Glossary of Webinos Terms

The following definitions are used throughout the discussion and specification of webinos. The following list of terms is not exhaustive.
Other terms may be used and will be defined and added throughout the project work.

Some definitions will originate in certain domains and may overlap. So, a "Feature [WAC]" might be different from an automotive "Feature".

Definitions of Stakeholders

User (USR)

... of Webinos Apps

Developer of Webinos Apps (DEV)

Application Service Provider of Installable Webinos Apps (ASP)

Application Service Provider of hosted Webinos Apps (ASP-HA)

Device Manufacturer (DMA)

Network provider (NET)

... of Internet Connectivity (not local / short-range connectivity)

3rd Party Service Provider (3RD)

Developer of Webinos Platform (DWP)

General Definitions

Access Control

Protection of resources against unauthorized access; a process by which use of resources is regulated according to a security policy and is permitted by only authorized system entities according to that policy. [RFC 2828]

Access Control List (ACL)

A mechanism that implements access control for a system resource by enumerating the identities of the system entities that are permitted to access the resources. [IEC 62351-2, ed. 1.0 (2008-08)]

Access Management

The management of policies, rules, processes and information to control access to certain resources. In particular, the collection of systems and/or services associated with specific on-line resources and/or services that together derive the decision (privileges) about whether to allow a given entity to gain access to those resources or make use of those services [STORK Glossary and Acronyms]


A set of data, tools and functionalities, that can be accessed after the successful accomplishment of the processes of Authentication and Authorization. It allows for accountability.


The property of a system (including all of its system resources) that ensures that the actions of a system entity may be traced uniquely to that entity, which can be held responsible for its actions. [RFC 2828]


A mechanical device for moving or controlling a mechanism or system. It is operated by a source of energy, usually in the form of an electric current, hydraulic fluid pressure or pneumatic pressure, and converts that energy into some kind of motion. [Wikipedia]. Webinos must provide methods that allow Web Applications to control Actuators.


the process of public promotion (of some product or service) []


"Anonymity requires that other users or subjects are unable to determine the identity of a user bound to a subject or operation" (BS ISO/IEC 15408-2:2008)


The condition of having a name that is unknown or concealed. [RFC 2828]

Application installation

Installation (or setup) of a program (including drivers, plugins, etc.) is the act of putting the program onto a computer system so that it can be executed. Because the requisite process varies for each program and each computer, many programs (including operating systems) come with a general-purpose or dedicated installer ? a specialized program which automates most of the work required for their installation.

Application lifecycle

A continuous process of managing the life of an application through governance, development and maintenance.

Application package

see Installable Web Application

Application Programming Interface (API)

An interface, i.e. a point of interaction between components, implemented by a software program that enables it to interact with other software. It facilitates interaction between different software programs similar to the way the user interface facilitates interaction between humans and computers.
[Source: Wikipedia]


"A complete, self-contained program that performs a specific function directly for the user. This is in contrast to system software such as the operating system kernel, server processes, libraries which exists to support application programs and utility programs." --

Applications may exist on a device or be hosted online.


An overall set of client and/or server functions that may enable various capabilities of the user related to the application lifecycle, e.g. widget discovery, selection, preview, payment, authorization checks, update, etc. [Source: WAC]

AppStore Client

A device client that supports client-side functions of an AppStore. [Source: WAC]

AppStore Server

A network server that supports server-side functions of an AppStore. [Source: WAC]


An assault on system security that derives from an intelligent threat, i.e., an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system. [RFC 2828]


(see also Adversary) the originator of an attack.


The process of vouching for the accuracy of information. External entities can attest to shielded locations, protected capabilities, and Roots of Trust. A platform can attest to its description of platform characteristics that affect the integrity (trustworthiness) of a platform. Both forms of attestation require reliable evidence of the attesting entity. []

Attestation of the Platform

An operation that provides proof of a set of the platform's integrity measurements []


"Authentication is the process of confirming the correctness of the claimed identity." --

Authentication Mechanism

The mechanism used to corroborate claimed information with a specified, or understood, level of confidence. Mechanisms include the use of username/password, X.509 client certificates and biometrics, etc. [STORK Glossary and Acronyms]

Authentication Server

A server that provides authentication services to users or other systems. For example, the user passes its identity and password (or certificate, smartcard, biometric data) to the authentication server; the latter veri?es this data and grants the authentication proof (e.g., a credential) to the user.


property that ensures that the identity of a subject or resource is the one claimed. Authenticity applies to entities such as users, processes, systems and information [IEC 62210, ed. 1.0 (2003-05)]


A right or a permission that is granted to a system entity to access a system resource. [RFC 2828]

Authorization Server

A server that consults the security policy, extracts the relevant security rules, evaluates these rules with the current access parameters, eventually, invokes the con?ict resolution process, and generates the corresponding credentials that permit the access to resources.


