Glossary of Terms

Accepting Security Provider
A security provider that is responsible for accepting secure requests and usually also for determining the invoker identity.

See Also: Identity
Access Control
Restrictions of a subject's access to a resource.

See Also: Access Controller, Subject
Access Controller
An application component that is responsible for access control decisions.

See Also: Access Control
A binding template element that indicates where you can find the endpoint of the Web service that is described by this entity. This may be a URL, an electronic mail address, or even a telephone number.

See Also: Universal Description, Discovery and Integration
Access Control List — A list of entities, together with their access rights, the members of which have authorized access to a resource.

See Also: Subject
A name that an entity uses in place of its real name.
The process of establishing the validity of a claimed identity, it usually consists of two steps: 1/ identification - presenting identity credentials to the security system, 2/ verification - generating identity that corroborates the binding between the identity principals and credentials.
The process of determining what types of activities are permitted. Usually, authorization is in the context of authentication. Once you have authenticated principals, they may be authorized different types of access or activity.

See Also: Authentication
Binding Template
For a businessService entry, a list of binding templates that point to specifications and other technical information about the service is associated. For example, a binding template might point to a URL that supplies information on how to invoke the service. The binding template also associates the service with a service type.

See Also: Universal Description, Discovery and Integration
Business Entity
A representation of information about a business. Each business entity contains a unique identifier, the business name, a short description of the business, some basic contact information, a list of categories and identifiers that describe the business, and a URL pointing to more information about the business.

See Also: Universal Description, Discovery and Integration
Business Service
A structure associated with a businessEntity that consists of a list of businessService structures offered by the businessEntity. Each businessService entry contains a business description of the service, a list of categories that describe the service, and a list of pointers to references and information related to the service.

See Also: Universal Description, Discovery and Integration
An electronic identifier from a certification authority that includes the certification authority signature made with its private key. The authenticity of the signature is validated by other users who trust the certification authority public key.

See Also: Certification Authority
Certificate Chain
A list of Certificates (usually X.509 Certificates), starting with a certificate for a given subject that is signed by the authority represented by the next certificate in the list. This list usually ends with the root certification authority certificate.

See Also: X.509
Certificate Revocation List
A data structure that enumerates digital certificates that have been invalidated by their issuer prior to when they were scheduled to expire.

See Also: Certificate
Certification Authority
An entity that issues digital certificates (especially X.509 certificates) and vouches for the binding between the data items in a certificate.

See Also: X.509
The act of connecting multiple computers and making them act like a single machine. Corporations often cluster servers to distribute computing-intensive tasks and risks. If one server in a cluster fails, some operating systems can move its processes to another server, allowing end users to continue working while the first server is revived.
Data that is transferred to establish the claimed identity of an entity. According to RFC2828, a credential is the information one entity presents to another to authenticate the other's identity.

See: Certificate Revocation List.
DMZ (Demilitarized Zone)
An unprotected server on which all parties have access to everything. A web server may be put in the DMZ while the assets it accesses, such as databases, remain behind a firewall. It works in conjunction with transport layer security.

See Also: TLS
The process of creating Java objects out of a SOAP message.
A class that creates a Java object and fills it with the data from a SOAP message.
Distinguished Name
A distinguished name (DN) is a set of attribute values that identify the path leading from the base of the directory information tree to the object that is named. An X.509 public-key certificate or CRL contains a DN that identifies its issuer, and an X.509 attribute certificate contains a DN or other form of a name that identifies its subject.

See Also: Certificate, X.509
One possible encoding for a SOAP message, indicating that the message must strictly follow a schema written in the WSDL Document.
Document Object Model - a tree of objects with interfaces for traversing the tree and writing an XML version of it, as defined by the W3C specification.
DOM element
A structure representing an XML element as defined by DOM.
Dynamic Call
Constructing and issuing a request whose signature is possibly not known until runtime.
Dynamic Invocation
Constructing and issuing a request whose signature is possibly not known until runtime.
EAR File
Applications deployed on an application server are usually delivered as one compressed file with .ear extension. The file may contain software components, web applications, and resources.
Encoded Serialization
Serialization that uses an encoding layer to read/write data.
A referenceable entity (using, for example, a URL or URI).
Generic Security Services API (GSS-API) is a programming interface that allows two applications to establish a security context independent of the underlying security mechanisms. Specified in RFC-2743.

