Share via

21 S

safe load: A process of loading a file in which additional error checking is performed and various corruption patterns in the file are detected and repaired.

salt: An additional random quantity, specified as input to an encryption function that is used to increase the strength of the encryption.

sample: (1) A unit of media data sent from the server to the client.

(2) The smallest fundamental unit (such as a frame) in which media is stored and processed.

sandboxed solution: A custom solution that can be deployed to a site by a site collection administrator, without approval from the server farm administrator.

SASL: The Simple Authentication and Security Layer, as described in [RFC2222]. This is an authentication (2)mechanism used by the Lightweight Directory Access Protocol (LDAP).

Scalar: A type of MethodInstance that can be called to return a scalar value.

Scale Secure Real-Time Transport Protocol (SSRTP): A Microsoft proprietary extension to the Secure Real-Time Transport Protocol (SRTP), as described in [RFC3711].

scan device: A scanner, copier, or multifunction peripheral that supports the Devices Profile for Web Services [DPWS].

scan document: A single image file created by a scan device and transferred to the scan repositoryserver during the processing of a PostScan job.

scan repository: A service that supports processing PostScan jobs based on data and instructions in a PostScan process.

scan ticket: An element that communicates the appropriate settings that should be used by a scan device when creating a scan document.

scatter chart: A chart that displays values on both the x and y axes to represent two variables as a single data point.

scenario: A named set of input values (changing cells) that can be substituted in a worksheet model.

Scenario Manager: A process for creating and managing different sets of input values for calculation models in a worksheet.

scene: An independent part of a tour that has a beginning and end, and a specific time duration in which a particular data visualization on the map occurs.

Schedule: The frequency at which FRS replicates data under replica tree root.

schema: (1) The set of attributes and object classes that govern the creation and update of objects.

(2) A container that defines a namespace that describes the scope of EDM types. All EDM types are contained within some namespace.

schema naming context (schema NC): A specific type of naming context (NC) or an instance of that type. A forest has a single schema NC, which is replicated to each domain controller (DC) in the forest. No other NC replicas can contain these objects. Each attribute and class in the forest's schema is represented as a corresponding object in the forest'sschema NC.

schema object: An object that defines an attribute (1) or an object class. Schema objects are contained in the schema naming context (schema NC).

schema version: An integer value that represents the version number of the schema for a deployment package.

scheme: The name of a specification to refer to when assigning identifiers within a particular URIscheme, as defined in [RFC3986] section 3.1.

scope: (1) A range of IP addresses and associated configuration options that are allocated to DHCP clients in a specific subnet.

(2) The term "Scope" that is defined in [WS-Discovery1.1].

(3) An item that represents a hierarchy in a report. There are explicit scopes (such as data region, dataset, group) and implicit scopes (such as report scope). At any level in the hierarchy, there can be only one ancestor scope (except for the top-level report scope and the page scope) but an unlimited number of descendants as well as peer scopes.

scope identifier: A GUID that uniquely identifies a scope within a site collection.

scope index key: A basic scope index key or a compound scope index key that references a scope index record.

scorecard: A report that depicts organizational and business performance by displaying a collection of key performance indicators (KPIs) with performance targets for those KPIs. Each KPI compares actual performance to goals for an area. A scorecard can be organized hierarchically and typically contains visualization tools such as trend charts and conditional formatting.

SDP answer: A Session Description Protocol (SDP) message that is sent by an answerer in response to an offer that is received from an offerer.

SDP offer: A Session Description Protocol (SDP) message that is sent by an offerer.

sealed content type: A named and uniquely identifiable collection of settings and fields that cannot be changed. A seal can be removed only by a site collection administrator. See also content type.

search alert: An Internet message that is sent to subscribers automatically for a specific query. It notifies subscribers when one or more new results exist, or an existing result was modified.

search application: A unique group of search settings that is associated, one-to-one, with a shared service provider.

search catalog: All of the crawl data that is associated with a specific search application. A search catalog provides information that is used to generate query results.

search down: A process of searching for information by ascending row and column numbers.

search folder: (1) A collection of related items to be crawled by a search service.

(2) A Folder object that provides a means of querying for items that match certain criteria. The search folder includes the search folder definition message and the search folder container.

search folder container: A Folder object that is created according to the specifications in the definition message. It is in the Finder folder of the message database.

search folder definition message: A folder associated information (FAI) message that persists all the information that defines a search folder. It is in the associated contents table of the Common Views folder in the message database.

search index: A set of data structures that facilitates query evaluation by a search service application. The primary part of a search index is an inverted index of terms.

search provider: A component or application that provides data in response to a query. See also result provider.

search query: A complete set of conditions that are used to generate search results, including query text, sort order, and ranking parameters.

search scope: A list of attributes that define a collection of items.

search scope compilation: The process of updating a full-text index catalog to reflect unincorporated changes to the definitions of search scopes.

search scope consumer: A site collection that uses a specific search scope display group.

search scope rule: An attribute that specifies which items are included in a search scope.

search security descriptor: (1) A Windows security descriptor.

(2) A custom security descriptor that is in an arbitrary format and is handled by alternate authentication providers in pluggable security authentication (2).

search service account: A user account under which a search service runs.

search service application: A shared service application that provides indexing and querying capabilities.

search setting context: An administrative setting that is used to specify when a search setting for a keyword is applied to a search query, based on the query context.

search up: A process of searching for information by descending row and column numbers.

secondary bar/pie: A secondary chart in a bar of pie or pie of pie chart that displays the detailed data of the grouped data point in the primary pie chart. The secondary bar/pie chart takes the form of a stacked bar chart or a pie chart that is connected to the primary pie chart with series lines.

secondary data connection: Any auxiliary connection between an InfoPath form and a data source that stores or provides data for the form.

secondary data source: An XML data file, a database, or a web service that is used to populate controls or provide values in an InfoPath form.

secondary shortcut key: A user-defined combination of keys that are pressed simultaneously to execute a command. See also primary shortcut key.

secret key: A symmetric encryption key shared by two entities, such as between a user and the domain controller (DC), with a long lifetime. A password is a common example of a secret key. When used in a context that implies Kerberos only, a principal's secret key.

section: (1) A collection of user profile properties that appear together on a profile site.

(2) A portion of a document that is terminated by a section break or the end of the document. A section can store unique, page-level formatting, such as page size and orientation, and other formatting features such as headers and footers.

(3) A part of a form or report, such as a header or footer, that appears at each instance of a specific level in that form or report. It can be shown or hidden independently of other sections.

(4) Specifies the layout and structure information of a report. A report section is comprised of a body, a header, and a footer. A section is specified by the Section element.

securable object: An object that can have unique security permissions associated with it.

secure audio video profile (SAVP): A protocol that extends the audio-video profile specification to include the Secure Real-Time Transport Protocol, as described in [RFC3711].

Secure Real-Time Transport Protocol (SRTP): A profile of Real-Time Transport Protocol (RTP) that provides encryption, message authentication (2), and replay protection to the RTP data, as described in [RFC3711].

