XML and Web Technologies (CS3F6)

Glossary

access control - The methods by which interactions with resources are limited to collections of users or programs for the purpose of enforcing integrity, confidentiality, or availability constraints.
ACID - The acronym for the four properties guaranteed by transactions: atomicity, consistency, isolation, and durability.
admintool - A tool used to manipulate Tomcat while it is running.
anonymous access - Accessing a resource without authentication.
Ant - A Java-based, and thus cross-platform, build tool that can be extended using Java classes. The configuration files are XML-based, calling out a target tree where various tasks get executed.
Apache Software Foundation - Through the Jakarta Project, creates and maintains open source solutions on the Java platform for distribution to the public at no charge. Tomcat and Ant are two products developed by Apache and provided with the Java Web Services Developer Pack.
applet - A component that typically executes in a Web browser, but can execute in a variety of other applications or devices that support the applet programming model.
Application Deployment Tool - A tool for creating WAR files for application deployment and handling security issues.
archiving - Saving the state of an object and restoring it.
attribute - A qualifier on an XML tag that provides additional information.
Authentication - The process that verifies the identity of a user, device, or other entity in a computer system, usually as a prerequisite to allowing access to resources in a system. Java WSDP requires three types of authentication: basic, form-based, and mutual, and supports digest authentication.
authorization - The process by which access to a method or resource is determined. Authorization depends upon the determination of whether the principal associated with a request through authentication is in a given security role. A security role is a logical grouping of users defined by the person who assembles the application. A deployer maps security roles to security identities. Security identities may be principals or groups in the operational environment.
authorization constraint - An authorization rule that determines who is permitted to access a Web resource collection.

B2B - Business-to-business.
basic authentication - An authentication mechanism in which a Web server authenticates an entity with a user name and password obtained using the Web application's built-in authentication mechanism.
binary entity - See unparsed entity.
binding - Construction of the code needed to process a well-defined bit of XML data.
build file - The XML file that contains one project that contains one or more targets. A target is a set of tasks you want to be executed. When starting Ant, you can select which target(s) you want to have executed. When no target is given, the project's default is used.
build properties file - A file named build.properties that contains properties in
business logic - The code that implements the functionality of an application.

callback methods - Component methods called by the container to notify the component of important events in its life cycle.
CDATA - A predefined XML tag for Character DATA that means don't interpret these characters, as opposed to Parsed Character Data (PCDATA), in which the normal rules of XML syntax apply (for example, angle brackets demarcate XML tags, tags define XML elements, etc.). CDATA sections are typically used to show examples of XML syntax.
certificate authority - A trusted organization that issues public key certificates and provides identification to the bearer.
client certificate authentication - An authentication mechanism that uses HTTP over SSL, in which the server and, optionally, the client authenticate each other with a public key certificate that conforms to a standard that is defined by X.509 Public Key Infrastructure (PKI).
comment - Text in an XML document that is ignored, unless the parser is specifically told to recognize it.
content - The part of an XML document that occurs after the prolog, including the root element and everything it contains.
commit - The point in a transaction when all updates to any resources involved in the transaction are made permanent.
component - An application-level software unit supported by a container. Components are configurable at deployment time. See also Web components.
component contract - The contract between a component and its container. The contract includes: life cycle management of the component, a context interface that the instance uses to obtain various information and services from its container, and a list of services that every container must provide for its components.
component-managed sign-on - Security information needed for signing on to the resource to the getConnection() method is provided by an application component.
connection - See resource manager connection.
connection factory - See resource manager connection factory.
connector - A standard extension mechanism for containers to provide connectivity to enterprise information systems. A connector is specific to an enterprise information system and consists of a resource adapter and application development tools for enterprise information system connectivity. The resource adapter is plugged in to a container through its support for system-level contracts defined in the connector architecture.
Connector element - A representation of the interface between external clients sending requests to a particular service.
container - An entity that provides life cycle management, security, deployment, and runtime services to components.
container-managed sign-on - Security information needed for signing on to the resource to the getConnection() method is supplied by the container.
context attribute - An object bound into the context associated with a servlet.
Context element - A representation of a Web application that is run within a particular virtual host.
context root - A name that gets mapped to the document root of a Web application.
credentials - The information describing the security attributes of a principal.
CSS - Cascading Style Sheet. A stylesheet used with HTML and XML documents to add a style to all elements marked with a particular tag, for the direction of browsers or other presentation mechanisms.

