5 C

  • Article

cabinet (.cab) file: A single file that stores multiple compressed files to facilitate storage or transmission.

calendar: (1) A date range that shows availability, meetings, and appointments for one or more users or resources. See also Calendar object.

(2) A method of controlling which resource allocation policy (RAP) is selected as the current resource policy. The calendar maintains start and end dates and times for RAP and is either enabled or disabled. When enabled, the management service continuously monitors start and end dates and times of the scheduled RAP to activate the correct current resource policy. When disabled, the RAP scheduled on the calendar has no effect on which RAP is the current resource policy.

Calendar folder: A Folder object that contains Calendar objects.

Calendar object: A Message object that represents an event, which can be a one-time event or a recurring event. The Calendar object includes properties that specify event details such as description, organizer, date and time, and status.

calendar options dictionary: A dictionary that contains calendar configuration data. It is stored in a folder associated information (FAI) message that is in a Calendar special folder.

Calendar special folder: A Calendar folder that is in a user's mailbox and in which meetings are created by default.

call: A communication between peers that is configured for a multimedia conversation.

callback: (1) A concept in which the originator of a call is called back by the responder. In dial-up communication (like ISDN/PSTN), the originator of the dial-up hangs up after indicating the interest to be called back. The responder then calls up the originator to establish the communication.

(2) The mechanism through which a remote access client gets called back by the server in order to establish connectivity.

callback address: An object that encapsulates an Internet address that is registered by a client and that a server can use for push notifications.

callee: An endpoint (5) to which a call is initiated by a caller.

caller: (1) An endpoint (5) that initiates a call to establish a media session.

(2) The originator of a call. The network access client (NAC) is typically the caller. The NAC and NAS might choose to negotiate and use callback, in which case the caller role is reversed for the callback itself, with the NAS being the caller.

candidate: A set of transport addresses that form an atomic unit for use with a media session. For example, in the case of Real-Time Transport Protocol (RTP) there are two transport addresses for each candidate, one for RTP and another for the Real-Time Transport Control Protocol (RTCP). A candidate has properties such as type, priority, foundation, and base.

carbon copy (Cc) recipient: An address on a Message object that is visible to recipients of the Message object but is not necessarily expected to take any action.

cardinality: The measure of the number of elements in a set.

Cartridge: A unit of physical media on which information may be stored. Cartridges come in various types, including 8-mm tape, magnetic disks, optical disks, and CD-ROMs. Some cartridges have multiple sides.

cascading style sheet (CSS): An extension to HTML that enables authors and users of HTML documents to attach style sheets to those documents, as described in [CSS-LEVEL1] and [CSS-LEVEL2]. A style sheet includes typographical information about the appearance of a page, including the font for text on the page.

catalog: (1) A table that defines the structure and relationships of a set of tables in a database.

(2) A data store that holds the configuration properties for components and conglomerations.

(3) The highest-level unit of organization in the indexing service. It represents a set of indexed documents against which queries can be executed by using the [MS-MCIS].

(4) The highest-level unit of organization in the Windows Search service. It represents a set of indexed documents against which queries can be executed by using the [MS-WSP].

category: (1) A custom string that is used to group one or more documents.

(2) A string that is used as a suggestion for a document category on a site.

(3) A subdivision of items into useful groups such as geographical regions. For example, categories that represent geographical regions could be North, South, East, and West.

(4) An enhanced presence concept that is used by a Session Initiation Protocol (SIP) client to publish or subscribe to presence (2) information. A category enables basic identification of the data that is being published; it implies an agreed-upon schema for interpreting the data. A category name identifies a contract between a publisher and a subscriber.

(5) A grouping of rows in a Table object that all have the same value for a specified property.

(6) A logical grouping of updates identified by a GUID and described by metadata. A category can be treated as an update with no associated content.

(7) A hierarchical grouping of rows. For example, a query result that contains author and title columns can be categorized based on author. Each group of rows containing the same value for author would constitute a category.

(8) A group of updates. Each update belongs to zero or more update categories. An update category can be a product category that contains updates for a particular product, or a classification category that contains updates of a particular classification (for example, all security updates). A category can have a parent category as well as child categories.

certificate: (1) A certificate is a collection of attributes (1) and extensions that can be stored persistently. The set of attributes in a certificate can vary depending on the intended usage of the certificate. A certificate securely binds a public key to the entity that holds the corresponding private key. A certificate is commonly used for authentication (2) and secure exchange of information on open networks, such as the Internet, extranets, and intranets. Certificates are digitally signed by the issuing certification authority (CA) (1) and can be issued for a user, a computer, or a service. The most widely accepted format for certificates is defined by the ITU-T X.509 version 3 international standards. For more information about attributes and extensions, see [RFC3280] and [X509] sections 7 and 8.

