Tunnel negotiation is driven by the SSH server and controlled by the SSH client.
This means that the ciphers, MAC, compression algorithms and authentication methods are specified by a list that is offered by the server and chosen by the client. If the option ANY is set for either cipher, MAC, or compression, the server's first choice of preference will be used, which is also supported by the client.
BusinessConnect always acts as the SSH client, regardless of the direction of the transport (such as inbound or outbound).
Supported Ciphers for SSHFTP
For the list of supported ciphers, see Supported SSH Ciphers. If configured to ANY, then any of the supported ciphers can be selected by the server.
Supported MACs for SSHFTP
* These MACs can not be selected from the BusinessConnect GUI.
If configured to ANY, then any of the supported MACs can be selected by the server.
Supported Compression Algorithms for SSHFTP
Zlib
If NONE is selected, no compression is enforced by the client. This assumes that the SSH server also considers 'NONE' to be a valid option.
|
91Glossary
A ack
A return message in a B2B request/response transaction indicating that data has been received correctly. Typically, if the sender of the original data does not receive an ack message before a predetermined time, or receives a nack, the sender re-sends the original data. See also nack.
asynchronous transaction type
A request/response transaction type in which the Responder sends a response on a channel other than the sending channel. See also synchronous transaction type.
B B2B
Business to Business. Electronic, integrated communication between businesses, usually over the Internet or over a VPN. See also VPN.
C CA
Certificate Authority. See also Certificate Authority.
CDATA
Character data. CDATA has two very different meanings in XML. The first meaning is used within document type declarations, where CDATA is used within attribute declarations to indicate that an attribute should contain
character content, and that no enumerated set of values is provided to constrain that content.
The second meaning applies only within documents, where CDATA marked sections (beginning with <![CDATA[and ending with]]>) label text within documents that is purely character data, containing no elements or entities that need to be processed. CDATA sections provide an escape mechanism supporting documents containing characters (typically <, >, and &) that would interfere with normal processing.
certificate
A data string that a Certificate Authority (CA) creates after the CA verifies the identity of an entity that has submitted a CSR (Certificate Signing Request).
A certificate is in a certificate chain. See also certificate chain.
Certificate Authority (CA)
A trusted third party that validates identities and issues X.509 certificates by signing the certificate with its signature.
certificate chain
A list of certificates made up of a user’s X.509 digital certificate and the certificate chain of its CA’s certificates.
A certificate chain can be in a certificates file. See also certificates file.
A certificate chain can also be in a key identity file. See also key identity file.
certificates file
A file that contains a private key’s certificate chain.
ChemXML™
An XML-based data exchange standard for buying, selling, and delivering chemicals.
CIDX™ (Chemical Industry Data eXchange) developed ChemXML on a non-profit basis for use in the chemical industry to conduct electronic business transactions and exchange data in company-to-company,
Data that has been encrypted.
cleartext
Data that has not been encrypted.
CMS
Cryptographic Message Syntax. The internal format of an S/MIME message. See also S/MIME.
CRM
Customer Relationship Management. A type of software that automates a company's sales force, marketing efforts, and customer service needs.
CSR
Certificate Signing Request. The file that you send to a CA such as Verisign when you request a certificate. The CSR contains your email address and certain identifying information.
CSV
Common Separated Values. A message structure format.
cXML
Commerce XML. An XML format developed for documents used in e-procurement. See
www.cxml.org for more information. See also XML.
D
DBMS
Data Base Management System. A complex set of programs that controls the organization, storage, and retrieval of data for many users. Data is organized in fields, records, and files. A database management system also controls the security of the database.
digital certificate See certificate.
digital signature See signature.
Glossary
|
93document type declaration
A declaration that provides a document type definition (DTD) for an XML document. The document type declaration may refer to an external file (the external subset), include additional declarations (the internal subset), or combine both. The document type declaration also gives the root element for the document.
DTD
Document Type Definition. A non-XML schema file that contains a formal description of the vocabulary and structure of the elements in an associated XML file. DTDs serve the same function as XML schema documents. A DTD may also provide some content information. The DTD for an XML document is the combination of the internal and external subsets described by the document type declaration. See also XML.