data - The contents of an element, generally used when the element does not contain any subelements. When it does, the more general term content is generally used. When the only text in an XML structure is contained in simple elements, and elements that have subelements have little or no data mixed in, then that structure is often thought of as XML data, as opposed to an XML document.
document - In general, an XML structure in which one or more elements contains text intermixed with subelements. See also data.
DDP - Document-Driven Programming. The use of XML to define applications.
declaration - The very first thing in an XML document, which declares it as XML. The minimal declaration is <?xml version="1.0"?>. The declaration is part of the document prolog.
declarative security - Mechanisms used in an application that are expressed in a declarative syntax in a deployment descriptor.
delegation - An act whereby one principal authorizes another principal to use its identity or privileges with some restrictions.
deploy task - A Tomcat manager application task. Requires a WAR, but not necessarily on the same server. Uploads the WAR to Tomcat, which then unpacks it into the <JWSDP_HOME>/webapps directory and loads the application. Useful when you want to deploy an application into a running production server. Restarts of Tomcat will remember that the application exists because it exists in the /webapps directory.
deployment - The process whereby software is installed into an operational environment.
deployment descriptor - An XML file provided with each module and application that describes how they should be deployed. The deployment descriptor directs a deployment tool to deploy a module or application with specific container options and describes specific configuration requirements that a deployer must resolve.
deploytool - A tool for creating WAR files for application deployment and handling security issues.
digest authentication - An authentication mechanism in which a Web application authenticates to a Web server by sending the server a message digest along its HTTP request message. The digest is computed by employing a one-way hash algorithm to a concatenation of the HTTP request message and the client's password. The digest is typically much smaller than the HTTP request, and doesn't contain the password.
distributed application - An application made up of distinct components running in separate runtime environments, usually on different platforms connected via a network. Typical distributed applications are two-tier (client-server), three-tier (client-middleware-server), and multitier (client-multiple middleware-multiple servers).
document root - The top-level directory of a WAR. The document root is where JSP pages, client-side classes and archives, and static Web resources are stored.
DOM - Document Object Model. A tree of objects with interfaces for traversing the tree and writing an XML version of it.
DTD - Document Type Definition. An optional part of the document prolog, as specified by the XML standard. The DTD specifies constraints on the valid tags and tag sequences that can be in the document. The DTD has a number of shortcomings however, which has led to various schema proposals. For example, the DTD entry <!ELEMENT username (#PCDATA)> says that the XML element called username contains Parsed Character DATA-- that is, text alone, with no other structural elements under it. The DTD includes both the local subset, defined in the current file, and the external subset, which consists of the definitions contained in external .dtd files that are referenced in the local subset using a parameter entity.

ebXML - Electronic Business XML. A group of specifications designed to enable enterprises to conduct business through the exchange of XML-based messages. It is sponsored by OASIS and the United Nations Centre for the Facilitation of Procedures and Practices in Administration, Commerce and Transport (U.N./CEFACT).
element - A unit of XML data, delimited by tags. An XML element can enclose other elements.
empty tag - A tag that does not enclose any content.
enterprise bean - A component that implements a business task or business entity and resides in an EJB container; either an entity bean, session bean, or message-driven bean.
enterprise information system - The applications that comprise an enterprise's existing system for handling company-wide information. These applications provide an information infrastructure for an enterprise. An enterprise information system offers a well defined set of services to its clients. These services are exposed to clients as local and/or remote interfaces. Examples of enterprise information systems include: enterprise resource planning systems, mainframe transaction processing systems, and legacy database systems.
enterprise information system resource - An entity that provides enterprise information system-specific functionality to its clients. Examples are: a record or set of records in a database system, a business object in an enterprise resource planning system, and a transaction program in a transaction processing system.
entity - A distinct, individual item that can be included in an XML document by referencing it. Such an entity reference can name an entity as small as a character (for example, "<", which references the less-than symbol, or left-angle bracket (<). An entity reference can also reference an entire document, or external entity, or a collection of DTD definitions (a parameter entity).
entity bean - An enterprise bean that represents persistent data maintained in a database. An entity bean can manage its own persistence or can delegate this function to its container. An entity bean is identified by a primary key. If the container in which an entity bean is hosted crashes, the entity bean, its primary key, and any remote references survive the crash.
entity reference - A reference to an entity that is substituted for the reference when the XML document is parsed. It may reference a predefined entity like < or it may reference one that is defined in the DTD. In the XML data, the reference could be to an entity that is defined in the local subset of the DTD or to an external XML file (an external entity). The DTD can also carve out a segment of DTD specifications and give it a name so that it can be reused (included) at multiple points in the DTD by defining a parameter entity.
error - A SAX parsing error is generally a validation error--in other words, it occurs when an XML document is not valid, although it can also occur if the declaration specifies an XML version that the parser cannot handle. See also: fatal error, warning.
Extensible Markup Language - A markup language that makes data portable.
external entity - An entity that exists as an external XML file, which is included in the XML document using an entity reference.
external subset - That part of the DTD that is defined by references to external .dtd files.

