Previous topic  Top  Next topic  Print this Topic
 

Terminology Glossary

 

A short overview of the terminology. To use advanced features of Apache Ki you should be familiar with some of the terminology.

 

hmtoggle_plus1Authentication

Authentication is the act of confirming the identity of a subject (a user). The most common method of confirming an identity is with a username/password combination (it is checked if the password is correct).

 

hmtoggle_plus1Authorization

This is the act of confirming if a subject has the right permissions to execute some action. For example, a check is made that user "Joe" has the permission to execute the "shutdown" command.

 

hmtoggle_plus1Realm

A realm is a resource which allows access to the security components of an application (users, passwords, roles, permissions). So realms are responsible for both authentication and authorization.

 

hmtoggle_plus1Subject

A subject represents an user with all his roles and permissions.

 

hmtoggle_plus1Role

A user can have multiple roles. For example, a user can have the role "developer", but he can also be responsible for the administration (role: administrator) or for the sales (role: sales). A role is  basically a collection of permissions.

 

hmtoggle_plus1Principial

Principials are the identifying attributes of a subject (name, id, ...).

 

hmtoggle_plus1Credidentials

Information which is used to verify the identity of a user.

 

hmtoggle_plus1Permission

The ability to perform an action. In OntoBroker permissions could be

Read access to a module
Write access to a module
Command execution access

OntoBroker also allows wildcard permissions for some features. For example, you can use '*' as a wildcard to specify modules:

Joe:User[hasRole-> ResearchAndDevelopmentMember].

ResearchAndDevelopmentMember:Role[hasReadPermission->*].

It is also possible to use wildcard permissions for command executions:

role.admin = ob:command:*

Instead of specifying a list of allowed commands we grant the "admin" role access to all commands.