Glossary ======== .. glossary:: DataONE Data Observation Network for Earth https://dataone.org DataONE Common Library for Python Part of the DataONE :term:`Investigator Toolkit (ITK)`. Provides functionality commonly needed by projects that interact with the :term:`DataONE` infrastructure via Python. It is a dependency of :term:`DataONE Client Library for Python`, :term:`GMN` and currently all other DataONE components written in Python. DataONE Client Library for Python Part of the DataONE :term:`Investigator Toolkit (ITK)`. Provides programmatic access to the DataONE infrastructure and may be used to form the basis of larger applications or to extend existing applications to utilize the services of DataONE. DataONE Command-line Client for Python Part of the DataONE :term:`Investigator Toolkit (ITK)`. Uses the :term:`DataONE Client Library for Python` to provide access to much of the functionality of :term:`DataONE` through a command line interface (CLI). GMN DataONE Generic Member Node GMN is a complete implementation of a :term:`MN`. It provides an implementation of all MN APIs and can be used by organizations to expose their science data to DataONE if they do not wish to create their own, native MN. GMN can also be used as a workbone or reference for a 3rd party MN implementation. If an organization wishes to donate storage space to DataONE, GMN can be set up as a :term:`replication target`. Replication target A :term:`MN` that accepts replicas (copies) of science data from other MNs and thereby helps ensuring that science data remains available. Vendor specific extensions Functionality that is not part of the DataONE APIs but is supported by a DataONE component. DataONE has defined APIs for accessing such extensions. Investigator Toolkit (ITK) The Investigator Toolkit provides a suite of software tools that are useful for the various audiences that DataONE serves. The tools fall in a number of categories, which are further developed here, with examples of potential applications that would fit into each category. http://mule1.dataone.org/ArchitectureDocs-current/design/itk-overview.html MN DataONE Member Node. CN DataONE Coordinating Node. client An application that accesses the DataONE infrastructure on behalf of a user. SciData An object (file) that contains scienctific observational data. SciMeta An object (file) that contains information about a SciData object. SysMeta An object (file) that contains system level information about a SciData or a SciMeta object. Subversion Version control system http://subversion.apache.org/ Bash GNU Bourne-Again Shell http://www.gnu.org/software/bash/ Apache HTTP server http://httpd.apache.org/ MPM Multi-Processing Module The component within Apache that manages the processes and threads used for serving requests. http://httpd.apache.org/docs/2.0/mpm.html Python A dynamic programming language. http://www.python.org Django High-level Python Web framework that encourages rapid development and clean, pragmatic design. https://www.djangoproject.com/ WSGI Web Server Gateway Interface http://www.wsgi.org/wsgi/ mod_wsgi An :term:`Apache` module that implements :term:`WSGI`. mod_ssl An :term:`Apache` module that interfaces to :term:`OpenSSL`. PyXB Python XML Schema Bindings http://pyxb.sourceforge.net/ lxml A library for processing XML and HTML with Python http://lxml.de/ minixsv A Lightweight XML schema validator http://www.familieleuthe.de/MiniXsv.html python-dateutil Extends the standard datetime module http://labix.org/python-dateutil Psycopg2 Psycopg is a PostgreSQL database adapter for :term:`Python`. http://initd.org/psycopg/ OpenSSL An open source implementation of the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. http://www.openssl.org/ cron cron is a time-based job scheduler in Unix-like computer operating systems. cron enables users to schedule jobs (commands or shell scripts) to run periodically at certain times or dates. python-setuptools A package manager for Python http://pypi.python.org/pypi/setuptools ISO8601 International standard covering the exchange of date and time-related data http://en.wikipedia.org/wiki/ISO_8601 python-iso8601 Python library implementing basic support for :term:`ISO8601` http://pypi.python.org/pypi/iso8601/ X.509 An ITU-T standard for a public key infrastructure (PKI) for single sign-on (SSO) and Privilege Management Infrastructure (PMI). X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm. http://en.wikipedia.org/wiki/X509 CA Certificate Authority A certificate authority is an entity that issues digital :term:`certificate` s. The digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or assertions made by the private key that corresponds to the public key that is certified. In this model of trust relationships, a CA is a trusted third party that is trusted by both the subject (owner) of the certificate and the party relying upon the certificate. CAs are characteristic of many public key infrastructure (PKI) schemes. http://en.wikipedia.org/wiki/Certificate_authority CA signing key The private key which the :term:`CA` uses for signing :term:`CSR`\ s. Server key The private key that Apache will use for proving that it is the owner of the :term:`certificate` that it provides to the client during the SSL handshake. CSR Certificate Signing Request A message sent from an applicant to a :term:`CA` in order to apply for a :term:`certificate`. http://en.wikipedia.org/wiki/Certificate_signing_request