"The property of being accessible and usable upon demand by an authorized entity" (ISO/IEC 13335-1:2004 taken from BS ISO/IEC 27001:2005 )

Certification Authority (CA)

Certificate Store

A certificate store will often have numerous certificates stored, possibly issued from a number of a different certification authorities. It consists of key pairs that encrypt and decrypt the symmetric key used for encrypting and decrypting data by Encrypting File System, digital certificates and so on.

Child application

A child application is a self contained application package that is included within another application package (parent application). The are used as means for distributed application development and deployment where a parent application can export child applications to other devices in order to provide a service that can be distributed over several devices to the user.


A statement made by one entity about itself or another entity that a relying party considers to be ?in doubt? until it passes ?Claims Approval?. [STORK Glossary and Acronyms]


"Cloud computing is Web-based processing, whereby shared resources, software, and information are provided to computers and other devices (such as smartphones) on demand over the Internet." (

"The Cloud" can therefore refer to a range of services provided by remote infrastructures. A single instance of a Cloud is Amazon EC2, for example.

Cloud service

Cloud application services or "Software as a Service (SaaS)" deliver software as a service over the Internet, eliminating the need to install and run the application on the customer's own computers and simplifying maintenance and support. People tend to use the terms ?SaaS? and ?cloud service? interchangeably, when in fact they are two different things.


"The property that information is not made available or disclosed to unauthorized individuals, entities, or processes" (ISO/IEC 13335-1:2004 taken from BS ISO/IEC 27001:2005 )

Content adaptation

Is the action of transforming content to adapt to device capabilities. Content adaptation is usually related to mobile devices that require special handling because of their limited computational power, small screen size and constrained keyboard functionality.


Schilit et al. (1994) define context as where you are, who you are with, and what resources are nearby. This might suggest that context is more focused on the user?s surrounding as opposed to his/her inner states. A more specific definition is provided by Dey et al(2001). They defined it as any information that can be used to characterize the situation of an entity. An entity is a person, place, or object that is considered relevant to the interaction between a user and an application, including the user and applications themselves.. Some examples of context types according to the actor/entity that is involved are: User context (contexts describing a user?s situation), software context (context describing a software?s situation).
Context is more or less the set of facts or circumstances that surround a situation or event.

Context Acquisition

the process of acquiring context data that describe aspects of a situation. This is usually done through the identification of a corresponding occurring event.

Context awareness

A system is context aware if it uses context to provide relevant information and/or services to the user, where relevancy depends on the user's task. Three important context-awareness behaviours that an application might exhibit can be identified:
? The presentation of information and services to a user
? The automatic execution of a service
? The tagging of context to information for later retrieval.
Ref: Dey & Abowd, David R. Morse & Stephten Armstrong & Anind K. Dey

Context Model

the conceptualization of how context data (within webinos) relate to determining factors such as situations, events and entities

Context Objects

a dedicated objects that holds context data about a corresponding webinos entity

Context of Use

Context of use refers to the "users, tasks, equipment, and the environments where a system is used" - ISO/IEC 13407

Context Sources

Context information can be found in a variety of sources. These can be as follows:
? Features in content items or the items themselves, these can include metadata about the content item
? Index terms
? Structure of a subject area as represented by a classification scheme, thesaurus or ontology
? User searches, user logs (containing queries, click behavior, timings and so on)
? Comments on content items (from individual users, groups, experts etc)
? Sensor information about the environment (location, temperature, time, etc)
? Actuator information such as a remote control mechanism or a switch that records its state when someone has pressed it
? User activities and user generated content over social media platforms

