access-control list

    In computer security, a list associated with a resource that identifies all the subjects that can access the resource along with specific access rights.


    access ID

    The unique identification of a user used during authorization to determine if access is permitted to the resource.


    access intent

    In enterprise beans, metadata that optimizes the run-time behavior of an entity bean with respect to concurrency control, resource management, and database access strategies is controlled through access intent metadata.


    access intent policy

    A grouping of access intents that governs a type of data access pattern for enterprise bean persistence.



    A part that electronically or physically connects a device to a computer or to another device.


    administrative agent

    Provides administrative support without requiring a direct connection to a database.



    A function that represents a requester to a server. An agent can be present in both a source and a target system.



    A finite set of well-defined rules for the solution of a problem in a finite number of steps.



    A client Java class that typically executes on a Web browser, but can also run on a variety of other client applications or devices.


    applet client

    A client executes within a browser-based Java run time, which is capable of interacting with enterprise beans directly instead of indirectly through a servlet.


    application assembly

    The process of creating an enterprise archive (EAR) file containing all the files related to an application as well as an Extensible Markup Language (XML) deployment descriptor for the application.


    application client module < p> A JAR file containing a client for accessing a Java application that executes inside of a client container and can connect to remote or client-side J2EE resources.


    Application Response Measurement (ARM)

    An Open Group standard composed of a set of interfaces implemented by an ARM agent that provides information on the elapsed time for process hops.



    A server program in a distributed network that provides the execution environment for an application program.


    asymmetric algorithm

    See public-key algorithm.


    asymmetric cryptography

    In computer security, pertaining to the use of different keys for encryption and decryption; a synonym for public key cryptography.


    asynchronous messaging

    A method of communication based on the JMS programming interface.



    In computer security, a process that ensures that the identities of both the sender and the receiver of a network transaction are true.



    The validation of client and server identities during a SSL connection by both communicating parties using public key cryptography and asymmetric cryptography.



    A definition or instance of a JavaBeans component.


    bean-managed messaging

    A function of asynchronous messaging that gives an enterprise bean complete control over the messaging infrastructure.


    Bean Scripting Framework

    An architecture for incorporating scripting language functions to Java applications.


    block decryption

    Symmetric algorithms that decrypt a block of data at one time.


    block encryption

    Symmetric algorithms that encrypt a block of data at one time.



    Process by which an initial reference of the naming service is obtained. The bootstrap setting and the host name form the initial context for JNDI references.


    brute force collision

    A programming style that relies on computing power to try all the possibilities with a known hash until the solution is found.



    One or more fields that accumulate the result of an operation.


    bulk decryption

    A synonym for block decryption.


    bulk encryption

    A synonym for block encryption.


    business logic tier

    The set of components that reside between the presentation and database tiers. This logic tier hosts the enterprise bean containers, which run the business logic.


    business process container

    A process engine that contains process modules.


    capability list

    A list of associated resources and their corresponding privileges per user.



    An arbitrary, logical grouping of one or more nodes in a WAS distributed network.


    cell-scoped binding

    A binding scope where the binding is not specific to, and not associated with any node or server. This type of name binding is created under the persistent root context of a cell.



    An entry point to the Web services gateway that carries requests and responses between Web services and the gateway.



    A cryptographic algorithm used to encrypt data that is unreadable until converted into plain data with a predefined key.


    cipher suite

    A set of ciphers.


    class loader

    Part of the JVM code that is responsible for finding and loading class files. A class loader affects the packaging of applications and the run-time behavior of packaged applications deployed on appservers.


    client proxy

    Similar to a stub that is local to the application and represents the same API as the Web service.


    client type detection

    A servlet determines the markup language type required by a client and calls the appropriate JSP file.



    A group of appservers that collaborates for the purposes of workload balancing and failover.



    Ability of multiple installations of the WebSphere Application Server to run in the same machine at the same time.


    Collector Tool

    A tool that gathers information about your WebSphere Application Server installation and packages this data in a JAR file to assist in problem determination and analysis. This information includes logs, property files, configuration files, operating system data, Java data, and prerequisite software presence and levels.


    Common Object Request Broker (CORBA)

    An OMG specification for application interoperability independent of platform, programming language, and protocol.


    concurrency control

    The management of contention for data resources.


    configuration repository

    A storage area of configuration data that is typically located in a subdirectory of the product installation root directory.


    configured name binding

    Persistent storage of an object in the name space that is created using either the administrative console or the wsadmin program.


    connection factory

    Used by an application component to access a connection instance, which the component then uses to connect to the underlying Enterprise Information System (EIS).


    connection handle

    A representation of a physical connection.


    connection pooling

    A technique used for establishing a pool of resource connections that applications can share on an appserver.



