Glossary for the OASIS WebService Interactive Applications (WSIA/WSRP)
Document identifier:
Location:
Publication date:
Status:
Work in progress
Contributors (alphabetical):
Jeffrey C. Broberg
Rev |
Date |
By Whom |
What |
00 |
15 Jan 2002 |
jbroberg |
Initial document from other OASIS TC |
00 |
29 Jan 2002 |
jbroberg |
Removed invalid references, editorial comments |
00 |
01 Feb 2002 |
jbroberg |
Added entries from dgisolfi |
01 |
15 Feb 2002 |
jbroberg |
Moved to color coding for TC activities, and change to the Notation semantics |
03 |
03 May 2002 |
Jbroberg |
Finished adding all submissions from both wsrp/wsia |
Glossary for the OASIS WebService Interactive
Applications (WSIA)
This document is
currently a committee submission in line with the recommendations in the
proposed WSIA documentation guidelines. Upon agreement of the committee this
document will become wsia-draft-glossary-01.doc and form the basis of OASIS
WSIA glossary of terms.
In the true spirit
of re-use, this is document is very largely based on fellow OASIS glossary
documents as referenced. Comments should be directed to the list at wsia@lists.oasis-open.org
This document comprises an overall glossary for the OASIS WebService
Interactive Applications Technical Committee (WSIA) and it’s subgroups.
Individual WSIA documents and/or subgroup documents may either reference this
document and/or “import” select subsets
of terms.
Relevant sources for the terms and definitions herein are referenced in Appendix B. Please refer to those sources for definitions of terms not explicitly defined here. Where possible and convenient, hypertext links directly to definitions within the aforementioned sources are included. Some definitions are quoted directly from the sources; some are modified to fit the context of the OASIS WSIA.
Terms that are slated to be deleted are highlighted like so.
Terms that need to be reviewed or defined are highlighted like so.
Terms that need final acceptance are highlighted like so.
Definition senses and/or options – i.e., we need to decide which one(s) to base our usage on -- are denoted by “(a)”, “(b)”, and so on.
Terms in italics within the glossary refer to other terms that are defined in the glossary.
Following are the defined terms (to be) used in the WSIA specifications and related documents.
Access |
1. To interact with a system entity in order to manipulate, use, gain knowledge of, and/or obtain a representation of some or all of a system entity’s resources. [1] 2. in the system domain, what an End user does to a Web site using a browser, or what a Client does to a Web service; 3. in the business domain, what a Consumer does to a Web service or a Web site hosted by a Producer; |
Access Control |
Protection of resources against unauthorized access; a process by which use of resources is regulated according to a security policy and is permitted by only authorized system entities according to that policy. [1] |
Access Rights |
A description of the type of authorized interactions a subject
can have with a resource. Examples include read, write, execute, add,
modify, and delete. [3] |
Account |
|
Action |
A notification that your state has changed. |
A person who installs or maintains a system (for example, a SAML-based security system) or who uses it to manage system entities, users, and/or content (as opposed to application purposes; see also End User). An administrator is typically affiliated with a particular administrative domain and may be affiliated with more than one administrative domain. |
|
The quality or state of being anonymous, which is the condition of having a name or identity that is unknown or concealed. [1] |
|
Attribute Also see ‘Service Attribute’ |
A distinct characteristic of an object. An object’s
attributes are said to describe the object. Objects’ attributes are often
specified in terms of their physical traits, such as size, shape, weight, and
color, etc., for real-world objects. Objects in cyberspace might have
attributes describing size, type of encoding, network address, etc. Salient
attributes of an object is decided by the beholder. |
To confirm a system entity’s asserted principal identity with a specified, or understood, level of confidence. [2] [8] |
|
The process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource. Usually, authorization is in the context of authentication. Once a subject is authenticated, it may be authorized to perform different types of access. [3] |
|
A system entity that is used by an end user to access a Web site. A browser provides a run-time environment for distributed application components on the client’s device. |
|
Client |
a system entity (not a business entity) that accesses a Web service. Contrast with Browser and Customer. |
Any organizational entity |
|
|
|
Consumer
Application |
A web application that uses one or more WSIA Web Services |
Credential |
Data that is transferred to establish a claimed principal
identity. [4]
|
A business entity that purchases goods or services |
|
1. A natural person who makes use of resources for application purposes (as opposed to system management purposes; see Administrator, User). [4] 2. A person who uses a device specific Browser to access a Web site |
|
Event |
A notification that some state in the system (that you are interested in) has changed |
to run an application on an execution platform, which typically consists of hardware and software |
|
Fragment |
A piece of markup that is not part of a full document -
part
of aggregate -
not
binary, but not necessarily XML -
generally
a markup language - can aggregate a bunch of fragments |
Identity |
The unique identifier for a person, organization, resource, or service. |
The process whereby a user presents credentials to an authentication authority, establishes a simple session, and optionally establishes a rich session. |
|
The
process of presenting credentials to an authentication authority,
establishing a simple session, and optionally establishing a rich session. |
|
Party |
Refers to any person who interacts with the system and/or the network the system is managing. |
Portal
Application |
Component that is the controlling application and is responsible for aggregating portlet content and displaying the portal page |
Portal
Modes |
View, edit, help config, is under debate |
Portal
Page |
Complete document rendered by a portal |
Portlet |
Component that generates fragment |
Portlet
Application |
The equivalent of the WAR file |
Portlet
Class |
Implementation of portlet as a Java class (compiled code) |
Portlet
Container |
Environment where portlets run (lifecycle, security) |
Portlet
Content |
What the portlet renders without controls that decorate it (fragment that the portlet creates) |
Portlet
Instance |
Portlet object with given user configuration; essentially the handle |
Portlet
Object |
Instance of portlet class (no defined portal state) |
Portlet
Window |
Portlet has a set of controls that decorate it |
Portlet
Window Instance |
Instantiation of a portlet on a page in a portlet window |
Principal |
A system entity whose identity can be
authenticated. [8] |
Producer |
|
Provider |
A business entity that sells access to or use of Web services |
To actively request information from a system entity. |
|
Push |
To provide information to a system entity that did not actively request it. |
The combination of access rights available to a particular actor. |
|
Service |
1. A specific type of resource that is not physically obtained by a user, but is accessed periodically by the user. [4] 2.