Secure Sockets Layer (SSL): A security protocol that supports confidentiality and integrity of messages in client and server applications that communicate over open networks. SSL uses two keys to encrypt data—a public key known to everyone and a private or secret key known only to the recipient of the message. SSL supports server and, optionally, client authentication (2) using X.509certificates (2). For more information, see [X509]. The SSL protocol is precursor to Transport Layer Security (TLS). The TLS version 1.0 specification is based on SSL version 3.0.

Secure Store Service (SSS): A service that is used to store credentials for a user or a group of users. It enables applications, typically on behalf of a user, to authenticate and gain access to resources. Users can retrieve only their own credentials from the secure store.

Secure Store Service (SSS) store: A persistent store that provides storage for target application definitions and credentials.

Secure Store Service (SSS) ticket: A token that contains the encrypted identity of a Secure Store Service (SSS) user in the form of a claim (2) and a nonce.

Secure Store Service (SSS) user: A security principal (2) that interacts with a Secure Store Service (SSS) implementation.

Security Account Manager (SAM): A centrally managed service, such as AD DS, that enables a server to establish a trust relationship with other authorized servers. The SAM also maintains information about domains and security principals (2), and provides client-to-server information by using several available standards for access control lists (ACLs).

Security Assertion Markup Language (SAML): The set of specifications that describe security assertions encoded in XML, profiles for attaching assertions to protocols and frameworks, request/response protocols used to obtain assertions, and the protocol bindings to transfer protocols, such as SOAP and HTTP.

security association (SA): A simplex "connection" that provides security services to the traffic carried by it. See [RFC4301] for more information.

security context: (1) An abstract data structure that contains authorization information for a particular security principal in the form of a Token/Authorization Context (see [MS-DTYP] section 2.5.2). A server uses the authorization information in a security context to check access to requested resources. A security context also contains a key identifier that associates mutually established cryptographic keys, along with other information needed to perform secure communication with another security principal.

(2) The result of a TSIG [RFC2845] security negotiation between the server and a client machine.

(3) A data structure containing authorization information for a particular security principal in the form of a collection of security identifiers (SIDs). One SID identifies the principal specifically, whereas others may represent other capabilities. A server uses the authorization information in a security context to check access to requested resources.

security descriptor: A data structure containing the security information associated with a securable object. A security descriptor identifies an object's owner by its security identifier (SID). If access control is configured for the object, its security descriptor contains a discretionary access control list (DACL) with SIDs for the security principals who are allowed or denied access. Applications use this structure to set and query an object's security status. The security descriptor is used to guard access to an object as well as to control which type of auditing takes place when the object is accessed. The security descriptor format is specified in [MS-DTYP] section 2.4.6; a string representation of security descriptors, called SDDL, is specified in [MS-DTYP] section 2.5.1.

security group: A named group of principals on a SharePoint site.

security group identifier: An integer that is used to uniquely identify a security group, distinguishing it from all other security principals (2) and site groups within the same site collection.

security identifier (SID): An identifier for security principals in Windows that is used to identify an account or a group. Conceptually, the SID is composed of an account authority portion (typically a domain) and a smaller integer representing an identity relative to the account authority, termed the relative identifier (RID). The SID format is specified in [MS-DTYP] section 2.4.2; a string representation of SIDs is specified in [MS-DTYP] section 2.4.2 and [MS-AZOD] section

security policy: In the form of a collection of security policy settings, the policy itself is an expression of administrative intent regarding how computers and resources on their network should be secured.

security principal: (1) A unique entity that is identifiable through cryptographic means by at least one key. It frequently corresponds to a human user, but also can be a service that offers a resource to other security principals. Also referred to as principal.

(2) An identity that can be used to regulate access to resources. A security principal can be a user, a computer, or a group that represents a set of users.

(3) A unique entity identifiable through cryptographic means by at least one key. A security principal often corresponds to a human user but can also be a service offering a resource to other security principals. Sometimes referred to simply as a "principal".

(4) An identity that can be used to regulate access to resources, as specified in [MS-AUTHSOD] section A security principal can be a user, a computer, or a group that represents a set of users.

(5) A unique entity, also referred to as a principal, that can be authenticated by Active Directory. It frequently corresponds to a human user, but also can be a service that offers a resource to other security principals. Other security principals might be a group, which is a set of principals. Groups are supported by Active Directory.

(6) An entity that is associated with a human user or a program that can be authenticated. At a minimum, it has two basic attributes, a name and an identifier, that uniquely identifies it and makes it meaningful to the system, administrators, and users. A security principal is also known as a principal or an account.

security principal identifier: A value that is used to uniquely identify a security principal (2). In Windows-based systems, it is a security identifier (SID). In other types of systems, it can be a user identifier or other type of information that is associated with a security principal (2).

security principal name (SPN): The name that identifies a security principal (for example, machinename$@domainname for a machine joined to a domain or username@domainname for a user). Domainname is resolved using the Domain Name System (DNS).

security principal object: An object that corresponds to a security principal. A security principal object contains an identifier, used by the system and applications to name the principal, and a secret that is shared only by the principal. In Active Directory, a security principal object has the objectSid attribute. In Active Directory, the user, computer, and group object classes are examples of security principalobject classes (though not every group object is a security principal object). In AD LDS, any object containing the msDS-BindableObject auxiliary class is a security principal. See also computer object, group object, and user object.

security protocol: A protocol that performs authentication and possibly additional security services on a network.

security provider: (1) A Component Object Model (COM) object that provides methods that return custom information about the security of a site.

(2) A pluggable security module that is specified by the protocol layer above the remote procedure call (RPC) layer, and will cause the RPC layer to use this module to secure messages in a communication session with the server. The security provider is sometimes referred to as an authentication service.

(3) A pluggable security module that is specified by the protocol layer above remote procedure call (RPC), and will cause RPC to use this module to secure messages in a communication session with the server. Sometimes referred to as an authentication service. For more information, see [C706] and [MS-RPCE].

security realm or security domain: Represents a single unit of security administration or trust (for example, a Kerberos realm, for more information, see [RFC4120]; or a Windows Domain, for more information, see [MSFT-ADC]).

security role: A defined set of access privileges. The security role that is assigned to a user determines the tasks that a user can perform and which parts of the user interface a user can view.

security scope: A tree structure of objects in which every object has the same security settings as the root.

security support provider (SSP): A dynamic-link library (DLL) that implements the Security Support Provider Interface (SSPI) by making one or more security packages available to applications. Each security package provides mappings between an application's SSPI function calls and an actual security model's functions. Security packages support security protocols such as Kerberos authentication and NTLM.

Security Support Provider Interface (SSPI): A Windows-specific API implementation that provides the means for connected applications to call one of several security providers to establish authenticated connections and to exchange data securely over those connections. This is the Windows equivalent of Generic Security Services (GSS)-API, and the two families of APIs are on-the-wire compatible.

security token: (1) An opaque message or data packet produced by a Generic Security Services (GSS)-style authentication package and carried by the application protocol. The application has no visibility into the contents of the token.

(2) A collection of one or more claims. Specifically in the case of mobile devices, a security token represents a previously authenticated user as defined in the Mobile Device Enrollment Protocol [MS-MDE].

security token service (STS): (1) A web service that issues claims (2) and packages them in encrypted security tokens.