(2) When referring to X.509v3 certificates, that information consists of a public key, a distinguished name (DN) (3) of some entity assumed to have control over the private key corresponding to the public key in the certificate, and some number of other attributes and extensions assumed to relate to the entity thus referenced. Other forms of certificates can bind other pieces of information.

(3) As used in this document, certificates are expressed in [XRML] section 1.2.

certificate authority (CA): See certification authority (CA).

certificate revocation list (CRL): A list of certificates (1) that have been revoked by the certification authority (CA) that issued them (that have not yet expired of their own accord). The list must be cryptographically signed by the CA that issues it. Typically, the certificates are identified by serial number. In addition to the serial number for the revoked certificates, the CRL contains the revocation reason for each certificate and the time the certificate was revoked. As described in [RFC3280], two types of CRLs commonly exist in the industry. Base CRLs keep a complete list of revoked certificates, while delta CRLs maintain only those certificates that have been revoked since the last issuance of a base CRL. For more information, see [X509] section 7.3, [MSFT-CRL], and [RFC3280] section 5.

certification authority (CA): (1) A third party that issues public key certificates (1). Certificates serve to bind public keys to a user identity. Each user and certification authority (CA) can decide whether to trust another user or CA for a specific purpose, and whether this trust should be transitive.

(2) A software component that issues digital (X.509) certificates (2) to identities based on a public/private key pair. For more information, see [RFC2865].

(3) A third party that issues public keycertificates. Certificates serve to bind public keys to a user identity. Each user and certification authority (CA) may decide whether to trust another user or CA for a specific purpose, and whether this trust should be transitive. For more information, see [RFC3280].

Challenge-Handshake Authentication Protocol (CHAP): A protocol for user authentication to a remote resource. For more information, see [RFC1994] and [RFC2759].

change number: A number that identifies a version of a messaging object. A change number is identical in format to a message ID (MID) or folder ID (FID).

character set: (1) A mapping between the characters of a written language and the values that are used to represent those characters to a computer.

(2) The range of characters used to represent textual data within a MIMEbody part, as described in [RFC2046].

(3) A mapping of characters to their identifying code values. For more information, see [MSDN-CS].

checkpoint ICS state: An Incremental Change Synchronization (ICS) state that is provided by a server in the middle of an ICS operation, which reflects the state of the local replica, indicated by the initial ICS state, after applying all differences transmitted in the ICS operation.

checksum: A value that is the summation of a byte stream. By comparing the checksums computed from a data item at two different times, one can quickly assess whether the data items are identical.

child: (1) An object that is immediately below the current object in a hierarchy.

(2) A data item within the Master Data Services (MDS) system that has a superior data item. A child in MDS can be a leaf member or a consolidated member.

chunk: A sequence of words that are treated as a single unit by a module that checks spelling.

CIM class: A CIM object that represents a CIM class definition as a CIM object. It is the template representing a manageable entity with a set of properties and methods.

CIM instance: An instantiation of a CIM class representing a manageable entity.

CIM object: Refers to a CIM class or a CIM instance.

claim: (1) A set of operations that are performed on a workflow task to specify the user who owns it.

(2) A statement that one subject makes about itself or another subject. For example, the statement can be about a name, identity, key, group, privilege, or capability. Claims have a provider that issues them, and they are given one or more values. They are also defined by a claim value type and, possibly, associated metadata.

(3) An assertion about a security principal expressed as an n-tuple containing an {Identifier, ValueType and m-Values of type ValueType} where m > = 1. A claim with only 1 value in the n-tuple is called a single-valued claim and a claim with more than 1 value is called a multi-valued claim.

(4) A declaration made by an entity (for example, name, identity, key, group, privilege, and capability). For more information, see [WSFedPRP] sections 1.4 and 2.

class: (1) User-defined binary data that is associated with a key.

(2) A Remoting Type that encapsulates a set of named values and a set of methods that operate on those values. The named values are called Members of the Class. A Class is part of the Remoting Data Model. For more information, see [MS-NRTP] section 3.1.1.

(3) See object class.

