IBM Security Identity Manager Version 6.0. Glossary SC

Similar documents
IBM Security Identity Manager Version Glossary IBM

Platform LSF Version 9 Release 1.3. Migrating on Windows SC

Release Notes. IBM Tivoli Identity Manager Universal Provisioning Adapter. Version First Edition (June 14, 2010)

Release Notes. IBM Tivoli Identity Manager Rational ClearQuest Adapter for TDI 7.0. Version First Edition (January 15, 2011)

IBM Endpoint Manager Version 9.1. Patch Management for Ubuntu User's Guide

Release Notes. IBM Tivoli Identity Manager GroupWise Adapter. Version First Edition (September 13, 2013)

Release Notes. IBM Security Identity Manager GroupWise Adapter. Version First Edition (September 13, 2013)

Using application properties in IBM Cúram Social Program Management JUnit tests

Platform LSF Version 9 Release 1.1. Migrating on Windows SC

IBM Cognos Dynamic Query Analyzer Version Installation and Configuration Guide IBM

IBM. Avoiding Inventory Synchronization Issues With UBA Technical Note

IBM OpenPages GRC Platform Version 7.0 FP2. Enhancements

IBM Operational Decision Manager Version 8 Release 5. Configuring Operational Decision Manager on Java SE

Getting Started with InfoSphere Streams Quick Start Edition (VMware)

IBM emessage Version 8.x and higher. Account Startup Overview

IBM Copy Services Manager Version 6 Release 1. Release Notes August 2016 IBM

IBM Cloud Orchestrator. Content Pack for IBM Endpoint Manager for Software Distribution IBM

Version 9 Release 0. IBM i2 Analyst's Notebook Premium Configuration IBM

Tivoli Access Manager for Enterprise Single Sign-On

IBM. Release Notes November IBM Copy Services Manager. Version 6 Release 1

Version 9 Release 0. IBM i2 Analyst's Notebook Configuration IBM

Migrating on UNIX and Linux

IBM Spectrum LSF Process Manager Version 10 Release 1. Release Notes IBM GI

Installing Watson Content Analytics 3.5 Fix Pack 1 on WebSphere Application Server Network Deployment 8.5.5

IBM Security Access Manager for Versions 9.0.2, IBM Security App Exchange Installer for ISAM

Migrating Classifications with Migration Manager

IBM Security QRadar Version 7 Release 3. Community Edition IBM

IBM. Business Process Troubleshooting. IBM Sterling B2B Integrator. Release 5.2

Installing on Windows

IBM Tivoli Identity Manager Authentication Manager (ACE) Adapter for Solaris

IBM Content Analytics with Enterprise Search Version 3.0. Expanding queries and influencing how documents are ranked in the results

IBM OpenPages GRC Platform - Version Interim Fix 1. Interim Fix ReadMe

IBM Watson Explorer Content Analytics Version Upgrading to Version IBM

IBM Geographically Dispersed Resiliency for Power Systems. Version Release Notes IBM

Release Notes. IBM Tivoli Identity Manager I5/OS Adapter. Version First Edition (January 9, 2012)

Application and Database Protection in a VMware vsphere Environment

IBM Storage Driver for OpenStack Version Release Notes

IBM InfoSphere Master Data Management Reference Data Management Hub Version 11 Release 0. Upgrade Guide GI

IBM. Networking Open Shortest Path First (OSPF) support. IBM i. Version 7.2

ReadMeFirst for IBM StoredIQ

IBM License Metric Tool Enablement Guide

Tivoli Access Manager for Enterprise Single Sign-On

IBM UrbanCode Cloud Services Security Version 3.0 Revised 12/16/2016. IBM UrbanCode Cloud Services Security

IBM Operations Analytics - Log Analysis: Network Manager Insight Pack Version 1 Release 4.1 GI IBM

IBM StoredIQ Platform Version Overview Guide GC

IBM Spectrum LSF Version 10 Release 1. Readme IBM

IBM. IBM i2 Enterprise Insight Analysis Understanding the Deployment Patterns. Version 2 Release 1 BA

A Quick Look at IBM SmartCloud Monitoring. Author: Larry McWilliams, IBM Tivoli Integration of Competency Document Version 1, Update:

Build integration overview: Rational Team Concert and IBM UrbanCode Deploy

IBM Maximo for Aviation MRO Version 7 Release 6. Installation Guide IBM

IBM Operational Decision Manager. Version Sample deployment for Operational Decision Manager for z/os artifact migration

IBM Security QRadar Version Customizing the Right-Click Menu Technical Note

Version 2 Release 1. IBM i2 Enterprise Insight Analysis Understanding the Deployment Patterns IBM BA