Also see www.extensibility.com for information on TIBCO’s XML Authority, the premier solution for the creation, conversion, and management of DTDs and XML schemas.
DUNS Number
A number in the Data Universal Numbering System from Dun & Bradstreet. BusinessConnect uses DUNS numbers for RosettaNet.
E
ebXML
electronic business XML. An XML e-commerce standard defined by the ebXML consortium. See www.ebxml.org.
EDI
Electronic Data Interchange. A native SAP message format. EDI is most often used by trading partners in the exchange of standardized documents. EDI uses some variation of the ANSI X12 standard (USA) or EDIFACT
(UN-sponsored global standard).
element
The unit forming the basic structure of XML documents. Elements may contain attributes in their start tags, other elements, and textual content. See also XML.
ERP
Enterprise Resource Planning. An integrated information system that serves all departments within an enterprise. An ERP system can include software for manufacturing, order entry,
accounts receivable and payable, general ledger, purchasing, warehousing, transportation and human resources.
exception
At the software level, anything that has gone wrong, typically within a lower level code module. At the business process level, an exception is anything that requires special processing to account or adjust for, such as correcting an invalid order.
F
FTP
File Transfer Protocol. A client-server protocol which allows a user on one computer to transfer files to and from another computer over a TCP/IP network. Also used to refer to the client program the user executes to transfer files. See also TCP/IP.
H
HTTP
Hypertext Transfer Protocol. A client-server TCP/IP transport protocol used on the web for exchanging documents. By default, HTTP uses port 80. See also TCP/IP.
HTTPS
Hypertext Transfer Protocol, Secure. A variant of HTTP used for creating secure transactions.
HTTPS uses SSL to encrypt the HTTP transport.
Messages sent over the secure transport are not themselves encrypted. By default, HTTPS uses port 443. See also SSL.
I
IMAP, IMAP4
Internet Message Access Protocol. A transport protocol for email clients to retrieve email from a message store on a host server. IMAP is newer and has more features than the more popular POP access protocol. See also POP.
J
JSSE
Java™ Secure Socket Extension. A Java standard that enables SSL. As SSL is not part of Java, different vendors offer different JSSE implementations. See also SSL.
K
key identity file
A file that contains a private key and its
certificate chain. It is encrypted with a password because it contains a private key. Trading partners create a key identity for their own installations. When setting up an installation for e-commerce, the key identity file relates to the trading host and certificates file(s) relate to any trading partner(s) that the host has. TIBCO ActiveExchange products support Entrust Profile (.epf) (as implemented by Entrust), and PKCS#12 (.p12 or .pfx) (as implemented by Netscape and Microsoft and others).
key pair
A private/public key pair.
M
MAPI
Messaging Applications Programming Interface.
A proprietary interface to client email servers.
MIME
Multipurpose Internet Mail Extensions. A standard structured messaging format which allows a single message to contain many parts, such as plain text, web hypertext documents, graphics, audio, and fax. MIME specifies how messages must be formatted so that they can be exchanged between different email systems.
MIME is a very flexible format, which can include virtually any type of file or document in an email message. MIME uses base64 and other encodings to encode non-text information as text to make sure that email messages with images or
Glossary
|
95other non-text information are delivered with maximum protection against corruption. For example, a MIME message may have a header, body, and digital signature. See also S/MIME.
N
nack
A return message indicating that data has not been received correctly. See also ack.
non-repudiation
Non-repudiation of service allows the sender of a message to provide the recipient of a message proof of the origin of the message. This protects against any attempt by the sender to
subsequently revoke the message or its content.
This is based on a sender’s unique digital signature.
P
parsed
For XML, data that has been converted to the TIBCO IntegrationManager internal
representation (AttributeNode) and which can be accessed at the field level by other
components. See also unparsed.
PGP
PGP does not use Certification Authorities and leaves it to the user to verify the fingerprint of public keys with the owner of the matching private key. Once this is done, the user can then sign the public key to validate it.
PIP
Partner Interface Process. Part of the RosettaNet business protocol.
PKI
Public Key Infrastructure. The infrastructure necessary to successfully use public key cryptography, including certificates and certificate authorities.
