Glossary for the OASIS WebService Interactive Applications (WSIA/WSRP)

Document identifier:


Publication date:


            Work in progress

Contributors (alphabetical):

Jeffrey C. Broberg




By Whom



15 Jan 2002


Initial document from other OASIS TC


29 Jan 2002


Removed invalid references, editorial comments


01 Feb 2002


Added entries from dgisolfi


15 Feb 2002


Moved to color coding for TC activities, and change to the Notation semantics


03 May 2002


Finished adding all submissions from both wsrp/wsia

Glossary for the OASIS WebService Interactive Applications (WSIA) 1

1. Introduction. 3

2. Notation. 3

3. Glossary. 3

Appendix A. Notices. 7

Appendix B. References. 8



1. Introduction

This document is currently a committee submission in line with the recommendations in the proposed WSIA documentation guidelines. Upon agreement of the committee this document will become wsia-draft-glossary-01.doc and form the basis of OASIS WSIA glossary of terms.

In the true spirit of re-use, this is document is very largely based on fellow OASIS glossary documents as referenced. Comments should be directed to the list at

This document comprises an overall glossary for the OASIS WebService Interactive Applications Technical Committee (WSIA) and it’s subgroups. Individual WSIA documents and/or subgroup documents may either reference this document and/or  “import” select subsets of terms.

Relevant sources for the terms and definitions herein are referenced in Appendix B. Please refer to those sources for definitions of terms not explicitly defined here. Where possible and convenient, hypertext links directly to definitions within the aforementioned sources are included. Some definitions are quoted directly from the sources; some are modified to fit the context of the OASIS WSIA.

2. Notation

Terms that are slated to be deleted are highlighted like so.

Terms that need to be reviewed or defined are highlighted like so.

Terms that need final acceptance are highlighted like so.

Definition senses and/or options – i.e., we need to decide which one(s) to base our usage on -- are denoted by “(a)”, “(b)”, and so on.

Terms in italics within the glossary refer to other terms that are defined in the glossary.

3. Glossary

Following are the defined terms (to be) used in the WSIA specifications and related documents.



1.       To interact with a system entity in order to manipulate, use, gain knowledge of, and/or obtain a representation of some or all of a system entity’s resources.  [1]

2.       in the system domain, what an End user does to a Web site using a browser, or what a Client does to a Web service;

3.       in the business domain, what a Consumer does to a Web service or a Web site hosted by a Producer;

Access Control

Protection of resources against unauthorized access; a process by which use of resources is regulated according to a security policy and is permitted by only authorized system entities according to that policy. [1]

Access Rights

A description of the type of authorized interactions a subject can have with a resource. Examples include read, write, execute, add, modify, and delete. [3]


  1. The set of attributes that together define a user’s access to a given service. Each service may define a unique set of attributes to define an account. An account defines user or system access to a resource or service.
  2. A means of supporting a hierarchy of adaptations or properties related to portlet invocation for the consuming portal


 A notification that your state has changed.


A person who installs or maintains a system (for example, a SAML-based security system) or who uses it to manage system entities, users, and/or content (as opposed to application purposes; see also End User). An administrator is typically affiliated with a particular administrative domain and may be affiliated with more than one administrative domain.


The quality or state of being anonymous, which is the condition of having a name or identity that is unknown or concealed. [1]


Also see ‘Service Attribute’

A distinct characteristic of an object. An object’s attributes are said to describe the object. Objects’ attributes are often specified in terms of their physical traits, such as size, shape, weight, and color, etc., for real-world objects. Objects in cyberspace might have attributes describing size, type of encoding, network address, etc. Salient attributes of an object is decided by the beholder.


To confirm a system entity’s asserted principal identity with a specified, or understood, level of confidence. [2] [8]


The process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource. Usually, authorization is in the context of authentication. Once a subject is authenticated, it may be authorized to perform different types of access. [3]


A system entity that is used by an end user to access a Web site. A browser provides a run-time environment for distributed application components on the client’s device.


a system entity (not a business entity) that accesses a Web service.  Contrast with Browser and Customer.


Any organizational entity


  1. A business entity that accesses a Web service or a Web site.  Contrast with End user and Customer
  2. A business entity creating Consumer Applications

Consumer Application

A web application that uses one or more WSIA Web Services


Data that is transferred to establish a claimed principal identity. [4]


A business entity that purchases goods or services

End User

1.       A natural person who makes use of resources for application purposes (as opposed to system management purposes; see Administrator, User). [4]

2.       A person who uses a device specific Browser to access a Web site


A notification that some state in the system (that you are interested in) has changed

Host (verb)

to run an application on an execution platform, which typically consists of hardware and software


A piece of markup that is not part of a full document

-          part of aggregate

-          not binary, but not necessarily XML

-          generally a markup language

-          can aggregate a bunch of fragments


The unique identifier for a person, organization, resource, or service.

Login, Logon, Sign-On

The process whereby a user presents credentials to an authentication authority, establishes a simple session, and optionally establishes a rich session.

Logout, Logoff, Sign-Off

The process of presenting credentials to an authentication authority, establishing a simple session, and optionally establishing a rich session.


Refers to any person who interacts with the system and/or the network the system is managing.