Development tools System i5 Debugger

IBM. Networking INETD. IBM i. Version 7.2

IBM Tivoli Directory Server Version 5.2 Client Readme

IBM LoadLeveler Version 5 Release 1. Documentation Update: IBM LoadLeveler Version 5 Release 1 IBM

ios 9 support in IBM MobileFirst Platform Foundation IBM

IBM Maximo Calibration Version 7 Release 6. Installation Guide

IBM Maximo for Service Providers Version 7 Release 6. Installation Guide

IBM Security Identity Manager Version Administration Topics

IBM Storage Driver for OpenStack Version Installation Guide SC

Tivoli Access Manager for Enterprise Single Sign-On

Version 1 Release 1 November IBM Social Marketing Solution Pack User's Guide IBM

IBM i Version 7.2. Systems management Logical partitions IBM

IBM WebSphere Sample Adapter for Enterprise Information System Simulator Deployment and Testing on WPS 7.0. Quick Start Scenarios

IBM Tivoli Identity Manager IBM Security Access Manager for Enterprise Single Sign-On Adapter for Tivoli Directory Integrator

IBM Storage Driver for OpenStack Version Release Notes

MAPI Gateway Configuration Guide

Netcool/Impact Version Release Notes GI

IBM StoredIQ Platform Version Overview Guide IBM GC

IBM Security QRadar Version Forwarding Logs Using Tail2Syslog Technical Note

IBM TRIRIGA Application Platform Version 3 Release 5.3. User Experience User Guide IBM

CONFIGURING SSO FOR FILENET P8 DOCUMENTS

IBM Datacap Mobile SDK Developer s Guide

IBM Cognos PowerPlay Client Version Installation and Configuration Guide IBM

Tivoli Access Manager for Enterprise Single Sign-On

Release Notes. IBM Tivoli Identity Manager Oracle PeopleTools Adapter. Version First Edition (May 29, 2009)

IBM Tivoli Monitoring for Databases. Release Notes. Version SC

IBM StoredIQ Platform Version Overview Guide IBM GC

Determining dependencies in Cúram data

IBM Netcool/OMNIbus 8.1 Web GUI Event List: sending NodeClickedOn data using Netcool/Impact. Licensed Materials Property of IBM

Readme File for Fix Pack 1

IBM i2 Analyze ibase Connector Deployment Guide. Version 4 Release 1 IBM

IBM. myfilegateway. Sterling File Gateway. Version 2.2

IBM Case Manager Mobile Version Users' Guide IBM SC

IBM Storage Driver for OpenStack Version Installation Guide SC

Proposal for a Tivoli Storage Manager Client system migration from Solaris with VxFS to Linux with GPFS or AIX with GPFS or JFS2

Best practices. Starting and stopping IBM Platform Symphony Developer Edition on a two-host Microsoft Windows cluster. IBM Platform Symphony

IBM Maximo Calibration Version 7 Release 5. Installation Guide

Patch Management for Solaris

Requirements Supplement

IBM Rational Synergy DCM-GUI

IBM Worklight V5.0.6 Getting Started

Version 4 Release 1. IBM i2 Enterprise Insight Analysis Data Model White Paper IBM

Networking Bootstrap Protocol

Version 2 Release 1. IBM i2 Enterprise Insight Analysis Maintaining a deployment IBM

Tivoli Access Manager for Enterprise Single Sign-On

IBM Kenexa LCMS Premier on Cloud. Release Notes. Version 9.3

IBM. IBM i2 Analyze Windows Upgrade Guide. Version 4 Release 1 SC

Transcription:

IBM Security Identity Manager Version 6.0 Glossary SC14-7397-01

IBM Security Identity Manager Version 6.0 Glossary SC14-7397-01

Note Before using this information and the product it supports, read the information in Notices on page 19. Edition notice Note: This edition applies to version 6.0 of IBM Security Identity Manager (product number 5724-C34) and to all subsequent releases and modifications until otherwise indicated in new editions. Copyright IBM Corporation 2012, 2013. US Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

Table of contents Glossary.............. 1 Index............... 23 Notices.............. 19 Copyright IBM Corp. 2012, 2013 iii

iv IBM Security Identity Manager Version 6.0: Glossary

Glossary A access s The ability to read, update, delete, or otherwise use a resource. Access to protected resources is typically controlled by system software. The ability to use data that is stored and protected on a computer system. A group or role which has been configured to be an access in IBM Security Identity Manager. After the access is configured, users can request the given group or role access. access control The process of ensuring that users can access only those resources of a computer system for which they are authorized. access control list A list that is associated with a resource that identifies all the principals that can access the resource and the permissions for those principals. See also permission and principal. access control item (ACI) Data that identifies the permissions of principals and is assigned to a resource. account An entity that contains a set of parameters that define the application-specific attributes of a principal, which include the identity, user profile, and credentials. account defaults The settings or attributes for an account that IBM Security Identity Manager automatically assigns at the time of creation. ACI target The resource for which you define the access control items. For example, an ACI target can be a service. activity In a workflow, the smallest unit of work. When a request requires approval, information, or additional actions, the workflow for that request generates the appropriate activities. These activities are added to the to-do lists of the appropriate user. See also workflow. adapter A set of software components that communicate with an integration broker and with applications or technologies. The adapter performs tasks, such as executing application logic or exchanging data. A transparent, intermediary software component that enables different software components with different interfaces to work together. administrative domain A logical collection of resources that is used to separate responsibilities and manage permissions. Also referred to as an Admin Domain in the user interface. See also permission. adopt To assign an orphan account to the appropriate owner. See also orphan account. Copyright IBM Corp. 2012, 2013 1

