PREVIOUS | UP A LEVEL | There is no next page.
If the Authorization Server is configured in active mode , all Resources not explictly protected by the ClearTrust system are accessible. Active mode is the default. See passive mode.
The API that is used to manipulate the data in the Entitlements Database.
This refers to a separate port on the Entitlements Server (default port 5601) that can be used to connect to the Administrative API Libraries via a TCP/IP connection.
This refers to the components in the Administrative Environment, including the Entitlements Server, Entitlements Database, and the Entitlements Manager.
A specified group of Users, Groups, Realms, Resources and Administrators. Things in an Administrative Group are said to be owned by that Administrative Group.
A specified group of privilidges within an Administrative Group. Privilidges include the ability to create Users, change User Properties, change passwords, restrict or allow access to Resources, and so on.
A User who has been assigned an Administrative Role or Roles within an Administrative Group.
The Adminstrative Environment consists of the tools for entering and managing user and policy data in ClearTrust. The Entitlements Manager, Entitlements Server, and the Directory Replication Manager are all components in the Administrative environment.
A specified group of Resources. Access to Applications can be controlled via Smart Rules and Application Functions.
A customized set of rules to control access to Resources within an Application. Applications are by default associated with the ACCESS Application Function, which allows (or denies) access to all Resources within the Application for all Users.
A set of routines, protocols, and tools for building software applications that will interface with the SecureControl key components. SecureControl provides a Runtime API and an Administrative API.
A program run on a mid-sized machine that handles all application operations between browser-based computers and a company's back-end business applications or databases. Because many databases cannot interpret commands written in HTML, the application server works as a translator, allowing, for example, a customer with a browser to search an online retailer's database for pricing information. Securant currently supports WebLogic and JRun application servers.
Application server plug-ins that utilize the ClearTrust Runtime API to control the protection of all objects served up by supported application servers. JSPs, Servlets, and EJBs can be protected independently or in abstract groupings.
The process of identifying an individual, usually based on a username and password. In security systems, authentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual.
ClearTrust SecureControl supports multiple types of authentication, including SecurID (Security Dynamics token based system), NT logins, LDAP, form-based authentication and username/password. In addition, ClearTrust SecureControl Web Server Plug-ins can be extended to use other authentication schemes including Kerberos and custom built Authorization Servers.
The process of granting or denying access to a network resource. Most computer security systems are based on a two-step process. The first stage is authentication, which ensures that a user is who he or she claims to be. The second stage is authorization, which allows the user access to various resources based on the user's identity.
A runtime component of the SecureControl system. The Authorization Server takes requests from the Web or Application servers, verifies these requests against the Entitlements Database and performs authentication of the user and authorization of the request.
Access to a system Resource according to a Users UID, Group or Realm. Access can also be allowed or denied according to Smart Rules.
An application program that provides a way to look at and interact with information on the World Wide Web. Technically, a Web browser is a client program that uses the Hypertext Transfer Protocol (HTTP) to make requests of Web servers throughout the Internet on behalf of the browser user.
Common Gateway Interface, a specification for transferring information between a web server and a CGI program. A CGI program is any program designed to accept and return data that conforms to the CGI specification. The program could be written in any programming language, including C, Perl, Java, or Visual Basic.
A place to store data temporarily, especially data or files that are frequently requested by the user or system. Caching can be implemented for Internet content by distributing it to multiple servers that are periodically refreshed. In SecureControl, the Authorization Server caches user entitlement data as well as resource and security data.
The entire Securant product suite. This includes all SecureControl Object Model components, SecureDetector and the Directory Replication Manager.
The requesting program or user in a client/server relationship. For example, the user of a web browser makes client requests for pages from a web server; the browser thus is a client in its relationship with the computer that is getting and returning the requested HTML file.
Defining the values of certain parameters in the Default.conf files used by arguments in the SecureControl components. SecureControl Administrators and Developers can configure the system to enable desired features, integrate with other system components, and optimize performance.
Files containing structured data that are shared between a web server and a user's browser. Generally, cookies give the server information about a user's identity, preferences or past behavior. In SecureControl, encrypted cookies are used to store user information that provides Single Sign On functionality.
Pronounced demon or damon, a process that runs in the background and performs a specified operation at predefined times or in response to certain events. The term daemon is a UNIX term, though many other operating systems provide support for daemons, though they're sometimes called other names. Windows, for example, refers to daemons as System Agents and services.
Text file that contains important configuration parameters. Three separate Default.conf files define parameters for SecureControl components: the SecureControl Servers configuration file; the Web Server Plug-in configuration file; and the Entitlements Manager configuration file. Each of these files contains settings that effectively "tell" the component how to operate within the ClearTrust system.