    A portable service API to external resources.



    In J2EE, an entity that provides life-cycle management, security, deployment, and run-time services to components. (Sun)


    container-managed persistence (CMP)

    In J2EE technology, a data transfer between the variables of an entity bean and a resource manager administered by the entity bean container.


    container transaction

    A transaction that has its boundaries set by the container for method invocations of the enterprise bean.


    content based routing (CBR)

    An optional feature of the caching proxy that provides intelligent routing to back-end appservers. This routing is based on HTTP session affinity and a weighted round-robin algorithm.


    context parameters

    Defines a server view of the web application (.war) within which the servlet is running and supports servlet access to available resources.



    In the Java Authentication and Authorization Service (JAAS) framework, a subject class that owns security-related attributes. These attributes can contain information used to authenticate the subject to new services.


    cryptographic token

    A logical view of a hardware device that performs cryptographic functions and stores cryptographic keys, certificates, and user data.


    custom service

    A configurable service that plugs in to a WebSphere Application Server and defines a hook point that runs when the server starts and shuts down when the server stops.


    custom user registry

    A customer-implemented user registry that implements the UserRegistry Java interface. This registry type can support virtually any kind of accounts repository from a relational database and can provide flexibility in adapting product security to various environments.


    data access bean

    A class library that provides a rich set of features and functions, while hiding the complexity associated with accessing relational databases.


    data definition language (DDL)

    A language for describing data and its relationships in a database.


    data source

    The means by which an application accesses data from a database.



    A form of asynchronous messaging in which an application sends a message, but does not want a response.



    A tool used to detect and trace errors in computer programs.


    declarative security

    The security configuration of an application during assembly stage that is defined in the deployment descriptors and enforced by the security run time.



    The process of propagating a security identity from a caller to a called object. As per the J2EE specification, a servlet and an enterprise bean can propagate either the client identity when invoking enterprise beans, or can use another specified identity as indicated in the corresponding deployment descriptor.


    demilitarized zone (DMZ)

    A configuration including multiple firewalls to add layers of protection between a corporate intranet and a public network, like the Internet.



    A person who installs modules and J2EE applications into an operational environment.


    deployment descriptor

    An Extensible Markup Language (XML) file that describes how to deploy a module or application by specifying configuration and container options.


    digest code

    A number that is the result of a message digest function or a secure hash algorithm distilling a document.


    digital certificate

    Equivalent to an electronic ID card that establishes the identity of a certificate owner and distributes the owner's public key.


    digital signature

    The encrypted digest code that is appended to a document. In an authentication system that uses public-key encryption, digital signatures are used to sign certificates.


    distinguished name (DN)

    In computer security, information that uniquely identifies the owner of a certificate.


    dynamic cache

    A consolidation of several caching activities, including servlets, Web services, and WebSphere commands into one service where these activities work together to improve performance and share configuration parameters.


    dynamic policy

    A template of permissions for a particular type of resource.


    dynamic reloading

    Ability to change an existing component without cycling the server for the changes to become effective.



    An object, icon, or container that contains other objects representing the resources of a domain. Use the domain object to manage those resources.


    Edge Side Include (ESI)

    A technology supporting cacheable and noncacheable Web page components that can be gathered and assembled at the edge of a network.


    EJB container

    Provides a run-time environment for enterprise beans within the applicaiton server. Handles all aspects of enterprise bean operation within the appserver and acts as an intermediary between the user-written business logic within the bean and the rest of the appserver environment.


    EJB module

    Assembles one or more enterprise beans into a single deployable unit. An EJB module is stored in a standard JAR file.


    enterprise application

    An application that conforms to the Java 2 Platform Enterprise Edition specification.



    A specialized JAR file, defined by the J2EE standard used to deploy J2EE applications to J2EE application servers. An EAR file contains enterprise beans, a deployment descriptor, and Web archive (WAR) files for individual Webapplications.


    enterprise bean

    A Java component that can be combined with other resources to create J2EE applications. There are three types of enterprise beans: entity beans, session beans, and message-driven beans.


