Term
| Certificate Practice Statement (CPS) |
|
Definition
| AD CS component that provides a detailed explanation of how a particular Certification Authority manages certificates and keys. |
|
|
Term
| Certification Authority (CA) |
|
Definition
| Entity, such as a Windows Server 2008 server running the AD CS server role, that issues and manages digital certificates for use in a PKI. |
|
|
Term
| Certification Authority Web Enrollment |
|
Definition
| PKI feature that allows users to manually request certificates using a Web interface. |
|
|
Term
| Certificate Revocation List (CRL) |
|
Definition
| PKI component that identifies certificates that have been revoked or terminated as well as the corresponding user, computer, or service. |
|
|
Term
|
Definition
| NAP enforcement method that relies on DHCP to enforce client compliance. |
|
|
Term
|
Definition
| Server that houses the NAP Enforcement Server component. |
|
|
Term
|
Definition
| CA that is integrated with Active Directory to allow additional functionality. |
|
|
Term
|
Definition
| NAP component used to maintain information about the health compliance (or lack thereof) of a NAP client. |
|
|
Term
| Health Registration Authority (HRA) |
|
Definition
| NAP component that can obtain health certificates from client computers when the IPSec enforcement method is in use. |
|
|
Term
|
Definition
| CA that is subordinate to a root CA within a hierarchical PKI infrastructure. |
|
|
Term
|
Definition
| Process by which private keys in an Active Directory environment are maintained by the CA for retrieval by a recovery agent. |
|
|
Term
|
Definition
| User accounts that are configured with a Key Recovery Agent certificate that allows them to recover private keys on behalf of users/computers/services whose private keys have been lost or corrupted. |
|
|
Term
| NAP administration server |
|
Definition
| NAP component that manages NAP server-side components. |
|
|
Term
|
Definition
| NAP component that maintains information about the health of the NAP client computer. |
|
|
Term
|
Definition
| AD CS service that responds to requests from clients concerning the revocation status of a particular certificate, sending back a digitally signed response indicating the certificate’s current status. |
|
|
Term
|
Definition
| Component of public key cryptography that is only known to each individual certificate holder. |
|
|
Term
|
Definition
| Component of public key cryptography that is known to the public at large. |
|
|
Term
|
Definition
| Encryption method that uses a two-part key: a public key and a private key. |
|
|
Term
|
Definition
| Configured within a CA to allow one or more users (typically administrators) in an Active Directory environment to recover private keys for users, computers, or services if their keys are lost. |
|
|
Term
|
Definition
| PKI configuration item that allows Online Responders to respond to client requests for certificate revocation status. |
|
|
Term
|
Definition
| CA that is authoritative for all Certificate Services within a given network. |
|
|
Term
|
Definition
| Cryptography method in which secret key information is known by both parties. |
|
|
Term
| Simple Certificate Enrollment Protocol (SCEP) |
|
Definition
| Protocol used by the Network Device Enrollment Service. |
|
|
Term
|
Definition
| Small physical devices, usually the size of a credit card or keychain fob, that have a digital certificate installed on them. |
|
|
Term
|
Definition
| Physical device attached to a workstation that allows users who use a smart card to authenticate to an Active Directory domain, access a Web site, or authenticate to other secured resources. |
|
|
Term
| Statement of Health (SOH) |
|
Definition
| NAP component that indicates the status of a particular System Health Agent. |
|
|
Term
| Statement of Health Response (SOHR) |
|
Definition
| NAP component generated by an SHV in response to client Statements of Health. |
|
|
Term
| System Health Agent (SHA) |
|
Definition
| NAP component that maintains information and reporting on one or more elements of the health of a NAP client. |
|
|
Term
| System Statement of Health (SSOH) |
|
Definition
| Collection of Statements of Health for all SHAs configured on a client computer. |
|
|
Term
| System Statement of Health Response (SSOHR) |
|
Definition
| NAP component that combines individual Statement of Health Responses before returning them to the NAP enforcement client. |
|
|
