- Print
- DarkLight
- PDF
Glossary of Terms
API
Application Programming Interface
BA
Basic Authentication is a simple and widely used method for securing web APIs. It involves sending the user’s credentials (username and password) with each HTTP request to authenticate the client.
Advantages:
- Simple to implement and use.
- Supported by all major browsers and HTTP clients.
Disadvantages:
- Credentials are sent in plaintext (base64 is not encryption), making it insecure unless used over HTTPS.
- Vulnerable to cross-site request forgery (CSRF) attacks.
REST
Representational State Transfer (REST) is an architectural style for designing networked applications. It was introduced by Roy Fielding in his doctoral dissertation in 2000. REST is not a protocol but a set of constraints and principles that guide the design of scalable and maintainable web services.
XML
XML, or Extensible Markup Language, is a versatile markup language used for storing, transmitting, and reconstructing data. It is both human-readable and machine-readable, making it a popular choice for data interchange between systems.
XLS
XSL, or Extensible Stylesheet Language, is a family of languages used to transform and render XML documents.
SSL
SSL, or Secure Sockets Layer, is an encryption-based Internet security protocol. It was developed by Netscape in 1995 to ensure privacy, authentication, and data integrity in Internet communications. SSL has since evolved into TLS (Transport Layer Security), which is the modern version of the protocol.
JSON
JSON, or JavaScript Object Notation, is a lightweight data interchange format that’s easy for humans to read and write, and easy for machines to parse and generate. It is commonly used for transmitting data in web applications, such as sending data from a server to a web page.
UTC
Coordinated Universal Time, or UTC is the primary time standard by which the world regulates clocks and time. It is within about 1 second of mean solar time at 0° longitude and is not adjusted for daylight saving time. It is effectively a successor to Greenwich Mean Time (GMT).
GUID
A GUID is an acronym that stands for Globally Unique Identifier. It is also called UUIDs or Universally Unique Identifiers - there is no real difference between them. Technically, they are 128-bit unique reference numbers used in computing, which are highly unlikely to repeat when generated despite no central GUID authority to ensure uniqueness.
TNS-Less
A TNS-less connection, also known as an Easy Connect connection, allows you to connect to an Oracle database without needing a tnsnames.ora file. Instead of relying on a predefined alias in the tnsnames.ora file, you specify the connection details directly in the connection string. Also see Connection Strings.
OAuth 2.0
OAuth 2.0, which stands for “Open Authorization”, is an industry-standard protocol designed to allow a website or application to access resources hosted by other web apps on behalf of a user. It provides a way to grant limited access to resources without sharing the user’s credentials.
Here are some key points about OAuth 2.0:
Authorization, Not Authentication: OAuth 2.0 is primarily an authorization protocol, meaning it grants access to resources but does not verify the user’s identity.
Access Tokens: It uses access tokens, which are pieces of data that represent the authorization to access resources on behalf of the user.
Roles: The framework involves several roles, including the Resource Owner (user), Client (application requesting access), Authorization Server (issues tokens), and Resource Server (hosts the protected resources).
Scopes: Scopes define the specific actions and resources that the client can access.
OAuth 2.0 is widely used for enabling secure and consented access to APIs and user data across various platforms, including web, mobile, and IoT applications.
For more details visit the OAuth 2.0 Site.
JSON Web Token (JWT)
A JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. It is an open standard (RFC 7519) that defines a way to securely transmit information as a JSON object.
Here are the key components of a JWT:
- Header: This typically consists of two parts: the type of token (JWT) and the signing algorithm being used (e.g., HMAC SHA256 or RSA).
- Payload: This contains the claims, which are statements about an entity (usually the user) and additional data. There are three types of claims:
- Registered claims: Predefined claims like iss (issuer), exp (expiration time), sub (subject), and aud (audience).
- Public claims: Custom claims that can be defined by users to share information.
- Private claims: Custom claims created to share information between parties that agree on using them.
- Signature: This is used to verify the token’s integrity. It is created by encoding the header and payload, then signing them using the specified algorithm and a secret key or a public/private key pair.
A typical JWT looks like this: xxxxx.yyyyy.zzzzz, where each part is Base64Url encoded.
JWTs are commonly used for:
- Authorization: Once a user is authenticated, each subsequent request will include the JWT, allowing access to routes, services, and resources permitted with that token.
- Information Exchange: JWTs are a secure way to transmit information between parties because they can be signed and verified.
Base64Url Encoded
Base64URL encoding is a variant of the Base64 encoding scheme designed specifically for use in URLs and filenames. It transforms binary data into a text-based format that is safe to include in web addresses and other contexts where certain characters might cause issues.
Here are the key differences between Base64 and Base64URL