(2) A web service that issues security tokens. That is, it makes assertions based on evidence that it trusts; these assertions are for consumption by whoever trusts it. For more information, see [WSFedPRP] sections 1.4 and 2 and [WSTrust] section 2.4. For [MS-ADFSPP], [MS-ADFSWAP], and [MS-MWBF], STS refers to services that support (either directly or via a front end) the protocol defined in each of those specifications.

(3) To communicate trust, a service requires proof, such as a signature to prove knowledge of a security token or set of security tokens. A service itself can generate tokens or it can rely on a separate STS to issue a security token with its own trust statement. (Note that for some security token formats, this can be just a re-issuance or co-signature.) This forms the basis of trust brokering.

(4) A special type of server defined in WS-Trust [WSTrust1.3].

security trimmer: A filter that is used to limit search results to only those resources that a user can view, based on the user's permission level and the access control list (ACL) for a resource. A security trimmer helps to ensure that search results display only those resources that a user has permission to view.

security zone: A setting that determines whether a resource, such as a website, can access data on other domains, or access files and settings on a user's computer. There are four security zones: Internet, Local intranet, Trusted sites, and Restricted sites. The zone to which a resource is assigned specifies the security settings that are used for that resource. See also form security level.

security-enabled group: A group object with GROUP_TYPE_SECURITY_ENABLED present in its groupType attribute. Only security-enabled groups are added to a security context. See also group object.

segment: (1) A subdivision of content. In version 1.0 Content Information, each segment has a size of 32 megabytes, except the last segment which can be smaller if the content size is not a multiple of the standard segment sizes. In version 2.0 Content Information, segments can vary in size.

(2) A set of stations that see each other’s link-layer frames without being changed by any device in the middle, such as a switch.

(3) A unit of content for discovery purposes. A segment is identified on the network by its public identifier, also known as segment ID or HoHoDk. A segment does not belong to any particular content; it can be shared by many content items if all those content items have an identical segment-sized portion at some offset.

selected: The condition of a set of items that has focus in a workbook.

selection: An item or set of items, such as cells, shapes, objects, and chart elements, that has focus in a document.

self SUBSCRIBE: A SUBSCRIBE request that is used by a publisher to be notified of changes to its own data. It is possible to subscribe to three different sets of data: categories (4), containers, and subscribers.

self subscriber: A SIP protocol client that is making a subscribe request for self-published category (4) information.

self-signed certificate: A certificate (1) that is signed by its creator and verified using the public key contained in it. Such certificates are also termed root certificates.

sequence: (1) A unique identifier for a delta that includes the user identifier for the endpoint (3) that created the delta.

(2) The set of message packets sent over a session that represent a message sequence. A message is associated with a sequence number that corresponds to its position within the sequence. Sequence numbers begin with 1 and increment by 1 with each subsequent message.

(3) A one-way, uniquely identifiable batch of messages between an RMS and an RMD.

sequence header: A set of encoding and display parameters that are placed before a group of pictures, as described in [SMPTE-VC-1]. See also entry point header.

Serialization Format: The structure of the serialized message content, which can be either binary or SOAP. Binary serialization format is specified in [MS-NRBF]. SOAP serialization format is specified in [MS-NRTP].

series line: A supplemental line on a stacked column, stacked bar, pie of pie, or bar of pie chart that connects each data point in a series with the next data point to increase legibility.

server: (1) A computer on which the remote procedure call (RPC) server is executing.

(2) A replicating machine that sends replicated files to a partner (client). The term "server" refers to the machine acting in response to requests from partners that want to receive replicated files.

(3) A DirectPlay system application that is hosting a DirectPlay game session. In the context of DirectPlay 8, the term is reserved for hosts using client/server mode.

(4) For the Peer Content Caching and Retrieval Framework, a server is a server-role peer; that is, a peer that listens for incoming block-range requests from client-role peers and responds to the requests.

(5) Used as a synonym for domain controller. See [MS-DISO].

(6) Refers to the Group Policy server that is involved in a policy application sequence. See [MS-GPOL].

(7) The entity that responds to the HTTP connection. See [MS-TSWP].

(8) A server capable of issuing OMA-DM commands to a client and responding to OMA-DM commands issued by a client. See [MS-MDM]

(9) Used to identify the system that implements WMI services, provides management services, and accepts DCOM ([MS-DCOM]) calls from WMI clients.

(10) A domain controller. Used as a synonym for domain controller. See [MS-ADOD]

(11) An entity that transfers content to a client through streaming. A server might be able to do streaming on behalf of another server; thus, a server can also be a proxy. See [MS-WMLOG]

(12) Used as described in [RFC2616] section 1.3. See [MS-NTHT]

(13) For the purposes of [MS-RDC], the server is the source location.

(14) Any process that accepts commands for execution from a client by using the PowerShell Remoting Protocol.

Server Message Block (SMB): A protocol that is used to request file and print services from server systems over a network. The SMB protocol extends the CIFS protocol with additional security, file, and disk management support. For more information, see [CIFS] and [MS-SMB].

server name: The name of a server, as specified in the operating system settings for that server.

server object: (1) A class of object in the configuration naming context (config NC). A server object can have an nTDSDSA object as a child.

(2) Part of the Remoting Data Model. A server object is an instance of a Server Type. A server object is either an SAO or an MSO.

(3) The database object in the account domain with an object class of samServer.

Server Reflexive Candidate: A candidate whose transport addresses is a network address translation (NAT) binding that is allocated on a NAT when an endpoint (5) sends a packet through the NAT to the server. A Server Reflexive Candidate can be discovered by sending an allocate request to the TURN server or by sending a binding request to a Simple Traversal of UDP through NAT (STUN) server.

Server Scale Secure Real-Time Transport Protocol (Server SSRTP): A derivative of the Scale Secure Real-Time Transport Protocol (SSRTP) that is used by applications to receive media from multiple senders and fan-out media to multiple receivers. Typically, applications such as Multipoint Control Units (MCUs) use this mode of encryption.

Server Type: Part of the Remoting Data Model. A Server Type contains Remote Methods.

server-activated object (SAO): A server object that is created on demand in response to a client request. See also marshaled server object.

server-relative URL: A relative URL that does not specify a scheme or host, and assumes a base URI of the root of the host, as described in [RFC3986].

service: (1) A process or agent available on the network, offering resources or services for clients. Examples of services include file servers, web servers, and so on.

(2) A process or agent that is available on the network, offering resources or services for clients. Examples of services include file servers, web servers, and so on.

(3) A program that is managed by the Service Control Manager (SCM). The execution of this program is governed by the rules defined by the SCM.

(4) The receiving endpoint of a web services request message, and sender of any resulting web services response message.

(5) A logical functional unit that represents the smallest units of control and that exposes actions and models the state of a physical device with state variables. For more information, see [UPNPARCH1.1] section 3.

(6) An application that provides management services to clients through the WS-Management Protocol and other web services.

(7) A SIP method defined by Session Initiation Protocol Extensions used by the client to request a service from the server.

SERVICE: A method that is defined by Session Initiation Protocol (SIP) extensions and is used by an SIP client to request a service from a server.

service application: A middle-tier application that runs without any user interface components and supports other applications by performing tasks such as retrieving or modifying data in a database.

