Source: resources/glossary.md
> Source: resources/glossary.md
Glossary
A shared glossary across all research domains.
Identity Management
| Term | Definition |
|---|---|
| IdP | Identity Provider — a system that creates, maintains, and manages identity information |
| SP | Service Provider — an application that relies on an IdP for authentication |
| SSO | Single Sign-On — one login grants access to multiple systems |
| OAuth 2.0 | Authorization framework for delegated access |
| OIDC | OpenID Connect — identity layer built on top of OAuth 2.0 |
| SAML | Security Assertion Markup Language — XML-based SSO standard |
| MFA | Multi-Factor Authentication |
| SCIM | System for Cross-domain Identity Management — standard for provisioning |
| PAM | Privileged Access Management |
| IGA | Identity Governance and Administration |
| One Identity Manager (OIM) | Identity governance and administration platform tracked in projects/identity-management/ for delivery, release-management, sandbox, and developer learning notes |
| Release Management | Controlled process for packaging, testing, approving, deploying, monitoring, and closing changes; see projects/identity-management/delivery/release-management.md for the OIM-specific playbook |
| IT Shop | OIM Self-Service/Request layer for products/entitlements with approval workflows (“ShoppingRack”); in DB heavily backed by BaseTree structures and DBQueue processing |
| BaseTree | Central OIM table that backs many hierarchical “view tables” via UID_OrgRoot='QER-V-…' filters (e.g. ITShopOrg view) |
| UID_OrgRoot | BaseTree “role class” discriminator; determines which View-Table a BaseTree row belongs to (e.g. QER-V-ITShopOrg) |
| ITShopInfo | Short code on BaseTree rows under QER-V-ITShopOrg that indicates node type (observed: SH, BO, PR, CU) |
| ITSHOPSOURCE | OIM preprocessor condition used to enable/disable “IT Shop source” (ITShopSrc*) model components; when disabled, related SQL views can compile to where 1 = 0 (sandbox observation: ITShopSrcHasADSGroup) |
| ITShopSrc | “IT Shop source” view tables (e.g. ITShopSrcHasADSGroup) that map to placement tables like BaseTreeHasADSGroup; may be preprocessor-gated by ITSHOPSOURCE |
| AccProduct | Service item / product definition used for IT Shop requests; linked from IT Shop product nodes via BaseTree.UID_AccProduct in the sandbox |
| AccProductGroup | Service category grouping for AccProduct (hierarchy); used for service-catalog structure and metadata assignments |
| IsDeactivatedByPreProcessor | Flag (e.g. on DialogColumn) indicating a model component/column is deactivated by preprocessor conditions; shipped IT Shop SQL and triggers can explicitly gate behavior on IsDeactivatedByPreProcessor = 0 |
| QERReuse | QER table for “multi-request resources” / reusable request objects; carries IsForITShop, IsITShopOnly, and UID_AccProduct |
| BaseTreeAssign | Matrix/config table indicating which object types can be assigned to roles/organizations and whether they are IT Shop-enabled (IsITShopEnabled) |
| DBQueue Processor | One Identity Manager processing mechanism for asynchronous database tasks; in 9.3+ scheduling/control is handled by the Database Agent Service rather than the older SQL-heavy agent model |
| Database Agent Service | One Identity Manager service component that centrally schedules and distributes DBQueue work in current versions; OneIM 9.3 release notes describe a fundamental revision with process control moved into the .NET part |
| DialogDBQueue | DBQueue input/staging table populated by triggers, procedures, or manual inserts before work is moved into active processing structures |
| QBMDBQueueCurrent | Current DBQueue processing table used by the Database Agent; includes slot state and current task/object rows |
| QBMDBQueueTask | DBQueue task definition table; in OneIM 10 includes task procedure, bulk behavior, dependency-related metadata, CustomWeight, and related runtime controls |
| QBMDBQueueTaskDepend | DBQueue task dependency graph table used by the Database Agent to sequence tasks while respecting predecessors |
| QBMDBQueuePond | Temporary DBQueue buffer used during synchronization; tasks are moved back to processing after synchronization or by daily maintenance |
| QBM_PDBQueueInsert_Single / QBM_PDBQueueInsert_Bulk | Standard stored procedures used by shipped triggers/procs and custom SQL to enqueue one DBQueue object or a table-valued batch of DBQueue objects |
| QBM_PJobCreate | Low-level job creation stored procedure family for creating Job queue entries from SQL, often used when database-side logic must delegate work to object-layer/job-service processing |
| HandleObject | OIM job-service operation family used by QBM_PJobCreate_HO* procedures to run object-layer insert/update/delete/template/method/event behavior from queued jobs |
| DialogMethod | OIM metadata table for UI/dialog methods; useful for discovering visible object actions, but not a complete list of every object-layer/customizer method callable by QBM_PJobCreate_HOCallMethod |
| Customizer | OIM object-layer .NET logic class that registers table-specific methods, functions, validation, formatting, templates, and custom-generated events |
| CustomMethodAttribute / method behavior | Object-layer method metadata that controls how a method is exposed and whether it changes external state, is single-object only, needs saving, or has other execution semantics |
| QBMEvent | OIM metadata table defining process events per table; use (TableName, EventName) with JobEventGen to verify what QBM_PJobCreate_HOFireEvent will trigger |
| JobEventGen | OIM process-generation mapping from QBMEvent to JobChain; confirms which process chains are generated when an event is fired |
| GenProcID | Generation/process identifier used to correlate DBQueue and Job queue activity for a logical operation or calculation context |
Agent Tools
| Term | Definition |
|---|---|
| Agent | An AI system that can take actions, use tools, and complete multi-step tasks |
| Tool use | Ability for an LLM to call external functions or APIs |
| Agentic loop | The repeated cycle of think → act → observe an agent runs |
| MCP | Model Context Protocol — standard for connecting AI models to tools/data |
| Context window | Maximum input+output tokens an LLM can process at once |
| Prompt caching | Reusing cached prompt prefixes to reduce cost and latency |