4.2.2 - Definitions

ACI :

Access Control Information. The set of all the information which might be relevant to an access control decision for a given subject.

ACDF :

Access Control Decision Function. It is the function used to decide whether a particular subject has a particular access right by virtue of applicable ACI items.

protected item :

A protected item is the element of directory information being accessed. The protected items are entries, attributes, attribute values and distinguished names. Access to each protected item can be separately controlled through ACI.

subject :

The entity acting on the server. It can be a person, a program, … It aggregates the identity and the security related attributes (passwords, ceritifcates…) for this entity.