adoption policy The set of rules that determine which orphan accounts belong to which owners. See also orphan account. agent A process that manages target resources on behalf of a system such that the system can respond to requests. agent adapters A process that resides on the target system. This process enables IBM Security Identity Manager to manage the remote accounts and resources of the target system. agent-less adapter A process that resides on the IBM Tivoli Directory Integrator Server. This process enables IBM Security Identity Manager to manage target system accounts and resources remotely. See also Directory Integrator adapter aggregate message A collection of notification messages that are combined into a single e-mail, along with optional user-defined text. alias In identity management, an identity for a user, which might match the user ID. The alias can be used in an adoption rule, such that during reconciliation, the adoption rule is used to determine who owns the account. A person can have several aliases, such as GSmith, GWSmith, and SmithG. application server A server program in a distributed network that provides the execution environment for an application program. application user administrator A type of person who uses IBM Security Identity Manager to set up and administer the services that are managed by IBM Security Identity Manager or to set up and administer the IBM Security Identity Manager users of those services. approval A type of workflow activity that allows someone to approve or reject a request. See also workflow. attribute In BI Modeling, a characteristic of an entity which is descriptive rather than a unique identifier or aggregating measure. audit trail A chronological record of events or transactions. You can use audit trails for examining or reconstructing a sequence of events or transactions, managing security, and for recovering lost transactions. authentication The process of verifying that an entity is the entity that it claims to be, often by verifying a user ID and password combination. Authentication does not identify the permissions that a person has in the system. See also authorization. authentication factor A piece of information used to authenticate or verify an identity for security purposes. 2 IBM Security Identity Manager Version 6.0: Glossary

authorization The process of granting a user, system, or process either complete or restricted access to an object, resource, or function. See also authentication. authorization owner A user who can manage access control items (ACIs) for a resource. authentication provider The communication mechanism to an external authentication source. Functionality, such as user authentication, group membership, and namespace searches, are made available through authentication providers. B business unit Logically a grouping of people within a business. For example, an organization, organizational unit, location, business partner unit, or administration domain. These units can be used to partition users, services, policies, access controls, entitlements, and other entities. C cardinality 1. For relational data sources, a numerical indication of the relationship between two query subjects, query items, or other model objects. 2. For OLAP data sources, the number of members in a hierarchy. The cardinality property for a hierarchy is used to assign solve orders to expressions. Cascading Style Sheets A language that defines a hierarchical set of style rules for controlling the rendering of HTML or XML files in browsers, viewers, or in print. certificate In computer security, a digital document that binds a public key to the identity of the certificate owner. This document enables the certificate owner to be authenticated. A certificate is issued by a certificate authority and is digitally signed by that authority. See also Certificate Authority (CA). Certificate Authority (CA) An organization that issues certificates. The CA authenticates the certificate owner's identity and the services that the owner is authorized to use. The CA issues new certificates, renews existing certificates, and revokes certificates that belong to users who are no longer authorized to use them. challenge-response authentication An authentication method that requires users to respond to a prompt by providing information to verify their identity when they log in to the system. For example, when users forget their password, they are prompted (challenged) with a question. They must provide an answer (response) in order to either receive a new password or receive a hint for specifying the correct password. child role A role that is a member of another role (parent). The child role is a static organizational role that inherits permissions from all of its parent roles in a hierarchical relationship. A child role can have multiple parent roles. Glossary 3

comma-separated values (CSV) file See CSV file. common criteria A standardized method, which is used by international governments, the United States federal government, and other organizations, for expressing security requirements. These requirements assess the security and assurance of technology products. Common Gateway Interface (CGI) An Internet standard for defining scripts that pass information from a web server to an application program, through an HTTP request, and vice versa. connector A plug-in that is used to access and update data sources. A connector accesses the data and separates out the details of data manipulations and relationships. See also adapter. contact A named email address to which reports and agent e-mails can be sent. Contacts are never authenticated. content store The database that contains the data needed to operate, such as report specifications, published models, and security rights. credential A declaration of authorization or other security attributes of a subject that is typically validated and signed by a trusted third party. See also authentication and principal. A credential represents the ID and authenticators (such as a password) for a resource. See also shared access credential pool Credential pools are a group credentials with similar access privileges. The pool can be defined as a service group or a set of service groups. credential vault The vault is a configured repository that stores credentials for shared access management. CSV file A common type of file that contains data that is separated by commas. D DAML See Directory Access Markup Language (DAML). dashboard A web page that can contain one or more widgets that graphically represent business data. data model A description of the organization of data in a manner that reflects the information structure of an enterprise. data source The source of data itself, such as a database or XML file, and the connection information necessary for accessing the data. 4 IBM Security Identity Manager Version 6.0: Glossary

