3 A

  • Article

Abstract Syntax Notation One (ASN.1): A notation to define complex data types to carry a message, without concern for their binary representation, across a network. ASN.1 defines an encoding to specify the data types with a notation that does not necessarily determine the representation of each value. ASN.1 encoding rules are sets of rules used to transform data that is specified in the ASN.1 language into a standard format that can be decoded on any system that has a decoder based on the same set of rules. ASN.1 and its encoding rules were once part of the same standard. They have since been separated, but it is still common for the terms ASN.1 and Basic Encoding Rules (BER) to be used to mean the same thing, though this is not the case. Different encoding rules can be applied to a given ASN.1 definition. The choice of encoding rules used is an option of the protocol designer. ASN.1 is described in the following specifications: [ITUX660] for general procedures; [ITUX680] for syntax specification; [ITUX690] for the Basic Encoding Rules (BER), Canonical Encoding Rules (CER), and Distinguished Encoding Rules (DER) encoding rules; and [ITUX691] for the Packed Encoding Rules (PER). Further background information on ASN.1 is also available in [DUBUISSON].

abstract type: A type used in this specification whose representation need not be standardized for interoperability because the type's use is internal to the specification. See concrete type.

access control entry (ACE): An entry in an access control list (ACL) that contains a set of user rights and a security identifier (SID) that identifies a principal for whom the rights are allowed, denied, or audited.

access control list (ACL): A list of access control entries (ACEs) that collectively describe the security rules for authorizing access to some resource; for example, an object or set of objects.

access mask: A 32-bit value present in an access control entry (ACE) that specifies the allowed or denied rights to manipulate an object.

account: (1) A collection of data and settings for a SharePoint Workspace or Groove identity that represents a user. This includes shared spaces, messages, and preferences that are associated with a user’s identity. An account can reside on one or more devices.

(2) A user (including machine account), group, or alias object. Also a synonym for security principal or principal.

accounting: Information gathered and maintained by the management service about the runtime behavior of processes. The management service provides an accounting state switch with two settings: enabled and disabled. When enabled, accounting information is gathered and persisted across invocations of the management service. Accounting information gathered by the management service on one computer can be persisted by the management service on a different computer. When the accounting state is disabled, no accounting data is gathered or persisted.

action: (1) The smallest unit of work in a workflow system. An action can contain one or more tasks that define work that actors need to do. Actions are deployed and registered in the workflow system to be activated by protocol client users.

(2) A unit of work that can be performed by a workflow and is typically defined in a workflow markup file.

(3) A discrete operation that is executed on an incoming Message object when all conditions in the same rule (4) are TRUE. A rule contains one or more actions.

(4) A string that is returned as part of a GetAction response in the Desired State Configuration Pull Model Protocol [MS-DSCPM].

(5) A command exposed by a service which takes one or more input or output arguments and which may have a return value. For more information, see [UPNPARCH1.1] sections 2 and 3.

(6) A remote procedure call from the control point to a particular service on the device.

(7) A command that is exposed by a service, as defined in [UPNPARCH1.1] section i.7.

(8) An interactivity event in a report, such as a hyperlink, bookmark link, or drillthrough link, that is associated with an item in a report.

(9) A business rule argument that determines what occurs when the business rule is run at validation time.

(10) An OLAP object, such as a cube, dimension, and cell, that has an action associated with it, so that a user can perform that action when browsing OLAP data. For example, a user can jump to a URL, execute a command, or drill through to data.

Action: A type of MetadataObject that represents a URL that triggers the display or manipulation of data related to an Entity or EntityInstance. Actions are contained by an Entity. Actions contain ActionParameters.

action instance: The runtime instance of a specific action (1). Action instances are building blocks for an activity flow. Several action instances can be chained together to form an activity flow, and multiple action instances of the same action can exist in a single activity flow.

ActionParameter: A type of MetadataObject that defines how to parameterize the URL of an Action with specific data about an EntityInstance. ActionParameters are contained by Actions.

activation: (1) An operation that creates a new action instance.

(2) In COM, a local mechanism by which a client provides the CLSID of an object class (3) and obtains an object (3), either an object from that object class or a class factory that is able to create such objects.

(3) In the DCOM protocol, a mechanism by which a client provides the CLSID of an object class (4) and obtains an object (4), either from that object class or a class factory that is able to create such objects. For more information, see [MS-DCOM].

