21 T

table response: A collection of data, all formatted in a specific manner, that is sent by the server to the client for the purpose of communicating the result of a client request. The server returns the result in a table response format for LOGIN7, SQL, and remote procedure call (RPC) requests.

target file: A file on the target location that is the destination of a remote differential compression (RDC) copy.

taskbar: A window, anchored to an edge of the screen, that contains the Start button and buttons for all open programs.

terminal server: A computer on which Terminal Services is running.

Terminal Services: A service on a server computer that allows delivery of applications, or the desktop itself, to various computing devices. When a user runs an application on a terminal server, the application execution takes place on the server computer and only keyboard, mouse, and display information is transmitted over the network. Each user sees only his or her individual session, which is managed transparently by the server operating system and is independent of any other client session.

tick count: (1) In DirectPlay, the count from when the system was booted, in milliseconds.

(2) A monotonically increasing number that is specific to a replica and combined with a replica key to make a version.

ticket: A record generated by the key distribution center (KDC) that helps a client authenticate to a service. It contains the client's identity, a unique cryptographic key for use with this ticket (the session key), a time stamp, and other information, all sealed using the service's secret key. It only serves to authenticate a client when presented along with a valid authenticator.

ticket-granting service (TGS): A service that issues tickets for admission to other services in its own domain or for admission to the ticket-granting service in another domain.

ticket-granting service (TGS) exchange: The Kerberos subprotocol in which the key distribution center (KDC) distributes a session key and a ticket for the service requested by the client, as specified in [RFC4120] section 3.3. This exchange is initiated when the client sends the KDC a KRB_TGS_REQ message.

ticket-granting ticket (TGT): A special type of ticket that can be used to obtain other tickets. The TGT is obtained after the initial authentication in the Authentication Service (AS) exchange; thereafter, users do not need to present their credentials, but can use the TGT to obtain subsequent tickets.

time peer: A time source with which a time provider is synchronized. A time provider can have more than one time peer.

time provider: A component that a time service relies on to either obtain accurate time stamps (from network or hardware time sources) or to provide those time stamps to other computers over the network.

time service: A system service that implements support for synchronizing a computer's local time with a time source.

time source: A component that possesses a clock and that makes the clock's time available to other components for synchronization. For more information, see "reference source" in [RFC1305].

TLN: See top-level name.

TLS: See Transport Layer Security (TLS).

TLV: See type-length-value.

token: A set of rights and privileges for a given user.

tombstone: (1) A deleted object in the directory that remains in storage until a configured amount of time, called the tombstone lifetime, has passed. After the tombstone lifetime expires, the object is permanently deleted. By keeping the tombstone in existence for the tombstone lifetime, the deleted state of the object is able to replicate.

(2) In Distributed File System Replication (DFS-R), an update pertaining to a file deletion.

(3) A marker that is used to represent an item that has been deleted. A tombstone is used to track deleted items and prevent their reintroduction into the synchronization community.

tombstone lifetime: The amount of time a deleted directory object remains in storage before it is permanently deleted. To avoid inconsistencies in object deletion, the tombstone lifetime is configured to be many times longer than the worst-case replication latency.

tool extension GUID or administrative plug-in GUID: A GUID defined separately for each of the user policy settings and computer policy settings that associates a specific administrative tool plug-in with a set of policy settings that can be stored in a Group Policy Object (GPO).

tooltip: A window displaying text that is created when the mouse is moved over a window or notification icon.

top level name (TLN): The root namespace of a forest. For example, if the forest a.com contains the domains a.com, b.a.com, and c.a.com, the TLN would be a.com.

topology: The structure of the connections between members.

track: Any of the concentric circles on a disk platter over which a magnetic head (used for reading and writing data on the disk) passes while the head is stationary but the disk is spinning. A track is subdivided into sectors, upon which data is read and written.

transaction: In OleTx, an atomic transaction.

transaction identifier: The GUID that uniquely identifies an atomic transaction.

transaction manager: The party that is responsible for managing and distributing the outcome of atomic transactions. A transaction manager is either a root transaction manager or a subordinate transaction manager for a specified transaction.

transaction propagation: The act of coordinating two transaction managers to work together on a single atomic transaction. When propagating a transaction to a transaction manager that is not already a participant in the transaction, that transaction manager plays the role of subordinate transaction manager to the originating transaction manager, which will play the role of superior transaction manager. When propagating a transaction to a transaction manager that is already a participant in the transaction, no new superior or subordinate relationship is established.

transitive trust: The state of two domains establishing trust through an intermediary domain. For example, if domain A trusts domain B, and domain B trusts domain C, then domain A may be configured to trust domain C through transitive trust.

Transmission Control Protocol (TCP): A protocol used with the Internet Protocol (IP) to send data in the form of message units between computers over the Internet. TCP handles keeping track of the individual units of data (called packets) that a message is divided into for efficient routing through the Internet.

transport layer: The fourth layer in the Open Systems Interconnection (OSI) architectural model as defined by the International Organization for Standardization (ISO). The transport layer provides for transfer correctness, data recovery, and flow control. The transport layer responds to service requests from the session layer and issues service requests to the network layer.

Transport Layer Security (TLS): A security protocol that supports confidentiality and integrity of messages in client and server applications communicating over open networks. TLS supports server and, optionally, client authentication by using X.509 certificates (as specified in [X509]). TLS is standardized in the IETF TLS working group.

transport mode: An IP encapsulation mechanism, as specified in [RFC4301], that provides Internet Protocol security (IPsec) security for host-to-host communication.

Triple Data Encryption Standard: A block cipher that is formed from the Data Encryption Standard (DES) cipher by using it three times.

trust: To accept another authority's statements for the purposes of authentication and authorization. If domain A trusts domain B, domain A will accept domain B's authentication and authorization statements for principals represented by security principal objects in domain B; for example, the list of groups to which a particular user belongs. As a noun, a trust is the relationship between two domains described in the previous sentence.

trust attributes: A collection of attributes that define different characteristics of a trust within a domain or a forest.

trust object: An object representing a trust.

trust path: In a graph of domain trusts, the path through the graph between two domains that are linked by transitive trust. For example, if domain A trusts domain B, and domain B trusts domain C, then the trust path is A->B->C.

trust root: A store within the computer of a relying party that is protected from tampering and in which the root keys of all root CAs are held. Those root keys are typically encoded within self-signed certificates, and the contents of a trust root are therefore sometimes called root certificates.

trust secret: A pair of keys used to encrypt or sign sensitive protocol data between two trust authorities, such as domain controllers.

trusted domain: A domain that is trusted to make authentication decisions for security principals in that domain.

trusted domain object (TDO): A collection of properties that define a trust relationship with another domain, such as direction (outbound, inbound, or both), trust attributes, name, and security identifier of the other domain. For more information, see [MS-ADTS].

trusted forest: A forest that is trusted to make authentication statements for security principals in that forest. Assuming forest A trusts forest B, all domains belonging to forest A will trust all domains in forest B, subject to policy configuration.

trusted platform module (TPM): A component of a trusted computing platform. The TPM stores keys, passwords, and digital certificates. See [TCG-Architect] for more information.

trusted third party: A trusted third party issues signed statements to stated parties enabling those stated parties to act on another identity's behalf for a certain amount of time. The trusted third party is trusted to perform a set of specialized functions, such as a security token service that provides authentication and single sign-on services to web services (see [MSDN-SUBSYSDSGN] for more information). As a trusted authentication service on the network, this service knows all passwords and can grant access to any server. This characteristic is convenient but also a single point of failure, and so requires a high level of physical security. For the Kerberos authentication protocol, the trusted third party arbitrator is a server known as a Key Distribution Center (KDC) that runs the Kerberos daemons.

trustee: The recipient, expressed as a security identifier (SID), of an access control capability expressed in a security descriptor.

TSpec: A set of characteristics that is used to specify network traffic behavior, as specified in [RFC2212].

tunnel: The encapsulation of one network protocol within another.

tunnel mode: An IP encapsulation mechanism, as specified in [RFC4301], that provides Internet Protocol security (IPsec) security to tunneled IP packets. IPsec processing is performed by the tunnel endpoints, which can be (but are typically not) the end hosts.

two-phase commit: An agreement protocol that is used to resolve the outcome of an atomic transaction in response to a commit request from the root application. Phase One and Phase Two are the distinct phases of the Two-Phase Commit Protocol.

type-length-value (TLV): A method of organizing data that involves a Type code (16-bit), a specified length of a Value field (16-bit), and the data in the Value field (variable).