PKI uses a Certification Authority to issue digital certificates that certify the ownership of a public key by the named subject of the certificate.
POP, POP3
Post Office Protocol. A client-to-host transport protocol for email clients to retrieve email from a message store. POP is more widely used than the IMAP protocol, which has more features. See also IMAP.
private key
The part of a key pair that is kept strictly confidential. It is encrypted with a password. It is used for message unencryption and for signing. A private key is kept in a key identity file.
public key
The part of a key pair that can be shared with anybody. It is used for message encryption and for verifying a signature.
public key cryptography
A system that offers encryption and digital signatures. Each user has a public key and a private key. The public key is made public while the private key remains private. A sender encrypts a document using the recipient’s public key. The recipient decrypts the document using
their private key. The sender also signs a document using their private key. The recipient authenticates the sender using the sender’s public key. See also symmetric key cryptography.
R
request/response
A type of message that requires a response from the receiver. This can synchronous or
asynchronous.
RNIF
RosettaNet Implementation Framework.
RosettaNet
An industry consortium dedicated to the development and deployment of RosettaNet, a standardized electronic business interface. See www.rosettanet.org for more information.
RV
Rendezvous protocol. A distributed TIBCO messaging protocol middleware product.
S
schema
See XML schema.
SGML
Standard Generalized Markup Language. A generic language for representing hypertext documents.
signature
A verifiable transformation made on a piece of data by the private key, which can be verified by using the public key. A digital signature binds a document to the possessor of a particular key. A signature usually also contains the possibly incomplete certificate chain of the signer. See also certificate.
S/MIME
(Secure Multipurpose Internet Mail Extensions) presents a way of adding security to objects that are packaged with MIME. It is a messaging format for exchanging digitally signed and/or encrypted messages.
S/MIME defines a data encapsulation format for the provision of a number of security services that include data integrity, confidentiality, and authentication. S/MIME is designed for
messaging clients delivering security services to distributed messaging applications. S/MIME (RFC 2311) is based on the MIME standard (RFC 1521).
SMTP
Simple Mail Transport Protocol. A host-to-host mail transport protocol for email. As it is a server-to-server protocol, other protocols such as IMAP, POP, and POP3 are used to retrieve the email from the host’s mail server. SMTP is the standard for servers that move email over the Internet.
SOAP
Simple Object Access Protocol. A network protocol developed by Microsoft, among others, that provides a lightweight method for
exchanging structured data. SOAP messages are XML documents contained in a mandatory SOAP envelope and sent using HTTP or HTTPS.
Glossary
|
97SQL
Structured Query Language. A language for accessing data in a database.
SSL
Secure Sockets Layer. A protocol designed by Netscape Communications Corporation to encrypt data and authenticate senders. SSL is the industry standard for sharing secured data over the web. SSL provides encryption, client and server authentication, and message integrity. SSL is part of all major browsers and web servers.
Installing a digital certificate makes a browser or server’s SSL capabilities available. SSL is layered beneath protocols such as HTTP, SMTP, Telnet, FTP, Gopher, and NNTP. SSL is layered above the TCP/IP connection protocol. SSL can use digital certificates to authenticate an encrypted socket. A client signs random data with a private key during the setup phase of an SSL connection to authenticate itself. Encrypted data sent after the setup phase is not signed. SSL is available at the 40-bit, 56-bit, and 128-bit levels. This refers to the length of the session key that every
encrypted conversation generates. The longer the session key is, the more difficult it is to break the encryption code.
BusinessConnect supports different levels of SSL, including the highest level, which uses server and client authentication. SSL is used by HTTPS. See also HTTPS.
symmetric key cryptography
A system that offers encryption. The same key is used to encrypt and unencrypt data. A sender encrypts a document using the symmetric key, and the recipient decrypts the document using the same symmetric key. See also public key cryptography.
synchronous transaction type
A request/response transaction type in which the Responder sends a response on the sending channel. See also asynchronous transaction type.
T
TCP/IP
Transmission Control Protocol on top of the Internet Protocol. Protocols to enable communication between different types of computers and computer networks. TCP is a connection-oriented protocol that provides reliable communication and multiplexing. IP is a connectionless protocol that provides packet routing.
type-aware
A document that uses a schema of some sort. The in-memory representation of 'type-aware' data uses strings, numbers, and arrays, among others.