Service Control Manager (SCM): An RPC server that enables configuration and control of service programs.

session: (1) A unidirectional communication channel for a stream of messages that are addressed to one or more destinations. A destination is specified by a resource URL, an identity URL, and a device URL. More than one session can be multiplexed over a single connection.

(2) A representation of application data in system memory. It is used to maintain state for application data that is being manipulated or monitored on a protocol server by a user.

(3) A collection of multimedia senders and receivers and the data streams that flow between them. A multimedia conference is an example of a multimedia session.

(4) In Kerberos, an active communication channel established through Kerberos that also has an associated cryptographic key, message counters, and other state.

(5) In Server Message Block (SMB), a persistent-state association between an SMB client and SMB server. A session is tied to the lifetime of the underlying NetBIOS or TCP connection.

(6) In the Challenge-Handshake Authentication Protocol (CHAP), a session is a lasting connection between a peer and an authenticator.

(7) In the Workstation service, an authenticated connection between two computers.

(8) An active communication channel established through NTLM, that also has an associated cryptographic key, message counters, and other state.

(9) In OleTx, a transport-level connection between a Transaction Manager and another Distributed Transaction participant over which multiplexed logical connections and messages flow. A session remains active so long as there are logical connections using it.

(10) The state maintained by the server when it is streamingcontent to a client. If a server-side playlist is used, the same session is used for all content in the playlist.

(11) An authenticated context that is established between an SMB 2 Protocol client and an SMB 2 Protocol server over an SMB 2 Protocol connection for a specific security principal. There could be multiple active sessions over a single SMB 2 Protocol connection. The SessionId field in the SMB2 packet header distinguishes the various sessions.

(12) An authenticated communication channel between the client and server correlating a group of messages into a conversation.

(13) A collection of state information on a directory server. An implementation of the SOAP session extensions (SSE) is free to choose the state information to store in a session.

(14) In LU 6.2, a session is a connection between LUs that can be used by a succession of conversations. A given pair of LU 6.2s may be connected by multiple sessions. For a more complete definition, see [LU62Peer].

(15) A context for managing communication over LLTD among stations.

(16) The operational environment in which an application and its commands execute.

(17) A context for managing communication over qWave-WD among devices. This is equivalent to a TCP connection.

(18) A multimedia session is a set of multimedia senders and receivers and the data streams flowing from senders to receivers. A multimedia conference is an example of a multimedia session.

(19) A set of multimedia senders and receivers and the data streams flowing from senders to receivers. A multimedia conference is an example of a multimedia session.

Session Description Protocol (SDP): (1) A protocol that is used to announce sessions, manage session invitations, and perform other types of initiation tasks for multimedia sessions, as described in [RFC3264].

(2) A protocol that is used for session announcement, session invitation, and other forms of multimedia session initiation. For more information see [MS-SDP] and [RFC3264].

session identifier: (1) A unique string that is used to identify a specific instance of session data and is used by stored procedures as an opaque primary key.

(2) A key that enables an application to make reference to a session.

(3) Unique identifier that an operating system generates when a session is created. A session spans the period of time from logon until logoff from a specific system.

Session Initiation Protocol (SIP): An application-layer control (signaling) protocol for creating, modifying, and terminating sessions with one or more participants. SIP is defined in [RFC3261].

Session Initiation Protocol (SIP) address: A URI that does not include a "sip:" prefix and is used to establish multimedia communications sessions between two or more users over an IP network, as described in [RFC3261].

session key: (1) A symmetric key that is derived from a master key and is used to encrypt or authenticate a specific media stream by using the Secure Real-Time Transport Protocol (SRTP) and Scale Secure Real-Time Transport Protocol (SSRTP).

(2) A relatively short-lived symmetric key (a cryptographic key negotiated by the client and the server based on a shared secret). A session key's lifespan is bounded by the session to which it is associated. A session key should be strong enough to withstand cryptanalysis for the lifespan of the session.

session recycling: A process in which active sessions (2) are closed to start new sessions and to limit the total number of active sessions.

Setting: A partition of a metadata store. It is used to store Properties, localized names, and access control entries (ACEs) for MetadataObjects.

setup path: The location where supporting files for a product or technology are installed.

SHA: See system health agent (SHA).

SHA-1: An algorithm that generates a 160-bit hash value from an arbitrary amount of input data, as described in [RFC3174]. SHA-1 is used with the Digital Signature Algorithm (DSA) in the Digital Signature Standard (DSS), in addition to other algorithms and standards.

SHA-1 hash: A hashing algorithm as specified in [FIPS180-2] that was developed by the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA).

SHA-256: An algorithm that generates a 256-bit hash value from an arbitrary amount of input data, as described in [FIPS180-2].

shade: A color that is mixed with black. A 10-percent shade is one part of the original color and nine parts black.

shading pattern: A background color pattern against which characters and graphics are displayed, typically in tables. The color can be no color or it can be a specific color with a transparency or pattern value.

shadow copy: A duplicate of data held on a volume at a well-defined instant in time.

shadow effect: A formatting effect that makes a font or object appear to be elevated from the page or screen surface, and therefore casts a shadow.

shallow refinement: A type of query refinement that is based on the aggregation of managed property statistics for only some results of a search query. The number of refined results varies according to implementation. See also deep refinement.

shape: A collection of qualifiers, such as names, and quantifiers, such as coordinates, that is used to represent a geometric object. A shape can be contained in a document, file structure, run-time structure, or other medium.

shape identifier: An integer that corresponds to a shape object or an instantiation of a shape object.

share: (1) A resource offered by a Common Internet File System (CIFS) server for access by CIFS clients over the network. A share typically represents a directory tree and its included files (referred to commonly as a "disk share" or "file share") or a printer (a "print share"). If the information about the share is saved in persistent store (for example, Windows registry) and reloaded when a file server is restarted, then the share is referred to as a "sticky share". Some share names are reserved for specific functions and are referred to as special shares: IPC$, reserved for interprocess communication, ADMIN$, reserved for remote administration, and A$, B$, C$ (and other local disk names followed by a dollar sign), assigned to local disk devices.

(2) To make content on a host desktop available to participants. Participants with a sufficient control level may interact remotely with the host desktop by sending input commands.

(3) A local resource that is offered by an SMB 2 Protocol server for access by SMB 2 Protocol clients over the network. The SMB 2 Protocol defines three types of shares: file (or disk) shares, which represent a directory tree and its included files; pipe shares, which expose access to named pipes; and print shares, which provide access to print resources on the server. A pipe share as defined by the SMB 2 Protocol must always have the name "IPC$". A pipe share must only allow named pipe operations and DFS referral requests to itself.

shared lock: A condition in which multiple protocol clients or protocol servers can read or write data concurrently, but no transaction can acquire an exclusive lock on the data until all of the shared locks have been released.

shared search scope: An administrator-defined restriction (1) that can be added to a query to limit query results to a collection of content. This restriction is available to multiple site collections.