See Also: Security Mechanism
A part of a SOAP message usually carrying some metadata.
HyperText Transfer Protocol. The Internet protocol, based on TCP/IP.
HyperText Transfer Protocol layered over the SSL protocol.

See Also: HTTP, Security Mechanism
Information that is unique within a security domain and that is recognized as denoting a particular entity within that domain.
Internet Engineering Task Force (
Initiating Security Provider
A security provider that is responsible for initiating and maintaining secure communication from the client to the server side.

See Also: Security Provider
A class for intercepting (that is, inspecting or modifying) the content of a message.
The Java Authentication and Authorization Service (JAAS) is a set of Java packages that enable services to authenticate and enforce access controls upon users.

See Also: Authentication, Authorization, Access Control
JAR File
A file compressed using the Java Archive (JAR) file format.
Java Collections
A set of collections defined by the Java Platform specification (java.util.Map, java.util.Set, java.util.List).
JavaBeans Activation Framework
Standard services used to determine the type of an arbitrary piece of data, encapsulate access to it, discover the operations available on it, and to instantiate the appropriate bean to perform said operation(s).
A standard created by Sun's Java Community Process (#101) intended as a high-level API for calling Web services.
A standard created by Sun's Java Community Process (#67) intended as a low-level API for calling Web services.
The Java Cryptography Extension - a set of packages that provide a framework and implementations for encryption, key generation and key agreement, and Message Authentication Code (MAC) algorithms. Support for encryption includes symmetric, asymmetric, block, and stream ciphers. The software also supports secure streams and sealed objects.
Java DataBase Connectivity (JDBC) Data Access API.
The Java Naming and Directory Interface; provides support for the common features of naming services including COS (Common Object Services), DNS (Domain Name System), LDAP (Lightweight Directory Access Protocol), and NIS (Network Information System).

See Also: LDAP
The Java Secure Socket Extension - a set of Java packages that enable secure Internet communications. It implements a Java version of SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols and includes functionality for data encryption, server authentication, message integrity, and optional client authentication. Using JSSE, developers can provide for the secure passage of data between a client and a server running any application protocol (such as HTTP, Telnet, NNTP, and FTP) over TCP/IP.
Short for Cryptographic Key - an input parameter that varies the transformation performed by a cryptographic algorithm.
Key Entry
An entry in the key store consisting of an alias, a cryptographic key, and a certificate chain.

See Also: Alias, Key Store, Key, Certificate Chain
Key Store
A component responsible for management of key entries.

See Also: Key Entry
Lightweight Directory Access Protocol (RFC-1777) - a client-server protocol that supports basic use of the directory servers, that is, database servers or other systems that provide information (such as digital certificates or CRL) about an entity whose name is known.

See Also: Certificate, CRL
Literal Serialization
Serialization driven only by XML Schema-type definitions.
Distributing processing and communications activity evenly across a computer network so that no single device is overwhelmed.
Local Name
A local part (without namespace) of a Qname.

See Also: Qualified Name
Data plus meta-information indicating how it is to be routed and handled. An example of a message is a SOAP message or transport-level message.
Message Processing
The process through which a message is processed by interceptors, serializers, and deserializers.
Multipurpose Internet Mail Extensions - a standard for sending data with attachments. This standard is set out in RFCs 2045, 2046, 2047, and 2048.
Multipart Content
Content encoded in accordance with the MIME specification.
Namespaces are typically established to distinguish between multiple interpretations of a single token or phrase. For example, a "nut" in the "food" namespace is something to eat, while in the "hardware" namespace something to fasten to a bolt (something you would not want to attempt with a "food:nut" and vice-versa). In XML, it can be thought of as a collection of names, identified by a URI reference [RFC2396], that are used in XML documents.
Organization for the Advancement of Structured Information Standards ( - an international, not-for-profit consortium that designs and develops industry standard specifications for interoperability based on XML.
An action that can be performed on a particular resource by a specific principal or role.
PDP- Policy Decision Point
A logical entity that is responsible for authorizing or denying access to services and/or resources.
The Public-Key Cryptography Standards are specifications produced by RSA Laboratories in cooperation with secure systems developers worldwide for the purpose of accelerating the deployment of public-key cryptography.
Public-Key Infrastructure - a system of certification authorities (and, optionally, other supporting servers and agents) that perform some set of certificate management, archive management, key management, and token management functions for a community of users in an application of asymmetric cryptography.