(4) A reference to a class module whose methods and properties can be used within a report.

class factory: An object (3 or 4) whose purpose is to create objects (3 or 4) from a specific object class (3 or 4).

class identifier (CLSID): A GUID that identifies a software component; for instance, a DCOM object class (4) or a COM class.

classifier: A Unicode string used in conjunction with an authority to form a Peer Name.

clear-signed message: An Internet email message that is in the format described by [RFC1847] and is identified with the media type "multipart/signed", or the Message object representing such a message. An important class of clear-signed message, based on a "multipart/signed" format, is the S/MIME clear-signed message, as described in [RFC5751] and [RFC3852].

client: (1) A computer on which the remote procedure call (RPC) client is executing.

(2) An execution environment that holds object references and issues object RPC (ORPC) calls.

(3) In DFS-R, a replicating machine acts as a client when it receives replicated files from its upstream partner. Use of the terminology client stipulates that the machine contact its upstream server, and is responsible for initiating communication related to receiving replicated files. It does not imply anything about the operating system version or the function of the machine.

(4) The sending endpoint of a web services request message, and receiver of any resulting web services response message.

(5) For the Peer Content Caching and Retrieval Framework, a client is a client-role peer; that is, a peer that is searching for content, either from the server or from other peers or hosted cashes. In the context of the Retrieval Protocol, a client is a peer that requests a block-range from a server_role_peer. It acts as a Web Services Dynamic Discovery (WS-Discovery) [WS-Discovery] client.

(6) Synonym for client computer (4).

(7) In [MS-GPOL], the capitalized use of this term refers to a domain member, including the domain controller (DC), that is involved in a policy application sequence.

(8) The entity that initiates the HTTP connection.

(9) A client device that is capable of issuing OMA-DM commands to a server and responding to OMA-DM commands issued by a server.

(10) Identifies the system that consumes WMI services and initiates DCOM ([MS-DCOM]) calls to WMI servers.

(11) The entity that has created the logging message, or an entity that receives a logging message from a client. In the latter case, the client is a proxy.

(12) The software that is used by a user to access the service. It represents the user in [MS-PASS]. A synonym is client application.

(13) Used as described in [RFC2616] section 1.3.

(14) The term "Client" that is defined in [WS-Discovery1.1].

(15) The client application using the WS-Management Protocol to access the management service, on the local or a remote machine.

(16) A client, also called a client computer, is a computer that receives and applies settings of a Group Policy Object (GPO), as specified in [MS-GPOL].

(17) A user participating in or intending to participate in collaboration.

(18) The target location machine.

(19) The entity that initiates communication with the hosted cache, to offer it segments of data.

(20) An application or a system that accesses a Web service endpoint as defined in [WSAddressing].

(21) A client application that uses the WS-Management Protocol (see [DMTF-DSP0226]) to access the management service on a local or remote computer.

(22) A domain member that is involved in a policy application mode sequence.

(23) Any process that initiates commands for execution on a server by using the PowerShell Remoting Protocol.

Client Access License (CAL): A license that gives a user the right to access the services of a server. To legally access the server software, a CAL can be required. A CAL is not a software product.

client computer: (1) A computer that instigates a connection to a well-known port on a server.

(2) A computer that receives and applies settings from a Group Policy Object (GPO), as specified in [MS-GPOL].

(3) A computer that gets its updates from an update server. A client can be a desktop computer, a server, or the update server. For more information, see [MS-WUSP] and [MS-WSUSSS].

(4) The client machine in the domain or network topology of clients, servers, and domain controllers. Alternatively, a computer that is not a domain controller server; the computer may or may not be joined to a domain.

client/server mode: A mode that consists of one server with many client connections (one-to-many). From the perspective of each client, there is only one connection: the connection to the server.

client-side rule: A rule that has at least one action that is executed by a client because it cannot be executed by a server.

cluster: (1) A group of computers that are able to dynamically assign resource tasks among nodes in a group.

(2) A group of computers that are able to dynamically assign resource tasks among nodes in a group. The group of computers that can be accessed as though they are a single host. A cluster is generally accessed by using a virtual IP address. For more information, see [MSFT-WLBS].

