An active requestor is an application (possibly a Web browser) that is capable of issuing Web services messages, such as those described in WS-Security and WS-Trust.
Authentication
The process of validating security credentials.
Authorization
The process of granting access to a secure resource based on the security credential provided.
Canonicalization
The process of converting an XML document to a form that is consistent to all parties. Used when signing documents and interpreting signatures.
Claim
A claim is a statement made about a sender, a service, or other resource (e.g., name, identity, key, group, privilege, capability, etc.).
Confidentiality
Confidentiality is the property that data is not made available to unauthorized individuals, entities, or processes.
Coordination Context
The unique identifier for a set of work to be performed by a group of coordinated services.
Deserialization
The process of constructing an XML Infoset from an octet stream. It is the method used to create the Infoset representation of a message from the wire format for a message.
Digest
A digest is a cryptographic checksum of an octet stream.
Digital signature
In this document, digital signature is a synonym for signature.
Domain
A security domain represents a single unit of security administration or trust.
Durable two-phase commit
The protocol used for transactions on durable resources, such as files or databases.
Effective policy
An effective policy, for a given policy subject, is the resultant combination of the policies attached to policy scopes that contain the policy subject.
Exchange pattern
The model used for message exchange between services.
Factory
A factory is a Web service that can create a resource from an XML representation.
Federation
A federation is a collection of trust domains that have established mutual pair-wise trust. The level of trust may vary, but it typically includes authentication and might include authorization.
Identity mapping
Identity mapping is a method of creating relationships between identity properties. Some Identity Providers might make use of identity mapping.
Identity Provider (IP)
An Identity Provider is an entity that acts as an authentication service to end requestors. An Identity Provider also acts as a data origin authentication service to service providers; this is typically an extension of a security token service.
Integrity
Integrity is the property that data has not been modified.
Message
A message is a complete unit of data available to be sent or received by services. It is a self-contained unit of information exchange. A message always contains a SOAP envelope and might also contain transport protocol headers.
Message path
The set of SOAP nodes traversed between the original source and ultimate receiver.
Passive requestor
A passive requestor is an HTTP browser capable of broadly supported HTTP (e.g., HTTP/1.1).
Policy
A policy is a collection of policy alternatives.
Policy alternative
A policy alternative is a collection of policy assertions.
Policy assertion
A policy assertion represents a domain-specific individual requirement, capability, or other property of a behavior.
Policy expression
A policy expression is an XML Infoset representation of a policy, either in a normal form or in an equivalent compact form.
Policy subject
A policy subject is an entity with which a policy can be associated. These entities include endpoints, messages, resources, and interactions.
Policy scope
A policy scope is the collection of policy subjects to which a policy applies.
Policy attachment
A policy attachment is a mechanism for associating policy with one or more policy scopes.
Principal
A principal is any system entity that can be granted security rights or that makes assertions about security or identity.
Protocol composition
Protocol composition is the ability to combine protocols while maintaining technical coherence and avoiding any unintended functional side effects.
Resource
A resource is defined as any entity addressable by an endpoint reference where the entity can provide an XML representation of itself.
Security context
A security context is an abstract concept that refers to an established authentication state and negotiated key(s) that might have additional security-related properties.
Security Context Token
A Security Context Token (SCT) is a wire representation of the security context abstract concept that allows a context to be named by a URI and used with [WS-Security].
Security Token
A security token represents a collection of one or more claims.
Security Token Service
A Security Token Service (STS) is a Web service that issues security tokensthat is, the service makes assertions, based on evidence that it trusts, to those services that trust the service or to specific recipients.
Serialization
The process of representing an XML Infoset as an octet stream. It is the method used to create the wire format for a message.
Service
A software entity whose interactions with other entities are via messages. Note that that a service need not be connected to a network.
Service contract
A service contract is the description of all the message interchange formats, the legal message exchange patterns, and the policies for the service, typically represented by XML Schema, WSDL, and WS-Policy, respectively.
Service description
A service description provides all data available about a service. This includes the service contract and any other available data.
Service metadata
Service metadata is data about the service that is defined to help describe any aspect of the service, including the service contract and deployment characteristics.
Service policy
A policy that applies to a service.
Signature
A signature is a value computed with a cryptographic algorithm and bound to data in such a way that intended recipients of the data can use the signature to verify that the data has not been altered and has originated from the signer of the message, providing message integrity and authentication. The signature can be computed and verified with either symmetric or asymmetric key algorithms.
Signed security token
A signed security token is a security token that cryptographically endorsed by a specific authority (e.g., an X.509 certificate or a Kerberos ticket).
Sign-out
Sign-out is the process by which a principal indicates that they will no longer be using their token and that services in the domain can destroy their token caches for the principal.
Single Sign On (SSO)
Single Sign On is an optimization of the authentication sequence to remove the burden of repeating actions placed on the requestor. To facilitate SSO, an element called an Identity Provider can act as a proxy on a requestor's behalf to provide evidence of authentication events to third parties requesting information about the requestor. These Identity Providers (IP) are trusted third parties and need to be trusted both by the requestor (to maintain the requestor's identity information, because the loss of this information can result in the compromise of the requestors identity) and the Web services, which might grant access to valuable resources and information based upon the integrity of the identity information provided by the IP.
SOAP intermediary
A SOAP intermediary is a SOAP processing node that is neither the original message sender nor the ultimate receiver.
Symmetric key algorithm
An encryption algorithm where the same key is used for both encrypting and decrypting a message or for signing a message.
System
A collection of services implementing a particular functionality. This is with a type of Distributed Application.
Trust
Trust is the characteristic that one entity is willing to rely upon a second entity to execute a set of actions and/or to make set of assertions about a set of subjects and/or scopes.
Trust domain
A trust domain is an administered security space in which the source and target of a request can determine and agree whether particular sets of credentials from a source satisfy the relevant security policies of the target. The target may defer the trust decision to a third party (if this has been established as part of the agreement), thereby including the trusted third party in the trust domain.
Volatile two-phase commit
The protocol used for transactions on volatile resources, such as caches or window managers.
Web service
A Web service is a service that communicates by exchanging messages through XML, SOAP, and other industry recognized standards.
لطفا منتظر باشید ...