See Also: Certification Authority
PEP - Policy Enforcement Point
A logical entity that enforces policy decisions.
Post Office Protocol - a protocol for retrieval of email messages from mail servers.

See Also: POP3 server
POP3 server
A mail server that supports the POP3 protocol from retrieval of email messages.

See Also: POP, POP3
A part of WSDL that binds an endpoint address and its interface.
Part of a WSDL document that describes the interface of a service.

See Also: WSDL
An entity whose identity can be authenticated. A principal can represent any entity, such as an in individual, a corporation, or a login id.
Protected Store
A component consisting of a user store and key store.

See Also: User Store, Key Store
Proxy Host
The host name of a proxy server.
Proxy Port
Port number of a proxy server.
Public Cloud
A Universal Business Registry where businesses can describe and publish their web services to the general public.

See Also: UBR
Publisher Assertion
A structure that allows you to emphasize a relationship between two Business Entities.

See Also: Universal Description, Discovery and Integration

See: Qualified Name.
Qualified Name
A name that consists of a namespace and a unique name from that namespace.

See Also: Namespace
A referenceable entity that accepts messages. This can be overseen as a Web service, an asynchronous endpoint, or a stub/proxy that accepts a response.
A reference to data that are defined in another part of the message. An example might be a reference to the next MIME part of a message or a reference to repeated Java objects.
REpresentational State Transfer is an architectural module used to implement networked IT systems. The modeling of communication between components is similar to that used by HTTP. The main distinguishing features of this model relate to resources.
Return Value
A single value returned from a service.
A category that applies to a set of principals.
An IETF Request For Comments (see - usually a standard or a recommendation.
Remote Procedure Call - an extension of a common procedure call used inside one application to span multiple processes running on multiple hosts.
One possible SOAP message encoding, indicating that the message format is logically given by the XML schema present in the WSDL. The physical representation of the message is given by the encoding of the message.

See Also: WSDL
Security Assertions Markup Language - an XML framework for exchanging security information over the Internet. SAML enables disparate security services systems to interoperate. It resides within a system's security mechanisms to enable exchange of identities and entitlements with other services.
How well a system can adapt to increased demands. For example, a scalable network system would be one that can start with just a few nodes, but easily expand to thousands of nodes.
Schema Type
Defines the type of a part of XML data.
Security Mechanism
A mechanism that implements a security function. Some examples of security mechanisms are authentication exchange, checksum, digital signature, encryption, and traffic padding.
Security Provider
A provider for particular security mechanism(s).

See Also: Security Mechanism
An entity that sends messages.
The process by which binary objects are written into a structured stream; for example, when Java objects are written into a SOAP message.
A class that writes a Java object into a SOAP message.
Service Class
The implementation class of the Web service.
Service Endpoint
A single endpoint of a service instance with an associated path and additional configuration (such as header processors, serializers, etc.).
Service Lookup

See: Web Service Lookup.
Service State
The current state of a service instance; for example, Offline, Starting, Running, Stopping, Stopped.
Service, Asynchronous Java Service
A Web service implemented in Java that returns the results of an invocation in an asynchronous manner.
Service, Java Service
A Web service implemented in Java that handles the messages using Java types representation of their content.
Service, Raw Service
A Service written in Java that handles the messages using a low-level transport message API.
Service, XML Service
A Service written in Java that handles the messages using the low-level SOAP Message API.
The basic part of Java Servlet Technology.
Servlet Container
A container application that allows servlets to run.

See Also: Servlet
Simple Mail Transfer Protocol - a protocol for sending email messages between servers. Most email systems that send mail over the Internet use SMTP to send messages from one server to another; the messages can then be retrieved with an email client using either POP or IMAP. In addition, SMTP is generally used to send messages from a mail client to a mail server.
SMTP Server
A mail server that supports the SMTP protocol for email transfer.