fatal error - A fatal error occurs in the SAX parser when a document is not well formed, or otherwise cannot be processed. See also: error, warning.
filter - An object that can transform the header and/or content of a request or response. Filters differ from Web components in that they usually do not themselves create responses but rather they modify or adapt the requests for a resource, and modify or adapt responses from a resource. A filter should not have any dependencies on a Web resource for which it is acting as a filter so that it can be composable with more than one type of Web resource.
filter chain - A concatenation of XSLT tranformations in which the output of one tranformation becomes the input of the next.
form-based authentication - An authentication mechanism in which a Web container provides an application-specific form for logging in. This form of authentication uses Base64 encoding and can expose user names and passwords unless all connections are over SSL.
general entity - An entity that is referenced as part of an XML document's content, as distinct from a parameter entity, which is referenced in the DTD. A general entity can be a parsed entity or an unparsed entity.
group - An authenticated set of users classified by common traits such as job title or customer profile. Groups are also assocaited with a set of roles, and every user that is a member of a group inherits all of the roles assigned to that group.

Host element - A representation of a virtual host.
HTML - Hypertext Markup Language. A markup language for hypertext documents on the Internet. HTML enables the embedding of images, sounds, video streams, form fields, references to other objects with URLs and basic text formatting.
HTTP - Hypertext Transfer Protocol. The Internet protocol used to fetch hypertext objects from remote hosts. HTTP messages consist of requests from client to server and responses from server to client.
HTTPS - HTTP layered over the SSL protocol.
impersonation - An act whereby one entity assumes the identity and privileges of another entity without restrictions and without any indication visible to the recipients of the impersonator's calls that delegation has taken place. Impersonation is a case of simple delegation.
initialization parameter - A parameter that initializes the context associated with a servlet.
install task - Ant task useful for development and debugging where you need to restart an application. Requires that the WAR file (or directory) be on the same server on which Tomcat is running. Restarts of Tomcat cause the installation to be forgotten.
ISO 3166 - The international standard for country codes maintained by the International Organization for Standardization (ISO).
ISV - Independent Software Vendor.

