This document uses the following terms:
ANSI character: An 8-bit Windows-1252 character set unit.
ASN.1: Abstract Syntax Notation One. ASN.1 is used to describe Kerberos datagrams as a sequence of components, sent in messages. ASN.1 is described in the following specifications: [ITUX660] for general procedures; [ITUX680] for syntax specification, and [ITUX690] for the Basic Encoding Rules (BER), Canonical Encoding Rules (CER), and Distinguished Encoding Rules (DER) encoding rules.
Azure Active Directory (Azure AD): The identity service in Microsoft Azure that provides identity management and access control capabilities through a REST-based API, an Azure portal, or a PowerShell command window.
Basic Encoding Rules (BER): A set of encoding rules for ASN.1 notation. These encoding schemes allow the identification, extraction, and decoding of data structures. These encoding rules are defined in [ITUX690].
binary large object (BLOB): A collection of binary data stored as a single entity in a database.
certification authority (CA): A third party that issues public key certificates. Certificates serve to bind public keys to a user identity. Each user and certification authority (CA) can decide whether to trust another user or CA for a specific purpose, and whether this trust should be transitive. For more information, see [RFC3280].
Client Data Block: A collection of related client settings that are encapsulated within the user data of a Generic Conference Control (GCC) Conference Create Request. Only four Client Data Blocks exist: Core Data, Security Data, Network Data, and Cluster Data. The set of Client Data Blocks is designed to remain static.
Cloud Authentication Provider (CloudAP): A Windows Authentication Package enabling users to sign in to Windows using their Azure Active Directory or Microsoft Account.
Connection Broker: A service that allows users to reconnect to their existing sessions, enables the even distribution of session loads among servers, and provides access to virtual desktops and remote programs. Further background information about Connection Broker is available in [Anderson].
desktop scale factor: The scale factor (as a percentage) applied to Windows Desktop Applications.
device scale factor: The scale factor (as a percentage) applied to Windows Store Apps running on Windows 8.1. This value must be calculated such that the effective maximum height of a Windows Store App is always greater than 768 pixels, otherwise the app will not start.
domain name: A domain name or a NetBIOS name that identifies a domain.
Dynamic DST: Dynamic daylight saving time (DST) provides support for time zones whose boundaries for daylight saving time change from year to year.
Extended Client Data Block: A collection of related client settings that are encapsulated within the user data of a Generic Conference Control (GCC) Conference Create Request. In contrast to the static set of Client Data Blocks, the set of Extended Client Data Blocks is designed to be expanded over time.
Input Method Editor (IME): An application that is used to enter characters in written Asian languages by using a standard 101-key keyboard. An IME consists of both an engine that converts keystrokes into phonetic and ideographic characters and a dictionary of commonly used ideographic words.
JSON Object Signing and Encryption (JOSE): The set of JSON Object Signing and Encryption (JOSE) technologies: JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), and JSON Web Algorithms (JWA) that can be used collectively to encrypt and/or sign content.
JSON Web Token (JWT): A string representing a set of claims as a JSON object that is encoded in a JWS or JWE, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted. For more information, see [RFC7519].
MD5 hash: A hashing algorithm, as described in [RFC1321], that was developed by RSA Data Security, Inc. An MD5 hash is used by the File Replication Service (FRS) to verify that a file on each replica member is identical.
Message Authentication Code (MAC): A message authenticator computed through the use of a symmetric key. A MAC algorithm accepts a secret key and a data buffer, and outputs a MAC. The data and MAC can then be sent to another party, which can verify the integrity and authenticity of the data by using the same secret key and the same MAC algorithm.
Multipoint Communication Service (MCS): A data transmission protocol and set of services defined by the ITU T.120 standard, specifically [T122] and [T125].
Network Level Authentication (NLA): Refers to the usage of CredSSP (as described in [MS-CSSP]) within the context of an RDP connection to authenticate the identity of a user at the network layer before the initiation of the RDP handshake. The use of NLA ensures that server resources are only committed to authenticated users.
OAuth 2.0: An authorization framework that enables a third-party application to obtain limited access to an HTTP service.
Packed Encoding Rules (PER): A set of encoding rules for ASN.1 notation, specified in [ITUX691]. These rules enable the identification, extraction, and decoding of data structures.
protocol data unit (PDU): Information that is delivered as a unit among peer entities of a network and that may contain control information, address information, or data. For more information on remote procedure call (RPC)-specific PDUs, see [C706] section 12.
Quality of Experience (QoE): A subjective measure of a user's experiences with a media service.
RC4: A variable key-length symmetric encryption algorithm. For more information, see [SCHNEIER] section 17.1.
Remote Desktop: See Remote Desktop Protocol (RDP).
Remote Desktop Protocol (RDP): A multi-channel protocol that allows a user to connect to a computer running Microsoft Terminal Services (TS). RDP enables the exchange of client and server settings and also enables negotiation of common settings to use for the duration of the connection, so that input, graphics, and other data can be exchanged and processed between client and server.
Rivest-Shamir-Adleman (RSA): A system for public key cryptography. RSA is specified in [RFC8017].
server authentication: The act of proving the identity of a server to a client, while providing key material that binds the identity to subsequent communications.
Server Data Block: A collection of related server settings that are encapsulated within the user data of a Generic Conference Control (GCC) Conference Create Response. Three Server Data Blocks exist: Core Data, Security Data, and Network Data.
SHA-1 hash: A hashing algorithm as specified in [FIPS180-2] that was developed by the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA).
Transmission Control Protocol (TCP): A protocol used with the Internet Protocol (IP) to send data in the form of message units between computers over the Internet. TCP handles keeping track of the individual units of data (called packets) that a message is divided into for efficient routing through the Internet.
Transport Layer Security (TLS): A security protocol that supports confidentiality and integrity of messages in client and server applications communicating over open networks. TLS supports server and, optionally, client authentication by using X.509 certificates (as specified in [X509]). TLS is standardized in the IETF TLS working group.
Unicode: A character encoding standard developed by the Unicode Consortium that represents almost all of the written languages of the world. The Unicode standard [UNICODE5.0.0/2007] provides three forms (UTF-8, UTF-16, and UTF-32) and seven schemes (UTF-8, UTF-16, UTF-16 BE, UTF-16 LE, UTF-32, UTF-32 LE, and UTF-32 BE).
Unicode character: Unless otherwise specified, a 16-bit UTF-16 code unit.
MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as defined in [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.