Certificate A public key certificate (also known as a digital certificate or identity certificate) is an electronic document which uses a digital signature to bind a public key with an identity -- information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual. http://en.wikipedia.org/wiki/Public_key_certificate CA certificate A certificate that belongs to a :term:`CA` and serves as the root certificate in a term:`chain of trust`. Self signed certificate A :term:`certificate` that is signed by its own creator. A self signed certificate is not a part of a :term:`chain of trust` and so, it is not possible to validate the information stored in the certificate. Because of this, self signed certificates are useful mostly for testing in an implicitly trusted environment. http://en.wikipedia.org/wiki/Self-signed_certificate Chain of trust The Chain of Trust of a Certificate Chain is an ordered list of certificates, containing an end-user subscriber certificate and intermediate certificates (that represents the Intermediate CA), that enables the receiver to verify that the sender and all intermediates certificates are trustworthy. http://en.wikipedia.org/wiki/Chain_of_trust OpenSSL Toolkit implementing the :term:`SSL` v2/v3 and :term:`TLS` v1 protocols as well as a full-strength general purpose cryptography library. SSL Secure Sockets Layer A protocol for transmitting private information via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message. SSL handshake The initial negotiation between two machines that communicate over SSL. http://developer.connectopensource.org/display/CONNECTWIKI/SSL+Handshake http://developer.connectopensource.org/download/attachments/34210577/Ssl_handshake_with_two_way_authentication_with_certificates.png TLS Transport Layer Security Successor of :term:`SSL`. Client side authentication :term:`SSL` Client side authentication is part of the :term:`SSL handshake`, where the client proves its identity to the web server by providing a :term:`certificate` to the server. The certificate provided by the client must be signed by a :term:`CA` that is trusted by the server. Client Side Authentication is not a required part of the handshake. The server can be set up to not allow Client side authentication, to require it or to let it be optional. Server Side Authentication :term:`SSL` Server Side Authentication is part of the :term:`SSL handshake`, where the server proves its identity to the client by providing a :term:`certificate` to the client. The certificate provided by the server must be signed by a :term:`CA` that is trusted by the client. Server Side Authentication is a required part of the handshake. Client side certificate :term:`Certificate` that is provided by the client during :term:`client side authentication`. CILogon The CILogon project facilitates secure access to CyberInfrastructure (CI). http://www.cilogon.org/ LOA Levels of Assurance CILogon operates three Certification Authorities (CAs) with consistent operational and technical security controls. The CAs differ only in their procedures for subscriber authentication, identity validation, and naming. These differing procedures result in different Levels of Assurance (LOA) regarding the strength of the identity contained in the certificate. For this reason, relying parties may decide to accept certificates from only a subset of the CILogon CAs. http://ca.cilogon.org/loa pid A Persistent IDentifier is a handle that uniquely identifies an object within the :term:`DataONE` system. * All data, metadata, and resource map objects in DataONE have a unique identifier. * PIDs will always refer to the same set of bytes accessed through the DataONE API methods such as MNRead.get(). * The location of content identified by a PID is determined by calling the CNCore.resolve() method. * PIDs are persistent. Once content is registered with DataONE, the identifier for that content will remain in the DataONE system. * PIDs are unique, and can not be reused once assigned. * PIDs are generally controlled by Member Nodes, however their uniqueness and immutability is enforced primarily by the Coordinating Nodes. REST Representational State Transfer A style of software architecture for distributed hypermedia systems such as the World Wide Web. http://en.wikipedia.org/wiki/Representational_State_Transfer RDFLib RDFLib is a Python library for working with RDF, a simple yet powerful language for representing information. http://pypi.python.org/pypi/rdflib foresite-toolkit A Python library from Google Code for constructing, parsing, manipulating and serializing OAI-ORE Resource Maps. http://code.google.com/p/foresite-toolkit OAI-ORE Open Archives Initiative Object Reuse and Exchange (OAI-ORE) defines standards for the description and exchange of aggregations of Web resources. This document (http://www.openarchives.org/ore/1.0/primer) summarizes the motivation for OAI-ORE, the technical foundations on which the OAI-ORE solution to handle aggregations of Web resources builds, as well as the core aspects of that solution.This document is intended for a general audience that wants to obtain a high-level understanding of the OAI-ORE solution. easyinstall EasyInstall is a package manager for the Python programming language that provides a standard format for distributing Python programs and libraries (based on the Python Eggs wrapper). http://pypi.python.org/pypi/setuptools