Previous section.

Distributed Audit Service (XDAS)
Copyright © 1998 The Open Group



Application Programming Interface.

The interface between the application software and the application platform, across which all services are provided.

The application programming interface is primarily in support of application portability, but system and application interoperability are also supported by a communication API (see POSIX.0).


See Security Audit (see ISO/IEC 7498-2).

audit analysis

The analysis of audit data comprises manual or automated processes which scrutinize the audit data to identify in them real or potential security threats or to track system activity for the purpose of assigning accountability. Several approaches are possible including:

Analysis can generate filtering requirements which can be fed back into the discrimination process and provide strong reporting utilities.

audit trail

See Security Audit Trail (see ISO/IEC 7498-2).

authenticated identity

An identity of a principal that has been assured through authentication (see ISO/IEC 10081-2).


Verify claimed identity; see data origin authentication, and peer entity authentication (see ISO/IEC 7498-2). Authentication information in the form of a security certificate which may be used to assure the identity of an entity guaranteed by an authentication authority (see ISO/IEC 10081-2).


The granting of rights, which includes the granting of access based on access rights (see ISO/IEC 7498-2).

authorization policy

A set of rules, part of an access control policy, by which access by security subjects to security objects is granted or denied. An authorization policy may be defined in terms of access control lists, capabilities or attributes assigned to security subjects, security objects or both (see ECMA TR/46).


The property of being accessible and usable upon demand by an authorized entity (see ISO/IEC 7498-2).


These operations occur between a pair of communicating independent peer processes. The peer process initiating a service request is termed the client. The peer process responding to a service request is termed the server. A process may act as both client and server in the context of a set of transactions. The peer processes may reside on the same or different processors. The configuration most commonly envisaged as client-server is that of a workstation hosting client processors servicing a single user communicating with server processes on a host processor servicing multiple workstation clients.


The property that information is not made available or disclosed to unauthorized individuals, entities, or processes (see ISO/IEC 7498-2).


Data that is transferred to establish the claimed identity of an entity (see ISO/IEC 7498-2).

data integrity

The property that data has not been altered or destroyed in an unauthorized manner (see ISO/IEC 7498-2).

denial of service

The unauthorized prevention of authorized access to resources or the delaying of time-critical operations (see ISO/IEC 7498-2).


The assignment of a name by which an entity can be referenced. The entity may be high level (such as a user) or low level (such as a process or communication channel.


An entity (for example, human user or computer based entity) that attempts to access other entities (see ISO/IEC 10081-3).


See Data Integrity (see ISO/IEC 7498-2).


See security policy (see ISO/IEC 7498-2).


The right of individuals to control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.
because this term relates to the right of individuals, it cannot be very precise and its use should be avoided except as a motivation for requiring security (see ISO/IEC 7498-2).

security attribute

A security attribute is a piece of security information which is associated with an entity.

security audit

An independent review and examination of system records and operations in order to test for adequacy of system controls, to ensure compliance with established policy and operational procedures, to detect breaches in security and to recommend any indicated changes in control, policy and procedures (see ISO/IEC 7498-2).

security audit message

A message generated following the occurrence of an auditable security-related event (see ISO/IEC 10081-7).

security audit record

A single record in a security audit trail corresponding to a single security-related event (see ISO/IEC 10081-7).

security audit trail

Data collected and potentially used to facilitate a security audit (see ISO/IEC 7498-2).

security auditor

An individual or a process allowed to have access to the security audit trail and to build audit reports (see ISO/IEC 10081-7).

security domain

A set of elements, a security policy, a security authority and a set of security-relevant operations in which the set of elements are subject to the security policy, administered by the security authority, for the specified operations (see ISO/IEC 10081-1).

security policy

The set of criteria for the provision of security services (see also identity-based and rule-based security policy).

security service

A service which may be invoked directly or indirectly by functions within a system that ensures adequate security of the system or of data transfers between components of the system or with other systems.


An entity to which access may be attempted (see ISO/IEC 10081-3).


A potential violation of security (see ISO/IEC 7498-2).
An action or event that might prejudice security (see ITSEC).


A relationship between two elements, a set of operations and a security policy in which element X trusts element Y if and only if X has confidence that Y behaves in a well defined way (with respect to the operations) that does not violate the given security policy (see ISO/IEC 10081-1).

trusted functionality

That which is perceived to be correct with respect to some criteria, for example, as established by a security policy (see ISO/IEC 7498-2).
Why not acquire a nicely bound hard copy?
Click here to return to the publication details or order a copy of this publication.

Contents Index