Shared Services Provider (SSP): A logical grouping of shared service applications, and their supporting resources, that can be configured and managed from a single server and can be used by multiple server farms.

shared space: A set of tools that is synchronized between different endpoints (3), as described in [MS-GRVDYNM].

shared view: A view of a list or Web Parts Page that every user who has the appropriate permissions can see.

shared workbook: A workbook that is configured to enable multiple users on a network to view and make changes to it at the same time. Each user who saves the workbook sees the changes that are made by other users.

sheet: (1) A part of an Excel workbook. There are four types of sheets: worksheet, macro sheet, dialog sheet, and chart sheet. Multiple sheets are stored together within a workbook.

(2) A worksheet. The term sheet frequently refers to a worksheet because worksheets are the most common type of sheet.

sheet stream: See stream (1) and document stream.

sheet tab: A control that is used to select a sheet.

sheet view: A collection of display settings, such as which cells are shown, and the zoom level for a sheet window.

short-term lock: A type of check-out process in Windows SharePoint Services. Short-term checkouts are implicit and are done when a file is opened for editing. A lock is applied to the file while it is being edited in the client application so that other users cannot modify it. After the client application is closed, the lock is released.

shrink to fit: The process of adjusting the font size of text in a cell to fit the current height and width of the cell.

Side: An area on a physical medium that can store data. Although most physical media have only a single side, some may have two sides. For instance, a magneto-optic (MO) disk has two sides: an "A" side and a "B" side. When an MO disk is placed in a drive with the "A" side up, the "A" side is accessible and the "B" side is not. To access the "B" side, the disk must be inserted with the "B" side up. The data stored on different sides of the same physical medium are independent of one another.

signature: (1) A synonym for hash.

(2) A value computed with a cryptographic algorithm and bound to data in such a way that intended recipients of the data can use the signature to verify that the data has not been altered and/or has originated from the signer of the message, providing message integrity and authentication. The signature can be computed and verified either with symmetric key algorithms, where the same key is used for signing and verifying, or with asymmetric key algorithms, where different keys are used for signing and verifying (a private and public key pair are used). For more information, see [WSFedPRP].

(3) The lowest node ID in the graph.

(4) A structure containing a hash and block chunk size. The hash field is 16 bytes, and the chunk size field is a 2-byte unsigned integer.

silence suppression: A mechanism for conserving bandwidth by detecting silence in the audio input and not sending packets that contain only silence.

Simple Mail Transfer Protocol (SMTP): A member of the TCP/IP suite of protocols that is used to transport Internet messages, as described in [RFC5321].

Simple Symmetric Transport Protocol (SSTP): A protocol that enables two applications to engage in bi-directional, asynchronous communication. SSTP supports multiple application endpoints (5) over a single network connection between client nodes.

Simple Symmetric Transport Protocol Security Protocol (SSTP) security: An independent sub-protocol that is exchanged within defined Simple Symmetric Transport Protocol (SSTP) messages, and is used for mutual authentication (2) between a relay server and a client device or an account.

Simple Traversal of UDP through NAT (STUN): A protocol that enables applications to discover the presence of and types of network address translations (NATs) and firewalls that exist between those applications and the Internet.

simple type: An element that can contain only text and appears as <simpleType> in an XML document or any attribute (1) of an element. Attributes are considered simple types because they contain only text. See also complex type.

single accounting: An underline style that places one line beneath the text. Single accounting can be used to indicate subtotals.

single sign-on (SSO): A process that enables users who have a domain user account to log on to a network and gain access to any computer or resource in the domain without entering their credentials multiple times.

single sign-on (SSO) administrator: A security principal (2) who is authorized to change a single sign-on (SSO) configuration and to obtain master secrets from a master secret server.

single sign-on (SSO) identifier: A string that represents the definition of user credentials that permit a user to access a network. See also single sign-on (SSO).

single-valued claim: See claim.

SIP element: An entity that understands the Session Initiation Protocol (SIP).

SIP message: The data that is exchanged between Session Initiation Protocol (SIP) elements as part of the protocol. An SIP message is either a request or a response.

SIP method: The primary function that an SIP request is meant to call on a server. This method is carried in the request message itself. Example methods are INVITE and BYE.

SIP protocol client: A network client that sends Session Initiation Protocol (SIP) requests and receives SIP responses. An SIP client does not necessarily interact directly with a human user. User agent clients (UACs) and proxies are SIP clients.

SIP registrar: A Session Initiation Protocol (SIP) server that accepts REGISTER requests and places the information that it receives from those requests into the location service for the domain that it handles.

SIP request: A Session Initiation Protocol (SIP) message that is sent from a user agent client (UAC) to a user agent server (UAS) to call a specific operation.

SIP response: A Session Initiation Protocol (SIP) message that is sent from a user agent server (UAS) to a user agent client (UAC) to indicate the status of a request from the UAC to the UAS.

SIP response code: A three-digit code in a Session Initiation Protocol (SIP) message, as described in [RFC3261].

SIP transaction: A SIP transaction occurs between a UAC and a UAS. The SIP transaction comprises all messages from the first request sent from the UAC to the UAS up to a final response (non-1xx) sent from the UAS to the UAC. If the request is INVITE, and the final response is a non-2xx, the SIP transaction also includes an ACK to the response. The ACK for a 2xx response to an INVITErequest is a separate SIP transaction.

site: (1) A group of related webpages that is hosted by a server on the World Wide Web or an intranet. Each website has its own entry points, metadata, administration settings, and workflows. Also referred to as web site.

(2) A group of related pages and data within a SharePoint site collection. The structure and content of a site is based on a site definition. Also referred to as SharePoint site and web site.

(3) A collection of one or more well-connected (reliable and fast) TCP/IP subnets. By defining sites (represented by site objects) an administrator can optimize both Active Directory access and Active Directoryreplication with respect to the physical network. When users log in, Active Directory clients find domain controllers (DCs) that are in the same site as the user, or near the same site if there is no DC in the site. See also Knowledge Consistency Checker (KCC). For more information, see [MS-ADTS].

site collection: A set of websites (1) that are in the same content database, have the same owner, and share administration settings. A site collection can be identified by a GUID or the URL of the top-level site for the site collection. Each site collection contains a top-level site, can contain one or more subsites, and can have a shared navigational structure.

site collection administrator: A user who has administrative permissions for a site collection.

site collection group: A named collection of users and domain groups that can be managed for a site collection or site. A group can be used to assign permission levels, send email messages, and indicate site membership for multiple users simultaneously.

site collection identifier: A GUID that identifies a site collection. In stored procedures, the identifier is typically "@SiteId" or "@WebSiteId". In databases, the identifier is typically "SiteId/tp_SiteId".

site content type: A named and uniquely identifiable collection of settings and fields that store metadata for lists within individual sites.

site definition: A family of site definition configurations. Each site definition specifies a name and contains a list of associated site definition configurations.

site definition configuration: An XML-based definition of lists, features, modules, and other data that collectively define a type of SharePoint site. Site definition configurations are stored in the ONET.xml file.

site hop: The process of traversing from one website to another during a crawl. See also page hop.

site identifier: A GUID that is used to identify a site in a site collection.

site map provider: An object that provides a hierarchy of nodes that represent navigation for a site (2).