JAR - Java ARchive. A platform-independent file format that permits many files to be aggregated into one file.
Java 2 Platform, Enterprise Edition (J2EE) - An environment for developing and deploying enterprise applications. The J2EE platform consists of a set of services, application programming interfaces (APIs), and protocols that provide the functionality for developing multitiered, Web-based applications.
Java 2 Platform, Micro Edition (J2ME) - A highly optimized Java runtime environment targeting a wide range of consumer products, including pagers, cellular phones, screenphones, digital set-top boxes and car navigation systems.
Java 2 Platform, Standard Edition (J2SE) - The core Java technology platform.
Java API for XML Messaging (JAXM) - An API that provides a standard way to send XML documents over the Internet from the Java platform. It is based on the SOAP 1.1 and SOAP with Attachments specifications, which define a basic framework for exchanging XML messages. JAXM can be extended to work with higher level messaging protocols, such as the one defined in the ebXML (electronic business XML) Message Service Specification, by adding the protocol's functionality on top of SOAP.
Java API for XML Processing (JAXP) - An API for processing XML documents. JAXP leverages the parser standards SAX and DOM so that you can choose to parse your data as a stream of events or to build a tree-structured representation of it. The latest versions of JAXP also support the XSLT (XML Stylesheet Language Transformations) standard, giving you control over the presentation of the data and enabling you to convert the data to other XML documents or to other formats, such as HTML. JAXP also provides namespace support, allowing you to work with schemas that might otherwise have naming conflicts.
Java API for XML Registries (JAXR) - An API for accessing different kinds of XML registries.
Java API for XML-based RPC (JAX-RPC) - An API for building Web services and clients that use remote procedure calls (RPC) and XML.
Java Naming and Directory Interface (JNDI) - An API that provides naming and directory functionality.
Java Secure Socket Extension (JSSE) - A set of packages that enable secure Internet communications.
Java Transaction API (JTA) - An API that allows applications to access transactions.
Java Web Services Developer Pack (Java WSDP) - An environment containing key technologies to simplify building of Web services using the Java 2 Platform.
JavaBeans component - A Java class that can be manipulated in a visual builder tool and composed into applications. A JavaBeans component must adhere to certain property and event interface conventions.
JavaMail - An API for sending and receiving email.
Java Server Pages (JSP) - An extensible Web technology that uses template data, custom elements, scripting languages, and server-side Java objects to return dynamic content to a client. Typically the template data is HTML or XML elements, and in many cases the client is a Web browser.
Java Server Pages Standard Tag Library (JSTL) - A tag library that encapsulates core functionality common to many JSP applications. JSTL has support for common, structural tasks such as iteration and conditionals, tags for manipulating XML documents, internationalization and locale-specific formatting tags, and SQL tags. It also introduces a new expression language to simplify page development, and provides an API for developers to simplify the configuration of JSTL tags and the development of custom tags that conform to JSTL conventions.
JAXR client - A client program that uses the JAXR API to access a business registry via a JAXR provider.
JAXR provider - An implementation of the JAXR API that provides access to a specific registry provider or to a class of registry providers that are based on a common specification.
JDBC - An API for database-independent connectivity to a wide range of data sources.
JSP action - A JSP element that can act on implicit objects and other server-side objects or can define new scripting variables. Actions follow the XML syntax for elements with a start tag, a body and an end tag; if the body is empty it can also use the empty tag syntax. The tag must use a prefix.
JSP action, custom - An action described in a portable manner by a tag library descriptor and a collection of Java classes and imported into a JSP page by a taglib directive. A custom action is invoked when a JSP page uses a custom tag.
JSP action, standard - An action that is defined in the JSP specification and is always available to a JSP file without being imported.
JSP application - A stand-alone Web application, written using the JavaServer Pages technology, that can contain JSP pages, servlets, HTML files, images, applets, and JavaBeans components.
JSP container - A container that provides the same services as a servlet container and an engine that interprets and processes JSP pages into a servlet.
JSP container, distributed - A JSP container that can run a Web application that is tagged as distributable and is spread across multiple Java virtual machines that might be running on different hosts.
JSP declaration - A JSP scripting element that declares methods, variables, or both in a JSP file.
JSP directive - A JSP element that gives an instruction to the JSP container and is interpreted at translation time.
JSP element - A portion of a JSP page that is recognized by a JSP translator. An element can be a directive, an action, or a scripting element.
JSP expression - A scripting element that contains a valid scripting language expression that is evaluated, converted to a String, and placed into the implicit out object.
JSP file - A file that contains a JSP page. In the Servlet 2.2 specification, a JSP file must have a .jsp extension.
JSP page - A text-based document using fixed template data and JSP elements that describes how to process a request to create a response.
JSP scripting element - A JSP declaration, scriptlet, or expression, whose tag syntax is defined by the JSP specification, and whose content is written according to the scripting language used in the JSP page. The JSP specification describes the syntax and semantics for the case where the language page attribute is "java".
