Glossary of Terms
- Last Updated: November 10, 2022
- 1 minute read
- OpenEdge
- Version 12.2
- Documentation
The following is a list of definitions of the terms used in this document.
| Term | Definition |
|---|---|
| Auditing | The secure recording of security-related events across an application, its utilities, and/or its databases |
| Authenticate | To confirm an individuals assertion of identity as a precursor to issuing them a security token |
| Authentication | The process of verifying the identity of a user and issuing them a security token as a precursor to authorizing their access to protected resources |
| Authentication system | In OpenEdge an authentication system is a configurable Domain plug-in that is used by its authentication processes to authenticate a user’s identity as a member of that Domain |
| Authentication Provider | The Spring Security framework’s equivalent to an OpenEdge Domain’s authentication system plug-in |
| Authorize | Grant/deny access to a protected resource |
| Authorization (process) | The process of using a user’s security token to Authorize their access to some protected resource |
| Client-side security | The execution of authentication, authorization and auditing processes by application/database clients |
| Client-Principal | An ABL language handle used to access the contents of an OpenEdge security token |
| Connection Role | A Role whose access rights include physically connecting to an OpenEdge database and/or changing an existing connection’s user identity |
| Database connection |
A persistent connection of a client to an OpenEdge database server for the purpose of accessing the database stored data. The physical connection to an OpenEdge database uses an OpenEdge security token to grant/deny individual users the ability to establish a connection and/or change its current user identity |
| Domain | A collection of users, objects, or resources that conform to a common policy |
| Domain access code | An OpenEdge domain’s unique secret key that is used to seal an OpenEdge security token so that it may be authorized by OpenEdge resources |
| Domain registry | aka OpenEdge Domain Registry, a configuration of OpenEdge domains that includes its authentication system, authentication process options, and a unique domain access code used by OpenEdge resources to authorize access |
| OpenEdge database enhanced connection security | A collection of interdependent OpenEdge product security features first available in OpenEdge 11.6.2 that provide a greater degree of database connection security |
| OpenEdge Domain | aka Domain, used to identify a set of users that share a common authentication process and set of rights for access to OpenEdge resources (such as a database) |
| OpenEdge Authentication Gateway | A Progress Application Server (PAS) for OpenEdge instance configured for secure execution of a Security Token Service (STS) application |
| OpenEdge security token | A security token native to all OpenEdge component’s authentication and authorization processes |
| PAS for OpenEdge | A Progress Application Server (PAS) extended to execute one or more ABL or WebHandler applications |
| Progress Application Server (PAS) | A Progress Web application server based on Apache Tomcat that used by multiple Progress products |
| Protected Resource | A physical something in a computer system whose access is limited to certain authorized users. Examples would be an OS server, database, data records, file system, etc. |
| RBAC | Acronym for Role Based Access Control |
| Role | A group attribute that binds individual users to a certain set of right(s) |
| Role Based Access Control (RBAC) | A model for controlling access to protected resources based on a user’s granted role rather than their individual identity |
| Role Membership | The inclusion of an individual user in a role that will be used by RBAC |
| Security Token | A token that contains verifiable proof of a user’s identity and granted role(s), and is used by an authorization process |
| Security Token Service (STS) | A Web application that runs in a PAS for OpenEdge server that provides authentication and security token services for OpenEdge distributed applications and databases |
| Spring Security | An industry-recognized authentication and authorization framework used in Java applications, featuring a direct-injection architecture |
| STS Client | An (authorized) client of an STS application |
| STS Client Key | A key (aka credentials) established by an administrator, holding ownership of a STS Key, for authorizing individual OpenEdge installation’s access to an STS application |
| STS Key | Functionality in an STS application that is used to selectively grant OpenEdge ABL client and/or database rights to use its authentication and security token services |
| STS Server Key | A key (aka credentials) that uniquely identifies and instance of an STS application, and is used to generate and authorize STS client access via STS Client Keys |
| Server-side security | The authentication, authorization, and auditing processes executed by server processes |
| Token | Something that uniquely identifies an authenticated users identity |