Secrets are used to securely store confidential data such as passwords, OAuth tokens, and SSH keys in a Kubernetes cluster. By utilizing Secrets, you can exercise more control over how sensitive data is used and minimize the risk of accidental disclosure. By default, Secret values are encoded as base64 strings and stored unencrypted, but it's possible to configure Secrets to be encrypted when at rest. Pods can reference a Secret in various ways, including as an environment variable or a volume mount. It's worth noting that Secrets are intended for confidential data, while ConfigMaps are better suited for non-confidential data. external-link

Secure Digital Identity

Reliable and verifiable representation of an individual's personal information in a digital format. It enables individuals to securely access online services, conduct financial transactions, and protect their personal data. external-link

Security Profile

A specific collection of security properties for connectors is established that outlines various security aspects such as isolation level, attestation, and authentication. These properties express the minimum requirements that a Data Consumer must meet in order to access the exposed Data Endpoints. external-link

Security/Privacy by design

When developing software, Security-by-Design means that security and privacy requirements are considered as central system properties from the beginning of the design process. external-link


Selectors in Kubernetes enable users to filter a list of resources based on their labels. By applying selectors, it's possible to retrieve a subset of resources from a larger set of resources that match specific label criteria. Selectors are utilized when querying lists of resources to filter them based on their associated labels. external-link

Self Service Bi Self Service

In this context, self-service business intelligence refers to the ability of end users to independently create and implement their own analyses and reports using a set of approved tools and architecture provided and supported by the organization. external-link


Gaia-X Self-Descriptions (SD) provide a machine-readable format for describing Entities based on the Gaia-X Conceptual Model. These SDs are presented in JSON-LD format and conform to W3C Verifiable Presentations standards. SDs consist of one or multiple Verifiable Credentials, which can be signed or unsigned arrays of information. external-link

Self-Description Taxonomy

The entities identified within Gaia-X are defined by the Self-Description Schema, which establishes an inheritance structure. Each entity inherits characteristics from a single entity in the Conceptual Model, resulting in an inheritance hierarchy known as the Self-Description Taxonomy. external-link

Self-Sovereign Identity (SSI)

Self-sovereign identity (SSI) enables individuals to locally manage and possess their digital identities and other verifiable digital credentials. The usage of a dominant cloud service provider is not mandatory, nor is the creation of a central Gaia-X Identity provider. This grants users complete autonomy from third parties, empowering them to determine which identity information to share with others. All identity data is kept securely in the user's SSI wallet, ensuring that it is exclusively accessible by the individual.predominant cloud service provider, nor is the establishment of a central Gaia-X Identity provider necessary. Users are thus completely independent of third parties and decide themselves which identity data they share with whom, as all identity data is securely stored only with the individual user in their SSI wallet. external-link

Semantic Data

A data organization technique that represents the fundamental meaning of data elements and their interconnections. external-link

Service Access Point

In the OSI model, a label used to identify network endpoints is called a service access point. external-link

Service Catalog

In the past, there was an extension API designed to facilitate the use of externally managed software services within Kubernetes clusters. These services could include offerings such as cloud providers' datastore services. With this API, applications could list, provision, and bind with these external managed services without requiring in-depth knowledge about the services' creation or management processes external-link

Service Composition 

Service Composition refers to the capability of a Service Offering to specify and require the existence of functional dependencies. These functional dependencies describe behaviors that respond to external actions, matching the requirements and characteristics of the Service Offering. Within the Gaia-X conceptual model, the functional dependencies of a Service Offering can include Resources, Assets, or other Service Offerings. external-link

Service Instance 

A Service Instance is an instance of a Service Offering that is created and running during runtime, and is closely tied to a specific version of a Self-Description. Each Service Instance has a distinct identity and can consist of one or more atomic building blocks that are uniquely identifiable and associated with a Service Subscription. external-link

Service Subscription 

A Service Subscription is a contract between a Consumer and a Provider that enables and governs the use of one or more Service Instances. It is associated with a particular version of a Service Offering, which defines the attributes of the Service Instances that will be provided. The Service Subscription has a unique lifecycle separate from the Service Offering, and includes additional characteristics and rules. external-link

Service/Data Catalogue

A catalog of IT services is a comprehensive list of technology resources and offerings provided by the IT service provider within an organization. Its purpose is to facilitate the efficient and effective management of these services, while also meeting the expectations of end-users. external-link

Shapes Constraint Language (SHACL)