site membership: The status of being a member of a site and having a defined set of user rights for accessing or managing content on that site.

site solution: A deployable, reusable package that contains a set of features, site definitions, and assemblies that apply to sites, and can be enabled or disabled individually.

site subscription: A logical grouping of site collections that share a common set of features and service data.

site subscription identifier: A GUID that is used to identify a site subscription.

site template: An XML-based definition of site settings, including formatting, lists, views, and elements such as text, graphics, page layout, and styles. Site templates are stored in .stp files in the content database.

site-collection relative URL: A URL that is relative to the site collection that contains a resource, and does not begin with a leading slash (/).

site-relative URL: A URL that is relative to the site that contains a resource and does not begin with a leading slash (/).

slicer: A mechanism that is used to filter data in one or more PivotTable reports or cube functions.

slicer header: A user interface element that displays the caption for a slicer that can be or is being used to filter one or more PivotTable reports or cube functions. It also provides a command button for removing all applied filters.

slicer item: A user interface element that displays filter values that can be applied to one or more PivotTable reports or cube functions by using a slicer.

slide: A frame that contains text, shapes, pictures, or other content. A slide is a digital equivalent to a traditional film slide.

slide layout: An organizational scheme, such as Title Only or Comparison, for content on a presentation slide.

Slide Library: A type of a document library that is optimized for storing and reusing presentation slides that conform to the format described in [ISO/IEC-29500:2008].

slide show: A delivery of a sequence of presentation slides, typically to an audience.

slide show broadcast: A delivery of a sequence of presentation slides, typically to an audience, as a single session between a protocol server and one or more protocol clients.

Slot: A storage location within a library. For example, a tape library has one slot for each tape that the library can hold. A stand-alone drivelibrary has no slots. Most libraries have at least four slots. Sometimes slots are organized into collections of slots called magazines. Magazines are usually removable.

smart document: A file that is programmed to assist the user as the user creates or updates the document. Several types of files, such as forms and templates, can also function as smart documents.

smart tag: A feature that adds the ability to recognize and label specific data types, such as people's names, within a document and displays an action button that enables users to perform common tasks for that data type.

smart tag actions button: A user interface control that displays a menu of actions that are associated with a specific smart tag.

smart tag indicator: A triangular symbol that appears in the bottom right corner of a cell and indicates that the cell contains a smart tag.

smart tag recognizer: An add-in that can interpret a specific type of smart tag, such as an address or a financial symbol, in a document and display an action button that enables users to perform common tasks for that data type.

snapshot: (1) A copy of a workbook that contains only values and formatting. It does not contain any formulas or data connections.

(2) The point in time at which a shadow copy of a volume is made.

SOAP: A lightweight protocol for exchanging structured information in a decentralized, distributed environment. SOAP uses XML technologies to define an extensible messaging framework, which provides a message construct that can be exchanged over a variety of underlying protocols. The framework has been designed to be independent of any particular programming model and other implementation-specific semantics. SOAP 1.2 supersedes SOAP 1.1. See [SOAP1.2-1/2003].

SOAP 1.1: (1) Version 1.1 of the SOAP (Simple Object Access Protocol) standard. For the complete definition of SOAP 1.1, see [SOAP1.1].

(2) Simple Object Access Protocol (SOAP) 1.1 [SOAP1.1].

SOAP 1.2: Version 1.2 of the SOAP standard. Some examples of changes introduced in SOAP 1.2 include an updated envelope structure, as well as updates to the structure and semantics for SOAP faults. The binding framework was also updated to allow binding to non-HTTP transports. Starting with version 1.2, SOAP is no longer an acronym. See also SOAP. For the complete specification of SOAP 1.2, see [SOAP1.2-1/2007] and [SOAP1.2-2/2007].

SOAP action: The HTTP request header field used to indicate the intent of the SOAP request, using a URI value. See [SOAP1.1] section 6.1.1 for more information.

SOAP body: A container for the payload data being delivered by a SOAP message to its recipient. See [SOAP1.2-1/2007] section 5.3 for more information.

SOAP envelope: A container for SOAP message information and the root element of a SOAP document. See [SOAP1.2-1/2007] section 5.1 for more information.

SOAP fault: A container for error and status information within a SOAP message. See [SOAP1.2-1/2007] section 5.4 for more information.

SOAP fault code: The algorithmic mechanism for identifying a SOAP fault. See [SOAP1.2-1/2007] section 5.6 for more information.

SOAP fault detail: A string containing a human-readable explanation of a SOAP fault, which is not intended for algorithmic processing. See [SOAP1.2-1/2007] section 5.4.5 for more information.

SOAP header: A mechanism for implementing extensions to a SOAP message in a decentralized manner without prior agreement between the communicating parties. See [SOAP1.2-1/2007] section 5.2 for more information.

SOAP message: An XML document consisting of a mandatory SOAP envelope, an optional SOAP header, and a mandatory SOAP body. See [SOAP1.2-1/2007] section 5 for more information.

SOAP Message: The data encapsulated in a SOAP envelope that flows back and forth between a protocol client and a web service, as described in [SOAP1.1].

SOAP Message Transmission Optimization Mechanism (MTOM): A method that is used to optimize the transmission and format of SOAP messages by encoding parts of the message, as described in [SOAP1.2-MTOM].

SOAP node: An element in a SOAP message that identifies the node on a SOAP message path that causes a fault to occur, as described in [SOAP1.1].

SOAP operation: An action that can be performed by a Simple Object Access Protocol (SOAP) service, as described in [SOAP1.1].

SOAP session extensions (SSE): Extensions to DSML that make it possible to maintain state information across multiple request/response operations.

social data: A collection of ratings, tags, and comments about webpages and items on a SharePoint site or the Internet. Individual users create this data and, by default, share it with other users.

social networking: The use of websites and services that provide enhanced information and interaction capabilities with regard to people and resources.

social rating: A user-defined value that indicates the perceived quality of a webpage or item on a SharePoint site or the Internet. Individual users create these ratings and, by default, share them with other users.

social tag: A user-defined keyword and hyperlink to a webpage or item on a SharePoint site or the Internet. Individual users create these tags and, by default, share them with other users.

social tag user: The user who created a social tag.

SOCKS proxy: A network device that routes network packets between protocol clients and protocol servers by using the SOCKS protocol and the proxy server features that are described in [RFC1928].

solution gallery: A gallery (1) that is used to store solution packages.

solution package: A compressed file that can be deployed to a server farm or a site. It can contain assemblies, resource files, site and feature definitions, templates, code access security policies, and Web Parts. Solution packages have a .wsp file name extension.

sort: A process that arranges cells in ascending or descending order, based on cell content.

sort condition: A condition that determines how to sort cells in a range.

sort order: (1) A set of rules in a search query that defines the order of relevant results. Each rule consists of a managed property, such as modified date or size, and a direction for order, such as ascending or descending. Multiple rules are applied sequentially.

(2) A specific arrangement of cells that is based on cell content. The order can be ascending or descending.

(3) The order in which the rows in a Table object are requested to appear. This can involve sorting on multiple properties and sorting of categories (5).

