Application Programming Interface. Software interacts with libraries, applications, and systems through APIs they expose. See also DataONE APIs.
Authentication is the process of verifying a claim made by a subject that it should be allowed to act on behalf of a given principal (person, computer, process, etc.). Authentication in DataONE is described in Use Case 12 - User Authentication.
Authoritative Member Node
Recorded in SystemMetadata for an object, the Authoritative Member Node has all the rights of the rightsHolder to maintain and curate the object, including making any changes necessary.
The process of verifying that a subject has permission to access specific resources or perform specific actions. Authorization in DataONE is described in Use Case 13 - User Authorization.
A string representing the computed hash of an object using an algorithm supported by the DataONE infrastructure (MD5 or SHA-1). Checksums are used to assist with the bit-level preservation of content.
Refers to the essential, core components of the DataONE cyberinfrastructure. This includes the Member Nodes, Coordinating Nodes, and the Investigator Toolkit components.
Coordinating Node
One of at least three nodes in the DataONE cyberinfrastructure that is responsible for maintaining a complete collection of all science metadata, all system metadata, a record of the location of all objects stored in the DataONE system, and provides mechanisms for search and retrieval of all content. Coordinating Nodes store all original copies of science metadata. All Coordinating Node content is replicated between other Coordinating Nodes. Coordinating Nodes drive the replication of content between Member Nodes.
Coordinating Node Replication
Refers to the process by which content that appears on any one Coordinating Node is mirrored to all other Coordinating Nodes. See also Member Node synchronization and data replication.
Typically refers to science data. Where ambiguity between the science data and another form of data may be interpreted or implied, the full term “science data” should be used.
science data
Science data that is stored in the DataONE system. See What is Data (DataONE Perspective)? for a description of what is considered data in DataONE. DataONE services always return exact copies of the original data as submitted to DataONE.
data package
A data package is a set of one or more data objects and science metadata objects that together represent a scientifically useful unit of information. Data packages are defined in DataONE using resource maps.
data replication
The transfer of content between Member Nodes as directed by the Coordinating Nodes. Also referred to as just “replication”.
An NSF sponsored project implementing cyberinfrastructure according to guidelines indicated in the NSF DataNet RFP.
detail code
Part of an exception that represents an error condition in the DataONE APIs. The error detail code is specific to an API method and is intended to be only useful to the implementors of the service that generates an exception to help identify the location in the code where the exception originated. See also Exceptions.
Distinguished Name
X.509 Distinguished Name


See also Subject.

Group represents metadata about a Subject that represents a collection of other Subjects. Groups provide a convenient mechanism to express access rules for certain roles that are not necessarily tied to particular principals over time.
Persistent Unique Identifier. A string of printable Unicode characters that uniquely identifies an object within the DataONE infrastructure. See Types.Identifier
Refers to the properties of a user or principal that enables the DataONE system to distinguish them from other users.
Investigator Toolkit
Software libraries, applications, and other tools that enable interaction with the DataONE system, typically by enabling storage of content on a Member Node and/or by enabling search and retrieval of content from the DataONE infrastructure.
Data describing data. There are currently two distinct forms of metadata managed by DataONE, science metadata and system metadata.
Member Node
A data holding node that implements all or the essential elements of the member mode APIs (see Member Node APIs). Member Nodes accept content from users and may store content replicated from other member nodes as directed by a Coordinating Node.
node event log
The node event log is implemented on Coordinating Nodes and Member Nodes and should record all object access and manipulation events.
Origin Member Node
The Member Node where an object was first registered with the DataONE infrastructure.
A principal refers to the entity (e.g. a person) that is assigned one or more subjects.
public user
Public User
The default user identity used when a service is called without supplying user credentials. The public user SHOULD never have write access to any services and MAY be limited access to some services in addition to the usual restrictions imposed by access control. The public user subject can be any of “Public”, “AuthenticatedUser”, “VerifiedUser”.
node registry
Node Registry
A list of nodes participating in DataONE maintained by Coordinating Nodes. Entries in node registry may be retrieved through the CNCore.listNodes() method of a Coordinating Node.
See Coordinating Node replication or data replication.
replication target
A Member Node that can be directed by a Coordinating Node to retrieve content from another Member node to support the process of replication.
resource map
resource maps
Rights Holder
The Subject that has full control over the access control rules for an object.
science metadata
Metadata that describes the data that is replicated across the Member Nodes.
In the context of DataONE, a session refers to the operations that occur with a single authentication token.
Princpals (users) that are a recognized identity in the DataONE system.
Member Node synchronization
The process of updating a Coordinating Node with the science and system metadata that appears on a Member Node. Also referred to as just “synchronization”.
system metadata
System Metadata
Metadata that is used internally by the DataONE system to record system properties about each object stored in the DataONE system. See Types.SystemMetadata and SystemMetadata. Also referred to as sysmeta.
An X509 certificate generated by a trusted authority and is used to absolutely and unambiguously identify a principal.
A Subject is verified in DataONE after going through a process to verify that the stated identity matches with an actual identity for the subject.
Characters that produce no visible output other than influencing the spacing of other characters. For example the space character (ASCII 0x20) and the tab character (ASCII 0x09) are whitespace characters.

Related Topics