JSP scriptlet - A JSP scripting element containing any code fragment that is valid in the scripting language used in the JSP page. The JSP specification describes what is a valid scriptlet for the case where the language page attribute is "java".
JSP tag - A piece of text between a left angle bracket and a right angle bracket that is used in a JSP file as part of a JSP element. The tag is distinguishable as markup, as opposed to data, because it is surrounded by angle brackets.
JSP tag library - A collection of custom tags identifying custom actions described via a tag library descriptor and Java classes.
life cycle - The framework events of a component's existence. Each type of component has defining events which mark its transition into states where it has varying availability for use. For example, a servlet is created and has its init method called by its container prior to invocation of its service method by clients or other servlets who require its functionality. After the call of its init method it has the data and readiness for its intended use. The servlet's destroy method is called by its container prior to the ending of its existence so that processing associated with winding up may be done, and resources may be released. The init and destroy methods in this example are callback methods.
localhost - For the purposes of the Java WSDP, the machine on which Tomcat is running.
local subset - That part of the DTD that is defined within the current XML file.
Logger element - A representation of a destination for logging, debugging and error messages for Tomcat.
message-driven bean - An enterprise bean that is an asynchronous message consumer. A message-driven bean has no state for a specific client, but its instance variables may contain state across the handling of client messages. A client accesses a message-driven bean by sending messages to the destination for which the bean is a message listener.
mixed-content model - A DTD specification that defines an element as containing a mixture of text and one more other elements. The specification must start with #PCDATA, followed by alternate elements, and must end with the "zero-or-more" asterisk symbol (*).
mutual authentication - An authentication mechanism employed by two parties for the purpose of proving each other's identity to one another.
namespace - A standard that lets you specify a unique label to the set of element names defined by a DTD. A document using that DTD can be included in any other document without having a conflict between element names. The elements defined in your DTD are then uniquely identified so that, for example, the parser can tell when an element called <name> should be interpreted according to your DTD, rather than using the definition for an element called name in a different DTD.
naming context - A set of associations between unique, atomic, people-friendly identifiers and objects.
naming environment - A mechanism that allows a component to be customized without the need to access or change the component's source code. A container implements the component's naming environment, and provides it to the component as a JNDI naming context. Each component names and accesses its environment entries using the java:comp/env JNDI context. The environment entries are declaratively specified in the component's deployment descriptor.
normalization - The process of removing redundancy by modularizing, as with subroutines, and of removing superfluous differences by reducing them to a common denominator. For example, line endings from different systems are normalized by reducing them to a single NL, and multiple whitespace characters are normalized to one space.
North American Industry Classification System (NAICS) - A system for classifying business establishments based on the processes they use to produce goods or services.
notation - A mechanism for defining a data format for a non-XML document referenced as an unparsed entity. This is a holdover from SGML that creaks a bit. The newer standard is to use MIME datatypes and namespaces to prevent naming conflicts.
OASIS - Organization for the Advancement of Structured Information Standards. Their home site is http://www.oasis-open.org/. The DTD repository they sponsor is at http://www.XML.org.
one-way messaging - A method of transmitting messages without having to block until a response is received.
OS principal - A principal native to the operating system on which the Web services platform is executing.
parameter entity - An entity that consists of DTD specifications, as distinct from a general entity. A parameter entity defined in the DTD can then be referenced at other points, in order to prevent having to recode the definition at each location it is used.
parsed entity - A general entity that contains XML, and which is therefore parsed when inserted into the XML document, as opposed to an unparsed entity.
parser - A module that reads in XML data from an input source and breaks it up into chunks so that your program knows when it is working with a tag, an attribute, or element data. A non-validating parser ensures that the XML data is well formed, but does not verify that it is valid. See also: validating parser.
principal - The identity assigned to a user as a result of authentication.
privilege - A security attribute that does not have the property of uniqueness and that may be shared by many principals.
processing instruction - Information contained in an XML structure that is intended to be interpreted by a specific application.
programmatic security - Security decisions that are made by security-aware applications. Programmatic security is useful when declarative security alone is not sufficient to express the security model of a application.
prolog - The part of an XML document that precedes the XML data. The prolog includes the declaration and an optional DTD.