    Enterprise Information system (EIS)

    Applications that provide an information infrastructure for an enterprise.


    entity bean

    An enterprise bean that represents persistent data maintained in a database. Identified by a primary key.


    environment variable

    A variable that specifies how an operating system or another program runs, or the devices that the operating system recognizes.



    A discrepancy between a computed, observed, or measured value or condition and the true, specified, or theoretically correct value or condition.


    ESI processor

    A feature in the WebSphere Web server plug-in that supports fragment caching and fragment assembly into full pages.



    An event during program execution that prevents the program from continuing normally.


    exception handler

    A block of code that reacts to a specific type of exception.


    extended messaging

    A function of asynchronous messaging where the appserver manages the messaging infrastructure and extra standard types of messaging beans are provided to add functionality to that provided by message-driven beans.



    A class of objects designated by a specific term or concept; denotation.



    A cluster event where the primary database server or appserver switches over to a backup system due to the failure of the primary server.


    fast response cache accelerator (FRCA)

    A cache that resides in the kernel on AIX and Windows platforms that provides support for caching on multiple Web servers and on servers with multiple IP addresses.


    fault message

    An object that contains status information and details about a problem with a message.



    Process of hooking together naming systems so that the aggregate system can process composite names that span the naming systems.


    file serving

    A function that supports the serving of static files by Webapplications.



    A synonym for digest code.


    fix pack

    A tested fix that is a collection of all cumulative maintenance for a product. It can also contain fixes that have not been shipped previously, but it might not contain new function.



    A container used to organize objects.


    form-based login

    An authentication process where a user ID and a password are retrieved using an HTML form, and sent to the server over the HTTP or HTTPS protocol.


    form logout

    A mechanism to log out without having to close all Web browser sessions.


    forwardable credentials

    A mechanism-specific security credential that is issued to access a resource, which is used to obtain another credential for access to a different resource.


    garbage collection

    A routine that searches memory to reclaim space from program segments or inactive data.



    A middleware componenet that bridges Internet and intranet environments during Web service invocations.


    General Inter-ORB Protocol (GIOP)

    A protocol that Common Object Request Broker Architecture (CORBA) uses to define the format of messages.


    global security

    Pertains to all applications running in the environment and determines whether security is used, the type of registry used for authentication, and other values, many of which act as defaults.



    A document type definition (DTD) or schema providing a structured format used for successful processing by the trace service.



    A collection of users who can share access authorities for protected resources.



    An object that identifies an enterprise bean.



    In Web services, a mechanism for processing service content and extending the function of a JAX-RPC run-time system.



    The exchange of messages at the start of a SSL session that allows the server to authenticate itself to the client using public-key techniques, then allows the client and the server to cooperate in creating symmetric keys for encryption, decryption, and detection of tampering.



    In computer security, a number generated from a string of text that is used to ensure that transmitted messages arrived intact.



    A way to organize data on computer systems using a hierarchy of containers, often called folders (directories) and files. In this scheme, folders may contain other folders and files. The successive containment of folders within folders creates the levels of organization, which is the hierarchy.


    horizontal scaling

    A topology in which more than one application server running on multiple computing nodes is used to run a single application.


    host name

    The network name for a network adaptor on a physical machine in which the node is installed.


    hot deployment

    Process of adding new components to a running server without stopping and cycling the appserver or application.


    Hypertext Transfer Protocol (HTTP)

    An Internet protocol that is used to retrieve hypertext objects from remote hosts.


    Hypertext Transfer Protocol Secure (HTTPS)

    A TCP/IP protocol that is used by World Wide Web servers and Web browsers to transfer and display hypermedia documents securely across the Internet.



    The name of an item in a program written in the Java language.


    identity assertion

    The invocation credential that is asserted to the downstream server. This credential can be set as the originating client identity, the server identity, or another specified identity, depending on the RunAs mode for the enterprise bean.


    identity token

    Contains the invocation credential identity, which with the client authentication token are required by the receiving server to accept the asserted identity.


    inbound transport

    Network ports in which a server listens for incoming requests.


    initial context

    Starting point in a namespace.


    initial reference

    A well-known reference associated with an identifier.



    In object-oriented programming, an object of a particular class.


    Integrated Development Environment (IDE)

    A set of software development tools such as source editors, compilers, and debuggers, that are accessible from a single user interface.


    Interface Definition Language (IDL)

    APIs written in Java language that provide standards-based interoperability and connectivity with Common Object Request Broker Architecture (CORBA).



