This document uses the following terms:
ASN.1: Abstract Syntax Notation One. ASN.1 is used to describe Kerberos datagrams as a sequence of components, sent in messages. ASN.1 is described in the following specifications: [ITUX660] for general procedures; [ITUX680] for syntax specification, and [ITUX690] for the Basic Encoding Rules (BER), Canonical Encoding Rules (CER), and Distinguished Encoding Rules (DER) encoding rules.
Basic Encoding Rules (BER): A set of encoding rules for ASN.1 notation. These encoding schemes allow the identification, extraction, and decoding of data structures. These encoding rules are defined in [ITUX690].
certification authority (CA): A third party that issues public key certificates (1). Certificates serve to bind public keys to a user identity. Each user and certification authority (CA) can decide whether to trust another user or CA for a specific purpose, and whether this trust should be transitive. For more information, see [RFC3280].
Client Data Block: A collection of related client settings that are encapsulated within the user data of a Generic Conference Control (GCC) Conference Create Request. Only four Client Data Blocks exist: Core Data, Security Data, Network Data, and Cluster Data. The set of Client Data Blocks is designed to remain static.
Connection Broker: A service that allows users to reconnect to their existing sessions, enables the even distribution of session loads among servers, and provides access to virtual desktops and remote programs. Further background information about Connection Broker is available in [Anderson].
device scale factor: The scale factor (as a percentage) applied to Windows Store Apps running on Windows 8.1. This value must be calculated such that the effective maximum height of a Windows Store App is always greater than 768 pixels, otherwise the app will not start.
domain name: A domain name or a NetBIOS name that identifies a domain.
Extended Client Data Block: A collection of related client settings that are encapsulated within the user data of a Generic Conference Control (GCC) Conference Create Request. In contrast to the static set of Client Data Blocks, the set of Extended Client Data Blocks is designed to be expanded over time.
input method editor (IME): A process that maps keyboard input to phonetic components (or other language elements) that are specific to a selected language. IMEs are typically used with languages for which conventional keyboard representation is difficult or impossible. For example, East Asian languages are made up of thousands of distinct characters, which makes it impossible to show all of the characters on a single keyboard. To facilitate composition, the IME converts keystrokes into the characters of the target language (such as Japanese Katakana or Simplified Chinese).
MD5 hash: A hashing algorithm, as described in [RFC1321], that was developed by RSA Data Security, Inc. An MD5 hash is used by the File Replication Service (FRS) to verify that a file on each replica member is identical.
Message Authentication Code (MAC): A message authenticator computed through the use of a symmetric key. A MAC algorithm accepts a secret key and a data buffer, and outputs a MAC. The data and MAC can then be sent to another party, which can verify the integrity and authenticity of the data by using the same secret key and the same MAC algorithm.
Network Level Authentication (NLA): Refers to the usage of CredSSP (as defined in [MS-CSSP]) within the context of an RDP connection to authenticate the identity of a user at the network layer before the initiation of the RDP handshake. The use of NLA ensures that server resources are only committed to authenticated users.
protocol data unit (PDU): Information that is delivered as a unit among peer entities of a network and that may contain control information, address information, or data. For more information on remote procedure call (RPC)-specific PDUs, see [C706] section 12.
RC4: A variable key-length symmetric encryption algorithm. For more information, see [SCHNEIER] section 17.1.
Remote Desktop: See Remote Desktop Protocol (RDP).
Remote Desktop Protocol (RDP): A multi-channel protocol that allows a user to connect to a computer running Microsoft Terminal Services (TS). RDP enables the exchange of client and server settings and also enables negotiation of common settings to use for the duration of the connection, so that input, graphics, and other data can be exchanged and processed between client and server.
Server Data Block: A collection of related server settings that are encapsulated within the user data of a Generic Conference Control (GCC) Conference Create Response. Three Server Data Blocks exist: Core Data, Security Data, and Network Data.
SHA-1 hash: A hashing algorithm as specified in [FIPS180-2] that was developed by the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA).
Transmission Control Protocol (TCP): A protocol used with the Internet Protocol (IP) to send data in the form of message units between computers over the Internet. TCP handles keeping track of the individual units of data (called packets) that a message is divided into for efficient routing through the Internet.
Transport Layer Security (TLS): A security protocol that supports confidentiality and integrity of messages in client and server applications communicating over open networks. TLS supports server and, optionally, client authentication by using X.509 certificates (as specified in [X509]). TLS is standardized in the IETF TLS working group. See [RFC4346].
Unicode: A character encoding standard developed by the Unicode Consortium that represents almost all of the written languages of the world. The Unicode standard [UNICODE5.0.0/2007] provides three forms (UTF-8, UTF-16, and UTF-32) and seven schemes (UTF-8, UTF-16, UTF-16 BE, UTF-16 LE, UTF-32, UTF-32 LE, and UTF-32 BE).
MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as defined in [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.