data source connection The named information that defines the type of data source, its physical location, and any sign-on requirements. A data source can have more than one connection. data warehouse A subject-oriented collection of data that is used to support strategic decision making. A central repository for all or significant parts of the data that the business systems of an organization collect. deployment archive A file used for deployment. A deployment archive contains the data from the content store that is being moved. delegate (noun) The user who is designated to approve requests or provide information for requests for another user. delegate (verb) To assign all or a subset of administrator privileges to a user. The user can then perform all or a subset of administrator activities for a specific set of users. To designate a user to approve requests or provide information for requests for another user. delegate administrator The user who has all or a subset of administrator privileges over a specific set of users. delegate administration The ability to apply all or a subset of administrator privileges to another user (the delegate administrator). The user can then perform all or a subset of administrator activities for a specific set of the users. deprovision To remove an account from a target resource. See also provision. digital certificate An electronic document that is used to identify an individual, server, company, or some other entity, and to associate a public key with the entity. A digital certificate is issued by a certification authority and is digitally signed by that authority. See also Certificate Authority (CA). Directory Access Markup Language (DAML) An XML specification that extends the functions of Directory Services Markup Language (DSML) 1.0 in order to represent directory operations. In IBM Security Identity Manager, DAML is used for server to agent communications. See also Directory Services Markup Language v2.0 (DSMLv2).. Directory Integrator adapter A software component that connects to the Tivoli Directory Integrator environment in order to interact with target data sources such as LDAP servers. Customized adapters are typically written in Java or JavaScript. See also agent-less adapter directory server A server that can add, delete, change, or search directory information for a client for example, an LDAP server. Glossary 5

Directory Services Markup Language v1.0 (DSMLv1) An XML implementation that describes the structure of data in a directory and the state of the directory. DSML can be used to locate data into a directory. DSMLv1 is an open standard defined by OASIS. See also Directory Services Markup Language v2.0 (DSMLv2). Directory Services Markup Language v2.0 (DSMLv2) An XML implementation that describes the operations that a directory can perform and results of those operations. Such descriptions include how to create, modify, and delete data. Whereas DSMLv1 can be used to describe the structure of data in a directory, DSMLv2 can be used to communicate with other products about that data. DSMLv2 is an open standard defined by OASIS. See also Directory Services Markup Language v1.0 (DSMLv1). distinguished name (DN and dn) The name that uniquely identifies an entry in an LDAP directory. A distinguished name is made up of name-component pairs. For example: cn=john Doe,o=My Organization,c=US domain administrator The owner of an administrative domain organizational unit. That relationship grants a set of permissions to the administrator to manage resources in that administrative domain. See also administrative domain. dynamic content tags A set of XML tags that enables the administrator to provide customized information in a message, notification, or report. These tags are based on the XML Text Template Language (XTTL) schema. See also XML Text Template Language (XTTL). dynamic organizational role An organizational role that is assigned to a person by using an LDAP filter. When a user is added to the system and the LDAP filter parameters are met, the user is automatically added to the dynamic organizational role. See also organizational role. E entitlement The capability-based reason that a user is given a permission or set of permissions to access IT resources (services). entity An object about which you want to store information or manage. For example, a person and an account are both entities. entity type Categories of managed objects. See also entity. escalation The process that defines what happens and who acts when an activity was not completed in the specified amount of time. escalation limit The amount of time, for example, hours or days, that a participant has to respond to a request, before an escalation occurs. See also escalation. event The encapsulated data that is sent as a result of an occurrence, or situation, in the system. 6 IBM Security Identity Manager Version 6.0: Glossary

export The process that involves preserving system data in a file so that the data can later be restored in a system. IBM Security Identity Manager uses a JAR file. See also import. F failover An automatic operation that switches to a redundant or standby system in the event of a software, hardware, or network interruption. FESI See Free EcmaScript Interpreter. FESI extension A Java extension that can be used to enhance JavaScript code and then be embedded within a FESI script. Free EcmaScript Interpreter (FESI) An implementation of the EcmaScript scripting language, which is an ISO standard scripting language that is like the JavaScript scripting language. form G In IBM Security Identity Manager, a customizable user interface window that enables you to create, view, and modify account, service, or user attributes. gateway An extension of a web server program that transfers information from the web server to another server. Gateways are often CGI programs, but may follow other standards such as ISAPI and Apache modules. group A collection of users on a service. grouping In reporting, the process of organizing common values of query items together and only displaying the value once. group management The use of lifecycle operations (create, remove, add members, remove members) on groups. H help desk assistant A person who uses IBM Security Identity Manager to assist users and managers with managing their accounts and passwords. hierarchy The organization of a set of entities into a tree structure, with each entity (except the root) having one or more parent entities and an arbitrary number of child entities. hosted service A hosted service is shown as a logically distinct service in IBM Security Identity Manager. The hosted service references a nonhosted service (sometimes called a concrete service because it represents an managed resource or target) within another organization. Glossary 7