See Also: SMTP
Simple Object Access Protocol - a lightweight protocol based on XML for the exchange of information in a decentralized, distributed environment.
The part of a SOAP message that contains the actual data.

See Also: SOAP
SOAP Digital Signature
The W3C document SOAP Security Extensions: Digital Signature specifies the syntax and processing rules for a SOAP header entry to carry digital signature information within a SOAP 1.1 Envelope.

See Also: SOAP, SOAP Header, SOAP Envelope, XML Signature
SOAP Envelope
The root element of a SOAP message. It contains exactly one body sub-element and optionally one header sub-element.

See Also: SOAP
SOAP Fault
Used to return errors that occur during the routing/processing of a SOAP message.

See Also: SOAP
SOAP Fault-Actor
Part of a SOAP Fault. It provides information about who/what caused the fault.

See Also: SOAP Fault
SOAP Fault-Code
Part of a SOAP Fault. It provides an numeric identification of the fault.

See Also: SOAP Fault
SOAP Fault-Detail
Part of a SOAP Fault that provides more details about the fault.

See Also: SOAP Fault
SOAP Header
The part of soap message that contains metadata (for example, authentication information or instance identification) of the message.

See Also: SOAP Body
SOAP Message
A message encoded in accordance with the SOAP specification.

See Also: SOAP
SOAP with Attachments
Binding for a SOAP message to be carried within a MIME multipart/related message in such a way that the processing rules for the SOAP 1.1 message are preserved.

See Also: SOAP
A SOAP message-tracking tool that scans communication between the client and sever. The communication is visually displayed. You can also manually change and send the messages.

See Also: SOAP
SQL Statement
A statement of the Structured Query Language.
The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols were designed to help protect the privacy and integrity of data while it is transferred across a network. The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.

See Also: TLS
A grouping of related information for a single entity, such as a person. Such information includes the Subject's identities, as well as its security-related attributes (passwords and cryptographic keys, for example).

See Also: Identity
Target Namespace
In WSDL, XML Schema, or a deployment descriptor document, the namespace into which the content of the document is placed.
Transport Layer Security protocol. Its primary goal is to provide privacy and data integrity between two communicating applications. The first version of TLS is described in RFC-2246.

See Also: SSL
A structure that takes the form of keyed metadata (data about data). In a general sense, the purpose of a tModel within the UDDI registry is to provide a reference system based on abstraction. Among the roles that a tModel plays in UDDI is the ability to provide and to describe compliance with a specification or concept to a taxonomy, for example.
Tomcat Servlet Container
The servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies.
Trusted Certificate Entry
An entry managed by the key store that represents a trusted certificate or certificate chain.

See Also: Key Store, Certificate Chain
Universal Business Registry (also known as Public Cloud) - a set of UDDI Registries that form a global distributed registry of information about Web services.

See: Universal Description, Discovery and Integration.
UDDI Green Pages
UDDI accepts and organizes three types of information into three broad categories: White, Yellow, and Green Pages. Green Pages hold the technical information about services that are exposed by the business, including references and interfaces to the services a company can deliver.
UDDI Inquiry Port
Every UDDI Registry implementation provides two ports with which you can interact: inquiry and publishing. The inquiry port allows you to browse and search information that is published to a UDDI Registry.
UDDI node
The UDDI node is a collection of Web services, each of which implements the APIs in a UDDI API set, and that are managed according to a common set of policies. Typically, a node consists of at least an implementation of the Inquiry, the Publication, and the Custody and Ownership Transfer API sets; often a node will implement additional API sets such as Subscription and Replication.
UDDI Operator
A UDDI Operator is a role of a person who sets node policy and runs a node. There is exactly one operator for a given node.
UDDI Publishing Port
Every UDDI Registry implementation provides two ports with which you can interact with: inquiry and publishing. The publishing port allows you to publish information about your Web services.
UDDI Registry
A UDDI Registry is an implementation of the UDDI specification that allows Web service vendors to register information about the Web services they offer so that others can find them.
UDDI White Pages
UDDI accepts and organizes three types of information into three broad categories: White, Yellow, and Green Pages. White Pages include address, contact, and known identifiers.
UDDI Yellow Pages
UDDI accepts and organizes three types of information into three broad categories: White, Yellow, and Green Pages. Yellow Pages include industrial categorizations based on standard taxonomies.
Universal Description, Discovery and Integration
UDDI is a specification for distributed Web-based information registries of Web services.
Uniform Resource Identifier - the generic term for all types of names and addresses that refer to objects on the World Wide Web. A URL is one kind of URI.
Uniform Resource Locator - the global address of documents and other resources on the World Wide Web. The first part of the address indicates what protocol to use and the second part specifies the IP address or the domain name where the resource is located.
Any person who interacts directly with a computer system. Note that 'users' do not typically include 'operators,' 'system programmers,' 'technical control officers,' 'system security officers,' and other system support personnel.
User Group
A named collection of users.

