L (Security Glossary)

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

LDAP

See Lightweight Directory Access Protocol

Lightweight Directory Access Protocol

A more easily implemented subset of the X.500 DAP standard for directory services.

little-endian

A memory or data format in which the least significant byte is stored at the lower address or arrives first.

See also big-endian.

locally unique identifier

(LUID) A 64-bit value that is guaranteed to be unique on the operating system that generated it until the system is restarted.

local registration authority

(LRA) An intermediary between a publisher and a certification authority (CA). The LRA can, for example, verify a publisher's credentials before sending them to the CA.

Local Security Authority

(LSA) A protected subsystem that authenticates and logs users onto the local system. LSA also maintains information about all aspects of local security on a system, collectively known as the Local Security Policy of the system.

logical store

See virtual store.

logon data

Information presented to the system by a security principal for authentication.

logon identifier

An LUID that identifies a logon session. A logon ID is valid until the user logs off. A logon ID is unique while the computer is running; no other logon session will have the same logon ID. However, the set of possible logon IDs is reset when the computer starts up. To retrieve the logon ID from an access token, call the GetTokenInformation function for TokenStatistics; the logon ID is in the AuthenticationId member.

logon session

A logon session begins whenever a user logs on to a computer. All processes in a logon session have the same primary access token. The access token contains information about the security context of the logon session, including the user's SID, the logon identifier, and the logon SID.

logon SID

A security identifier (SID) that identifies a logon session. You can use the logon SID in a DACL to control access during a logon session. A logon SID is valid until the user logs off. A logon SID is unique while the computer is running; no other logon session will have the same logon SID. However, the set of possible logon SIDs is reset when the computer starts up. To retrieve the logon SID from an access token, call the GetTokenInformation function for TokenGroups.

low-level message functions

Message management functions that operate at a higher level than the base cryptographic functions. These functions provide functionality for encoding data for transmission and for decoding data that has been received. Low-level message functions provide more flexibility than simplified message functions, but require more function calls.

See also simplified message functions.

LSA

See Local Security Authority.

LUID

See locally unique identifier.