I identity The subset of profile data that uniquely represents a person or entity and that is stored in one or more repositories. identity feed The automated process of creating one or more identities from one or more common sources of identity data (for example, identity data can be fed from an HR system using a DSML file). identity governance A set of rules that define the access privileges of a user. identity policy The policy that defines the user ID to be used when creating an account for a user. Identity Service Center An IBM Security Identity Manager user interface which provides the capability for managers or individuals to request access for individuals. IIOP (Internet Inter-ORB Protocol) A protocol used for communication between Common Object Request Broker Architecture (CORBA) object request brokers. import The process that involves restoring or migrating system data that was preserved in a file (for IBM Security Identity Manager the file is a JAR file) to a system. See also export. ITIM group A list of IBM Security Identity Manager accounts. Membership within an ITIM group determines the access to data within IBM Security Identity Manager. ITIM user A user who has a IBM Security Identity Manager account. J Java Database Connectivity See JDBC. JDBC (Java Database Connectivity) An industry standard for database-independent connectivity between the Java platform and a wide range of databases. The JDBC interface provides a call-level API for SQL-based and XQuery-based database access. Database vendors provide a JDBC interface implementation specific to their platform that enable Java programs to interact with the database. join directive The set of rules that define how to handle attributes when two or more provisioning policies are applied. Two or more policies might have overlapping scope, so the join directive specifies what actions to take when this overlap occurs. L layout The arrangement of printed matter on a screen or page, including margins, line spacing, type specification, header and footer information, indents, and more. 8 IBM Security Identity Manager Version 6.0: Glossary

LDAP (Lightweight Directory Access Protocol) An open protocol that uses TCP/IP to provide access to directories that support an X.500 model. This protocol does not incur the resource requirements of the more complex X.500 Directory Access Protocol (DAP). For example, LDAP can be used to locate people, organizations, and other resources in an Internet or intranet directory. LDAP Data Interchange Format See LDIF. LDAP directory A type of repository that stores information about people, organizations, and other resources and that is accessed using the LDAP protocol. The entries in the repository are organized into a hierarchical structure, and in some cases the hierarchical structure reflects the structure or geography of an organization. LDAP filter A search filter that narrows the results from an LDAP search. LDIF (LDAP Data Interchange Format) A file format that is used to describe directory information and changes that need to be applied to a directory. This format enables the exchange of directory information between directory servers that are using LDAP. level A set of entities or members that form one section of a hierarchy in a dimension and represent the same type of object. For example, a geographical dimension might contain levels for region, state, and city. life cycle Passage or transformation through different stages over time. For example markets, brands and offerings have life cycles. The life cycle of entities in IBM Security Identity Manager encompasses the create, read, update, and delete operations required to manage those entities. By extending those operations, you can customize the lifecycle of entities in IBM Security Identity Manager. For example, customers typically extend the delete operation and change it to only suspend the account. Suspending the account enables auditors to see when the account was deactivated and last accessed. life cycle rules A life cycle rule contains an LDAP filter, an operation, and a schedule. The rule determines which operations to use when automatically handling commonly occurring events on a set schedule. For example, suspending an account that has been inactive for a period of time. Lightweight Directory Access Protocol See LDAP. locale A setting that identifies language or geography and determines formatting conventions such as collation, case conversion, character classification, the language of messages, date and time representation, and numeric representation. location An organizational unit that is a subdivision of an organization, typically based on geographical area. Glossary 9

M mail A type of workflow activity that sends an e-mail notification to one or more users about a request. mailbox-enabled A mailbox-enabled user can send and receive messages, and store messages on the Exchange server mailboxes. mail-enabled An Active Directory user account that has an e-mail address associated with it, but has no mailbox on the Exchange server. A mail-enabled user can send and receive e-mail using another messaging system. If you send messages to a mail-enabled user account, then these messages pass through the Exchange server, and are forwarded to an external e-mail ID of that user account. managed resource An entity that exists in the runtime environment of an IT system and that can be managed (typically named a service). manager A type of person who uses IBM Security Identity Manager to manage their own accounts and passwords or the accounts and passwords of those people that they supervise. manual service A type of service that requires manual intervention by the service owner to complete the provisioning request. model A physical or business representation of the structure of the data from one or more data sources. A model describes data objects, structure, and grouping, as well as relationships and security. In Cognos BI, a model is created and maintained in Framework Manager. The model or a subset of the model must be published to the IBM Cognos server as a package for users to create and run reports. N namespace The set of unique names that a service recognizes. Space reserved by a file system to contain the names of its objects. nested group A group that is contained within another group. See also group. notification An e-mail message that is sent to users or systems that indicates that a change was made that might be of interest to the receiver. O object In Report Studio, an empty information container that can be dragged to a report from the toolbox tab and then filled with data. Reports are made up of objects, which include cross-tabs, text items, calculations, graphics, and tables. object class The specific type of object, or subcategory of classes, that an access control 10 IBM Security Identity Manager Version 6.0: Glossary

