Define specific requirements for access to resources and SSO domains. The access rules can be used in combination for more detailed access control. Example: (access rule A AND access rule B) AND (Access rule C OR access rule D).
The process of verifying the identity of an individual connecting to a system. Identities are verified through different authentication methods. See also: Authentication Method, Access Rules
A procedure used to perform authentication. Different authentication methods provide different levels of proof when identifying a user connecting to a system: from verifying basic static passwords to handling complex combinations of challenges, encryption keys, and passwords. See also: Authentication
A server used in application access control. For access to specific network resources, the server may itself store user permissions and company policies or provide access to directories that contain the information. Examples of authentication servers are PortWise 4.0 Authentication Service, SecurID and SafeWord. See also: Authentication
The process of granting or denying access to a system resource. See also: Authentication Method, Access Rules
Identifies the root node of the LDAP data store pointing to the directory containing user data.
Abbreviation for Certificate Authority, a trusted third-party organization or company that issues digital certificates. The role of the CA is to validate the identity of the individual holding the certificate and to sign the certificate so that it cannot be forged.
Abbreviation for Certificate Authority Certificate, a certificate that identifies a certification authority. CA certificates are used to decide whether to trust certificates issued by the CA, for example when a Web browser validates a server certificate.
Abbreviation for Control Distribution Point.
An attachment to an electronic message used for security purposes. The client certificates are associated with user accounts to authenticate users and give access to protected resources.
The software of a client that communicates with the server. The client device may include operating system, plug-ins, specific configurations and the proxies/gateways that the client communicates through. Examples of client devices are: Netscape 7, Windows, Macintosh, Internet Explorer and WAP-phone. A client device may be combination of entities. For example, this combination may be present for a single device: Windows, Internet Explorer and Internet Explorer 6.
Abbreviation for Certificate Revocation Control. A control performed by the system to make sure that the user certificate is not revoked.
Abbreviation for Certificate Revocation List. A document maintained and published by a certification authority that lists certificates that have been revoked.
Abbreviation for Certificate Authority Validity Control. A control performed by the system on the user certificate to verify that a trusted CA has issued the User Certificate.
A featured used to delegate administration of user accounts and resources to multiple administrators with different privileges and responsibilities.
Digital certificates are used to identify people and resources over networks such as the Internet. Digital certificates enable secure communication between two parties. A trusted third-party organization or company, Certificate Authority, issues certificates. The certificate contains the public key and the name of its owner. The user certificate also carries the digital signature of a Certification Authority to verify its integrity. See also: CA
A directory of names, profile information and machine addresses of every user and resource on the network. It is used to manage user accounts and network permissions. When sent a user name, it returns the attributes of that individual, which may include a telephone number as well as an e-mail address. Directory services use highly specialized databases that are typically hierarchical in design and provide fast lookups.
A user group containing all users belonging to a certain user group defined in an existing directory service.
Defines the unique name used in the system to identify an object.
The media channel through which information is sent. For example, MobileID can send information via SMS or SMTP.
Abbreviation for Demilitarized Zone, a middle ground between an organization’s trusted internal network and an untrusted, external network such as the Internet. It is recommended that the Access Point is placed in the DMZ.
Abbreviation for Distinguished Name, used as primary key to entries in directory services. For example, a DN for where users reside in the directory service could be cn=users,dc=mycompany,dc=com.
Abbreviation for Domain Name System, a name resolution system that allows users locate computers on a Unix network or the Internet (TCP/IP network) by domain name. The DNS server maintains a database of domain names (host names) and their corresponding IP addresses. For example, if www.mycompany.com was presented to a DNS server, the IP address 18.104.22.168 would be returned.
A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. The firewall is normally installed at the point where network connections enter a site, normally named DMZ.
A computer, for example a server, that acts as a source of information or signals. It is connected to a TCP/IP network, including the Internet. A host has a specific local or host number that, together with the network number, forms its unique IP address.
Acronym for Lightweight Directory Access Protocol, a client-server protocol for accessing and managing directory information.
Indicate the severity of a message stored in a log: fatal, warning, info, or debug.
Abbreviation for NT LAN Manager, a protocol used for authentication.
Acronym for Privacy Enhanced Mail, a standard for secure e-mail on the Internet. It supports encryption, digital signatures and digital certificates as well as both private and public key methods.
Acronym for Personal Identification Number. A private code used for identification of an individual.
Abbreviation for Public Key Infrastructure, a framework for creating a secure method for exchanging information based on public key cryptography.
A server that is placed between a client application, such as a Web browser, and a real server. It intercepts all requests to the real server to see if it can fulfill the requests itself. If not, it forwards the request to the real server.
Acronym for Remote Authentication Dial-In User Service, the de facto standard protocol for authentication servers. RADIUS uses a challenge/response method for authentication.
A corporate application users can access from a remote location. Available resource types in PortWise 4.0 are Web resources, tunnel resources, file share resources and customized resources.
Defines the computer where the resource is deployed. A resource host is identified through its unique IP address. A Web resource host or customized resource host can have one or several paths connected to it.
Defines the route to a specific part of the web resource host or customized resource host, for example http://www.resourcehost.com/path/, where the resource path defines a subset of the resource host. Resource paths are defined when user access should be restricted to that specific subset only.
Server certificates ensure that communication between clients and application servers is secure and private. The clients use the server certificate to authenticate the identity of the server and to encrypt information for the server, using SSL.
Abbreviation for Single Sign-On, the ability for users to log on once to a network and be able to access all authorized resources. A single sign-on program accepts the user's name and password and automatically logs on to all appropriate servers.
A collection of resources that share the same logon credentials. A user can have logon credentials for several SSO domains.
A technology that enables a network to send its data via another network’s connections. Tunneling works by encapsulating a network protocol within packets carried by the second network. Tunnels are often used to transmit non-IP protocols across IP networks.
A collection of users which share the same properties regarding access rights. There are three types of user groups: User Location Group, User Property Group and Directory Service User Group.
A user group which contains all users located under a specific node in the directory tree.
A user group which contains all users with a specific user attribute.
A directory service containing information about users, user groups, and user certificates.