Context structure

Context structure refers to the schema and the organization of the factors characterizing a specific event. This event consists of information decomposed to the primitive substances, that combined together give a consistent body of the structure. In the information technology dialect the event may refer to a specific task, situation or a goal of the system. The corresponding information describing the system is the input mostly coming from various sensors, ontologies, function of task and related data.
The structure is designed to enable effective matching and retrieval of contexts. The user context structure consists of five subcontexts:
? Environment context (it captures the entities that surround the user. These entities may be things, services, temperature, light, humidity, noise and persons)
? Personal context. It consists of two sub contexts: the physiological context (pulse, blood pressure, weight, hair colour etc) and mental context (mood, interests, anger, stress etc)
? Task context. This context describes what people are doing. The task context can be described with explicit goals, tasks, actions, activities, ore events.
? Social context
? Spatio-temporal context. This context aspect describes aspects of the user context relating to the time and spatial location (time, location, direction, speed, shape of buildings etc)


Data that is transferred or presented to establish either a claimed identity or the authorizations of a system entity. [RFC 2828]

Cross-Device Application

A webinos application capable of running on multiple devices, such as a set-top box and smartphone, not necessarily simultaneously.

Delivery Notification Event

An event that indicates the outcome of the delivery of another event, according to the "Delivery notifications" part of the "Messaging" section in the Webinos System Specifications.


A piece of hardware such as a mobile telephone, laptop, PC, home media centre, in-car system, netbook, tablet, game console, or router. The term ?terminal? may be used analogue.

Device Cloud

In the context of webinos, a set of devices grouped by some criteria (proximity, user, complementing features). Synonymous with webinos cloud.

Digital Certificate

A structure that associates an identity with an entity such as a user, a product or an Application Instance where the certificate has an associated asymmetric key pair which can be used to authenticate that the entity does, indeed, possess the Private Key (IEC 62541-2, ed. 1.0 (2010-02))

Digital Identity

A set of claims made by one digital subject about itself or another digital subject." Where a digital subject is "a person or thing represented or existing in the digital realm which is being described or dealt with. -- The Laws of Identity

Digital Signature

The result of a cryptographic transformation of data which, when properly implemented, provides the services of:

Direct Anonymous Attestation (DAA)

A protocol for vouching for an AIK using zero-knowledge-proof technology. []

Domain Name System Security Extensions (DNSSEC)

is a suite of Internet Engineering Task Force (IETF) specifications for securing certain kinds of information provided by the Domain Name System (DNS) [Wikipedia]

Distributed Hash Table (DHT)

A distributed data structure used to perform a look up service similar to a hash table, where a key is mapped to a value. The key is first mapped to a number in a range. Network nodes are responsible for maintaining the mapping from numbers to values for different parts of the range. Distributed Hash Tables form an attractive solution to mapping user identities to the URLs for personal zone hubs, where the search is distributed across the hubs in a federated process.

Electronic Identity

see Digital identity


Any concrete or abstract object of interest, including relations among things (IEC 61360-1, ed. 3.0 (2009-07))


A set of structured data that is meant to be exchanged among two or more addressable entities (e.g., applications, services).

Event dispatcher

Logical unit within the WRT in charge of routing events among local and/or remote addressable entities.


A collection of data, APIs and/or platform-specific code, that is not part of webinos but is meant to be used in conjunction with it and is consistent with webinos APIs (use case: WOS-UC-TA3-004: Embedding Proprietary Extensions).
The terms browser addon and browser extension are generally used for third party modules that are run in a separate security context from web pages, and have elevated privileges. Such extensions are typically implemented as a mix of JavaScript, markup, style sheets and other resources, and have access to browser specific APIs. They are designed to work with a specific browser, e.g. Firefox, but are typically independent of the underlying operating system.


An option or functional capability available to the user.


Geo-Location is an identification of the real-world geographic location of an object, such as a cell phone or an Internet-connected computer terminal. Geo-location may refer to the practice of assessing the location, or to the actual assessed location.

NEW: Group signature

A method for allowing a member of a group to anonymously sign a message on behalf of the group.


An anonymous credential system developed by IBM Research and based upon zero knowledge proofs. Users are issued strong credentials. Idemix can then be used to prove that a credential has certain properties without disclosing anything else about the owner of that credential. This provides effective authentication and good privacy based upon strong credentials.


An act or process that presents an identifier to a system so that the system can recognize a system entity and distinguish it from other entities. [IEC 62351-2, ed. 1.0 (2008-08)]


Informally, identity "is whom someone or what something is, for example, the name by which something is known." -- SANS (Glossary)

A digital identity is "a set of claims made by one digital subject about itself or another digital subject." Where a digital subject is "a person or thing represented or existing in the digital realm which is being described or dealt with". -- The Laws of Identity

Identity Certificate Response Token

Token be an encrypted and encoded identity certificate. It is returned from the Privacy Certificate Authority (A trusted third party that issues platform identities) to the platform.

