract data or perform a specified action. A query can be in the form of a query expression, a method-based query, or a combination of the two. The data source can be in different forms, such as a relational database, XML document, or in-memory object. See also search query.
result set: A list of records that results from running a stored procedure or query, or applying a filter. The structure and content of the data in a result set varies according to the implementation.
return code: A code that is used to report the outcome of a procedure or to influence subsequent events when a routine or process terminates (returns) and passes control of the system to another routine. For example, a return code can indicate whether an operation was successful.
rights: Tasks that a user is permitted to perform on a computer, site, domain, or other system resource. See also permission.
role: A symbolic name that defines a class of users for a set of components. A role defines which users can call interfaces on a component.
role definition: A named set of permissions for a SharePoint site. See also permission level.
round-robin load balancer: A resource management procedure where each process is assigned an equal portion of computer resources in a circular order.
scale-out: A method of adding computing resources by adding additional computers to the system, rather than increasing the computing resources on the computers in the system.
search provider: A component or application that provides data in response to a query. See also result provider.
search query: A complete set of conditions that are used to generate search results, including query text, sort order, and ranking parameters.
securable object: An object that can have unique security permissions associated with it.
security group: A named group of principals on a SharePoint site.
security group identifier: An integer that is used to uniquely identify a security group, distinguishing it from all other security principals and site groups within the same site collection.
security identifier (SID): An identifier for security principals that is used to identify an account or a group. Conceptually, the SID is composed of an account authority portion (typically a domain) and a smaller integer representing an identity relative to the account authority, termed the relative identifier (RID). The SID format is specified in [MS-DTYP] section 2.4.2; a string representation of SIDs is specified in [MS-DTYP] section 2.4.2 and [MS-AZOD] section 1.1.1.2.
security principal: A unique entity identifiable through cryptographic means by at least one key. A security principal often corresponds to a human user but can also be a service offering a resource to other security principals. Sometimes referred to simply as a "principal".
security scope: A tree structure of objects in which every object has the same security settings as the root.
server-relative URL: A relative URL that does not specify a scheme or host, and assumes a base URI of the root of the host, as described in [RFC3986].
Session Initiation Protocol (SIP): An application-layer control (signaling) protocol for creating, modifying, and terminating sessions with one or more participants. SIP is defined in [RFC3261].
Simple Mail Transfer Protocol (SMTP): A member of the TCP/IP suite of protocols that is used to transport Internet messages, as described in [RFC5321].
site: A group of related pages and data within a SharePoint site collection. The structure and content of a site is based on a site definition. Also referred to as SharePoint site and web site.
site collection: A set of websites that are in the same content database, have the same owner, and share administration settings. A site collection can be identified by a GUID or the URL of the top-level site for the site collection. Each site collection contains a top-level site, can contain one or more subsites, and can have a shared navigational structure.
site collection administrator: A user who has administrative permissions for a site collection.
SQL authentication: One of two mechanisms for validating attempts to connect to instances of SQL Server. In SQL authentication, users specify a SQL Server login name and password when they connect. The SQL Server instance ensures that the login name and password combination are valid before permitting the connection to succeed.
stored procedure: A precompiled collection of SQL statements and, optionally, control-of-flow statements that are stored under a name and processed as a unit. They are stored in a SQL database and can be run with one call from an application. Stored procedures return an integer return code and can additionally return one or more result sets. Also referred to as sproc.
store-relative URL: A URL that consists only of a path segment and does not include the leading and trailing slash.
thicket: A means of storing a complex HTML document with its related files. It consists of a thicket main file and a hidden thicket folder that contains a thicket manifest and a set of thicket supporting files that, together, store the referenced content of the document.
thumbnail: A miniature version of an image that is typically used to browse multiple images quickly.
topology: The structure of the connections between members.
transaction: The process of opening or creating an object on a server, and the subsequent committing of changes to the object by calling the required save function, at which time all changes to that instance of the object are either saved to the server, or discarded if a failure occurs before saving is finished successfully. Until successfully saved, changes are invisible to any other instances of the object.
Transact-Structured Query Language (T-SQL): A language that contains the commands that are used to manage instances of Microsoft SQL Server, create and manage all objects in an instance of SQL Server, and to insert, retrieve, modify, and delete all data in SQL Server tables. Transact-SQL is an extension of the language that is defined in the SQL standards that are published by the International Standards Organization (ISO) and the American National Standards Institute (ANSI).
trusted subsystem: A method of communication in which two-way trust is established between two server features. Each server feature communicates with the other feature by using an account that is authorized to perform privileged actions, such as retrieving files and settings.
Uniform Resource Locator (URL): A string of characters in a standardized format that identifies a document or resource on the World Wide Web. The format is as specified in [RFC1738].
user identifier: An integer that uniquely identifies a security principal as distinct from all other security principals and site groups within the same site collection.
user name: A unique name that identifies a specific user account. The user name of an account is unique among the other group names and user names within its own domain or workgroup.
user object: An object of class user. A user object is a security principal object; the principal is a person or service entity running on the computer. The shared secret allows the person or service entity to authenticate itself, as described in ([MS-AUTHSOD] section 1.1.1.1).
web application: (1) A container in a configuration database that stores administrative settings and entry-point URLs for site collections.
-
(2) A software application that uses HTTP as its core communication protocol and delivers information to the user by using web-based languages such as HTML and XML.
web application identifier: A GUID that identifies a web application.
Web Distributed Authoring and Versioning Protocol (WebDAV): The Web Distributed Authoring and Versioning Protocol, as described in [RFC2518] or [RFC4918].
Web Part: A reusable component that contains or generates web-based content such as XML, HTML, and scripting code. It has a standard property schema and displays that content in a cohesive unit on a webpage. See also Web Parts Page.
web server: A server computer that hosts websites and responds to requests from applications.
website: A group of related pages and data within a SharePoint site collection. The structure and content of a site is based on a site definition. Also referred to as SharePoint site and site.
XML: The Extensible Markup Language, as described in [XML1.0].