Portal Application

Component that is the controlling application and is responsible for aggregating portlet content and displaying the portal page

Portal Modes

View, edit, help config, is under debate

Portal Page

Complete document rendered by a portal


Component that generates fragment

Portlet Application

The equivalent of the WAR file

Portlet Class

Implementation of portlet as a Java class (compiled code)

Portlet Container

Environment where portlets run (lifecycle, security)

Portlet Content

What the portlet renders without controls that decorate it (fragment that the portlet creates)

Portlet Instance

Portlet object with given user configuration; essentially the handle

Portlet Object

Instance of portlet class (no defined portal state)

Portlet Window

Portlet has a set of controls that decorate it

Portlet Window Instance

Instantiation of a portlet on a page in a portlet window


A system entity whose identity can be authenticated. [8]


  1. A business entity that hosts a Web service or a Web site
  2. One or more WSIA web services
  3. A business entity creating, publishing and supporting WSIA Web Services


A business entity that sells access to or use of Web services


To actively request information from a system entity.


To provide information to a system entity that did not actively request it.


The combination of access rights available to a particular actor.


1.       A specific type of resource that is not physically obtained by a user, but is accessed periodically by the user. [4]

2.       See Web Service

Service Attribute

Characteristics or qualifiers of a service – which describe details like type of encoding, network address, mailbox size for email, storage space for backup, and so on.

Service Offer

The unique combination of service attributes and service options that is provisioned to an identity

Service Option

The choices available within a service – which could be custom configured by the service provider as opposed to a service attribute which is inherent to the service. For example, a Gold Option and a Silver Option – which have to be part of the provisioning data.

Service Provider

The organizational entity that provides the service


A lasting interaction between system entities, often involving a user, typified by the maintenance of some state of the interaction for the duration of the interaction.


  1. An informal term for an administrative domain in geographical or DNS name sense. It may refer to a particular geographical or topological portion of an administrative domain, or it may encompass multiple administrative domains, as may be the case at an ASP site.
  2. one portal-specific example of an administrative domain, user group, etc.

System / System Entity

An active element of a computer/network system. For example, an automated process or set of processes, a subsystem, a person or group of persons that incorporates a distinct set of functionality. [1] [7]


A period of time after which some condition becomes true if some event has not occurred. For example, a session that is terminated because its state has been inactive for a specified period of time is said to “time out”.

Uniform Resource Locator (URL)

Defined as “a compact string representation for a resource available via the Internet.” URLs are a subset of URI. [7]


  1. A natural person who makes use of a system and its resources for any purpose [7]. See also administrator, end user.
  2. A natural person who makes use of a system and its resources for any purpose. See also end user.

Username/User Identity

The unique identity for a user with a system

Web Service

A Web Service is a software component that is described via WSDL and is capable of being accessed via standard network protocols such as but not limited to SOAP over HTTP.

WSIA Web Service

A SOAP-compliant Web Service that adheres to noe of more WSIA interfaces.

Web Site

A hosted application that can be accessed by an End user using a browser

Window States

Max, min, normal, detached


WSIA Interface

A programmatic interface defined by the WSIA committee to support the creation of Web Services that encapsulate and integrate user-facing interactive applications.

WSRP Service

Presentation oriented, interactive web services that can be aggregated by consuming applications

-          WSRP services can be published, found, and bound in a standard manner, describing themselves with standardized metadata

XML (Extensible Markup Language)

Extensible Markup Language, abbreviated XML [6], describes a class of data objects called XML documents and partially describes the behavior of computer programs which process them. XML is an application profile or restricted form of SGML, the Standard Generalized Markup Language [ISO 8879]

XML Namespace

A collection of names, identified by a URI reference, which are used in XML documents as element types and attribute names. An XML namespace is often associated with an XML schema. For example, SAML defines two schemas, and each has a unique XML namespace.

Appendix A. Notices

OASIS takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on OASIS's procedures with respect to rights in OASIS specifications can be found at the OASIS website. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification, can be obtained from the OASIS Executive Director.

OASIS invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to implement this specification. Please address the information to the OASIS Executive Director.

Copyright  © The Organization for the Advancement of Structured Information Standards [OASIS] 2001. All Rights Reserved.

This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to OASIS, except as needed for the purpose of developing OASIS specifications, in which case the procedures for copyrights defined in the OASIS Intellectual Property Rights document must be followed, or as required to translate it into languages other than English.

The limited permissions granted above are perpetual and will not be revoked by OASIS or its successors or assigns.


Appendix B. References

Many of the definitions in this glossary are based on those found in the references below:   [1], [2] , [3], [4], [5], [6], [7], [8]

[1] Internet Security Glossary. Robert W. Shirey, RFC 2828, May 2000.
Available at:

[2] Trust in Cyberspace. Committee on Information Systems Trustworthiness, Fred B. Schneider - Editor, National Research Council, ISBN 0-309-06558-5, 1999.
Online copy and ordering information available at:

[3] Security Taxonomy and Glossary. Lynn Wheeler, on-going.
Available at:; see for the list of sources.

[4] Information processing systems -- Open Systems Interconnection -- Basic Reference Model -- Part 2: Security Architecture. ISO 7498-2:1989, ITU-T Recommendation X.800 (1991).
Available at:

[5] Uniform Resource Locators (URL). T. Berners-Lee, L. Masinter, M. McCahill, RFC1738, December 1994.
Available at:

[6] Extensible Markup Language (XML) 1.0 (Second Edition), W3C Recommendation 6 October 2000.
Available at:

[7] Uniform Resource Identifiers (URI): Generic Syntax. T.  Berners-Lee, R. Fielding, L. Masinter. August 1998.
Available at:

[8] Security Frameworks for Open Systems: Authentication Framework. ITU-T Recommendation X.811 (1995 E), ISO/IEC 10181-2: 1996 (E).