(3) The smallest allocation unit on a volume.

cluster node: Cluster node defined in [MS-CMRP] section 1.3.

cluster resource group: Resource group defined in [MS-CMRP] section 1.1.

code page: An ordered set of characters of a specific script in which a numerical index (code-point value) is associated with each character. Code pages are a means of providing support for character sets (1) and keyboard layouts used in different countries. Devices such as the display and keyboard can be configured to use a specific code page and to switch from one code page (such as the United States) to another (such as Portugal) at the user's request.

codec: An algorithm that is used to convert media between digital formats, especially between raw media data and a format that is more suitable for a specific purpose. Encoding converts the raw data to a digital format. Decoding reverses the process.

collection: (1) A grouping of one or more EDM types that are type compatible. A collection can be used as the return type for a FunctionImport.

(2) A resource that contains a set of URIs that identify member resources. Use of this term is consistent with what is specified in [RFC4918] section 5.2.

(3) A user-defined group of data items from the same entity.

(4) An element that is used when a Function element is declared whose parameter or return type is not a single value but many. For example, a Function element may return a collection of varchar, that is, collection(varchar).

color flag: A flag that extends the concept of a basic flag by associating one of a chosen set of color values with a flagged Message object.

column: (1) See field (3).

(2) A single set of data that is displayed vertically in a worksheet or a table.

(3) See column chart.

(4) The container for a single type of information in a row. Columns map to property names and specify what properties are used for the search query's command tree elements.

column chart: A chart that displays data in vertical bars to facilitate data comparison.

COM class: An object class (3).

command: Any entity that can be executed on the server.

command tree: A combination of restrictions (1) and sort orders that are specified for a search query.

common byte stack: A list of arrays of bytes. Byte values of contained arrays, when together in their natural order, represent common high-order bytes of GLOBCNT values. Common byte stacks are used in a last-in first-out (LIFO) fashion during serialization or deserialization of GLOBSETs.

Common Information Model (CIM): The Distributed Management Task Force (DMTF) model that describes how to represent real-world computer and network objects. CIM uses an object-oriented paradigm, where managed objects are modeled using the concepts of classes and instances. See [DMTF-DSP0004].

Common Information Model (CIM) object: An object that represents a Common Information Model (CIM) object. This may be either a CIM class or a CIM instance of a CIM class.

common name (CN): A string attribute of a certificate (1) that is one component of a distinguished name (DN) (1). In Microsoft Enterprise uses, a CN must be unique within the forest where it is defined and any forests that share trust with the defining forest. The website or email address of the certificate owner is often used as a common name. Client applications often refer to a certification authority (CA) by the CN of its signing certificate.

Common Views folder: A special folder that contains the data for default views that are standard for a message store and can be used by any user of a client that accesses the message store.

component: A representation of a constituent transport address if a candidate consists of a set of transport addresses. For example, media streams that are based on the Real-Time Transfer Protocol (RTP) have two components, one for RTP and another for the Real-Time Transfer Control Protocol (RTCP).

component configuration entry: An entry in the catalog that represents a particular configuration of a component.

Component Object Model (COM): An object-oriented programming model that defines how objects interact within a single process or between processes. In COM, clients have access to an object through interfaces implemented on the object. For more information, see [MS-DCOM].

compound file: (1) A structure for storing a file system, similar to a simplified FAT file system inside a single file, by dividing the single file into sectors.

(2) A file that is created as defined in [MS-CFB] and that is capable of storing data that is structured as storage and streams.

computer object: An object of class computer. A computer object is a security principalobject; the principal is the operating system running on the computer. The shared secret allows the operating system running on the computer to authenticate itself independently of any user running on the system. See security principal.

conceptual schema definition language (CSDL): A language that is based on XML and that can be used to define conceptual models that are based on the Entity Data Model (EDM). For more information, see [MC-CSDL].

conceptual schema definition language (CSDL) document: A document that contains a conceptual model that is described by using the CSDL code. For more information, see [MC-CSDL].

concrete type: A type used in this specification whose representation must be standardized for interoperability. Specific cases include types in the IDL definition of an RPC interface, types sent over RPC but whose representation is unknown to RPC, and types stored as byte strings in directoryattributes.

condition: (1) A logical expression comparing one or more properties in all incoming Message objects against a set of clauses. This logical expression can evaluate to TRUE or FALSE.

(2) A condition of a policy that specifies one of the fields in a DHCP Client request and the value that the field should contain to match the condition. The condition also contains an index that identifies the expression with which the condition is associated.

(3) A predicate (for example, the machine is idle) that must be satisfied for a task to run. A task runs when any of its triggers and all of its conditions are met.