    An application that has been coded such that it can present information to users in different locales or languages, and accept input data from users in multiple locales.


    Internet Inter-ORB Protocol (IIOP)

    A TCP/IP-based protocol that CORBA uses to encode and decode General Inter-ORB Protocol (GIOP) messages.



    The capability to communicate, run programs, or transfer data among various functional units in a way that requires the user to have little or no knowledge of the unique characteristics of these units.


    Interoperable Naming Service (INS)

    Supports the configuration of the ORB administratively to return object references.


    Interoperable object reference (IOR)

    An object reference with which an application can make a remote method call on a CORBA object. This reference contains all the information needed to route a message directly to the appropriate server.



    The activation of a program or procedure.


    invocation credential

    An identity with which to invoke a downstream method. The receiving server requires this identity with the sending server identity to accept the asserted identity.


    invoker attribute

    An assembly property for a Web module that is used by the servlet that implements the invocation behavior.


    J2EE application

    Any deployable unit of J2EE functionality. This unit can be a single module or a group of modules packaged into an enterprise archive (EAR) file with a J2EE application deployment descriptor. (Sun)


    J2EE Connector architecture

    A standard architecture for connecting the J2EE platform to heterogeneous enterprise information systems (EIS).


    J2EE server

    A run-time environment that provides enterprise bean or Web containers.



    An object-oriented programming language for portable interpretive code that supports interaction among remote objects. The Java language was developed and specified by Sun Microsystems, Incorporated.


    Java API for XML (JAX)

    Refers to a set of Java-based APIs for handling various operations involving data defined through Extensible Markup Language (XML).



    A package through which services can authenticate and authorize users while enabling the applications to remain independent from underlying technologies.


    Java Command Language (Jacl)

    A scripting language for the Java 2 environment that is used to create Web content and to control Java applications.



    A Java API that supports the creation and communication of various messaging implementations.



    A Java extension that provides an interface for various directory and naming services in an enterprise.


    Java Runtime Environment (JRE)

    A subset of the Java Software Development Kit (SDK) that contains the core executables and files that constitute the standard Java platform. The JRE includes the JVM, core classes, and supporting files.



    An interpretive computing engine responsible for executing the byte code in a compiled Java program into the native instructions of the host machine.


    Java Virtual Machine Profiler Interface (JVMPI)

    A profiling tool that supports the collection of information, such as data about garbage collection and the JVM API that runs the appserver.


    JavaMail API

    A platform and protocol-independent framework for building Java-based mail client applications.


    JSP (JSP) files

    Application building blocks coded to the Sun Microsystem JSP (JSP) specification. JSP files enable the separation of the Hypertext Markup Language (HTML) code from the business logic in Web pages so that HTML programmers and Java programmers can collaborate when creating and maintaining pages.


    Java 2 Connector security

    An architecture designed to extend the end-to-end security model for J2EE-based applications to include enterprise information systems (EIS)



    An API that supports database and data source access from Java applications.



    A toolkit that consists of a set of Java packages that enable developers to incorporate message logging and trace facilities into Java applications.



    A logical connection created to establish a path from one server to another.



    The part of an operating system that performs basic functions such as allocating hardware resources.


    key database file

    A synonym for a key ring.


    key file

    Synonym for key ring. The file that stores the keys used during the authentication of a message.


    Keyed-Hashing Message Authentication Code (HMAC)

    A mechanism for message authentication that uses cryptographic hash functions.


    key ring

    In computer security, a file that contains public keys, private keys, trusted roots, and certificates.


    keystore file

    A key database file that contains both public keys stored as signer certificates and private keys stored in personal certificates.



    Additional specification of the entry within the naming service.


    Launch pad

    A graphical interface for launching the product installation.


    Lightweight Directory Access Protocol (LDAP)

    An open protocol that uses TCP/IP to provide access to information directories.


    Lightweight Third Party authentication (LTPA)

    A protocol that uses cryptography to support security in a distributed environment.


    link name

    Name defined in the deployment descriptor of the encompassing application.



    A program that detects incoming requests and starts the associated channel.


    listener port

    An object that defines the association between a connection factory, a destination, and a deployed message-driven bean. Listener ports simplify the administration of the associations between these resources.


    load balancing

    The monitoring of appservers and management of the workload on servers.



    A bounded scope that is managed by the container to define the appserver behavior in an unspecified transaction context.



    A named and stateful object with which the user code interacts that logs messages for a specific system or application component.