See also untyped.
U
unparsed
For XML, an XML document in the form of a giant string or byte array. TIBCO
IntegrationManager components, unless they have special support for parsing XML, can utilize XML only as a string byte array. See also parsed.
untyped
A document that does not use a schema. The in-memory representation of untyped data is an array of name->value pairs. For XML, it is an array of name->(string or element) pairs, and character data is represented by some 'special' name, such as _CDATA. See also type-aware.
URI
Uniform Resource Identifier. A resource identifier that describes a location (URL) or name (URN) for identifying an abstract or physical resource.
URL
Uniform Resource Locator. A resource identifier that describes its target by giving a pathway for retrieving it. A URL may include a protocol, a host computer, and how to find the target resource on that computer.
URN
Uniform Resource Number. A resource identifier that uses a naming scheme to identify resources.
V
VAN
Value-added network. A communications network in an EDI setting that provides services beyond normal transmission, such as automatic error detection and correction, protocol
conversion, and message storing and forwarding.
VPN
Virtual Private Network. A network that is configured within a public network. For years, common carriers have built VPNs that appear as private national or international networks to the
customer, but physically share backbone trunks with other customers. VPNs enjoy the security of a private network via access control and
encryption, while taking advantage of the economies of scale and built-in management facilities of large public networks.
Glossary
|
99X
XML
eXtensible Markup Language. A standardized document formatting language that provides a set of standards for document syntax while allowing developers, organizations, and communities to define their own vocabularies.
XML is a standard for passing data between Internet applications. XML lets users label information using custom tags that describe the structure and meaning of a file’s content. XML documents contain data in the form of tag/value pairs. XML gives much more control than HTML over collecting, searching, combining,
formatting, and delivering content to different audiences for different purposes. XML is a standard for passing data between Internet applications. XML documents contain data in the form of tag/value pairs. See also
www.extensibility.com for information on TIBCO Extensibility products.
XML schema
The definition of the content in an XML document. Some features include: Data typing enables defining data by type (character, integer, etc.); Schema reuse, or schema inheritance, lets tags referenced in one schema be used in other schemas; Namespaces enables multiple schemas to be combined into one; Global attributes assign properties to all elements; Associating Java classes adds processing to the data; Authoring information adds improved documentation for schema designers.
An XML schema is an XML element information item which, along with its descendants, satisfies all the constraints on schemas in a specification.
An XML schema establishes a set of rules for constraining the structure and articulating the information set of XML document instances. See
www.extensibility.com for information on XML Authority, the premier solution for the creation, conversion, and management of DTDs and XML schemas.
Unlike a DTD, an XML schema is written in XML. Although XML schemas are more verbose than DTDs, they can be created with any XML tool.
XSD
XML Schema Definition. .xsd is the suffix of an XSD schema document. An XSD file defines the structure and elements in a related XML file.
XSDL
XML Schema Definition Language. An XML schema dialect. Expressed in XML document syntax, XSDL supports an extensible data typing system, inheritance, and namespaces. See www.extensibility.com for information on TIBCO’s XML Authority®, the premier solution for the creation, conversion, and management of documents in XML schema dialects, including XSDL.
XSL
Extensible Style Language. A stylesheet
language for XML. XSL uses template rules that are written using XML to transform documents into formatting objects, which are then presented on screen, in print, or in other media.
XSLT
Extensible Stylesheet Language
Transformations. A language for transforming XML documents into other XML documents.
XSLT is designed for use as part of XSL. In addition to XSLT, XSL includes an XML vocabulary for specifying formatting. XSL
specifies the styling of an XML document by using XSLT to describe how the document is transformed into another XML document that uses the formatting vocabulary.
Index
|
101attributes, operators, and operands 67 audit logging 22
BusinessEvents, integration with BusinessConnect 25
C
distributing workloads among engines 64 document type declaration 93
ENV_HOME xii ERP 93
F
fault tolerance for the Interior Component (DMZ Mode) 57
fault tolerance for the Interior Component (DMZ Mode) 57