public key certificate - Used in client-certificate authentication to enable the server, and optionally the client, to authenticate each other. The public key certificate is a digital equivalent of a passport. It is issued by a trusted organization, called a certificate authority (CA), and provides identification for the bearer.
RDF - Resource Description Framework. A standard for defining the kind of data that an XML file contains. Such information could help ensure semantic integrity, for example by helping to make sure that a date is treated as a date, rather than simply as text.
RDF schema - A standard for specifying consistency rules that apply to the specifications contained in an RDF.
realm - See security policy domain. Also, a string, passed as part of an HTTP request during basic authentication, that defines a protection space. The protected resources on a server can be partitioned into a set of protection spaces, each with its own authentication scheme and/or authorization database. In the Tomcat server authentication service, a realm is a complete database of roles, users, and groups that identify valid users of a Web application or a set of Web applications.
Realm element - A representation of a database of user names, passwords and roles assigned to those users.
registry - An infrastructure that enables the building, deployment and discovery of Web services. It is a neutral third party that facilitates dynamic and loosely coupled business-to-business (B2B) interactions.
registry provider - An implementation of a business registry that conforms to a specification for XML registries.
reload task - Used with the Tomcat manager Web application to redeploy a changed Web application onto a running Tomcat server.
request-response messaging - A method of messaging that includes blocking until a response is received.
resource manager - Provides access to a set of shared resources. A resource manager participates in transactions that are externally controlled and coordinated by a transaction manager. A resource manager is typically in different address space or on a different machine from the clients that access it. Note: An enterprise information system is referred to as resource manager when it is mentioned in the context of resource and transaction management.
resource manager connection - An object that represents a session with a resource manager.
resource manager connection factory - An object used for creating a resource manager connection.
role (security) - An abstract logical grouping of users that is defined by the Application Assembler. When an application is deployed, the roles are mapped to security identities, such as principals or groups, in the operational environment. In the Tomcat server authentication service, a role is an abstract name for permission to access a particular set of resources. A role can be compared to a key that can open a lock. Many people might have a copy of the key, and the lock doesn't care who you are, only that you have the right key.
role mapping - The process of associating the groups and/or principals recognized by the container to security roles specified in the deployment descriptor. Security roles have to be mapped before a component is installed in the server.
rollback - The point in a transaction when all updates to any resources involved in the transaction are reversed.
root - The outermost element in an XML document. The element that contains all other elements.
SAX - Simple API for XML. An event-driven interface in which the parser invokes one of several methods supplied by the caller when a parsing event occurs. Events include recognizing an XML tag, finding an error, encountering a reference to an external entity, or processing a DTD specification.
Schema - A database-inspired method for specifying constraints on XML documents using an XML-based language. Schemas address deficiencies in DTDs, such as the inability to put constraints on the kinds of data that can occur in a particular field. Since schemas are founded on XML, they are hierarchical, so it is easier to create an unambiguous specification, and possible to determine the scope over which a comment is meant to apply.
Secure Socket Layer (SSL) - A technology that allows Web browsers and Web servers to communicate over a secured connection.
security attributes - A set of properties associated with a principal. Security attributes can be associated with a principal by an authentication protocol or by a Java WSDP Product Provider.
security constraint - Determines who is authorized to access a Web resource collection.
security context - An object that encapsulates the shared state information regarding security between two entities.
security permission - A mechanism, defined by J2SE, to express the programming restrictions imposed on component developers.
security policy domain - A scope over which security policies are defined and enforced by a security administrator. A security policy domain has a collection of users (or principals), uses a well defined authentication protocol(s) for authenticating users (or principals), and may have groups to simplify setting of security policies.
security technology domain - A scope over which the same security mechanism is used to enforce a security policy. Multiple security policy domains can exist within a single technology domain.
server certificate - Used with HTTPS protocol to authenticate Web applications.The certificate can be self-signed or approved by a Certificate Authority (CA). The HTTPS service of the Tomcat server will not run unless a server certificate has been installed.
server principal - The OS principal that the server is executing as.
service element - A representation of the combination of one or more Connector components that share a single engine component for processing incoming requests.
servlet - A Java program that extends the functionality of a Web server, generating dynamic content and interacting with Web applications using a request-response paradigm.