See Web Service |
Characteristics or qualifiers of a service – which describe details like type of encoding, network address, mailbox size for email, storage space for backup, and so on. |
|
Service Offer |
The unique combination of service attributes and service options that is provisioned to an identity |
The choices available within a service – which could be custom configured by the service provider as opposed to a service attribute which is inherent to the service. For example, a Gold Option and a Silver Option – which have to be part of the provisioning data. |
|
Service Provider |
The organizational entity that provides the service |
Session |
A lasting interaction between system entities, often involving a user, typified by the maintenance of some state of the interaction for the duration of the interaction. |
Site |
|
System / System Entity |
An active element of a computer/network system. For example, an automated process or set of processes, a subsystem, a person or group of persons that incorporates a distinct set of functionality. [1] [7] |
Time-Out |
A period of time after which some condition becomes true if some event has not occurred. For example, a session that is terminated because its state has been inactive for a specified period of time is said to “time out”. |
Uniform Resource Locator (URL) |
Defined as “a compact string representation for a resource available via the Internet.” URLs are a subset of URI. [7] |
User |
|
Username/User Identity |
The unique identity for a user with a system |
Web Service |
A Web Service is a software component that is described via WSDL and is capable of being accessed via standard network protocols such as but not limited to SOAP over HTTP. |
WSIA Web Service |
A SOAP-compliant Web Service that adheres to noe of more WSIA interfaces. |
Web Site |
A hosted application that can be accessed by an End user using a browser |
Window States |
Max, min, normal, detached |
WSIA Interface |
A programmatic interface defined by the WSIA committee to support the creation of Web Services that encapsulate and integrate user-facing interactive applications. |
WSRP Service |
Presentation oriented,
interactive web services that can be aggregated by consuming applications -
WSRP services can be published, found, and bound in a
standard manner, describing themselves with standardized metadata |
XML (Extensible Markup Language) |
Extensible Markup Language, abbreviated XML [6], describes a class of data objects called XML documents and partially describes the behavior of computer programs which process them. XML is an application profile or restricted form of SGML, the Standard Generalized Markup Language [ISO 8879] |
XML Namespace |
A collection of names, identified by a URI reference, which are used in XML documents as element types and attribute names. An XML namespace is often associated with an XML schema. For example, SAML defines two schemas, and each has a unique XML namespace. |
OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on OASIS's procedures with respect to rights in OASIS specifications can be found at the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification, can be obtained from the OASIS Executive Director.
OASIS invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to implement this specification. Please address the information to the OASIS Executive Director.
Copyright © The Organization for the Advancement of Structured Information Standards [OASIS] 2001. All Rights Reserved.
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to OASIS, except as needed for the purpose of developing OASIS specifications, in which case the procedures for copyrights defined in the OASIS Intellectual Property Rights document must be followed, or as required to translate it into languages other than English.
The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns.
This document and the information contained herein is provided on an “AS IS” basis and OASIS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Many of the definitions in this glossary are based on those found in the references below: [1], [2] , [3], [4], [5], [6], [7], [8]
[1] Internet
Security Glossary. Robert W. Shirey, RFC 2828, May 2000.
Available at: http://www.ietf.org/rfc/rfc2828.txt
[2] Trust in Cyberspace.
Committee on Information Systems Trustworthiness, Fred B. Schneider - Editor,
National Research Council, ISBN 0-309-06558-5, 1999.
Online copy and ordering information available at: http://www.nap.edu/readingroom/books/trust/
Glossary: http://www.nap.edu/readingroom/books/trust/trustapk.htm
[3] Security Taxonomy and Glossary.
Lynn Wheeler, on-going.
Available at: http://www.garlic.com/~lynn/secure.htm;
see http://www.garlic.com/~lynn/ for
the list of sources.
[4] Information
processing systems -- Open Systems Interconnection -- Basic Reference Model --
Part 2: Security Architecture. ISO 7498-2:1989, ITU-T Recommendation
X.800 (1991).
Available at: http://www.itu.int/itudoc/itu-t/rec/x/x500up/x800.html
[5]
Uniform Resource Locators
(URL). T. Berners-Lee, L. Masinter, M. McCahill, RFC1738, December
1994.
Available at: http://www.rfc-editor.org/rfc/rfc1738.txt
[6] Extensible
Markup Language (XML) 1.0 (Second Edition), W3C Recommendation 6 October 2000.
Available at: http://www.w3.org/TR/2000/REC-xml-20001006
[7] Uniform
Resource Identifiers (URI): Generic Syntax. T.
Berners-Lee, R. Fielding, L. Masinter. August 1998.
Available at: http://www.rfc-editor.org/rfc/rfc2396.txt
[8] Security Frameworks for Open Systems: Authentication Framework. ITU-T Recommendation X.811 (1995 E), ISO/IEC 10181-2: 1996 (E).