Previous topic  Top  Next topic  Print this Topic

Terminology Glossary


A short overview of the terminology. To use advanced features of Apache Ki you should be familiar with some of the terminology.



Authentication is the act of confirming the identity of a subject (a user). The most common method of confirming an identity is with a username/password combination (it is checked if the password is correct).



This is the act of confirming if a subject has the right permissions to execute some action. For example, a check is made that user "Joe" has the permission to execute the "shutdown" command.



A realm is a resource which allows access to the security components of an application (users, passwords, roles, permissions). So realms are responsible for both authentication and authorization.



A subject represents an user with all his roles and permissions.



A user can have multiple roles. For example, a user can have the role "developer", but he can also be responsible for the administration (role: administrator) or for the sales (role: sales). A role is  basically a collection of permissions.



Principials are the identifying attributes of a subject (name, id, ...).



Information which is used to verify the identity of a user.



The ability to perform an action. In OntoBroker permissions could be

Read access to a module
Write access to a module
Command execution access

OntoBroker also allows wildcard permissions for some features. For example, you can use '*' as a wildcard to specify modules:

Joe:User[hasRole-> ResearchAndDevelopmentMember].


It is also possible to use wildcard permissions for command executions:

role.admin = ob:command:*

Instead of specifying a list of allowed commands we grant the "admin" role access to all commands.