servlet container - A container that provides the network services over which requests and responses are sent, decodes requests, and formats responses. All servlet containers must support HTTP as a protocol for requests and responses, but may also support additional request-response protocols such as HTTPS.
servlet container, distributed - A servlet container that can run a Web application that is tagged as distributable and that executes across multiple Java virtual machines running on the same host or on different hosts.
servlet context - An object that contains a servlet's view of the Web application within which the servlet is running. Using the context, a servlet can log events, obtain URL references to resources, and set and store attributes that other servlets in the context can use.
servlet mapping - Defines an association between a URL pattern and a servlet. The mapping is used to map requests to servlets.
session - An object used by a servlet to track a user's interaction with a Web application across multiple HTTP requests.
session bean - An enterprise bean that is created by a client and that usually exists only for the duration of a single client-server session. A session bean performs operations, such as calculations or accessing a database, for the client. Although a session bean may be transactional, it is not recoverable should a system crash occur. Session bean objects can be either stateless or can maintain conversational state across methods and transactions. If a session bean maintains state, then the EJB container manages this state if the object must be removed from memory. However, the session bean object itself must manage its own persistent data.
SGML - Standard Generalized Markup Language. The parent of both HTML and XML. However, while HTML shares SGML's propensity for embedding presentation information in the markup, XML is a standard that allows information content to be totally separated from the mechanisms for rendering that content.
SOAP - Simple Object Access Protocol
SOAP with Attachments API for Java (SAAJ) - The basic package for SOAP messaging which contains the API for creating and populating a SOAP message.
SSL - Secure Socket Layer. A security protocol that provides privacy over the Internet. The protocol allows client-server applications to communicate in a way that cannot be eavesdropped or tampered with. Servers are always authenticated and clients are optionally authenticated.
SQL - Structured Query Language. The standardized relational database language for defining database objects and manipulating data.
SQL/J - A set of standards that includes specifications for embedding SQL statements in methods in the Java programming language and specifications for calling Java static methods as SQL stored procedures and user-defined functions. An SQL checker can detects errors in static SQL statements at program development time, rather than at execution time as with a JDBC driver.
standalone client - A client that does not use a messaging provider and does not run in a container.
tag - A piece of text that describes a unit of data, or element, in XML. The tag is distinguishable as markup, as opposed to data, because it is surrounded by angle brackets (< and >). To treat such markup syntax as data, you use an entity reference or a CDATA section.
Template - A set of formatting instructions that apply to the nodes selected by an XPATH expression.
Tomcat - The Java Servlet and JSP Web server and container developed by the Apache Software Foundation and included with the Java WSDP. Many applications in this tutorial are run on Tomcat.
transaction - An atomic unit of work that modifies data. A transaction encloses one or more program statements, all of which either complete or roll back. Transactions enable multiple users to access the same data concurrently.
transaction isolation level - The degree to which the intermediate state of the data being modified by a transaction is visible to other concurrent transactions and data being modified by other transactions is visible to it.
transaction manager - Provides the services and management functions required to support transaction demarcation, transactional resource management, synchronization, and transaction context propagation.
translet - Pre-compiled version of a tranformation.
Unicode - A standard defined by the Unicode Consortium that uses a 16-bit code page which maps digits to characters in languages around the world. Because 16 bits covers 32,768 codes, Unicode is large enough to include all the world's languages, with the exception of ideographic languages that have a different character for every concept, like Chinese. For more info, see http://www.unicode.org/.
Universal Description, Discovery, and Integration (UDDI) project - An industry initiative to create a platform-independent, open framework for describing services, discovering businesses, and integrating business services using the Internet, as well as a registry. It is being developed by a vendor consortium.
Universal Standard Products and Services Classification (UNSPSC) - A schema that classifies and identifies commodities. It is used in sell side and buy side catalogs and as a standardized account code in analyzing expenditure.
unparsed entity - A general entity that contains something other than XML. By its nature, an unparsed entity contains binary data.
URI - Uniform Resource Identifier. A globally unique identifier for an abstract or physical resource. A URL is a kind of URI that specifies the retrieval protocol (http or https for Web applications) and physical location of a resource (host name and host-relative path). A URN is another type of URI.
URL - Uniform Resource Locator. A standard for writing a textual reference to an arbitrary piece of data in the World Wide Web. A URL looks like protocol://host/localinfo where protocol specifies a protocol for fetching the object (such as HTTP or FTP), host specifies the Internet name of the targeted host, and localinfo is a string (often a file name) passed to the protocol handler on the remote host.
URL path - The part of a URL passed by an HTTP request to invoke a servlet. A URL path consists of the Context Path + Servlet Path + Path Info, where:

