A
access control entry (ACE)
An access control entry (ACE) identifies a specific user or user group within an access control list and specifies the access rights for the user or user group. An individual ACE may explicitly deny or permit rights.
access control list (ACL)
An access control list (ACL) is an ordered list of access control entries (ACEs) attached to a securable object. The Windows operating system uses two types of ACL; a discretionary access control list (DACL) used to specify the access rights of a user or user group and a system access control list (SACL) used to determine when specific types of access should generate audit messages.
access right
An access right is an attribute of an access token that determines the type of operation that a particular Windows group or user can perform on a secured object. Example access rights include read, write, delete, execute, and so on.
access token
An access token is a data structure attached to every Windows process. It maintains security context information for the process, which includes a user SID identifying the principal whom the logon session represents, and authorization attributes including the user’s group SIDs and privileges.
Every access token is associated with exactly one logon session, while a logon session may contain multiple access tokens; one for each process started within the logon session and optionally, additional thread tokens attached to individual threads.
account
An account is an entry in the security database that maintains the security attributes of an individual principal. The security database may either be the SAM database or Active Directory.
Accounts may either be domain accounts or local accounts.
Active Directory
Active Directory is the LDAP directory service used by the Windows 2000 operating system.
Anonymous authentication is a form of IIS authentication in which IIS makes no attempt to prove the identity of its clients. Anonymous authentication is akin to no authentication. It is often used in conjunction with ASP.NET Forms authentication which uses an HTML form to capture the client’s credentials.
application server
An application server is a dedicated server computer, separate from a front-end Web server. The application server typically hosts Web services, remote components, and/or Enterprise Services applications that contain the majority of an application’s business logic.
authentication
Authentication is the process of proving identity. For example, when you log on to Windows, the operating system authenticates you by requesting your credentials; a user name and password. When a process (a type of principal), acting on your behalf connects to a remote computer, it uses a cached set of credentials to answer network authentication requests.
authority
An authority is a trusted entity (organization or computer) that is used to provide authentication services.
authorization
Authorization is the process of determining whether or not an authenticated identity is allowed to access a requested resource or perform a requested operation.
