Copyright © 2002 W3C® (MIT, INRIA, Keio), All Rights Reserved. W3C liability, trademark, document use, and software licensing rules apply.
Glossary of Web Service terms
This document is an editors' copy that has no official standing.
This section describes the status of this document at the time of its publication. Other documents may supersede this document. The latest status of this document series is maintained at the W3C.
Comments on this document should be sent to www-wsa-comments@w3.org (public archive). It is inappropriate to send discussion emails to this address.
Discussion of this document takes place on the public www-ws-arch@w3.org mailing list (public archive) per the email communication rules in the Web Services Architecture Working Group charter.
The software architecture of a program or computing system is the structure or structures of the system, which comprise software components, the externally visible properties of those components, and the relationships among them."
An association between an Interface, a concrete protocol and a data format. A Binding specifies the protocol and data format to be used in transmitting messages defined by the associated Interface.
A Client is a software that makes use of a Web Service, acting as its 'user' or 'customer'.
A logical grouping of operations. An Interface represents an abstract Service type, independent of transmission protocol and data format.
The basic unit of communication between a Web service and a Client: data to be communicated to or from a Web service as a single logical transmission.
A set of messages related to a single Web service action.
An association between a Binding and a network address, specified by a URI, that may be used to communicate with an instance of a Service. A Port indicates a specific location for accessing a Service using a specific protocol and data format.
A reference architecture is the generalized architecture of several end systems that share one or more common domains. The reference architecture defines the infrastructure common to the end systems and the interfaces of components that will be included in the end systems. The reference architecture is then instantiated to create a software architecture of a specific system. The definition of the reference architecture facilitates deriving and extending new software architectures for classes of systems. A reference architecture, therefore, plays a dual role with regard to specific target software architectures. First, it generalizes and extracts common functions and configurations. Second, it provides a base for instantiating target systems that use that common base more reliably and cost effectively.
A collection of EndPoints.
The formal set of conventions governing the format and processing rules of an SOAP message and basic control of interaction among applications generating and accepting SOAP messages for the purpose of exchanging information along an SOAP message path.
The syntactic construct or structure defined in an SOAP module. SOAP blocks are processed by SOAP handlers.
An SOAP handler is responsible for processing SOAP Blocks targeted at it according to any rules defined in the corresponding SOAP module.
An SOAP module is a basic unit for the definition of extensions to SOAP. An SOAP module encapsulates the definition of one or more related SOAP blocks and their associated processing rules. These processing rules are realised in one or more SOAP handlers.
The formal set of rules for carrying an SOAP message within or on top of another protocol for the purpose of transmission. Typical SOAP bindings include carrying an SOAP message within an HTTP message, or on top of TCP.
An SOAP message is the basic unit of communication between peer SOAP processors.
An SOAP Processor processes an SOAP message according to the formal set of conventions defined by SOAP. It is responsible for enforcing the rules that govern the exchange of SOAP messages and accesses the services provided by the underlying protocols through SOAP bindings. An SOAP processor is responsible for invoking local SOAP Handlers and providing the services of the SOAP layer to those SOAP handlers. Non-compliance with SOAP conventions or failure in an SOAP handler can cause an SOAP processor to generate an SOAP fault (see also SOAP receiver and SOAP sender).
The outermost syntactical construct or structure of an SOAP message defined by SOAP within which all other syntactical elements of the message are enclosed.
A collection or zero or more SOAP blocks which may be targeted at any SOAP receiver within the SOAP message path
A collection or zero, or more SOAP blocks targeted at the ultimate SOAP receiver within the SOAP message path.
A special SOAP block which contains fault information generated by an SOAP processor or handler.
An SOAP Node is an encapsulation of SOAP handlers and their associated SOAP processor.
An SOAP Sender is an SOAP Node that transmits an SOAP Message.
An SOAP Receiver is an SOAP Node that accepts an SOAP Message.
The set of SOAP senders and SOAP receivers through which a single SOAP message passes. This includes the initial SOAP sender, zero or more SOAP intermediaries, and the ultimate SOAP receiver.
The SOAP sender that originates an SOAP message as the starting point of an SOAP message path.