(4) A method of controlling which RAP is selected as the current resource policy. Conditions are rules that are automatically triggered in response to notifications of any of the conditional events. A condition is composed of a condition state and RAP. When a conditional event is triggered, conditions with the associated Name attribute value are evaluated in the order of their ID attribute value; that is, a condition with the ID value 0 will be evaluated first and so on. In condition evaluation, the condition state is evaluated and if it is found to be TRUE, the RAP associated with that condition is selected as the current resource policy. If no condition has its condition state as TRUE, the condition with the name ANY is evaluated.

(5) A business rule argument that determines when to apply the actions of the business rule. Conditions can be parsed together by using the logical operators AND and OR.

condition state: A part of a condition consisting of a predicate that evaluates some current state of the computer being managed. The predicate is a series of expressions separated by AND and OR operators, evaluated in order. Expressions are selected from the following fixed set: an equality or inequality test of the amount of hardware memory, an equality or inequality test of the number of processors, or a predicate test of the online or offline status of a cluster node or cluster resource group.

conditional events: Unscheduled events that can trigger the following WSRM policy changes: Processor hot add, Memory hot add, Cluster node goes up or down, or Cluster resource group goes online or offline.

conference: (1) A Real-Time Transport Protocol (RTP) session that includes more than one participant (2).

(2) An RTP session involving multiple participants.

(3) A set of two or more communicating users along with the software they are using to communicate.

configuration naming context (config NC): A naming context (NC) that contains configuration information. In Active Directory, a single config NC is shared among all domain controllers (DCs) in the forest. A config NC cannot contain security principal objects.

conglomeration: (1) A collection of component configuration entries, together with a component-independent configuration that is conceptually shared by the component configuration entries. A conglomeration is identified by a conglomeration identifier.

(2) A collection of event classes and subscriptions together with independent configuration data that is conceptually shared by the both the event classes and subscriptions. A conglomeration is identified by a conglomeration identifier.

conglomeration identifier: A GUID that identifies a conglomeration.

connection: (1) A link between two devices that uses the Simple Symmetric Transport Protocol (SSTP). Each connection can support one or more SSTP sessions.

(2) A link that two physical machines or applications share to pass data back and forth.

(3) Each user that has a session with a server can create multiple share connections, or resource connections, using that user ID. This resource connection is created using a tree connect Server Message Block (SMB) and is identified by an SMB TreeID or TID.

(4) Firewall rules are specified to apply to connections. Every packet is associated with a connection based on TCP, UDP, or IP endpoint parameters; see [IANAPORT].

(5) In DFS-R, a pair of client and server replication partners.

(6) In OleTx, an ordered set of logically related messages. The relationship between the messages is defined by the higher-layer protocol, but they are guaranteed to be delivered exactly one time and in order relative to other messages in the connection.

(7) Either a TCP or NetBIOS over TCP connection between an SMB 2 Protocol client and an SMB 2 Protocol server.

(8) A time-bounded association between two endpoints that allows the two endpoints to exchange messages.

(9) A logical communication path identified by a pair of sockets, as defined in [RFC793].

(10) An instantiation of the protocol that can be used as a scoping entity for channel. The server may instantiate multiple simultaneous connections to the same client.

(11) The successful completion of necessary protocol arrangements (authentication, network parameters negotiation, and so on) between a remote client computer and the RRAS server to set up a dial-up or virtual private networking (VPN) association. Connection enables the remote client computer to function on the RRAS server network as if it were connected to the server network directly.

connection-oriented NTLM: A particular variant of NTLM designed to be used with connection-oriented remote procedure call (RPC), as described in [MS-NLMP].

consolidated to-do list: A list of all tasks and flagged Message objects that are in a user's mailbox.

constructed attribute: (1) An attribute whose values are computed from normal attributes (for read) and/or have effects on the values of normal attributes (for write).

(2) See [MS-ADTS] section 3.1.1.1.4.

contact: (1) A presence entity (presentity) whose presence information can be tracked.

(2) An object of the contact class that represents a company or person whom a user can contact.

(3) A person, company, or other entity that is stored in a directory and is associated with one or more unique identifiers and attributes (2), such as an Internet message address or login name.

