1.1 Glossary

This document uses the following terms:

Augmented Backus-Naur Form (ABNF): A modified version of Backus-Naur Form (BNF), commonly used by Internet specifications. ABNF notation balances compactness and simplicity with reasonable representational power. ABNF differs from standard BNF in its definitions and uses of naming rules, repetition, alternatives, order-independence, and value ranges. For more information, see [RFC5234].

authentication: The act of proving an identity to a server while providing key material that binds the identity to subsequent communications.

Azure Active Directory (Azure AD): The identity service in Microsoft Azure that provides identity management and access control capabilities through a REST-based API, an Azure portal, or a PowerShell command window.

Azure Multi-Factor Authentication: The Azure service that provides additional authentication for on-premises applications and applications running in Azure. Multi-Factor Authentication verifies user logons and transactions by using a mobile app, phone call, or text message.

Azure SQL Database: The data management service in Azure that provides a relational database management system with enterprise-class availability, scalability, and security and that can be accessed from anywhere in the world.

certificate chain: A sequence of certificates, where each certificate in the sequence is signed by the subsequent certificate. The last certificate in the chain is normally a self-signed certificate.

connection: Each user that has a session with a server can create multiple share connections, or resource connections, using that user ID. This resource connection is created using a tree connect Server Message Block (SMB) and is identified by an SMB TreeID or TID.

connection pool: A cache of opened connections to data sources.

connection pool blocking period: A time period during which no new connection is allowed to a specific connection pool if a timeout error or other login error occurs. During the pool blocking period, the initial error is cached and re-thrown on subsequent attempts to open a connection. The first blocking period lasts five seconds and is doubled with each subsequent failure up to one minute. For more information, see [MSDN-SSCP].

connection string: A series of arguments, delimited by a semicolon, that defines the location of a database and how to connect to it.

context: A collection of context properties that describe an execution environment.

credential: Previously established, authentication data that is used by a security principal to establish its own identity. When used in reference to the Netlogon Protocol, it is the data that is stored in the NETLOGON_CREDENTIAL structure.

data source: A database, web service, disk, file, or other collection of information from which data is queried or submitted. Supported data sources vary based on application and data provider.

database instance: A database that has a unique set of services that can have unique settings.

database mirroring: An availability solution that is based on keeping copies of the same database in different servers.

default database: The current database just after the connection is made.

enclave: A protected region of memory that is used only on the server side. This region is within the address space of SQL Server, and it acts as a trusted execution environment. Only code that runs within the enclave can access data within that enclave. Neither the data nor the code inside the enclave can be viewed from the outside, even with a debugger.

enclave computations: Locally enabled cryptographic operations and other operations in Transact-SQL queries on encrypted columns that are performed inside an enclave.

encryption: In cryptography, the process of obscuring information to make it unreadable without special knowledge.

identity provider: A web service that performs identity verification as part of its processing.

idle connection: An active connection that was opened but that does not have any pending data.

in-process connection: A connection that is opened from within the server, such as a connection that is opened by a .NET stored procedure.

Multiple Active Result Sets (MARS): A feature in Microsoft SQL Server that allows applications to have more than one pending request per connection. For more information, see [MSDN-MARS].

named pipe: A named, one-way, or duplex pipe for communication between a pipe server and one or more pipe clients.

remote procedure call (RPC): A communication protocol used primarily between client and server. The term has three definitions that are often used interchangeably: a runtime environment providing for communication facilities between computers (the RPC runtime); a set of request-and-response message exchanges between computers (the RPC exchange); and the single message from an RPC exchange (the RPC message).  For more information, see [C706].

replication: The process of propagating the effects of all originating writes to any replica of a naming context (NC), to all replicas of the NC. If originating writes cease and replication continues, all replicas converge to a common application-visible state.

security token: An opaque data packet that is provided to an authorized user of computer services to facilitate authentication.

security token service (STS): A web service that issues security tokens. That is, it makes assertions based on evidence that it trusts; these assertions are for consumption by whoever trusts it.

Unicode: A character encoding standard developed by the Unicode Consortium that represents almost all of the written languages of the world. The Unicode standard [UNICODE5.0.0/2007] provides three forms (UTF-8, UTF-16, and UTF-32) and seven schemes (UTF-8, UTF-16, UTF-16 BE, UTF-16 LE, UTF-32, UTF-32 LE, and UTF-32 BE).

MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as defined in [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.