An SOAP intermediary is both an SOAP receiver and an SOAP sender, target-able from within an SOAP message. It processes a defined set of blocks in an SOAP message along an SOAP message path. It acts in order to forward the SOAP message towards the ultimate SOAP receiver.
The SOAP receiver that the initial sender specifies as the final destination of the SOAP message within an SOAP message path. An SOAP message may not reach the ultimate recipient because of an SOAP fault generated by an SOAP processor or an SOAP Handler along the SOAP message path.
A set of abstract constructs that can be used to describe common data types and link relationships in data defined by SOAP modules.
The syntactic representation of data described by the SOAP data model within one or more SOAP blocks in an SOAP message.
A Web Service is a software application identified by a URI [IETF RFC 2396], whose interfaces and binding are capable of being defined, described and discovered by XML artifacts and supports direct interactions with other software applications using XML based messages via internet-based protocols.
A Web service is a software application identified by a URI, whose interfaces and binding are capable of being defined, described and discovered by XML artifacts and supports direct interactions with other software applications using XML based messages via internet-based protocols
To positively verify the identity of a user, device, or other entity in a computer system, often as a prerequisite to allowing access to resources in a system.
Assuring information will not be accidentally or maliciously altered or destroyed.
Method by which the sender of data is provided with proof of delivery and the recipient is assured of the sender's identity, so that neither can later deny having processed the data.
Assuring information will be kept secret, with access limited to appropriate persons.
The process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource. Usually, authorization is in the context of authentication. Once a subject is authenticated, it may be authorized to perform different types of access.
To interact with a system entity in order to manipulate, use, gain knowledge of, and/or obtain a representation of some or all of a system entity’s resources. [RFC2828]
Protection of resources against unauthorized access; a process by which use of resources is regulated according to a security policy and is permitted by only authorized system entities according to that policy. [RFC2828]
Any information used for access control purposes, including contextual information [X.812]. Contextual information might include source IP address, encryption strength, the type of operation being requested, time of day, etc. Portions of access control information may be specific to the request itself, some may be associated with the connection via which the request is transmitted, and others (for example, time of day) may be "environmental". [RFC2829]
A description of the type of authorized interactions a subject can have with a resource. Examples include read, write, execute, add, modify, and delete.
The quality or state of being anonymous, which is the condition of having a name or identity that is unknown or concealed. [RFC2828]
Data that is transferred to establish a claimed principal identity. [X.800]
A system entity whose identity can be authenticated. [X.811]
A computer process that relays a protocol between client and server computer systems, by appearing to the client to be the server and appearing to the server to be the client. [RFC2828]
A plan and set of principles for an administrative domain and its security domains that describe the security services that a system is required to provide to meet the needs of its users, the system elements required to implement the services, and the performance levels required in the elements to deal with the threat environment. A complete security architecture for a system addresses administrative security, communication security, computer security, emanations security, personnel security, and physical security, and prescribes security policies for each. A complete security architecture needs to deal with both intentional, intelligent threats and accidental threats. A security architecture should explicitly evolve over time as an integral part of its administrative domain’s evolution. [RFC2828]
An environment or context that is defined by security models and a security architecture, including a set of resources and set of system entities that are authorized to access the resources. One or more security domains may reside in a single administrative domain. The traits defining a given security domain typically evolve over time.
An environment or context that is defined by security models and a security architecture, including a set of resources and set of system entities that are authorized to access the resources. One or more security domains may reside in a single administrative domain. The traits defining a given security domain typically evolve over time.
A set of rules and practices that specify or regulate how a system or organization provides security services to protect resources. Security policies are components of security architectures. Significant portions of security policies are implemented via security services, using security policy expressions. [RFC2828]
A mapping of principal identities and/or attributes thereof with allowable actions. Security policy expressions are often essentially access control lists.
A processing or communication service that is provided by a system to give a specific kind of protection to resources, where said resources may reside with said system or reside with other systems, for example, an authentication service or a PKI-based document attribution and authentication service. A security service is a superset of AAA services. Security services typically implement portions of security policies and are implemented via security mechanisms. [RFC2828]
An active element of a computer/network system. For example, an automated process or set of processes, a subsystem, a person or group of persons that incorporates a distinct set of functionality. [RFC2828]
A compact string of characters for identifying an abstract or physical resource.