item can protect. For example, if the protection category is account, then the object class can be the type of account, such as an LDAP user account. See also protection category. An entity that defines the schema for a service or an account. operation A specific action (such as add, multiply, or shift) that the computer performs when requested. operational workflow A workflow that defines the lifecycle process for accounts, persons, and other entities. The operational workflows include the create, read, update, and delete operations for each entity. See also workflow. organization A hierarchical arrangement of organizational units, such that each user is included once and only once. See also organizational unit. organization tree A hierarchical structure of an organization that provides a logical place to create, access, and store organizational information. Also referred to as an organization structure. organizational role A logical group of principals that provide a set of permissions. Access to operations is controlled by granting access to a role. An organizational role can also represent a group of principals based on business job title or other business-related attributes. See also dynamic organizational role. and static organizational role. organizational unit A type of organizational container that represents a department or similar grouping of people. orphan account On a managed resource, an account whose owner cannot be automatically determined by IBM Security Identity Manager. ownership type A category that classifies ownership accounts in IBM Security Identity Manager. One account can have only one type of ownership. Accounts can be marked with different ownership types depending on their use. Password management process is affected by the type of ownership. For example, password synchronization provides change of password for accounts having ownership type, "Individual". The following are the default ownership types: v Device v Personal v System v Vendor As an administrator, you can customize ownership types. P package A subset of a model, which can be the whole model, to be made available to the Cognos server. See also metric package. Glossary 11

parent role A static organizational role where one or more of its members is another role (child role). The parent role grants a set of permissions to the child role in a hierarchical relationship. A parent role can have multiple child roles. participant In identity management, an individual, a role, a group, or a JavaScript script that has the authority to respond to a request that is part of a workflow. See also workflow. password In computer and network security, a specific string of characters that is used by a program, computer operator, or user to access the system and the information stored within it. password retrieval In identity management, the method of retrieving a new or changed password by accessing a designated Web site and specifying a shared secret. See also shared secret. password strength rules The set of rules that a password must conform to, such as the length of the password and the type of characters that are allowed (or not allowed) in the password. password policy A policy that defines the password strength rules. A password strength policy is applied whenever a password is set or modified. See also password strength rules. password synchronization The process of coordinating passwords across services and systems such that only a single password is needed to access those multiple services and systems. permission Authorization to perform activities, such as reading and writing local files, creating network connections, and loading native code. In Identity Manager, permissions to manage objects are encapsulated in ACI. person An individual in the system that has a person record in one or more corporate directories. personal profile The data that describes a user within the system, such as the user name, password, contact information, and so on. plug-in A software module that adds function to an existing program or application. policy A set of considerations that influence the behavior of a managed resource or a user. policy enforcement The manner in which IBM Security Identity Manager acts on accounts that do not meet provisioning policy requirements for a specific service. policy join In identity management, a directive that defines how attributes are 12 IBM Security Identity Manager Version 6.0: Glossary

handled when policies conflict. This conflict can occur when there are multiple policies defined for the same users or groups of users on the same target service, service instance, or service type. post office A component that collects notifications from the appropriate workflow activities that have activity group topic IDs defined. The component distributes those notifications to the appropriate workflow participants. The distribution is done in aggregate form. principal A person or group that has been granted permissions. An entity that can communicate securely with another entity. privilege See permission. product locale The code or setting that specifies which language, regional settings, or both to use for parts of the product interface, such as menu commands. profile Data that describes the characteristics of a user, group, resource, program, device, or remote location. protection category The category of classes that an access control item can protect. For example, accounts or persons. See also object class, ACI. provision In identity management, to set up and maintain the access of a user to a system. In identity management, to create an account on a managed resource. provisioning In identity management, the process of providing, deploying, and tracking a service or component. provisioning policy A policy that defines the access to various managed resources (services), such as applications or operating systems. Access is granted to all users, users with a specific role, or users who are not members of a specific role. publish In Cognos BI, to expose all or part of a Framework Manager model or Transformer PowerCube, through a package, to the IBM Cognos server, so that the data can be used to create reports and other content. Q query The simple report specifications created and edited by Query Studio. query item A representation of a column of data in a data source. Query items may appear in a model or in a report and contain a reference to a database column, a reference to another query item, or a calculation. query subject A named collection of query items that are closely functionally related. Query subjects are defined using Framework Manager to represent relational data and form the set of available data for authoring reports in Glossary 13