SHACL provides a language for validating RDF graphs based on a set of conditions expressed as shapes and other constructs in RDF form. In this process, the RDF graph that contains the shapes is called the shapes graph, while the one being validated is called the data graph. By validating data graphs against shapes graphs, SHACL allows for the creation of descriptions of data graphs that meet specific conditions, which can be useful for purposes such as building user interfaces, generating code, and integrating data. external-link


In order to avoid overcrowding low-intensity request flows with high-intensity ones, a technique called shuffle-sharding can be used to assign requests to queues with better isolation than simple hashing modulo the number of queues. The latter method hashes certain request characteristics, such as the 5-tuple of source and destination address, protocol, and source and destination port, and assigns requests to the resulting queue. However, all low-intensity flows that hash to the same queue will be crowded out by any high-intensity flow that is assigned to it. Shuffle-sharding, on the other hand, uses the metaphor of shuffling a deck of cards and dealing a hand to assign requests to queues. After hashing the request characteristics to produce a hash value with many bits, the hash value is used as a source of entropy to shuffle the deck and deal a hand of queues. The request is then assigned to one of the examined queues with the shortest length. With a modest hand size, it is not expensive to examine all the dealt queues and low-intensity flows have a better chance of avoiding the effects of high-intensity flows. However, with a large hand size, examining the dealt queues is costly and it becomes more difficult for low-intensity flows to dodge the collective effects of high-intensity flows. Therefore, the hand size should be chosen carefully to achieve optimal insulation external-link

SIG (special interest group)

Within the larger Kubernetes open source project, Special Interest Groups (SIGs) are communities of members who collectively manage a particular ongoing piece or aspect of the project. Each SIG has a shared interest in advancing a specific area, such as architecture, API machinery, or documentation. While SIGs are required to follow the SIG governance guidelines, they can establish their own contribution policy and communication channels as needed. For more information on Kubernetes SIGs and Working Groups, please refer to the kubernetes/community repository and the current list of SIGs and Working Groups external-link

Smart Analytics

SMART Analytics is a consulting company that focuses on providing professional services in Business Intelligence. Their area of expertise includes developing and implementing analytical solutions such as data visualization, dashboarding, analytical business applications, and reporting. external-link

Solid State Drives

Solid State Drives (SSDs) are storage devices that rely on flash memory and have no moving parts. Compared to traditional hard drives, SSDs offer higher speed, reliability, and energy efficiency. Some SSDs use the system's RAM as an additional cache to further enhance performance. external-link

Spatial Data Infrastructure

The goal of the Geodata Infrastructure (GDI) is to provide cross-disciplinary access to all available geodata that would otherwise be held separately by different institutions. The GDI can be limited to various spatial areas such as cities or nature reserves, as well as different hierarchical levels such as municipalities, federal states, countries, continents, and the world. external-link

Spatial Data Mining

Spatial data mining involves the discovery of potentially valuable patterns within large spatial datasets that were previously unknown. However, extracting useful patterns from spatial data is more challenging than from traditional data types, as it involves complex spatial relationships, spatial autocorrelation, and data types. external-link


Storage systems are crucial for storing data in today's online world. They serve not only for online data processing but also for archiving and data backup. An efficient storage solution can contribute to data being quickly and reliably available while ensuring high data security. external-link

Storage Class

A Storage Class is a Kubernetes object that enables administrators to define and describe different types of available storage for use in the cluster. Storage Classes can be used to map storage types to various policies, such as quality-of-service levels or backup policies, that are determined by cluster administrators. Each Storage Class includes three key fields: provisioner, parameters, and reclaimPolicy. These fields are used when a Persistent Volume associated with the class is dynamically provisioned. Users can request a specific Storage Class by specifying its name. external-link

Subscriber Identity Modul-Karten

A chip card known as a Subscriber Identity Module (SIM card) is utilized to identify the user of a mobile phone to the mobile network operator. These SIM cards are usually issued by mobile network operators. external-link

Supervisiory Control and Data Acquisition

Monitoring and controlling technical processes through a computer system. A SCADA solution is typically a platform that is connected to decentralized sensors, actuators, and controllers through various communication links. external-link

Supplier/Partner Requisition Interface

The standard order interface for NGA networks was developed by the working group S/PRI and serves as an interface for all customer change processes. external-link

System Adapter

A Data App that facilitates the integration of custom Data Sources and legacy systems through a Connector. external-link