1. To interact with a system entity in order to manipulate, use, gain knowledge of, and/or obtain a representation of some or all of a system entity’s resources. [1] 2. in the system domain, what an End user does to a Web site using a browser, or what a Client does to a Web service; 3. in the business domain, what a Consumer does to a Web service or a Web site hosted by a Producer;
Protection of resources against unauthorized access; a process by which use of resources is regulated according to a security policy and is permitted by only authorized system entities according to that policy.
A description of the type of authorized interactions a subject can have with a resource. Examples include read, write, execute, add, modify, and delete.
The set of attributes that together define a user’s access to a given service. Each service may define a unique set of attributes to define an account. An account defines user or system access to a resource or service. A means of supporting a hierarchy of adaptations or properties related to portlet invocation for the consuming portal
A notification that your state has changed.
A person who installs or maintains a system (for example, a SAML-based security system) or who uses it to manage system entities, users, and/or content (as opposed to application purposes; see also End User). An administrator is typically affiliated with a particular administrative domain and may be affiliated with more than one administrative domain.
The quality or state of being anonymous, which is the condition of having a name or identity that is unknown or concealed.
A distinct characteristic of an object. An object’s attributes are said to describe the object. Objects’ attributes are often specified in terms of their physical traits, such as size, shape, weight, and color, etc., for real-world objects. Objects in cyberspace might have attributes describing size, type of encoding, network address, etc. Salient attributes of an object is decided by the beholder.
A system entity that is used by an end user to access a Web site. A browser provides a run-time environment for distributed application components on the client’s device.
a system entity (not a business entity) that accesses a Web service.
The quick brown foxAny organizational entity
A web application that uses one or more WSIA Web Services
A business entity that accesses a Web service or a Web site. Contrast with End user and Customer A business entity creating Consumer Applications
A business entity that purchases goods or services
1. A natural person who makes use of resources for application purposes (as opposed to system management purposes; see Administrator, User). [4] 2. A person who uses a device specific Browser to access a Web site
A notification that some state in the system (that you are interested in) has changed
to run an application on an execution platform, which typically consists of hardware and software
The unique identifier for a person, organization, resource, or service.
The process whereby a user presents credentials to an authentication authority, establishes a simple session, and optionally establishes a rich session.
The process of presenting credentials to an authentication authority, establishing a simple session, and optionally establishing a rich session.
Refers to any person who interacts with the system and/or the network the system is managing.
A business entity that hosts a Web service or a Web site One or more WSIA web services A business entity creating, publishing and supporting WSIA Web Services
A business entity that sells access to or use of Web services
To actively request information from a system entity.
To provide information to a system entity that did not actively request it.
The combination of access rights available to a particular actor.
1. A specific type of resource that is not physically obtained by a user, but is accessed periodically by the user. [4] 2. See Web Service
Characteristics or qualifiers of a service – which describe details like type of encoding, network address, mailbox size for email, storage space for backup, and so on.
The unique combination of service attributes and service options that is provisioned to an identity
The choices available within a service – which could be custom configured by the service provider as opposed to a service attribute which is inherent to the service. For example, a Gold Option and a Silver Option – which have to be part of the provisioning data.
The organizational entity that provides the service
A lasting interaction between system entities, often involving a user, typified by the maintenance of some state of the interaction for the duration of the interaction.
An informal term for an administrative domain in geographical or DNS name sense. It may refer to a particular geographical or topological portion of an administrative domain, or it may encompass multiple administrative domains, as may be the case at an ASP site. one portal-specific example of an administrative domain, user group, etc.
An active element of a computer/network system. For example, an automated process or set of processes, a subsystem, a person or group of persons that incorporates a distinct set of functionality.
A period of time after which some condition becomes true if some event has not occurred. For example, a session that is terminated because its state has been inactive for a specified period of time is said to “time out”.
A natural person who makes use of a system and its resources for any purpose [7]. See also administrator, end user. A natural person who makes use of a system and its resources for any purpose. See also end user.
The unique identity for a user with a system