(4) The set of rules in a search query that define the ordering of rows in the search result. Each rule consists of a property (for example, name or size) and a direction for the ordering (ascending or descending). Multiple rules are applied sequentially.

source data: (1) The data that is used as the basis for charts, PivotTable reports, and other data visualization features.

(2) See source file.

source file: A file on a source location that is to be copied by RDC. Sometimes referred to as source.

source location: (1) A server, disk, file, document, or other collection of information from which a file or data is copied.

(2) The source location is the location from which a file is being transferred after it has been compressed with RDC.

source term: A specific instance of a term, in a specific term set, that is used to define permissions for the term.

source variation site: A website (2) that contains a collection of publishing pages to be copied to other sites, which are referred to as target variation sites. After the publishing pages are copied to a target variation site, they can be translated into another language. See also target variation site.

spam: An unsolicited email message.

sparkline: A miniature chart that can be inserted into text or embedded in a cell on a worksheet to illustrate highs, lows, and trends in data.

special folder: One of a default set of Folder objects that can be used by an implementation to store and retrieve user data objects.

SpecificFinder: A type of MethodInstance that can be called to return a specific EntityInstance of a specific Entity given its EntityInstanceId. SpecificFinder input is defined and ordered by the Identifiers that are associated with the Entity that is associated with the Method that is associated with the SpecificFinder.

split pane: A pane that consists of two or more discrete areas of a window. Each area displays content and scrolls independently from other areas of the window. See also frozen panes.

SplitButtonMRUPopup control: A type of SplitButtonPopup control whose icon changes to reflect the command that the user most recently selected from the menu that is displayed by that button.

SplitButtonPopup control: A type of Button control that performs an action when clicked, and can also display a menu of related commands when the user clicks a drop-down arrow that appears on the button.

SplitDropDown control: A type of Button control that performs a default action when clicked, and can also expand to display a list of other possible actions when the user clicks a drop-down arrow that appears on the button.

spool file: A representation of application content data than can be processed by a print driver. Common examples are enhanced metafile format and XML paper specification. For more information, see [MSDN-META] and [MSDN-XMLP].

spreadsheet data model: A local Online Analytical Processing (OLAP) storage of data used by a spreadsheet application.

SQL authentication: One of two mechanisms for validating attempts to connect to instances of SQL Server. In SQL authentication, users specify a SQL Server login name and password when they connect. The SQL Server instance ensures that the login name and password combination are valid before permitting the connection to succeed.

SQL statement: (1) A complete phrase in SQL that begins with a keyword and completely describes an action to be taken on data.

(2) A character string expression in a language that the server understands.

sRGB: (1) A standard color space that enables various devices, including cameras, scanners, displays, and printers, to produce colors that are reasonably identical, as described in [IEC-RGB].

(2) A standard, predefined color space that is portable across all devices and allows accurate color matching with little overhead. sRGB was developed by Hewlett-Packard and Microsoft and is specified in [IEC-RGB]. It is available to users of Windows. Windows NT 3.1, Windows NT 3.5, Windows NT 3.51, Windows 95, and Windows NT 4.0: sRGB color management technology is not available.

SsoTicketFilter: A FilterDescriptor type that is used in conjunction with a single sign-on (SSO) system to transmit an SSO ticket to a line-of-business (LOB) system.

SSRTP stream: A sequence of Scale Secure Real-Time Transport Protocol (SSRTP) packets from a sender and to a receiver who are identified by the same Synchronization Source (SSRC).

staging file: The backup of the changed file or folder. It encapsulates the data and attributes associated with a replicated file or folder. By creating the staging file, File Replication Service (FRS) ensures that file data can be supplied to partners regardless of any activity that might prevent access to the original file. The staging files can be compressed to save disk space and network bandwidth during replication.

staging object: A block of data that represents an instance of an object type as defined in the connected data source.

stamp: Information that describes an originating update by a domain controller (DC). The stamp is not the new data value; the stamp is information about the update that created the new data value. A stamp is often called metadata, because it is additional information that "talks about" the conventional data values. A stamp contains the following pieces of information: the unique identifier of the DC that made the originating update; a sequence number characterizing the order of this change relative to other changes made at the originating DC; a version number identifying the number of times the data value has been modified; and the time when the change occurred.

start address: A URL that identifies a point at which to start a crawl. Administrators specify start addresses when they create or edit a content source.

startup directory: The directory from which an application opens data files when the application starts.

state changing: A type of operation that changes the state of a session.

statement of health ReportEntry (SoH ReportEntry): A collection of data that represents a specific aspect of the health state of a client.

static rank: The component of a rank that does not depend on a search query. It represents the perceived importance of an item and can be related to the origin of the item, and relationships between the item and other items or business rules that are defined in the search application. See also dynamic rank.

station: Any device that implements LLTD.

Status-Code: A 3-digit integer result code in an HTTP response message, as described in [RFC2616].

Status-Line: The first line of an HTTP response message, as described in [RFC2616].

stemming: A type of query expansion that factors relationships between words by reducing inflected words to their stem form or expanding stems to their inflected forms. For example, the words "swimming" and "swam" can be associated with the stem "swim."

stock chart: A custom chart type that is designed to display stock market data on multiple series; for example, high, low, close, and volume.

stop word: A language-specific token that is not indexed and is ignored in a query. It typically has low semantic content and is used only for grammatical purposes, for example “a” and “and” in the English language.

storage: (1) An element of a compound file that is a unit of containment for one or more storages and streams, analogous to directories in a file system, as described in [MS-CFB].

(2) A set of elements with an associated CLSID used to identify the application or component that created the storage.

(3) A storage object, as defined in [MS-CFB].

stored procedure: A precompiled collection of SQL statements and, optionally, control-of-flow statements that are stored under a name and processed as a unit. They are stored in a SQL database and can be run with one call from an application. Stored procedures return an integer return code and can additionally return one or more result sets. Also referred to as sproc.

store-relative form: See store-relative URL.

store-relative URL: A URL that consists only of a path segment and does not include the leading and trailing slash.

stream: (1) An element of a compound file, as described in [MS-CFB]. A stream contains a sequence of bytes that can be read from or written to by an application, and they can exist only in storages.

(2) A flow of data from one host to another host, or the data that flows between two hosts.

(3) A sequence of bytes written to a file on the NTFS file system. Every file stored on a volume that uses the NTFS file system contains at least one stream, which is normally used to store the primary contents of the file. Additional streams within the file may be used to store file attributes, application parameters, or other information specific to that file. Every file has a default data stream, which is unnamed by default. That data stream, and any other data stream associated with a file, may optionally be named.

(4) A sequence of bytes that typically encodes application data.

(5) A sequence of ASF media objects ([ASF] section 5.2) that can be selected individually. For example, if a movie has an English and a Spanish soundtrack, each may be encoded in the ASF file as a separate stream. The video data would also be a separate stream.

(6) A sequence of messages whose delivery is guaranteed exactly once and in order.

(7) A set of tracks interchangeable at the client when playing media.

(8) An individual audio or video data-flow in a presentation. The media data in an individual stream always uses the same media dataformat.

(9) A flow of data from one host to another host. May also be used to reference the flowing data.