Identity Certificate Request Token

Token placed in Identity Credential Request element when Requesting a identity certificate.

Identity token

An identity token identifies an entity. For example, it can be a cryptographic key or a certificate. In most cases, additional knowledge is needed to be able to validate the token, and as such to authenticate the entity which identifies by this token. In case of the key, the validating entity needs to know the key. In case of the certificate, the validating entity needs to be able to validate the entire certificate chain.


It is a ?information-based media content or programming that also includes entertainment content in an effort to enhance popularity with audiences and consumers.?

Installable Web Application

A Web Application that is packaged in a way to allow a single download and installation on a user's device. The installed package could contain the complete application, i.e. the html, css and javascript files as well the "manifest" file or the installed package could contain the "manifest" file only. The "manisfest" file contains metadata describing the app. "Installed Web Applications" can for example benefit from digital signing of package and that API access control decisions could be done at installation time. Furthermore there might be marketing/deployment/charging advantages with "Installed Web Applications. Examples of Installable Web Applications are W3C Widgets and Chrome Installable Web Apps (


"The property of safeguarding the accuracy and completeness of assets" (ISO/IEC 13335-1:2004 taken from BS ISO/IEC 27001:2005 )

JavaScript API

An API for Web Applications defined using an Interface Definition Language (IDL). JavaScript APIs could for example be provided as a means for a Web Application to gain access to Device Capabilities. The definition of the API itself concerns the interfaces, methods, properties and other attributes that make up the API.

Local Storage

A memory for recording (storing) information (data) entirely located on a specific device


The part of the webinos runtime responsible for loading and executing applications which may not be running or be in an inactive move.

Manifest file

see Installable Web Apps


"Structured data about data. Increasingly this term refers to any data used to aid the identification, description and location of networked electronic resources." -- SWDB (Glossary)

Mutual authentication

A mechanism whereby two parties can verify each other's identity, e.g. a website can authenticate a user, and the user can authenticate the website. This provides mitigation against spoofed sites, spoofed DNS and spoofed IP addresses.


XML namespaces are used for providing uniquely named elements and attributes in an XML document. An XML instance may contain element or attribute names from more than one XML vocabulary, e.g., the W3C Widget vocabulary and the added webinos specific attributes.


In XMPP Service Discovery mechanism, a node is a specific service/device which is communicable or about which information can be obtained. There are two types of nodes in XMPP: Info Nodes which are directly addressable and Items Nodes which are not addressable directly. Info Nodes are connected over IP and could be directly communicated using its full JID. Item nodes information is retrieved using Info Nodes. Details about the communication part to item nodes is not covered in XMPP standard, only information about fetching information about item nodes is specified.

Optional extension

An extension that, if not available, still allows the application to run, yet with less and/or degraded functionality.

Optional feature

A feature that, if not available, still allows the application to run, yet with less and/or degraded functionality.

Parent application

A parent application is an application that contains child applications within its application package. See: child application.

Personal Service

This is a service that runs as part of the user's personal zone, and may be exposed to others via the personal zone hub, subject to the user's preferences. The user can install new personal services (provided by 3rd parties) in addition to the ones that are provided directly by the webinos platform.

Personal Zone (PZ)

This provides the means for users to manage their personal devices and services. The zone is exposed on each device as a set of local APIs, with a shared model of context that is synchronized across all devices in the zone together with the personal zone hub. The personal zone supports a single sign on mechanism so that users authenticate to a device, the device to the zone, and the zone to applications/services. The zone further supports an overlay networking model that hides the details of addressing and interconnect technologies. This is based upon 3rd party components that enable the zone to scale in the face on a continuing evolution of networking technologies. Note that some devices (e.g. a TV or networked printer) may be shared by several people, and forms part of a shared zone.

Personal Zone Hub (PZH)

The Personal Zone Hub runs on a Web server with a public URL, and provides the means for people to access your devices and services subject to your preferences. It supports setting up logical peer to peer connections across Firewall/NAT boundaries.

Personal Zone Proxy (PZP)

A webinos-enabled device supports the zone apis (see personal zone) that enable it to function as part of the user's personal zone. Other non-webinos devices may be connected through webinos-enabled devices, which act as personal zone proxies.

Personally identifiable information

As used in information security, refers to information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual.


An operating system and software environment running on top of a device, managing the device hardware and providing common services for efficient execution of various application software.