The practice of distributing administrative powers among multiple Administrators and business groups. Using delegated administration, organizations can establish individual administrative hierarchies responsible for managing specific resources and users. ClearTrust SecureControl uses the Administrative Group model to enable delegated administration for various administrative users ranging from help desk personnel to Extranet partners.
Administrative tool for transferring user and policy data to the Entitlements Database from LDAP directories or other environments.
See Enterprise Java Bean.
An architecture for setting up program components written in the Java programming language that run in the server parts of a computer network. Enterprise JavaBeans is built on the JavaBeans technology for distributing program components to client in a network.
Originated by Sun Microsystems, Enterprise Java Beans is roughly equivalent to MicroSoft's Component Object Model/Distributed Component Object Model architecture, but, like all Java-based architectures, programs can be deployed across all major operating systems, not just Windows. EJB's program components are generally known as servlets.
Database storing all Users, Resource Definitions, Policies, and Administrative Information. Both the Entitlements Server and Authorization Servers connect directly to the Entitlements Database through JDBC. Connection information is configurable, and the SecureControl Object Model can be inserted into existing databases if a new installation is not needed. Both Oracle and Sybase databases are currently supported out-of-the-box.
The Entitlements Manager is the Adminstrative tool used to manipulate objects and data in the Entitlements Database. SecureControl provides users with a choice of two distinct interfaces for this tool: a Java-based UI or Java Client which uses the Objectspace Voyager to retrieve Client Proxies to Server Objects, and a Web User Interface or Web UI which runs in standard browsers. The Entitlements Manager uses SSL encryption for all communications.
The central server for the administrative side of the ClearTrust SecureControl system. Changes to the Entitlements Database (Adds, Deletes and Modifications) can only be made via the Entitlements Server.
A firewall is a set of related programs, located at a network gateway server that protects the resources of a private network from users from other networks. The term also implies the security policy that is used with the programs. An enterprise with an intranet that allows its workers access to the wider Internet installs a firewall to prevent outsiders from accessing its own private data resources and for controlling what outside resources its own users have access to.
ClearTrust SecureControl complements firewalls by providing authentication and access control to the resources that are accessed. ClearTrust SecureControl can be deployed on either side of a firewall, and components can inter-operate across a firewall.
An single piece of information about an individual User. Fixed Attributes are pre-defined in the ClearTrust SecureControl system, and include:
For a complete list of Fixed Attribues, see the Administrator's Guide . In addition to pre-defined information, customized User information can be stored as User Properties.
A defined group of Users. Groups can be created using the Entitlements Manager.
Hypertext Transfer Protocol. The Hypertext Transfer Protocol (HTTP) is the set of rules for exchanging files on the World Wide Web. These rules allow files to contain references to other files whose selection will elicit additional transfer requests. Any web server contains an HTTP daemon, a program that is designed to wait for HTTP requests and handle them when they arrive. A browser is an HTTP client, sending requests to server machines.
The process of producing hash values for accessing data or for security. A hash value (or simply hash) is a number generated from a string of text. The hash is substantially smaller than the text itself, and is generated by a formula in such a way that it is extremely unlikely that some other text will produce the same hash value.
Hashes play a role in security systems where they're used to ensure that transmitted messages have not been tampered with. The sender generates a hash of the message, encrypts it, and send it with the message itself. The recipient than decrypts both the message and the hash, produces another hash from the recieved message, and compares the two hashes. If they're the same, there is a very high probablility that the message was transmitted intact.
All passwords stored in the Entitlements Database are stored hashed.
A 32-binary digit number that identifies each sender or receiver of information that is sent in packet across the Internet. When you request an HTML page or send e-mail, the Internet Protocol part of TCP/IP includes your IP address in the message and sends it to the IP address that is obtained by looking up the domain name in the Uniform Resource Locator requested. At the other end, the recipient can see the IP address of the Web page requestor or the e-mail sender and can respond by sending another message using the IP address it received.
Java Server Pages. A server-side technology, Java server pages are an extension to the Java servlet technology that was developed by Sun as an alternative to Microsoft's ASPs (Active Server Pages). JSPs have dynamic scripting capability that works in tandem with HTML code, separating the page logic from the static elements -- the actual design and display of the page. Embedded in the HTML page, the Java source code and its extensions help make the HTML more functional, being used in dynamic database queries, for example. JSPs are not restricted to any specific platform or server.
The Java-based interface to the Entitlements Manager, as distinguished from the Web UI.
Lightweight Directory Access Protocol. A set of protocols for accessing information directories. LDAP supports TCP/IP, which is necessary for any type of Internet access. Because it's a simpler version of the X.500 standard, LDAP is sometimes called X.500-lite.
Device that distributes the amount of work that a computer has to do between two or more computers so that more work gets done in the same amount of time and, in general, all online users get served faster. Typically, load balancing is the main reason for computer server clustering. In some approaches, the servers are distributed over different geographic locations.