(4) A node that publishes a contact record. Contacts are used by graph maintenance to detect partitions.

contact attachment: An attached message item that has a message type of "IPM.Contact" and adheres to the definition of a Contact object.

contact identifier: A universally unique identifier (UUID) that identifies a partner in the MSDTC Connection Manager: OleTx Transports Protocol. These UUIDs are frequently converted to and from string representations. This string representation must follow the format specified in [C706] Appendix A. In addition, the UUIDs must be compared, as specified in C706-AppendixAUUID.

Contact object: A Message object that contains properties pertaining to a contact (3).

contact record: A record published by a contact that includes the contact's address and the graphsignature at the time of publication.

Contacts folder: A Folder object that contains Contact objects.

Container class: The value of the PidTagContainerClass property on a folder, which indicates the default Message object type for the folder.

content: (1) Multimedia data. content is always in ASF, for example, a single ASF music file or a single ASF video file. Data in general. A file that an application accesses. Examples of content include web pages and documents stored on either web servers or SMB file servers.

(2) Items that correspond to a file that an application attempts to access. Examples of content include web pages and documents stored on either HTTP servers or SMB file servers. Each content item consists of an ordered collection of one or more segments.

(3) A package that contains all the associated files for an update that is to be installed on a client computer.

(4) Identified by a unique name under a given multicast namespace. The content metadata cannot change during the lifetime of a multicast session, and is required to allow random access to the data.

content database: A database that is stored on a back-end database server and contains stored procedures, site collections, and the contents of those site collections.

Content Metadata: Specifies an opaque binary data that is associated with the content.

content synchronization: The process of keeping synchronized versions of Message objects and their properties on a client and server.

contents table: A Table object whose rows represent the Message objects that are contained in a Folder object.

control level: The permissions that are granted to a participant in a shared desktop. The control levels include "view" (the participant is able to see, but not interact with, shared content), "full" (the participant is able to both see and interact with shared content), and "none" (the participant can neither see nor interact with shared content).

conversation: (1) A single representation of a send/response series of email messages. A conversation appears in the Inbox as one unit and allows the user to view and read the series of related email messages in a single effort.

(2) In LU 6.2, conversations connect transaction programs, and are used by the transaction programs to transfer messages. For a more complete definition, see [LU62Peer].

conversation action: A limited set of actions that a user applies to all Message objects that have the same PidTagConversationId value. The action is applied to all Message objects that are currently in the store or are delivered in the future.

conversation ID: A unique value that is associated with a conversation. It is assigned to each Message object that is part of a conversation and it is used to identify the conversation to which the message belongs.

conversation index: A value that specifies the location of a message within a conversation. A client can use this value to identify the parent and child messages of a message, and then generate a tree view of the conversation that contains those messages.

cookie: (1) A small data file that is stored on a user's computer and carries state information between participating protocol servers and protocol clients.

(2) A randomly generated, 16-byte sequence that is used to authenticate the client to the server during the creation of a multitransport connection.

(3) An HTTP header that carries state information between participating origin servers and user agents. For more information, see [RFC2109].

coordinate space: A space based on Cartesian coordinates, which provides a means of specifying the location of each point in the space. A two-dimensional coordinate space requires two axes that are perpendicular and equal in length. Three two-dimensional coordinate spaces are generally used to describe an output surface: world, page, and device. To scale device-independent output for a particular physical device, a rectangular area in the world or page coordinate space is mapped into the device coordinate space using a transform

Coordinated Universal Time (UTC): A high-precision atomic time standard that approximately tracks Universal Time (UT). It is the basis for legal, civil time all over the Earth. Time zones around the world are expressed as positive and negative offsets from UTC. In this role, it is also referred to as Zulu time (Z) and Greenwich Mean Time (GMT). In these specifications, all references to UTC refer to the time at UTC–0 (or GMT).

counter proposal: A request that an attendee sends to an organizer when requesting a change to the date or time of a meeting.

cryptographic hash function: A function that maps an input of any length to a short output bit string of fixed length, such that finding an input that maps to a particular bit string of the correct output length, or even finding two inputs that map to the same output bit string, is computationally infeasible. For more information, see [SCHNEIER] chapters 2 and 18.

current resource policy: While in the running management state, the management service always selects exactly one RAP to be the current resource policy.

cyclic redundancy check (CRC): An algorithm used to produce a checksum (a small, fixed number of bits) against a block of data, such as a packet of network traffic or a block of a computer file. The CRC is used to detect errors after transmission or storage. A CRC is designed to catch random errors, as opposed to intentional errors. If errors might be introduced by a motivated and intelligent adversary, a cryptographic hash function should be used instead.