(4) The process of creating a server object.

Active Directory: A general-purpose network directory service. Active Directory also refers to the Windows implementation of a directory service. Active Directory stores information about a variety of objects in the network. Importantly, user accounts, computer accounts, groups, and all related credential information used by the Windows implementation of Kerberos are stored in Active Directory. See also Lightweight Directory Access Protocol (LDAP) versions 2 and 3, Kerberos, and DNS. For more information, see [MS-AUTHSOD] section 1.1.1.5.2 and [MS-ADTS]. Active Directory is either deployed as Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS). [MS-ADTS] describes both forms.

Active Directory Domain Services (AD DS): An operating system directory service (DS) implemented by a domain controller (DC). The DS provides a data store for objects that is distributed across multiple DCs. The DCs interoperate as peers to ensure that a local change to an object replicates correctly across DCs. For more information, see [MS-AUTHSOD] section 1.1.1.5.2. For information about product versions, see [MS-ADTS].

Active Directory Lightweight Directory Services (AD LDS): A directory service (DS) implemented by a domain controller (DC). The most significant difference between AD LDS and Active Directory Domain Services (AD DS) is that AD LDS does not host domain naming contexts (domain NCs). A server can host multiple AD LDSDCs. Each DC is an independent AD LDS instance, with its own independent state. AD LDS can be run as an operating system DS or as a directory service provided by a standalone application (ADAM). For more information, see [MS-ADTS].

Active Directory object: A set of directory objects that are used within Active Directory as defined in [MS-ADTS] section 3.1.1. An Active Directory object can be identified by a dsname. See also directory object.

Active Directory partition: A synonym for naming context (NC) replica.

active reminder: A reminder that is enabled on an object and is either pending or overdue, depending on whether the signal time has passed.

active replica: A name given to a server that hosts content and is expected to serve that content to clients.

active search folder: A search folder (2) that has a search folder container and is up-to-date with the correct search criteria.

activity flow: A running instance of a workflow that consists of a sequence of action instances and activity model instances. Action instances and activity model instances can be sequenced in any order to create a single activity flow.

activity model: A predefined sequence of actions (1).

actor: A person or process that starts or participates in an activity flow. An actor can be an initiator or a target.

AD LDS: See Active Directory Lightweight Directory Services (AD LDS).

adapter: The hardware that connects to a particular network segment. A bound LAN card is one example of an adapter. Similarly, a computer with two modems, each capable of connecting to a remote network, has two adapters, one to represent each modem.

add-in: Supplemental functionality that is provided by an external application or macro to extend the capabilities of an application.

address book: A collection of Address Book objects, each of which are contained in any number of address lists.

address book container: An Address Book object that describes an address list.

address book hierarchy table: A collection of address book containers arranged in a hierarchy.

Address Book object: An entity in an address book that contains a set of attributes (1), each attribute with a set of associated values.

address creation table: A table containing information about the templates that an address book server supports for creating new email addresses.

address creation template: A template that describes how to present a dialog to a messaging user along with a script describing how to construct a new email address from the user's response.

address list: A collection of distinct Address Book objects.

address type: An identifier for the type of email address, such as SMTP and EX.

AD-type server: An LDAP server that returns an object identifier (OID) value of "1.2.840.113556.1.4.800" when it is queried for the supportedCapabilities LDAP attribute.

Advanced Systems Format (ASF): An extensible file format that is designed to facilitate streaming digital media data over a network. This file format is used by Windows Media.

alias: (1) An alternate name that can be used to reference an object or element.

(2) A simple identifier that is typically used as a short name for a namespace.

(3) A group (1) that is local to a particular machine (as opposed to a group that has security permissions and settings for the entire domain).

ambiguous name resolution (ANR): (1) A search algorithm that permits a client to search multiple naming-related attributes (2) on objects by way of a single clause of the form "(anr=value)" in a Lightweight Directory Access Protocol (LDAP) search filter. This permits a client to query for an object when the client possesses some identifying material related to the object but does not know which attribute

(2) of the object contains that identifying material.

(3) A search algorithm that permits a client to search multiple naming-related attributes on objects by way of a single clause of the form "(anr=value)" in a Lightweight Directory Access Protocol (LDAP) search filter. This permits a client to query for an object when the client possesses some identifying material related to the object but does not know which attribute of the object contains that identifying material.