    MBean provider

    A library containing an implementation of a Java Management Extensions (JMX) MBean and its MBean Extensible Markup Language (XML) descriptor file.


    message digest

    A hash value or a string of bits resulting from the conversion of processing data to a number.


    message-driven bean

    An enterprise bean that provides asynchronous message support and clearly separates message and business processing.



    In object-oriented design or programming, the software that implements the behavior specified by an operation.


    method extension

    An IBM extension to the standard deployment descriptors for enterprise beans that define transaction isolation methods and control the delegation of credentials.


    method permission

    A mapping between one or more security roles and one or more methods that a member of a role can call.



    A program unit that is discrete and identifiable with respect to compiling, combining with other units, and loading.


    multiple configuration instances

    More than one instance of a product running in the same machine at the same time.


    multiprocess multithread (MPMT)

    A process architecture of the IBM HTTP Server that supports multiple processes as well as multiple threads per process.


    Multipurpose Internet Mail Extensions (MIME)

    An Internet standard for identifying the type of object transferring across the Internet. MIME types include several variants of audio, graphics, and video.


    name space

    A hierarchical space reserved by a file system to contain the names of its objects.



    Operations used by clients of WAS applications to obtain references to objects related to those applications.


    naming contexts

    A logical namespace containing name and object bindings.


    naming federation

    Process of hooking together naming systems so that the aggregate system can process composite names that span the naming systems.



    Pertaining to the relationship between a transport user and a transport provider that are both based on the same transport protocol.



    A logical grouping of managed servers.


    node agent

    Manages all appservers on a node and represents the node in the management cell.


    node name

    The machine name of the installation platform; an arbitrary WAS-specific name that must be unique.


    node federation

    Process of combining the managed resources of one node into a distributed network such that the central manager application can access and administer the resources on the node.



    In business-to-business communication, the ability of the recipient to prove who sent a message based on the contents of the message. This proof is derived from the use of a digital signature in the message, which links the sender to the message.



    In object-oriented design or programming, an instance of a class that consists of data and the operations associated with that data.


    object adapter

    A CORBA term, denoting the primary interface that a server implementation uses to access ORB functions.


    object reference

    A CORBA term, denoting the information needed to reliably identify a particular object.



    In object-oriented programming, software that serves as an intermediary by transparently enabling objects to exchange requests and responses.


    one-way hash

    An algorithm that converts processing data into a string of bits; known as a hash value or a message digest.


    Open Servlet Engine (OSE)

    A lightweight communications protocol developed by IBM for interprocess communication.


    page list

    Specifies the location to forward a request, but automatically tailors that location, depending on the Multipurpose Internet Mail Extensions(MIME) type of the servlet.


    parallel garbage collection

    Using several garbage collection threads at one time.



    The body of the message that holds the content.



    A set of packages and libraries assigned to gather, deliver, process, and display performance data.



    Authorization to perform activities, such as reading and writing local files, creating network connections, and loading native code.



    A characteristic of data that is maintained across session boundaries, or of an object that continues to exist after the execution of the program or process that created it, usually in nonvolatile storage, such as a database system.



    A self-contained software component that modifies function in a particular software system. When a user adds a plug-in to a software system, the foundation of the original software system remains intact. The development of plug-ins requires well-defined application programming interfaces (APIs).



    A style of messaging application in which the sending application knows the destination of the message.


    port number

    In the Internet suite of protocols, the identifier for a logical connector between an application entity and the transport service.


    primary key

    An object that uniquely identifies an entity bean within a home.



    An entity that can communicate securely with another entity.


    process definition

    A specification of the run-time characteristics of an appserver process.


    process module

    Contains a set of process templates that support administrative tasks.


    programmatic login

    A type of form login that supports application presentation site-specific login forms for the purpose of authentication.


    programmatic security

    A collection of methods used by applications when declarative security is not sufficient to express the security model of the application.



    A characteristic or attribute that describes a unit of information.


    public-key algorithm

    An algorithm designed so that the key used for encryption is different from the key used for decryption. The decryption key cannot be derived, at least not in any reasonable amount of time, from the encryption key.



    A WebSphere MQ object message queuing applications can put messages on, and get messages from a queue. A queue is owned and maintained by a queue manager.


    queueing network

    A group of interconnected components.


    realm name

    The machine name of a user registry.



    When a thread of control attempts to enter a bean instance again.