Context Path is the path prefix associated with a servlet context that this servlet is a part of. If this context is the default context rooted at the base of the Web server's URL namespace, the path prefix will be an empty string. Otherwise, the path prefix starts with a / character but does not end with a / character.

Servlet Path is the path section that directly corresponds to the mapping which activated this request. This path starts with a / character.

Path Info is the part of the request path that is not part of the Context Path or the Servlet Path.

URN - Uniform Resource Name. A unique identifier that identifies an entity, but doesn't tell where it is located. A system can use a URN to look up an entity locally before trying to find it on the Web. It also allows the Web location to change, while still allowing the entity to be found.
user (security) - An individual (or application program) identity that has been authenticated. A user can have a set of roles associated with that identity, which entitles them to access all resources protected by those roles.
user data constraint - Indicates how data between a client and a Web container should be protected. The protection can be the prevention of tampering with the data or prevention of eavesdropping on the data.
valid - A valid XML document, in addition to being well formed, conforms to all the constraints imposed by a DTD. It does not contain any tags that are not permitted by the DTD, and the order of the tags conforms to the DTD's specifications.
validating parser - A parser that ensures that an XML document is valid, as well as well-formed. See also: parser.
Valve element - A representation ofa component that will be inserted into the request processing pipeline for Tomcat.
virtual host - Multiple "hosts + domain names" mapped to a single IP.
W3C - World Wide Web Consortium. The international body that governs Internet standards.
WAR file - Web application archive. A JAR archive that contains a Web module.
warning - A SAX parser warning is generated when the document's DTD contains duplicate definitions, and similar situations that are not necessarily an error, but which the document author might like to know about, since they could be. See also: fatal error, error.
Web application - An application written for the Internet, including those built with Java technologies such as JavaServer Pages and servlets, as well as those built with non-Java technologies such as CGI and Perl.
Web Application Archive (WAR) - A hierarchy of directories and files in a standard Web application format, contained in a packed file with an extension .war.
Web application, distributable - A Web application that uses Java WSDP technology written so that it can be deployed in a Web container distributed across multiple Java virtual machines running on the same host or different hosts. The deployment descriptor for such an application uses the distributable element.
Web component - A component that provides services in response to requests; either a servlet or a JSP page.
Web container - A container that implements the Web component contract of the J2EE architecture. This contract specifies a runtime environment for Web components that includes security, concurrency, life cycle management, transaction, deployment, and other services. A Web container provides the same services as a JSP container and a federated view of the J2EE platform APIs. A Web container is provided by a Web server.
Web container, distributed - A Web container that can run a Web application that is tagged as distributable and that executes across multiple Java virtual machines running on the same host or on different hosts.
Web module - A unit that consists of one or more Web components, other resources, and a Web deployment descriptor.
Web resource - A static or dynamic object contained in a Web application archive that can be referenced by a URL.
Web resource collection - A list of URL patterns and HTTP methods that describe a set of resources to be protected.
Web server - Software that provides services to access the Internet, an intranet, or an extranet. A Web server hosts Web sites, provides support for HTTP and other protocols, and executes server-side programs (such as CGI scripts or servlets) that perform certain functions. In the J2EE architecture, a Web server provides services to a Web container. For example, a Web container typically relies on a Web server to provide HTTP message handling. The J2EE architecture assumes that a Web container is hosted by a Web server from the same vendor, so does not specify the contract between these two entities. A Web server may host one or more Web containers.
Web service - An application that exists in a distributed environment, such as the Internet. A Web service accepts a request,performs its function based on the request, and returns a response. The request and the response can be part of the same operation, or they can occur separately, in which case the consumer does not need to wait for a response. Both the request and the response usually take the form of XML, a portable data-interchange format, and are delivered over a wire protocol, such as HTTP.
well-formed - An XML document that is syntactically correct. It does not have any angle brackets that are not part of tags, all tags have an ending tag or are themselves self-ending, and all tags are fully nested. Knowing that a document is well formed makes it possible to process it. A well-formed document may not be valid however. To determine that, you need a validating parser and a DTD.
Xalan - An interpreting version of XSLT.
XHTML - An XML lookalike for HTML defined by one of several XHTML DTDs. To use XHTML for everything would of course defeat the purpose of XML, since the idea of XML is to identify information content, not just tell how to display it. You can reference it in a DTD, which allows you to say, for example, that the text in an element can contain <em> and <b> tags, rather than being limited to plain text.
XLink - The part of the XLL specification that is concerned with specifying links between documents.
XLL - The XML Link Language specification, consisting of XLink and XPointer.
XML - Extensible Markup Language. A markup language that allows you to define the tags (markup) needed to identify the content, data, and text, in XML documents. It differs from HTML the markup language most often used to present information on the internet. HTML has fixed tags that deal mainly with style or presentation. An XML document must undergo a transformation into a language with style tags under the control of a stylesheet before it can be presented by a browser or other presentation mechanism. Two types of style sheets used with XML are CSS and XSL. Typically, XML is transformed into HTML for presentation. Although tags may be defined as needed in the generation of an XML document, a DTD may be used to define the elements allowed in a particular type of document. A document may be compared with the rules in the DTD to determine its validity and to locate particular elements in the document. Web services application's deployment descriptors are expressed in XML with DTDs defining allowed elements. Programs for processing XML documents use SAX or DOM APIs.
XML registry - See registry.
XML Schema - The W3C schema specification for XML documents.
XPath - See XSL.
Xpointer - The part of the XLL specification that is concerned with identifying sections of documents so that they can referenced in links or included in other documents.
XSL - Extensible Stylesheet Language. Extensible Stylesheet Language. An important standard that achieves several goals. XSL lets you:

Specify an addressing mechanism, so you can identify the parts of an XML file that a transformation applies to. (XPath)
Specify tag conversions, so you convert XML data into a different formats. (XSLT)
Specify display characteristics, such page sizes, margins, and font heights and widths, as well as the flow objects on each page. Information fills in one area of a page and then automatically flows to the next object when that area fills up. That allows you to wrap text around pictures, for example, or to continue a newsletter article on a different page. (XML-FO)

XSL-FO - A subcomponent of XSL used for describing font sizes, page layouts, and how information "flows" from one page to another.
XSLT - XSL Transformation. An XML file that controls the transformation of an XML document into another XML document or HTML. The target document often will have presentation related tags dictating how it will be rendered by a browser or other presentation mechanism. XSLT was formerly part of XSL, which also included a tag language of style flow objects.
XSLTC - A compiling version of XSLT.

Last updated in October 2006