R Query Studio and Report Studio. A query subject is similar to a relational view in that it can be treated as a table but does not necessarily reflect the data storage. recertification The process of validating and possibly updating your credentials with a system, typically after a specified time interval. recertification policy A policy that defines the life cycle rule for automatically validating accounts and users in the provisioning system at a specified frequency. The policy sends approvals to the recertification policy participants asking if the accounts or users are still to be certified. See also life cycle rules. reconciliation The process of synchronizing data in IBM Security Identity Manager with data on a managed resource. registration The process of accessing a system and requesting an account on that system. registry A repository that contains access and configuration information for users, systems, and software. relationship A defined association between two or more data entities. This association is used to define IBM Security Identity Manager access control items (ACIs) and to specify workflow participants. relevant data The data that is used and referenced by workflow activities in a workflow operation. For example, in a person add operation workflow, the person entity is a relevant data item. See also workflow. report A set of data deliberately laid out to communicate business information. report output The output produced as a result of executing a report specification against a data set. repository A persistent storage area for data and other application resources. Common types of repositories are databases, directories, and file systems. request The item that initiates a workflow and instigates the various activities of a workflow. See also workflow. Request Access wizard A form of user assistance where you can change or customize the appearance and content of several IBM Security Identity Manager components such as user cards, access cards, badges, and search control properties. request approval workflow A workflow that defines the business logic. Typically it contains a series of activities and participants. The workflow is used to approve requests, such as account requests and access requests. See also workflow. 14 IBM Security Identity Manager Version 6.0: Glossary

request for information (RFI) A workflow activity that requests additional information from the specified participant. See also workflow. resource A hardware, software, or data entity. See also managed resource. response file An ASCII file that can be customized with the setup and configuration data that automates an installation. During an interactive installation, the setup and configuration data must be entered, but with a response file, the installation can proceed without any intervention. restore To activate an account that was suspended and inactive. rights See permission. role A logical group of principals that provide a set of permissions. Access to resources is controlled by using provisioning policy to grant access to a role. A role can also represent a group of principals based on business job title or other business-related attributes. See also organizational role. role classification The identification of a role by its category that differentiates one category from another, such as a system application role from a business role. role hierarchy A hierarchical structure of inheritance in which a role can be a parent role or child role or both. role ownership The ability of a user to control membership in a role and to approve users assigned to that role. Both users and organization roles can be owners of an organizational role. If a role is assigned as an owner of another role, then all the members of the owner role become owners of that other role. role relationship The ability to establish parent-child (inheritance) associations between roles. Inheritance between roles can directly affect policies' members which govern user access. An example of inheritance affecting a policy's members is: a provisioning policy grants the members of the 'Role A' with an Linux account. If the Role A is associated with another role, 'Role B', where Role A is the parent of B; the provisioning policy now grants the members of Role A and Role B (because of inheritance) a Linux account. rule S A set of conditional statements that enable computer systems to identify relationships and execute automated responses accordingly. schema The fields and rules in a repository that comprise a profile. See also profile. scope In identity management, the set of entities that a policy or an access control item (ACI) can affect. Secure Sockets Layer (SSL) A security protocol that provides communication privacy. With SSL, client/server applications can communicate in a way that is designed to prevent eavesdropping, tampering, and message forgery. Glossary 15

security The protection of data, system operations, and devices from accidental or intentional ruin, damage, or exposure. security administrator A type of person who sets up and administers IBM Security Identity Manager for users, managers, help desk assistants, and application user administrators. self-registration See registration. separation of duty policy A logical container of separation rules that define mutually exclusive relationships among roles. service A representation of a managed resource, application, database, or system. In IBM Security Identity Manager specifically, a service represents the user repository for a managed resource. service owner An individual who uses IBM Security Identity Manager to set up and administer the accounts on the services that are managed by IBM Security Identity Manager. See also service. service prerequisite A service on which a user must first have an existing account in order to receive a new account on another service. service provider An organization that provides services to the user. service selection policy A policy that determines which service to use in a provisioning policy. See also provisioning policy. service type A category of related services that share the same schemas. See also service. session The time during which an authenticated user is logged on. shared access Access to a resource or application by using a shared credential. shared access policy Shared access policy authorizes role members to share access by credentials or credential pools. A policy can be defined for a specific credential pool, a specific credential, or all pools or all credentials with the same organization container context. shared secret An encrypted value that is used to retrieve the initial password of a user. This value is defined when the personal information for the user is initially loaded into the system. single sign-on (SSO) The ability of a user to log on once and access multiple applications without having to log on to each application separately. 16 IBM Security Identity Manager Version 6.0: Glossary

sponsor A type of workflow participant who is designated to respond to a workflow manual activity for a business partner person or organization. A workflow manual activity can either be an approval activity, request for information activity, or work order activity. static organizational role An organizational role that is manually assigned to a person. See also organizational role. supervisor A role that identifies the person who supervises another set of users. This role is often responsible for approving or rejecting requests that are made by those users. suspend To deactivate an account so that the account owner cannot access the service (managed resource). system administrator An individual who is responsible for the configuration, administration, and maintenance of IBM Security Identity Manager. summary In reporting and analysis, an aggregate value that is calculated for all the values of a particular level or dimension. Examples of summaries include total, minimum, maximum, average, and count. T tenant In a hosted service environment, a virtual enterprise instance of an application. Each instance of IBM Security Identity Manager (defined on separate tenant IDs) can share directory servers or relational databases while remaining a separate service instance. to-do list A collection of outstanding activities. See also activity. topic The group ID of a notification message set in manual workflow activities in the workflow designer. This ID enables messages to be grouped based on the same task and aggregated to each recipient of the message. transfer In identity management, the process of moving a user from one business unit to a different business unit within the same organization. transition A connection between two workflow activities. See also workflow. U universally unique identifier (UUID) The 128-bit numeric identifier that is used to ensure that two entities do not have the same identifier. The identifier is unique for all space and time. user Any individual, organization, process, device, program, protocol, or system that uses the services of a computing system. The individual who uses IBM Security Identity Manager to manage their accounts and passwords. A user represents a person that is managed by IBM Security Identity Manager. An ITIM user represents a user who has a IBM Security Identity Manager account and can use IBM Security Identity Manager. Glossary 17