    Logical names defined in the application deployment descriptor that are used to locate external resources for enterprise applications. At deployment, the references are bound to the physical location of the resource in the target operational environment.


    referential integrity

    In Extensible Markup Language (XML) tools, the condition that exists when all references to items in the XML schema editor or DTD editor are automatically cleaned up when the schema is detected or renamed.


    Remote OSE

    The use of the Open Servlet Engine (OSE) protocol as a transport mechanism to communicate between two separate machines in the WAS environment.


    remote procedure call (RPC)

    Executing a normal method invocation by sending network packets to some remote host.



    Configuration information that contains the details necessary for building a SSL connection.



    The process of copying objects from one node in a cluster to one or more other nodes in the cluster, which makes the objects on all the systems identical.


    replication entry

    A run-time component that handles the transfer of internal WAS data.


    resource adapter

    A system-level software driver that a Java application uses to connect to an Enterprise Information System (EIS).


    resource adapter archive (RAR)

    A JAR file that is used to package a resource adapter for the Java 2 Connector (J2C) architecture for WAS.


    resource environment reference

    Maps a logical name used by the client application to the physical name of an object.


    resource manager local transaction (RMLT)

    A resource manager view of a local transaction that represents a unit of recovery on a single connection that is managed by the resource manager.


    reverse proxy

    An IP-forwarding topology where the proxy is on behalf of the back-end HTTP server. It is an application proxy for servers using HTTP.



    A set of permissions.


    role-based authorization

    The use of authorization information to determine whether a caller has the necessary privilege to request a service.


    role mapping

    The process of associating groups and principals recognized by the container to security roles specified in the deployment descriptor.


    RunAs role

    A role used by a servlet or an enterprise bean component to invoke and delegate a role to another enterprise bean.



    Pertains to the capability of a system to adapt readily to a significant fluctuation in volume or demand.



    A service that provides time-dependent services.



    In database programming, the representation of a database to map. In Extensible Markup Language (XML), a language that formally describes and contains the content of XML files by indicating which elements are supported and in which combinations.



    Specification of the boundary within which system resources can be used.



    A style of programming that reuses existing components as a base for building applications.


    Secure Association Service (SAS)

    An authentication protocol used to communicate securely with enterprise beans.



    A security protocol that provides transport layer security: authenticity, integrity, and confidentiality, for a secure connection between a client and a server.The protocol runs above TCP/IP and below application protocols.


    security constraints

    Declarations of how to protect Web content, and how to protect data that is communicated between the client and the server.


    security domain

    All the servers that are configured with the same user registry realm name.


    security permission

    Authorization granted to access a system resource.


    security role reference

    A role that defines the access levels a user has and the specific resources they can modify at those levels.


    server implementation object

    Enterprise beans that client applications require to access and implement the services that support those objects.


    server-side include

    A facility for including dynamic information in documents sent to clients, such as current date, the last modification date of a file, and the size or last modification of other files.



    A Java program that runs on a Java-enabled Web server and extends the capabilities of a Web server, similarly to the way applets run on a browser and extend the capabilities of a browser.


    servlet filtering

    The process of transforming a request or modifying a response without exposing the resource used by the servlet engine.


    servlet mapping

    A correspondence between a client request and a servlet that defines their association.



    A series of requests to a servlet originating from the same user at the same browser.


    session affinity

    Application configurations where a client is always connected to the same server. These configurations disable workload management after an initial connection by forcing a client request to always go to the same server.


    session bean

    An enterprise bean that is created by a client and that usually exists only for the duration of a single client and server session.


    shared library file

    A file that consists of a symbolic name, a Java class path and a native path for loading JNI libraries. Applications that are deployed on the same node as this file can access this information.


    signer certificate

    The trusted certificate entry that is usually in a trustore file.


    Simple Object Access Protocol (SOAP)

    A lightweight, XML-based protocol for exchanging information in a decentralized, distributed environment.


    single signon

    An authentication process in a client and server relationship in which the user can enter one name and password, and have access to more than one application.



    Generalization of a particular class of users; a product-defined entity independent of the user registry.


    stateful session bean

    A session bean that enables clients to rely on a single point of contact on the server, manages persistence for long-running sessions and reduces traffic between the client and server.


    stateless session bean

    A session bean that is a collection of operations.The server can optimize resources by reusing bean instances on every method call.