Examples: The most common operating systems used in mobile smart phones include Symbian OS, Android, iOS, RIM Black Berry OS, or Windows Mobile. Popular modern operating systems for personal computers include Microsoft Windows, Mac OS X, and GNU/Linux. MeeGo is a Linux-based open source mobile operating system project, primarily targeted at mobile devices and information appliances in the consumer electronics market.


see Extension


Abstractly, a policy is a rule that defines a choice in the behaviour of a system . Security policies in Webinos are the permissions defined by users of the webinos runtime in order to allow or deny access to a resource or capability by an application or component. For example, a policy may define that Application A may not use the GPS location capabilities on a device.

A "Privacy Policy" or "Privacy Manifest" is a statement given by an application defining how the application will use information about (or belonging to) the user. For example, a privacy policy might assert that user contact details are not passed on to any third parties.

Policy Administration Point (PAP)

Point which manages policies. -- Wikipedia XACML

Policy Decision Point (PDP)

Point which evaluates and issues authorization decisions. -- Wikipedia XACML

Policy Enforcement Point (PEP)

Point which intercepts user's access request to a resource and enforces PDP's decision. -- Wikipedia XACML

Policy Information Point (PIP=

Point which can provide external information to a PDP, such as LDAP attribute information. -- Wikipedia XACML

Policy Manager

A component on the webinos runtime capable of editing and viewing security policies based on interaction with the user.

Policy Synchronization

The process of synchronising policies between webinos devices, to maintain a common set of security policies. This involves making sure every platform has the same set of XACML policy files dictating how applications and users are allowed to use the runtime. Synchronisation primarily occurs between a device's personal zone proxy and the personal zone hub.


The right of individuals to control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.[ISO 7498-2: Security Architecture]


Right or permission expressly granted to a single or specified group of user(s) or device(s) to perform specified actions, in specified roles and associated to established identity [IEC/PAS 62443-3, ed. 1.0 (2008-01)]

Privilege Management

The management of applications on the runtime, stating which ones are given "privileged" status and therefore access to non-public webinos APIs.


The ability of a system to perform a required function under stated conditions for a specified period of time. [RFC 2828]

Remote Data Binding Protocol

The Remote Data Binding Protocol ensures that the tickets are encrypted by a key that is known only to the ticket issuer.

Required feature

A feature that is absolutely needed for an application to run.


Allows a Mobile Operator or device owner to block a specific application or group of applications.


The level of impact on agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system, given the potential impact of a threat and the likelihood of that threat occurring. [NIST SP 800-30]

Risk Analysis

(see also Risk Assessment) Systematic use of available information to identify hazards and to estimate the risk [ISO/IEC Guide 51, Definition 3.10]

Risk Assessment

The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis, and incorporates threat and vulnerability analyses. [NIST SP 800-53]

Role Based Access Control (RBAC)

A form of identity-based access control where the system entities that are identified and controlled are functional positions in an organization or process. [IEC 62351-2, ed. 1.0 (2008-08)]

RPC Request event

An event that contains a JSON-RPC 2.0 request object or request batch, according to the "Delivery notifications" part of the "Messaging" section in the Webinos System Specifications.

RPC Response event

An event that contains a JSON-RPC 2.0 response object or response batch, according to the "Delivery notifications" part of the "Messaging" section in the Webinos System Specifications.


All aspects related to defining, achieving, and maintaining confidentiality, integrity, availability, non-repudiation, accountability, authenticity, and reliability. [ISO/IEC 13335-1]

Security policy

(Comment by Claes/SEMC: The 1 st bullet is ok as it is a general definition not assuming any specific implementation. The 2nd definition assumes a specific solution/implementation and refers only to control of access to device capabilities. I propose that the 2nd bullet is removed)

Security Policy Enforcement

The ability to understand and apply security policies

Security Mechanisms

A process (or a device incorporating such a process) that can be used in a system to implement a security service that is provided by or within the system. Some examples of security mechanisms are authentication exchange, checksum, digital signature, encryption, and traffic padding.[RFC 2828]

Security Model

Security Service

A processing or communication service that is provided by a system to give a specific kind of protection to system resources.[RFC 2828]

Set-top box

Is a device that connects to a television and an external source of signal, turning the signal into content which is then displayed on the television screen or other display device.


A device that measures a physical quantity and converts it into a signal which can be read by an observer or by an instrument. [Wikipedia]. Webinos must provide methods for Web Applications to get access to sensor data.