user recertification policy A policy that provides a periodic re-validation process for a user's role memberships, accounts, and group membership of accounts. User recertification combines recertification of multiple resources and memberships into a single activity to be completed by a designated approver. See also recertification policy. V view A collection of various graphical user interfaces for a product that represent the set of tasks that a particular type of user is allowed to perform. Administrators can customize views to contain different collections of graphical user interfaces. W work area The area within a studio that contains the report, analysis, query, or agent currently being used. work order A workflow activity that requires a participant to perform an activity outside of the scope of the system. See also workflow. workflow The sequence of activities performed in accordance with the business processes of an enterprise. See also activity. workflow notification A message sent to a user defined in the workflow containing information about the success, failure, or required action of an activity. X XML Text Template Language (XTTL) An XML schema that provides a means for representing dynamic content within a message, notification, or report. The XML tags are also called dynamic content tags. See also dynamic content tags. 18 IBM Security Identity Manager Version 6.0: Glossary

Notices This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-ibm product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U.S.A. For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: Intellectual Property Licensing Legal and Intellectual Property Law IBM Japan, Ltd. 19-21, Nihonbashi-Hakozakicho, Chuo-ku Tokyo 103-8510, Japan The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law : INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement might not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-ibm Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. Copyright IBM Corp. 2012, 2013 19

IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: IBM Corporation 2Z4A/101 11400 Burnet Road Austin, TX 78758 U.S.A. Such information may be available, subject to appropriate terms and conditions, including in some cases payment of a fee. The licensed program described in this document and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or any equivalent agreement between us. Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurement may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment. Information concerning non-ibm products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-ibm products. Questions on the capabilities of non-ibm products should be addressed to the suppliers of those products. All statements regarding IBM's future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. COPYRIGHT LICENSE: This information contains sample application programs in source language, which illustrate programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. You may copy, modify, and distribute these sample programs in any form without payment to 20 IBM Security Identity Manager Version 6.0: Glossary

IBM for the purposes of developing, using, marketing, or distributing application programs conforming to IBM's application programming interfaces. Each copy or any portion of these sample programs or any derivative work, must include a copyright notice as follows: If you are viewing this information softcopy, the photographs and color illustrations might not appear. (your company name) (year). Portions of this code are derived from IBM Corp. Sample Programs. Copyright IBM Corp. _enter the year or years_. All rights reserved. If you are viewing this information in softcopy form, the photographs and color illustrations might not be displayed. Trademarks IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at http://www.ibm.com/legal/copytrade.shtml. Adobe, Acrobat, PostScript and all Adobe-based trademarks are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, other countries, or both. IT Infrastructure Library is a registered trademark of the Central Computer and Telecommunications Agency which is now part of the Office of Government Commerce. Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. Linux is a trademark of Linus Torvalds in the United States, other countries, or both. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. ITIL is a registered trademark, and a registered community trademark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office. UNIX is a registered trademark of The Open Group in the United States and other countries. Cell Broadband Engine and Cell/B.E. are trademarks of Sony Computer Entertainment, Inc., in the United States, other countries, or both and is used under license therefrom. Notices 21

Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. Privacy Policy Considerations This information was developed for products and services that are offered in the US and the European Union. IBM Software products, including software as a service solutions, ( Software Offerings ) may use cookies or other technologies to collect product usage information, to help improve the end user experience, to tailor interactions with the end user or for other purposes. In many cases no personally identifiable information is collected by the Software Offerings. Some of our Software Offerings can help enable you to collect personally identifiable information. If this Software Offering uses cookies to collect personally identifiable information, specific information about this offering s use of cookies is set forth below. This Software Offering does not use cookies or other technologies to collect personally identifiable information. If the configurations deployed for this Software Offering provide you as customer the ability to collect personally identifiable information from end users via cookies and other technologies, you should seek your own legal advice about any laws applicable to such data collection, including any requirements for notice and consent. For more information about the use of various technologies, including cookies, for these purposes, See IBM s Privacy Policy at http://www.ibm.com/privacy and IBM s Online Privacy Statement at http://www.ibm.com/privacy/details/us/en sections entitled Cookies, Web Beacons and Other Technologies and Software Products and Software-as-a Service. 22 IBM Security Identity Manager Version 6.0: Glossary

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback