7 E

EAP: See Extensible Authentication Protocol (EAP).

EAP identity: The identity of the Extensible Authentication Protocol (EAP) peer as specified in [RFC3748].

EAP method: An authentication mechanism that integrates with the Extensible Authentication Protocol (EAP); for example, EAP-TLS, Protected EAP v0 (PEAPv0), EAP-MSCHAPv2, and so on.

EAP server: The backend authentication server; typically a RADIUS (as specified in [RFC2865]) server.

EK private key (EKPriv): The private key portion of an endorsement key’s private/public key pair.

EK public key (EKPub): The public key portion of an endorsement key’s private/public key pair.

elliptic curve cryptography (ECC): A public-key cryptosystem that is based on high-order elliptic curves over finite fields.

empty CIM object: A data structure conforming to the Windows Management Instrumentation (WMI) serialization model having no properties, method, or derivation.

encapsulation: See disk encapsulation.

Encapsulating Security Payload (ESP): An Internet Protocol security (IPsec)encapsulation mode that provides authentication, data confidentiality, and message integrity. For more information, see [RFC4303] section 1.

encoding: The binary layout that is used to represent a Common Information Model (CIM) object, whether a CIM class or CIM instance definition. The encoding is what is actually transferred by the protocol.

Encrypting File System (EFS): The name for the encryption capability of the NTFS file system. When a file is encrypted using EFS, a symmetric key known as the file encryption key (FEK) is generated and the contents of the file are encrypted with the FEK. For each user or data recovery agent (DRA) that is authorized to access the file, a copy of the FEK is encrypted with that user's or DRA'spublic key and is stored in the file's metadata. For more information about EFS, see [MSFT-EFS].

encryption: In cryptography, the process of obscuring information to make it unreadable without special knowledge.

encryption key: One of the input parameters to an encryption algorithm. Generally speaking, an encryption algorithm takes as input a clear-text message and a key, and results in a cipher-text message. The corresponding decryption algorithm takes a cipher-text message and the key, and results in the original clear-text message.

end entity (EE): The keyholder (person or computer) to whose key or name a particular certificate refers.

endorsement certificate (EKCert): An X.509 certificate issued by a platform manufacturer indicating that the trusted platform module (TPM) with the specified endorsement key was built into a specified computer platform. See [TCG-Cred] section 3.2 for more information.

endorsement key (EK): A Rivest-Shamir-Adleman (RSA) public and private key pair, which is created randomly on the trusted platform module (TPM) at manufacture time and cannot be changed. The private key never leaves the TPM, while the public key is used for attestation and for encryption of sensitive data sent to the TPM. See [TCG-Cred] section 2.4 for more information.

endpoint: (1) A client on the network that is requesting access to a network access server (NAS).

(2) A network-specific address of a remote procedure call (RPC) server process for remote procedure calls. The actual name and type of the endpoint depends on the RPC protocol sequence being used. For example, for RPC over TCP (RPC Protocol Sequence ncacn_ip_tcp), an endpoint might be TCP port 1025. For RPC over Server Message Block (SMB) (RPC Protocol Sequence ncacn_np), an endpoint might be the name of a named pipe. For more information, see [C706].

(3) In the context of a web service, a network target to which a SOAP message can be addressed. See [WSADDR].

endpoint mapper: A service on a remote procedure call (RPC) server that maintains a database of dynamic endpoints and allows clients to map an interface/object UUID pair to a local dynamic endpoint. For more information, see [C706].

enforcement client: An enforcement client uses the health state of a computer to request a certain level of access to a network. For more information about enforcement clients, see [MSDN-NAP].

enhanced key usage (EKU): An extension that is a collection of object identifiers (OIDs) that indicate the applications that use the key.

enhanced metafile format (EMF): A file format that supports the device-independent definitions of images.

enhanced metafile format plus extensions (EMF+): A file format that supports the device-independent definitions of images.

enhanced metafile spool format (EMFSPOOL): A format that specifies a structure of enhanced metafile format (EMF) records used for defining application and device-independent printer spool files.

enlistment: The relationship between a participant and a transaction manager in an atomic transaction. The term typically refers to the relationship between a resource manager and its transaction manager, or between a subordinate transaction manager facet and its superior transaction manager facet.

enroll/enrollment: See certification.

enrollment permissions: A list of administrator-defined rights or access control lists (ACLs) that define the capability of a given client (user, machine, or device). Enrollment permissions can define a client capability to read a certificate template, write a certificate template, enroll for a certificate based on a specified certificate template, auto-enroll for a certificate based on a specified certificate template, or change permissions on a certificate template. Enrollment permissions are stored on a certificate template and are enforced by the certificate authority (CA). For more information, see [MSFT-TEMPLATES].

enterprise certificate authority: A certificate authority (CA) that is a member of a domain and that uses the domain'sActive Directory service to store policy, authentication, and other information related to the operation of the certificate authority (CA).

environment variables: A set of string name/value pairs that are used to abstract host-specific parameters, such as the location of the operating system or installed binaries.

envoy context: A context that is marshaled and returned to a client as a result of obtaining an object reference.

error code: An integer that indicates success or failure. In Microsoft implementations, this is defined as a Windows error code. A zero value indicates success; a nonzero value indicates failure.

error correction object: A block of data that contains the error correction data specified by the forward error correction (FEC) algorithm. When included, it is located between the ASF Data Packet Error Correction Data and the MSBPACKETHEADER.

error record: A structured description of an occurrence of an error.

error sequence: An ordered sequence of error records, such that error record N+1 is the immediate error cause for error record N.

exchange: A pair of messages, consisting of a request and a response.

exchange certificate: A certificate that can be used for encryption purposes. This certificate can be used by clients to encrypt their private keys as part of their certificate request. In Windows environments, an enterprise certificate authority (CA) creates an exchange certificate periodically (by default, weekly), and returns the exchange certificate upon request of a client. For more information, see [MSFT-ARCHIVE].

exchange type: A specification of the format and number of messages in each phase of the Internet Key Exchange (IKE) protocol.

execution context: A context that is established when a process or thread is started. Execution context establishes the identity against which permissions to execute statements or perform actions are checked and is represented by a pair of security tokens: a primary token and an impersonation token.

expunge: To permanently remove an object from a naming context (NC) replica, without converting it to a tombstone.

extended key usage (EKU): An X.509certificate extension that indicates one or more purposes for which the certificate may be used.

extended mode (EM): An optional phase of AuthIP negotiation during which the peers perform a second round of authentication. This phase does not exist in the Internet Key Exchange (IKE) protocol.

extended partition: A construct that is used to partition a disk into logical units. A disk may have up to four primary partitions or up to three primary partitions and one extended partition. The extended partition may be further subdivided into multiple logical drives.

Extensible Authentication Protocol (EAP): A framework for authentication that is used to provide a pluggable model for adding authentication protocols for use in network access authentication, as specified in [RFC3748].

Extensible Firmware Interface (EFI): A system developed by Intel designed to replace the BIOS. It is responsible for bootstrapping the operating system on GUID partitioning table disks.

extent: A contiguous area of storage in a computer file system, reserved for a file.

external trust: A type of trust that refers to a node trusting a domain that is outside the forest in which the node participates.

extrinsic event: An event that is generated by a component outside the implementation.