    A Java programming language keyword that is used to define a variable as a class variable.


    stream decryption

    Symmetric algorithm that decrypts data one bit or byte of data at a time.


    stream encryption

    Symmetric algorithm that encrypts data one bit or byte of data at a time.


    symmetric algorithm

    An algorithm where the encryption key can be calculated from the decryption key and vice versa. In most symmetric algorithms, the encryption key and the decryption key are the same.



    The rules for the construction of a command or statement.


    tag library

    A collection of custom tags that contains classes for common tasks.


    thin application client

    A lightweight, downloadable Java application run time capable of interacting with enterprise beans.


    thin client

    A system that runs a light operating system with no local system administration and executes applications over the network.



    The basic unit of program execution. Several threads can run concurrently, performing different jobs.


    Tivoli Performance Viewer

    A Java client that retrieves the Performance Monitoring Infrastructure (PMI) data from an appserver and displays it in various formats.



    A specific set of input data that triggers execution of a specific processor job; a message destined for an application program.



    The request queue between a WAS plug-in for Web servers and a Web container in which the Web modules of an application reside. When a user at a Web browser requests an application, the request is passed to the Web server, then along the transport to the Web container.


    trust association

    An integrated configuration between the security server of the product and third-party security servers. A reverse proxy server acts as a front-end authentication server, while the product applies its own authorization policy onto the resulting credentials passed by the proxy server.


    trust association interceptor (TAI)

    A reverse security proxy server that receives HTTP requests from the trusted proxy server in a trust association.


    truststore file

    A key database file that contains the public keys for that target server.


    Unified Modeling Language (UML)

    A standard notation for the modeling of a real-world object as a first step in developing an object-oriented design methodology.


    Uniform Resource Identifier (URI)

    A compact string of characters for identifying an abstract or physical resource.


    Uniform Resource Locator (URL)

    An identifier that points to an electronically-accessible resource, such as a directory file on a machine in a networrk, or a document stored in a database.


    URL scheme

    A format containing another object reference.


    user registry

    A database of known users and user-provided information that is used for authentication purposes.



    A configuration property that provides a parameter for any value in the system. It has a name and a value to use in place of that name wherever the variable name is located within the configuration files.


    vertical scaling

    Setting up multiple appservers on one machine, usually by creating cluster members.


    virtual host

    A configuration enabling a single host machine to resemble multiple host machines. Resources associated with one virtual host cannot share data with resources associated with another virtual host, even if the virtual hosts share the same physical machine.


    virtual machine

    An abstract specification for a computing device that can be implemented in different ways in software and hardware.



    A thread waiting for a connection.


    web application (.war)

    An application comprised of one or more related servlets, JSP technology, and HTML files that you can manage as a unit.


    Web archive (WAR)

    A compressed file format, defined by the J2EE standard for storing all the resources required to install and run a web application (.war) in a single file.


    Web component

    A servlet, JavaServer Page (JSP) file, or a HyperText Markup Language (HTML) file. One or more Web components make up a Web module.


    Web container

    Handles requests for servlets, JSP (JSP) files, and other types of files that include server-side code. It creates servlet instances, loads and unloads servlets, creates and manages request and response objects, and performs other servlet management tasks.


    Web module

    Represents a web application (.war). A Web module is created by assembling servlets, JSP (JSP) files, and static content such as HTML pages into a single deployable unit. Web modules are stored in Web archive (WAR) files, which are standard Java archive (JAR) files.


    Web property extension

    IBM extensions to the standard deployment descriptors for Webapplications. These extensions include Multipurpose Internet Mail Extensions (MIME) filtering and servlet caching.


    Web resource collection

    Defines a set of URL patterns or resources and HTTP methods belonging to the resource.


    Web server plug-in

    Supports the Web server in communicating requests for dynamic content, such as servlets, to the appserver.


    Web server separation

    A topology where the Web server is physically separated from the appserver.


    Web service

    A self-contained, modular application that you can use to describe, publish, locate, and invoke over a network.


    Web Services Invocation Framework (WSIF)

    A Java API that supports dynamic invoking of Web services, regardless of the format in which the service is implemented or the access mechanism.


    workload management

    The optimization of the distribution of incoming work requests to the appservers, enterprise beans, servlets and other objects that can effectively process the request.



    A temporary repository of configuration information that administrative clients use.


    World Wide Web Consortium (W3C)

    An international industry consortium set up to develop common protocols to promote evolution and interoperability of the World Wide Web.



    An alternate and supported interface that hides unsupported data types required by a server object behind a thin intermediate server object.