See Also: User
User Store
A component responsible for management of user (security) properties, such as passwords and certificates.
Universally Unique Identifier as used in recommendations or drafts.
WAR File
A format for compressing files, similar to a JAR file. Web applications that may be deployed to an application server are often compressed into WAR files.

See Also: JAR File
Web Service
Loosely coupled software components delivered over Internet standard technologies.
Web Service Client
An application that uses Web services.
Web Service Lookup
A process through which a remote Web service is bound to a Java interface. The result of this process is a Java stub for the Web service.
An XML-based language that describes an interface of a Web service plus information on how to call the Web service and where to find it.
WSDL Compiler
The previous name for WSDL2Java, a Systinet Server tool that converts a WSDL document into Java code.
WSDL Compiler tool

See: WSDL Compiler.
WSDL Compiler Web service
Former name of the WSDL2Java Web service, a utility Web service that offers SOAP access to the WSDL2Java tool used for the generation of Java source files from a WSDL document.
WSDL Operation
Part of a WSDL Document representing the interface of an operation that can be invoked on a Web service.
Part of a WSDL Document that binds the endpoint of a service with an interface.
WSDL Service
Part of WSDL Document that specifies the set of endpoints that define one logical service.
The Web Services Policy Framework (WS-Policy) provides a general purpose model and corresponding syntax to describe and communicate the policies of a Web Service. WS-Policy defines a base set of constructs that can be used and extended by other Web Services specifications to describe a broad range of service requirements, preferences, and capabilities.
For more information, please see the WS-Policy specification.
WS-Security describes enhancements to SOAP messaging to provide quality of protection through message integrity, message confidentiality, and single message authentication. It enables the user to encrypt and/or sign individual SOAP messages.
Part of the ITU-T X.500 specification that defines a framework to provide and support data origin authentication and peer entity authentication services, including formats for X.509 public-key certificates, X.509 attribute certificates, and X.509 CRLs.

See Also: CRL
eXtensible Markup Language - a W3C-sponsored format for structured documents and data, used mostly on the Web.
XML Canonicalization
A method for generating a physical representation, the canonical form, of an XML document that accounts for permissible changes or variations in syntax. It is a reduction of a document to a standard minimal form useful, among other things, for document or structure comparisons. Except for limitations regarding a few unusual cases, if two documents have the same canonical form, then the two documents are logically equivalent within the given application context.
XML Encryption
A standard that specifies the process for encrypting data and representing the result in an XML document. The data may be an XML element, or XML element content, or any arbitrary data (including an XML document).

See Also: XML, XML Signature
XML protocol
A communication or messaging protocol based on XML.
XML Schema
A means for defining the structure, content and semantics of XML documents through XML itself. It defines a richer set of data types - such as booleans, numbers, dates and times, and currencies - than the more traditional DTD. XML Schemas make it easier to validate documents based on namespaces. It is defined in the W3C's XML Schema Working Group.
XML Signature
A way of providing integrity, message authentication, and/or signer authentication services for data of any type, whether located within the XML that includes the signature or elsewhere.

See Also: XML, XML Encryption
A language for addressing parts of an XML document. See XPath 1.0 and XPath 2.0.

See Also: XSLT, XQuery
A query language able to express queries across data structured as XML. The result of an XQuery program is also XML. XQuery can be viewed as a transformation language. See XQuery 1.0.

See Also: XPath
A language for transforming XML documents to other XML documents or more generally any text output. Its expressive power is greater than XQuery. Hence it is more universal. See XSLT 1.0 and XSLT 2.0.

See Also: XPath, XQuery