American National Standards Institute (ANSI) character set: A character set (1) defined by a code page approved by the American National Standards Institute (ANSI). The term "ANSI" as used to signify Windows code pages is a historical reference and a misnomer that persists in the Windows community. The source of this misnomer stems from the fact that the Windows code page 1252 was originally based on an ANSI draft, which became International Organization for Standardization (ISO) Standard 8859-1 [ISO/IEC-8859-1]. In Windows, the ANSI character set can be any of the following code pages: 1252, 1250, 1251, 1253, 1254, 1255, 1256, 1257, 1258, 874, 932, 936, 949, or 950. For example, "ANSI application" is usually a reference to a non-Unicode or code-page-based application. Therefore, "ANSI character set" is often misused to refer to one of the character sets defined by a Windows code page that can be used as an active system code page; for example, character sets defined by code page 1252 or character sets defined by code page 950. Windows is now based on Unicode, so the use of ANSI character sets is strongly discouraged unless they are used to interoperate with legacy applications or legacy data.

anchor text: The text that is included with a hyperlink to describe the target content of a hyperlink.

anonymous user: A user who presents no credentials when identifying himself or herself. The process for determining an anonymous user can differ based on the authentication protocol, and the documentation for the relevant authentication protocol should be consulted.

app for Office: A cloud-enabled app that integrates rich, scenario-focused content and services into an Office application or equivalent protocol client.

application: A participant that is responsible for beginning, propagating, and completing an atomic transaction. An application communicates with a transaction manager in order to begin and complete transactions. An application communicates with a transaction manager in order to marshal transactions to and from other applications. An application also communicates in application-specific ways with a resource manager in order to submit requests for work on resources.

application NC: A specific type of naming context (NC), or an instance of that type, that supports only full replicas (no partial replicas). An application NC cannot contain security principal objects. An application NC can contain dynamic objects. A forest can have zero or more application NCs. Application NCs do not appear in the global catalog (GC). The root of a domain NC is an object of class domainDns.

application server: A computer that provides infrastructure and services for applications that are hosted on a server farm.

Appointment object: A Calendar object that has an organizer but no attendees.

archive: The Fax Archive Folder, as described in section 3.1.1.

archive policy: A feature that determines when items are moved into an alternate mailbox for archival purposes.

archive tag: An element that contains information about the archive policy of a Message object or folder.

array: A Remoting Type that is an ordered collection of values. The values are identified by their position and position is determined by a set of integer indices. The number of indices required to represent the position is called the Rank of the Array. An Array is part of the Remoting Data Model and also specifies the Remoting Type of its items. For more information, [MS-NRTP] section 3.1.1.

ASCII: The American Standard Code for Information Interchange (ASCII) is an 8-bit character-encoding scheme based on the English alphabet. ASCII codes represent text in computers, communications equipment, and other devices that work with text. ASCII refers to a single 8-bit ASCII character or an array of 8-bit ASCII characters with the high bit of each character set to zero.

ASN.1: Abstract Syntax Notation One. ASN.1 is used to describe Kerberos datagrams as a sequence of components, sent in messages. ASN.1 is described in the following specifications: [ITUX660] for general procedures; [ITUX680] for syntax specification, and [ITUX690] for the Basic Encoding Rules (BER), Canonical Encoding Rules (CER), and Distinguished Encoding Rules (DER) encoding rules.

ASP.NET: A web server technology for dynamically rendering HTML pages using a combination of HTML, Javascript, CSS, and server-side logic. For more information, see [ASPNET].

association: A named independent relationship between two EntityType definitions. Associations in the Entity Data Model (EDM) are first-class concepts and are always bidirectional. Indeed, the first-class nature of associations helps distinguish the EDM from the relational model. Every association includes exactly two association ends.

Association: A MethodInstance that enables the traversal and manipulation of a data model relationship between a set of source Entities and a single destination Entity. An Association can retrieve, associate, and disassociate EntityInstances of a destination Entity if given EntityInstances of other source Entities.

asynchronous context handle: A remote procedure call (RPC) context handle that is used by a client when issuing RPCs against a server on AsyncEMSMDB interface methods. It represents a handle to a unique session context on the server.

