Glossary for the OASIS WebService Interactive Applications (WSIA)
Document identifier:
Location:
Publication date:
Status:
Work in progress
Contributors (alphabetical):
Jeffrey C. Broberg
|
Rev |
Date |
By Whom |
What |
|
00 |
15 Jan 2002 |
jbroberg |
Initial document from other OASIS TC |
|
00 |
29 Jan 2002 |
jbroberg |
Removed invalid references, editorial comments |
|
00 |
01 Feb 2002 |
jbroberg |
Added entries from dgisolfi |
|
01 |
15 Feb 2002 |
jbroberg |
Moved to color coding for TC activities, and change to the Notation semantics |
Glossary for the OASIS WebService Interactive
Applications (WSIA)
1. Introduction
This document is
currently a committee submission in line with the recommendations in the
proposed WSIA documentation guidelines. Upon agreement of the committee this
document will become wsia-draft-glossary-01.doc and form the basis of OASIS
WSIA glossary of terms.
In the true spirit
of re-use, this is document is very largely based on fellow OASIS glossary
documents as referenced. Comments should be directed to the list at wsia@lists.oasis-open.org
This document comprises an overall glossary for the OASIS WebService
Interactive Applications Technical Committee (WSIA) and it’s subgroups.
Individual WSIA documents and/or subgroup documents may either reference this
document and/or “import” select subsets
of terms.
Relevant sources for the terms and definitions herein are referenced in Appendix B. Please refer to those sources for definitions of terms not explicitly defined here. Where possible and convenient, hypertext links directly to definitions within the aforementioned sources are included. Some definitions are quoted directly from the sources; some are modified to fit the context of the OASIS WSIA.
2. Notation
Terms that are slated to be deleted are highlighted like so.
Terms that need to be reviewed or defined are highlighted like so.
Terms that need final acceptance are highlighted like so.
Definition senses and/or options – i.e., we need to decide which one(s) to base our usage on -- are denoted by “(a)”, “(b)”, and so on.
Terms in italics within the glossary refer to other terms that are defined in the glossary.
3. Glossary
Following are the defined terms (to be) used in the WSIA specifications and related documents.
|
Access |
1. To interact with a system entity in order to manipulate, use, gain knowledge of, and/or obtain a representation of some or all of a system entity’s resources. [1] 2. in the system domain, what an End user does to a Web site using a browser, or what a Client does to a Web service; 3. in the business domain, what a Consumer does to a Web service or a Web site hosted by a Producer; |
|
Access Control |
Protection of resources against unauthorized access; a process by which use of resources is regulated according to a security policy and is permitted by only authorized system entities according to that policy. [1] |
|
Access Rights |
A description of the type of authorized interactions a subject
can have with a resource. Examples include read, write, execute, add,
modify, and delete. [3] |
|
Account |
The set of attributes that together define a user’s access to a given service. Each service may define a unique set of attributes to define an account. An account defines user or system access to a resource or service. |
|
Actor |
An
entity (i.e. person or system entity) involved in a provisioning use case.
Examples of actors include people, application programs, security services,
any computing or non-computing services, etc. Actor may be seen as
effectively synonymous with system or person. |
|
An environment or context that is defined by some combination of one or more administrative policies, Internet Domain Name registrations, civil legal entities (for example, individuals, corporations, or other formally organized entities), plus a collection of hosts, network devices and the interconnecting networks (and possibly other traits), plus (often various) network services and applications running upon them. An administrative domain may contain or define one or more security domains. An administrative domain may encompass a single site or multiple sites. The traits defining an administrative domain may, and in many cases will, evolve over time. Administrative domains may interact and enter into agreements for providing and/or consuming services across administrative domain boundaries. |
|
|
A person who installs or maintains a system (for example, a SAML-based security system) or who uses it to manage system entities, users, and/or content (as opposed to application purposes; see also End User). An administrator is typically affiliated with a particular administrative domain and may be affiliated with more than one administrative domain. |
|
|
The quality or state of being anonymous, which is the condition of having a name or identity that is unknown or concealed. [1] |
|
|
Attribute Also see ‘Service Attribute’ |
A distinct characteristic of an object. An object’s
attributes are said to describe the object. Objects’ attributes are often
specified in terms of their physical traits, such as size, shape, weight, and
color, etc., for real-world objects. Objects in cyberspace might have
attributes describing size, type of encoding, network address, etc. Salient
attributes of an object is decided by the beholder. |
|
To confirm a system entity’s asserted principal identity with a specified, or understood, level of confidence. [2] [8] |
|
|
The process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource. Usually, authorization is in the context of authentication. Once a subject is authenticated, it may be authorized to perform different types of access. [3] |
|
|
A system entity that is used by an end user to access a Web site. A browser provides a run-time environment for distributed application components on the client’s device. |
|
|
Client |
a system entity (not a business entity) that accesses a Web service. Contrast with Browser and Customer. |
|
Any organizational entity |
|
|
The unique identity for an organizational entity with a system |
|
|
Consumer |
a business entity that accesses a Web service or a Web site. Contrast with End user and Customer |
|
Credential |
Data that is transferred to establish a claimed principal
identity. [4]
|
|
A business entity that purchases goods or services |
|
|
De-provisioning |
Specific term for the deletion of an account from a service. |
|
1. A natural person who makes use of resources for application purposes (as opposed to system management purposes; see Administrator, User). [4] 2. A person who uses a device specific Browser to access a Web site |
|
|
Environment
that may contain many or all of the following: multiple organizations like
suppliers, buyers, partners; managed services; contractors, employees,
private to public registry systems. |
|
|
Host (verb) |
