A optional standalone process or daemon that is part of ActiveSpaces and provides services or features to the space. Using the Admin CLI, the administrator launches ActiveSpaces agents on the host or hosts where these services will run. They currently provide the following services:
An ActiveSpaces component that presents credentials to an external authenticator and decides whether a supplied Credential—retrieved by the
Authenticator—is valid. The authentication source can be an LDAP client, an OS or Pluggable Authentication Modules (PAM) login, a smart-card, an API invoker and so on. The authenticator performs the verification by connecting to an external resource (such as an LDAP v3 directory server) or by invoking local system calls, such as win32
LogonUser() or with UNIX/Linux,
pam_authenticate().
An ActiveSpaces component that establishes a unique association between a subject and an identity through its credentials. The authenticator securely obtains Credentials from authenticating components to generate
Subject—Credential associations. The authenticator converts and forwards the credential to the component, which verifies its validity.
A generic term commonly used to refer to a repository of data that duplicates original values stored elsewhere, making that data more readily available to be fetched quickly where it is needed. In ActiveSpaces, a cache is distinguished from a
tuple space in that data may be evicted from a cache without notification, for instance, to make space for other data. In this case, the evicted data, if needed later, will be fetched from the original data store, of which the cache is merely a copy. Data is never evicted from a space without notification; it is only removed if it expires or is deliberately taken out. It is possible to configure a space to act as a cache by setting a capacity and an eviction policy other than
none in the space's definition.
When multiple identical copies of data are maintained, coherency is a quality that indicates the copies are kept in synch when the original data changes.
A generic term for the category of software product that includes ActiveSpaces. The data in a tuple space is distributed over multiple machines for scalability and failover, and it is stored
in memory for optimal performance.
There are two kinds of , synchronous and
asynchronous. Synchronous will have an impact on performance, since it involves putting (or taking) data and replicating it in a single transaction. With asynchronous , there is little perceptible impact on performance, but there is a small amount of time where the data is not fully replicated.
With synchronous , the administrator or application has immediate verification of whether or not the was successful, because if it was not, then the
put or
take command that triggered the attempted will itself fail, returning an error message. In asynchronous mode, the command will succeed, regardless of successful . An application or administrator can listen to advisory spaces to determine whether there was a problem with for an instance of asynchronous .
If a space is being used as a cache-aside, the space will normally be created without , since the system of record for that data will be a database. In this case, if the single member containing the space goes down or is offline, the data can be obtained from the database.
For example, My Ldap X509Cert CN, which represents ian X509 v3certificate
An associative array that uses a hash function to optimize search and insertion operations. The hash function transforms the key into a hash, a number that is used as an index in an array to locate the values during a lookup.
A term sometimes used in place of the term member. This usage can be confusing, because the term
node is most often used outside of ActiveSpaces to refer to a machine, whereas within ActiveSpaces, a single machine may contain more than one member.
For data stores, the ability to contain ever-increasing amounts of data. ActiveSpaces offers linear scalability, meaning that storage capacity and performance increase at a constant rate as members are added to a space.
An ActiveSpaces node that is dedicated to enforcing the policy definitions for one or more Security Domains. You should set up multiple security domain controllers for each security domain to provide fault tolerance for security.
The definition of security preferences for one or more Security Domains. The policy configuration is specified in a policy file that you create by using the
as-admin define | create security_policy command. The policy file contains:
Note that agents are always seeders, not leeches. Agents provide an efficient, stable means of increasing the scalability of a space. Also, note that multiple seeders cannot be created from a single client program.
With shared-all persistence, certain space members are designated as persisters — to provide the service of interacting with a persistence layer, just as some of the space members — the
seeders — provide the basic space service.
Depending on the distribution scope of the listener two additional callback functions, onSeed and
onUnseed, can be invoked to monitor seeder changes due to re-distribution of entries when a seeder joins or leaves a space.
An entity that is associated with an Identity through a
Credential. A subject represents a single aspect of a
Credential; for example, the name of a user or the common name value of the distinguished name component of an X509v3 certificate.