Asynchronous JavaScript + XML (AJAX): A web programming model that incorporates a set of web technologies including Extensible HyperText Markup Language (XHTML), cascading style sheets (CSS), Document Object Model (DOM), XML, Extensible Stylesheet Language Transformation (XSLT), XMLHTTPRequest (XHR), and JavaScript. AJAX is designed to make user interaction with the web more responsive.

atom feed: An XML structure that contains metadata about content, such as the language version and the date when the content was last modified, and is sent to subscribers by using the Atom Publishing Protocol (AtomPub), as described in [RFC4287].

Atom Publishing Protocol (AtomPub): An application-level protocol for publishing and editing web resources, as described in [RFC5023].

atomic transaction: A shared activity that provides mechanisms for achieving the atomicity, consistency, isolation, and durability (ACID) properties when state changes occur inside participating resource managers.

attachment: An external file that is included with an Internet message or associated with an item in a SharePoint list.

Attachment object: A set of properties that represents a file, Message object, or structured storage that is attached to a Message object and is visible through the attachments table for a Message object.

attachments table: A Table object whose rows represent the Attachment objects that are attached to a Message object.

attribute: (1) A characteristic of some object or entity, typically encoded as a name-value pair.

(2) (A specialization of the previous definition.) An identifier for a single or multivalued data element that is associated with a directory object. An object consists of its attributes and their values. For example, cn (common name), street (street address), and mail (email addresses) can all be attributes of a user object. An attribute's schema, including the syntax of its values, is defined in an attributeSchema object.

(3) A characteristic of some object or entity, typically encoded as a name-value pair.

(4) (A specialization of the previous definition.) An identifier for a single or multivalued data element that is associated with a directory object. An object consists of its attributes and their values. For example, cn (common name), street (street address), and mail (email addresses) can all be attributes of a user object. An attribute's schema, including the syntax of its values, is defined in an attributeSchema object.

attribute syntax: Specifies the format and range of permissible values of an attribute. The syntax of an attribute is defined by several attributes on the attributeSchema object. Attribute syntaxes supported by Active Directory include Boolean, Enumeration, Integer, LargeInteger, String(UTC-Time), Object(DS-DN), and String(Unicode).

Augmented Backus-Naur Form (ABNF): A modified version of Backus-Naur Form (BNF), commonly used by Internet specifications. ABNF notation balances compactness and simplicity with reasonable representational power. ABNF differs from standard BNF in its definitions and uses of naming rules, repetition, alternatives, order-independence, and value ranges. For more information, see [RFC5234].

authenticated context: The runtime state that is associated with the successful authentication of a security principal between the client and the server, such as the security principal itself, the cryptographic key that was generated during authentication, and the rights and privileges of this security principal.

authentication: (1) The ability of one entity to determine the identity of another entity.

(2) The act of proving an identity to a server while providing key material that binds the identity to subsequent communications.

(3) The ability of one entity to determine the identity of another entity by proving an identity to a server while providing key material that binds the identity to subsequent communications.

authentication server: The entity that verifies that a person or thing is who or what it claims to be (typically using a cryptographic protocol) and issues a ticket or token attesting to the validity of the claim. The total set of authentication protocol security support providers (SSPs) that are typically available on a Windows server release.

Authentication Service (AS): A service that issues ticket granting tickets (TGTs), which are used for authenticating principals within the realm or domain served by the Authentication Service.

authority: (1) The first portion of a peer name. For secure peer names, this is a hash of a public key represented as 40 hexadecimal characters in printable form. For unsecured peer names, this is "0".

(2) A hierarchical element in a URIscheme used for delegating governance of the name space defined by the remainder of the URI, as defined in [RFC3986] section 3.2.

authorization: The secure computation of roles and accesses granted to an identity.

Autodiscover client: A client that queries for a set of server locations where setup and configuration information for an [RFC2821]-compliant email address is stored.

Autodiscover server: A server in a managed environment that makes setup and configuration information available to Autodiscover clients. The location of Autodiscover servers is made available via the Autodiscover HTTP Service Protocol, as described in [MS-OXDISCO].

auxiliary class: See auxiliary object class.

auxiliary object class: An object class that cannot be instantiated in the directory but can be either added to, or removed from, an existing object to make its attributes available for use on that object; or associated with an abstract or structural object class to add its attributes to that abstract or structural object class.

availability: A numerical value that indicates whether a user can be interrupted for communication. The higher the number, the less available the user.