(10) A stream object, as defined in [MS-CFB].

stream cipher: A cryptographic algorithm that transforms plaintext bits into cipher text one bit or byte at a time. When the process is reversed, cipher text is transformed into plaintext one bit or byte at a time. See also block cipher.

StreamAccessor: A type of MethodInstance that can be called to retrieve a Field (4) of an EntityInstance in the form of a data stream of bytes.

streaming: (1) The act of transferring content from a sender to a receiver.

(2) The act of processing a part of an XML Infoset without requiring that the entire XML Infoset be available.

strikethrough formatting: A formatting option in which characters are crossed out by horizontal line.

stripe band: One or more adjacent columns (2) or rows (2) that are in a table and have the same stripe formatting.

stripe formatting: A table formatting option that applies background colors to alternating rows (2) or columns (2) to increase legibility.

stroke order: A sort order that arranges items in a sort range according to the number of strokes that is used to write each glyph. Stroke order is used when sorting text that is written in some East Asian languages.

strong name: A name that consists of the simple text name, version number, and culture information of an assembly, strengthened by a public key and a digital signature that is generated over the assembly.

structural object class: An object class that is not an 88 object class and can be instantiated to create a new object.

structured document tag: An entity in a document that is used to denote content that is stored as XML data.

structured document tag bookmark: An entity in a document that is used to denote the location and presence of a structured document tag.

Structured Query Language (SQL): A database query and programming language that is widely used for accessing, querying, updating, and managing data in relational database systems.

structured XML query: An XML document that specifies a query that may contain multiple subqueries. For more information, see section 2.2.16.

STUN candidate: A candidate whose transport addresses are STUN-derived transport addresses. See also Simple Traversal of UDP through NAT (STUN).

STUN-derived transport address: A derived transport address that is obtained by an endpoint (5) from a configured STUN server. See also Simple Traversal of UDP through NAT (STUN).

style: A set of formatting options that is applied to text, tables, charts, and other objects in a document.

SubAuthority: A variable-length array of unsigned, 32-bit integer values that is part of a security identifier (SID). Each of these values is called a SubAuthority. All SubAuthority values excluding the last one collectively identify a domain. The last value, termed as the relative identifier (RID), identifies a particular group or account relative to the domain. For more information, see [SIDD].

submit: The process of sending data to an external data source such as a web service, database, Internet message, or SharePoint site.

subquery: A component of a structured XML query. For more information, see section 2.2.16.

Subrequest: A request within a SYNC_VOLUMES request. For details on requests, see section 3.1.4.

SUBSCRIBE: A Session Initiation Protocol (SIP) method that is used to request asynchronous notification of an event or a set of events at a later time.

subscriber: (1) A Session Initiation Protocol (SIP) client that is making a SUBSCRIBE request.

(2) An application that needs to receive events that are published by another application.

(3) An application that needs to receive historical data published by another application.

subscription: (1) The result of a SUBSCRIBE request from a Session Initiation Protocol (SIP) element.

(2) The end result of an act of a SIP element sending a SUBSCRIBE request.

(3) A registration performed by a subscriber to specify a requirement to receive events, future messages, or historical data.

(4) A request for a copy of a publication to be delivered to a subscriber. For more information, see [MSDN-RepPub].

subsite: A complete website that is stored in a named subdirectory of another website. The parent website can be the top-level site of a site collection or another subsite. Also referred to as subweb.

suffix length: An integer that represents the number of bytes of the current index key string minus the number of identical bytes at the beginning of the current and previous index key strings. See also prefix length.

summary: The orientation of outline expand and outline collapse symbols in relation to the data that is outlined.

Super P-frame (SP-frame): A special P-frame that uses the previous cached frame instead of the previous P-frame or I-frame as a reference frame.

surface chart: A chart that shows a three-dimensional surface that connects a set of data points. It can be used to determine the optimum combination between two sets of data.

surrogate pair: A pair of 16-bit Unicode encoding values that, together, represent a single 32-bit character, as described in [ISO-10646]. For more information about surrogate pairs and combining character sequences, see the Unicode Standard in [UNICODE].

survey list: A list that is preconfigured and optimized for conducting surveys and compiling survey results into graphical views.

survivable mode: A mode that enables a protocol client to access basic voice services if some server or network resources are unavailable.

switch: (1) A data link-layer device that propagates frames between segments and allows communication among stations on different segments. Stations that are connected through a switch see only those frames destined for their segments. Compare this term with hub and router.

(2) A logical device type that provides options to run a terminal window or a custom script for a dial-up connection. This device type is not used for dialing a connection.

switchable site map provider: A site map provider that uses other site map providers as its source data when constructing a site map.

symbol file: A file that contains information about an executable image, including the names and addresses of functions and variables.

symmetric key: A secret key used with a cryptographic symmetric algorithm. The key needs to be known to all communicating parties. For an introduction to this concept, see [CRYPTO] section 1.5.

synchronization engine: A code module that creates an integrated view of objects that are stored in multiple, connected data sources, and manages information in those data sources.

synchronization source (SSRC): The source of a stream (6) of RTP packets, identified by a 32-bit numeric SSRC identifier carried in the RTP header so as not to be dependent upon the network address. All packets from a synchronization source form part of the same timing and sequence number space, so a receiver groups packets by synchronization source for playback. Examples of synchronization sources include the sender of a stream of packets derived from a signal source such as a microphone or a camera, or an RTP mixer. A synchronization source may change its data format (for example, audio encoding) over time. The SSRC identifier is a randomly chosen value meant to be globally unique within a particular RTP session. A participant need not use the same SSRC identifier for all the RTP sessions in a multimedia session; the binding of the SSRC identifiers is provided through RTCP. If a participant generates multiple streams in one RTP session, for example from separate video cameras, each MUST be identified as a different SSRC. See [RFC3550] section 3.

Synchronization Source (SSRC): A 32-bit identifier that uniquely identifies a media stream (2) in a Real-Time Transport Protocol (RTP) session. An SSRC value is part of an RTP packet header, as described in [RFC3550].

Synchronized Multimedia Integration Language (SMIL): An XML-based language that enables a data stream to be divided, transmitted as separate streams, and then recombined as a single stream, as described in [W3C-SMIL3.0].

syntax: See attribute syntax.

system health agent (SHA): The client components that make declarations on a specific aspect of the client health state and generate a statement of health ReportEntry (SoH ReportEntry).

system palette: (1) An itemization of all of the colors that can be displayed by the operating system for a device.

(2) The palette that is actually in use to reproduce colors on a device such as a computer screen. A system palette has predefined, device-specific colors that are used by default, so that individual applications do not have to set them up.

system partition: A partition that contains the boot loader needed to invoke the operating system on the boot partition. A system partition must also be an active partition. It can be, but is not required to be, the same partition as the boot partition.

system resources: The physical resources of a server computer, such as memory, disk space, CPU, and network bandwidth.

system volume (SYSVOL): A shared directory that stores the server copy of the domain's public files that must be shared for common access and replication throughout a domain.

SystemID: A binary identifier that is used to uniquely identify a security principal (2). For Windows integrated authentication, it is a security identifier (SID). For an ASP.NET Forms Authentication provider, it is the binary representation that is derived from a combination of the provider name and the user login name.