DCE Glossary of Technical Terms
- Access Control List (ACL)
- Data that controls access to a protected object. An access control list specifies the
privilege attribute(s) needed to access the object and the permissions that can be
granted, with respect to the protected object, to principals that possess such privilege
- Application Programming Interface (API)
- A set of callable routines that a programmer uses to interact with an application.
- Asynchronous operation
- An operation that does not itself cause the process or thread) requesting the operation
to be blocked from further use of the CPU. This implies that the process and the operation
are running concurrently.
- The verification of a principal's network identity.
- Authentication protocol
- A formal procedure for verifying a principal's network identity; Kerberos is an instance
of a shared-secret authentication protocol.
- A relationship between a client and a server involved in a remote procedure call.
- Blocking call
- A call in which a caller is suspended until a called procedure completes.
- The technique of copying data from a server machine (its central storage place) to a
client machine's local disk or memory; users then access the copy locally. Caching reduces
network load because the data does not have to be fetched across the network more than
once (unless the central copy changes).
- The basic unit of operation in the DCE. A cell is a group of users, systems and
resources that are typically centered around a common purpose and that share common DCE
- Cell Directory Service (CDS)
- A distributed, replicated naming service
- The party that initiates a remote procedure call. Some applications act as both an RPC
client and an RPC server. See also server.
- Condition variable
- A synchronization object used in conjunction with a mutex. A condition variable allows a
thread to block until some event happens.
- A general term for privilege attribute data that has been certified by a trusted
privilege certification authority. In DCE credentials are implemented as Privilege
Attribute Certificates (PACs). See also Privilege Attribute Certificate.
- Distributed File Service (DFS)
- A file service that joins the local file systems of several File Server machines, making
the file systems equally available to all DFS client machines.
- Distributed Time Service (DTS)
- The Distributed Time Service synchronizes the clocks in networked systems and is
responsible for propagating a consistent notion of time throughout a cell.
- Domain Naming Service (DNS)
- A distributed directory service used on the Internet. Along with GDS, it provides a
global namespace that connects local DCE cells into one worldwide hierarchy.
- Global Directory Service (GDS)
- A distributed, replicated directory service based on the CCITT X.500/ISO 9594
international standard. Along with DNS, it provides a global namespace that connects local
DCE cells into one worldwide hierarchy.
- Global name
- A name that is universally meaningful and usable from anywhere in the DCE naming
environment. The prefix /... indicates that a name is global.
- See RPC Interface.
- Interface Definition Language (IDL)
- A high-level declarative language that provides the syntax for interface definitions.
- Internet Protocol. A family of network protocols defined by the U.S. Department of
- The authentication protocol implemented in DCE. Kerberos was developed at the
Massachusetts Institute of Technology. In classical mythology, Kerberos was the
three-headed dog that guarded the gates of the underworld.
- A value used to encrypt and decrpyt data.
- Load balancing
- Distributing system load evenly across server machines by placing identical copies of
frequently accessed information among available server machines.
- Local Area Network (LAN)
- A set of computers sharing a network that does not include bridges or Wide Area Network
- Local name
- A name that is meaningful and usable only from within the cell where the entry exists.
The local name is a shortened form of the global name. Local names begin with the prefix
/.: and do not contain a cell name.
- A synchronization object that provides mutual exclusion among threads. A mutex is often
used to ensure that shared variables are always seen by other threads in a consistent
- Network Computing Architecture (NCA)
- An architecture for distributing software applications across heterogeneous collections
of networks, computers and programming environments. NCA specifies the DCE Remote
Procedure Call architecture.
- Network Data Representation (NDR)
- The transfer syntax defined by the Network Computing Architecture.
- Network File System (NFS)
- A protocol for remote file access developed by Sun Microsystems, Inc.
- Network Information System (NIS)
- A protocol for remote distribution of common configuration files developed by Sun
- Network protocol
- A communications protocol from the Network Layer of the OSI network architecture, such
as the Internet Protocol.
- A data structure that implements some feature and has an associated set of operations.
For RPC applications, an object can be anything that an RPC server defines and identifies
to its clients (using an object UUID). Often an RPC object is a physical computing
resource such as a database, directory, device or processor. Alternatively, an RPC object
can be an abstraction that is meaningful to an application, such as a service or the
location of a server. See also object UUID.
- Object UUID
- The universal unique identifier that identifies a particular RPC object. A server
specifies a distinct object UUID for each of its RPC objects; to access a particular
object RPC object, a client uses the object UUID to find the server that offers the
object. See also object, Universal Unique Identifier.
- Open Connectivity Architecture
- A standard way of connecting applications to enterprise services.
- A string presented by a principal to prove its identity. The login facility transforms
this string to generate an encryption key that is used by the Authentication Service to
authenticate the principal.
- A set of standards intended to provide portable interfaces to operating systems
- An entity that is capable of believing that it can communicate securely with another
entity. In DCE, principals are represented as entries in the security database and include
users, servers, computers and cells.
- Privilege Attribute Certificate (PAC)
- Data, describing a principal's privilege attributes, that has been certified by an
authority. In DCE, the Privilege Service is the certifying authority. The Privilege
Service, along with Kerberos, is part of the DCE Security Service.
- Remote Procedure Call (RPC)
- A call to a procedure in a different address space. In a traditional procedure call, the
calling procedure and the called procedure are in the same address space on one machine.
In a remote procedure call, the calling procedure invokes a procedure in a different
address space and usually on a different machine.
- The process of creating read-only copies of information. Replication is supported by the
Security, Directory and File services in DCE. Replication can improve availability and
load balancing. See also load balancing.
- RPC Interface
- A logical grouping of operation, data type, and constant declarations that serves as a
network contract for calling a set of remote procedures. See also interface definition
- The party that receives remote procedure calls. A given application can act as both an
RPC server and an RPC client. See also client.
- A single sequential flow of control within a process.
- A related set or unit of changes to metadata. The events in a transaction are atomic. No
change takes effect unless all the changes that make up that transaction are performed.
- Transport independence
- The capability, without changing application code, to use any transport protocol that
both the client and server systems support, while guaranteeing the same call semantics.
See also transport layer, transport protocol.
- Transport layer
- A network service that provides end-to-end communications between two parties, while
hiding the details of the communications network. The TCP and ISO TP4 transport protocols
provide full-duplex virtual circuits on which delivery is reliable, error free, sequenced,
and duplicate free. UDP provides no guarantees.
- Transport protocol
- A communications protocol from the transport layer of the OSI network architecture, such
as the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP).
- Universal Unique Identifier (UUID)
- An identifier that is immutable and unique across time and space. See also object UUID.
- Wide Area Network (WAN)
- A network that includes computers spread across a large geographical distance, usually
involving several cities, states or countries. Communications connections in a WAN are
typically done over modems, T1 lines, or satellite hookups.
- X/Open Federated Naming (XFN)
- XFN provides a federated naming service interface comprising a set of common naming
operations and infrastructure policies for constructing composite names. A federated
naming service maps composite names to their references.
© 1996 The Open Group.
All rights reserved.
Permission is granted to reproduce any portion of the text or graphic images of this
document provided that you prominently display both the copyright notice listed above and
the following acknowledgment: Portions of this document have been reproduced with
the permission of the copyright owner, The Open Group, Inc., Woburn, MA.