An OASIS specification that defines mechanisms to allow different security realms to federate, such that authorized access to resources managed in one realm can be provided to security principles whose identities and attributes are managed in other realms. This includes mechanisms for brokering of identity, attribute, authentication and authorization assertions between realms, and privacy of federated claims.
An XML format for describing network services as a set of endpoints operating on messages containing either document-oriented or procedure-oriented information. The operations and messages are described abstractly, and then bound to a concrete network protocol and message format to define an endpoint.
A software service used to communication between two devices on a network. More specifically, a Web service is a software application with a standardized way of providing interoperability between disparate applications. It does so over HTTP using technologies such as XML, SOAP, WSDL, and UDDI.
Web Infrastructure includes equipment/services to support delivery of services over the Internet or similar networks. These include supporting: Network Services which consists of protocols defining the format and structure of data and information either accessed from a directory or exchanged through communications; Service Transport which consists of protocols defining the format and structure of data and information either accessed from a directory or exchanged through communications.
A comprehensive analysis that attempts to define, identify, and classify the security holes (vulnerabilities) in a system, network, or communications infrastructure within the assessment scope.
Relates to risk of attack. In IT terms, vulnerability describes points of risk to penetration of security barriers. Awareness of potential vulnerability is very important to designing ever more effective defenses against attack by unauthorized parties.
Defines the set of capabilities to provide telephony or other voice communications
Characterized by absence of trusted status. Assumed to be unreliable, untruthful, and inaccurate unless proven otherwise.
An IT system or network that is recognized automatically as reliable, truthful, and accurate without continual validation or testing.
Threat and Vulnerability Management involves all functions pertaining to the protection of federal information and information systems from unauthorized access, use, disclosure, disruptions, modification, or destruction, as well as the creation and implementation of security policies, procedures and controls. It includes all risk and controls tracking for IT systems.