to run an application on an execution platform, which typically consists of hardware and software |
|
Identity |
The unique identifier for a person, organization, resource, or service. |
|
A business entity that assumes both a consumer and producer role (CxPy) but does not generate or host the final application that is presented to the end-user. For example: FAME in this scenario. |
|
|
Login, Logon, Sign-On |
The process whereby a user presents credentials to an authentication authority, establishes a simple session, and optionally establishes a rich session. |
|
The
process of presenting credentials to an authentication authority,
establishing a simple session, and optionally establishing a rich session. |
|
|
Party |
Refers to any person who interacts with the system and/or the network the system is managing. |
|
Person |
Represents an individual human |
|
Principal |
A system entity whose identity can be
authenticated. [8] |
|
Producer |
A business entity that hosts a Web service or a Web site |
|
Provider |
A business entity that sells access to or use of Web services |
|
The action(s) that
initiate the process(es) of provisioning – create, activate, modify,
suspend, enable, delete, etc. |
|
|
The set of all
data elements required to complete a provisioning action. This could
include details about the service provider, company, user,
service attributes and service options, and so on. |
|
|
Any system
entity that supports the receipt and processing of SPML artifacts |
|
|
Provisioning Service Point (PSP) |
Reference to a given
Provisioning Service |
|
A resource managed
by a PSP. Example PST's are:
databases, directories, ERP Applications, Operating Systems, NIS instances,
NT domains, individual machines, Applications, |
|
|
To actively request information from a system entity. |
|
|
Push |
To provide information to a system entity that did not actively request it. |
|
Party or system that is authorized to request a resource for the party. |
|
|
Resource |
An application or service supporting the provisioning or account or attribute data. |
|
Role |
The combination of access rights available to a particular actor. |
|
Security |
Security refers to a collection of safeguards that ensure the confidentiality of information, protect the system(s) or network(s) used to process it, and control access to it (them). Security typically encompasses the concepts of secrecy, confidentiality, integrity, and availability. It is intended to ensure that a system resists potentially correlated attacks. [2] |
|
Service |
1. A specific type of resource that is not physically obtained by a user, but is accessed periodically by the user. [4] 2.
See Web Service |
|
Characteristics or qualifiers of a service – which describe details like type of encoding, network address, mailbox size for email, storage space for backup, and so on. |
|
|
Service Offer |
The unique combination of service attributes and service options that is provisioned to an identity |
|
The choices available within a service – which could be custom configured by the service provider as opposed to a service attribute which is inherent to the service. For example, a Gold Option and a Silver Option – which have to be part of the provisioning data. |
|
|
Service Provider |
The organizational entity that provides the service |
|
Session |
A lasting interaction between system entities, often involving a user, typified by the maintenance of some state of the interaction for the duration of the interaction. |
|
Site |
An informal term for an administrative domain in geographical or DNS name sense. It may refer to a particular geographical or topological portion of an administrative domain, or it may encompass multiple administrative domains, as may be the case at an ASP site. |
|
Service Provisioning Markup Language. The name for the XML framework proposed by the OASIS PSTC |
|
|
Subject |
A principal identity about which a given provisioning request is made or requested. |
|
System / System Entity |
An active element of a computer/network system. For example, an automated process or set of processes, a subsystem, a person or group of persons that incorporates a distinct set of functionality. [1] [7] |
|
Time-Out |
A period of time after which some condition becomes true if some event has not occurred. For example, a session that is terminated because its state has been inactive for a specified period of time is said to “time out”. |
|
Uniform Resource Locator (URL) |
Defined as “a compact string representation for a resource available via the Internet.” URLs are a subset of URI. [7] |
|
User |
A natural person who makes use of a system and its
resources for any purpose [7]. See also administrator, end user. |
|
Username/User Identity |
The unique identity for a user with a system |
|
Vendor |
A business entity that sells goods. |
|
Web Service |
A Web Service is a software component that is described via WSDL and is capable of being accessed via standard network protocols such as but not limited to SOAP over HTTP. |
|
Web Site |
A hosted application that can be accessed by an End user using a browser |
|
XML (Extensible Markup Language) |
Extensible Markup Language, abbreviated XML [6], describes a class of data objects called XML documents and partially describes the behavior of computer programs which process them. XML is an application profile or restricted form of SGML, the Standard Generalized Markup Language [ISO 8879] |
|
XML Namespace |
A collection of names, identified by a URI reference, which are used in XML documents as element types and attribute names. An XML namespace is often associated with an XML schema. For example, SAML defines two schemas, and each has a unique XML namespace. |
OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on OASIS's procedures with respect to rights in OASIS specifications can be found at the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification, can be obtained from the OASIS Executive Director.
OASIS invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to implement this specification. Please address the information to the OASIS Executive Director.
Copyright © The Organization for the Advancement of Structured Information Standards [OASIS] 2001. All Rights Reserved.
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to OASIS, except as needed for the purpose of developing OASIS specifications, in which case the procedures for copyrights defined in the OASIS Intellectual Property Rights document must be followed, or as required to translate it into languages other than English.
The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns.
This document and the information contained herein is provided on an “AS IS” basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Many of the definitions in this glossary are based on those found in the references below: [1], [2] , [3], [4], [5], [6], [7], [8]