If the Authorization Server is configured in passive mode , access to Resources must be given explicitly. Resources not part of an Application are not accessible. See active mode.
A specified set of requirements for User passwords. For example: minimum length, frequency of change, avoidance of common words.
A rule defining access to system resources. SecureControl provides dynamic permissioning and access control by means of Smart Rules policies, defined by SecureControl Administrators.
The practice of defining access to resources by means of policies or rules applying to groups of users. In SecureControl, Administrators can implement policy-based management by creating a set of Smart Rules.
A software module that adds a specific feature or service to a larger system.The SecureControl Web Server Plug-in augments the native security features of a web server to protect resources served from Web or Application servers. The Plug-in interfaces with the SecureControl Authorization Server to perform authentication and access control.
An additional layer within the Web Server Plug-in that allows for custom interaction, such as the implementation of custom authentication types or the manipulation of user-centered dynamic content.
In the Entitlements Manager, an Object defined as private is visible only to members of the Administrative Group that own the object. (See public).
In the Entitlements Manager, public Object s (including User s ) and their associated information are visible to all Administrator s . Objects are created as public by default. (See private)
A specified group of Groups. Realms can be defined using the Entitlements Manager.
The process of creating and managing duplicate versions of a database. Replication not only copies a database but also synchronizes a set of replicas so that changes made to one replica are reflected in all the others. SecureControl's Directory Replication Manager supports one way replication between selected LDAP directories and the SecureControl Entitlements Database.
A web server, directory or file, including web pages, databases, generated files and software.
This is the API that is used to write programs that can access the functionality in the Authorization Servers, allowing customers to develop their own custom authentication or personalization programs.
See Single Sign On.
The core authentication, authorization and access control area of ClearTrust. This includes Authorization and Dispatcher servers, Application Server Modules, Web Server Plug-ins, administration tools, Entitlements Database, APIs, and the Directory Replication Manager.
The core components of the ClearTrust SecureControl solution. The SecureControl servers refer to the Authorization Server, Entitlements Server and Dispatcher/Key Server.
The threat detection and auditing component of ClearTrust. The SecureDetector dovetails with the internal logging of SecureControl. Every event that occurs on either the Authorization Server or Entitlements Server is logged and can be set up to trigger actions. These actions range from disabling accounts to emailing warnings to disabling suspect connections on the Checkpoint Firewall.
See web server.
A defined group of Resources on one (or more) web servers.
An applet that runs on a server. The term usually refers to a Java program that extends the functionality of a web server. Servlets are generally used for creating dynamic content or interacting with web clients.
A session/user authentication process that permits a user to enter one name and password in order to access multiple applications. The single sign on, which is requested at the initiation of the session, authenticates the user to access all the applications they have been given the rights to on the server, and eliminates future authentication prompts when the user switches applications during that particular session.
Clear Trust's dynamic access control policies. After Administrators define Smart Rules in the Entitlements Manager, the rules and policies are applied and updated automatically during runtime operation. Smart Rules are based on User Properties.
A system administrator with the highest levels of access in the Entitlements Manager. Some functions can only be done by the Super User.
See Server Tree.
User ID. A unique login name associated with a single User Account. Entered for basic authentication with a password.
Uniform Resource Identifier. A URI is the way to identify any points of content on the web, for example a page of text, a video or sound clip, or a program. The most common form of URI is the web page address, which is a particular form or subset of URI called a URL.
Uniform Resource Locator. A URL is the address of a file (resource) accessible on the Internet. The resource can be an HTML page, an image file, a program such as a Java applet, or any other file supported by HTTP. The URL contains the name of the protocol required to access the resource, a domain name that identifies a specific computer on the Internet, and a hierarchical description of a file location on the computer.
An individual login account in the ClearTrust SecureControl System. Users are associated with User Properties and Fixed Attributes. Each User must have a unique User ID.
UID. A unique login name associated with a single User Account. Entered for basic authentication with a password.
Information about a User in the ClearTrust SecureControl system. User Properties can be one of the following data types:
Boolean - a yes/no or true/false value.
Float - a floating point number
User Properties are defined by each organization's system administrators. User information that is pre-configured is called a Fixed Attribute.
See User Property.
Virtual Business Unit. See Administrative Group.
An HTML document used to collect information from the user. This information is usually submitted to a CGI or servlet for processing.
A collection of hardware and software which, using the client/server model and the World Wide Web's Hypertext Transfer Protocol (HTTP), serves files on the Internet or on an Intranet. Many of ClearTrust SecureControl's security features are enabled by Web Server Plug-in, which are integrated into web servers to extend and enhance their functionality.
A SecureControl plug-in component that is installed on supported web servers. The Web Server Plug-in interfaces with the SecureControl Authorization Server to perform authorization and authentication requests.
Web User Interface for the Entitlements Manager, as distinguished from the Java Client.
PREVIOUS | UP A LEVEL | There is no next page.