Sensor network

Sensor network consists of spatially distributed autonomous sensors to cooperatively monitor physical or environmental conditions, such as temperature, sound, vibration, pressure, motion or pollutants.


An addressable logical functional entity that is exposed on a device or a server. The service availability varies over time depending on the device status (on/off), service status (stopped/running/installed/uninstalled) and connection status (connected/disconnected). Examples of services are: an API to get the temperature from a sensor, a web API provided by a Web Server or a remote control API provided by a TV.

Service Discovery

The procedure that provides the means to detect devices and services provided in a Webinos network or devices and services connected via short range bearers. The procedure includes the means:

Short Range Bearer:

Technology used to established a direct peer to peer connection for exchanging data between one or many devices over a short distance such as Bluetooth, ANT+, NFC, Zigbee, Wireless USB, UWB or WiFi Direct.

Single Sign-Off

Single sign-off is the property whereby a single action of signing out terminates access to multiple software systems. [wikipedia -]

Single Sign-On

It is a property of access control of multiple, related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them [wikipedia]


A smartphone is a mobile phone that offers more advanced computing ability and connectivity than a contemporary basic feature phone. Smartphones and feature phones may be thought of as handheld computers integrated within a mobile telephone, but while most feature phones are able to run applications based on platforms such as Java ME, a smartphone allows the user to install and run more advanced applications based on a specific platform. Smartphones run complete operating system software providing a platform for application developers.
[Source: Wikipedia.]

Social community site

A web site that focuses on building and reflecting of social networks or social relations among people, e.g., who share interests and/or activities. A social network service essentially consists of a representation of each user (often a profile), his/her social links, and a variety of additional services.

Social Context

The term has sociological origins and refers to both people and organizations that endue a person. Social Context is the aggregation of social circles where somebody lives, interacts with others and develops his activities, beliefs and social intelligence. A person?s social context includes both the personal social context (his friends and the communities he belongs to) and his community social context (their role and identity in different communities).
In other words, social context describes the social aspects of the current user context. It can contain information about friends, neighbours, co-workers, relatives, and their presence. One important aspect in a social context is the role that the user plays in the context. A role can for instance be described with a name, the user?s status in this role.
From a technological aspect, it is a mathematical graph-instance of the real social context of a user. After the development of the social web, the term has gained great exposure, and refers to data that state ? explicitly or implicitly ? the connection among users. These connections may have the following elements:
? The friends and family (relationships) ? the augmented or live address book
? Social information, such as events, groups, calendars, locations
? Social Objects that connect users, such as photos, videos, comments, likes
? Social activities ? find friends/family, invite, share content, tag users, rate
This information can be used to construct a set of egocentric social networks in which a user is at the center of a set of relationships with others, who may also have ties to one another.
Ref: Leveraging Social Context for Searching Social Media, Marc Smith, Vladimir Barash, Lise Getoor, Hady W. Lauw

Social Graph

The collections of social connections that someone maintains in an online social platform (or in any platform that supports the creation of explicit or implicit connections among users)

Social media

Social media are media for social interaction, using highly accessible and scalable publishing techniques. Social media uses web-based technologies to turn communication into interactive dialogues.

Social Proximity

Social Proximity is the phenomenon of overlapping for different people?s social circles. That helps them to reinforce the deep bonds of trust that facilitate exchange of tacit knowledge, and thus to develop more powerful connection among them. Social proximity is actually a very schematic and physical indicator. It means a person is in touch with others.


A node can have sub-hierarchy of nodes underneath it. A node under a node is referred as sub-node.


Any circumstance or event with the potential to adversely impact agency operations (including mission, functions, image, or reputation), agency assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. [NIST SP 800-53]


The direct digital-to-digital conversion of one encoding to another.

Trusted Application

An application which has been assigned a specific level of trust, which can be based upon a variety of application attributes and installation context attributes, as defined by a security policy. [Source: WAC]

Trusted Entity

Entity which is assumed to appropriately enforce security policies. Because of this assumption, the entity may cause other security policies to be obviated.
For example: A trusted authorisation entity declares a user to be authorised for control thereby challenges authentication procedures, that would normally be applied, are not invoked. [IEC 62210, ed. 1.0 (2003-05)]


"Unlinkability requires that users and/or subjects are unable to determine whether the same user caused certain specific operations." (BS ISO/IEC 15408-2:2008)


An application is considered as ?unrecognised? if it does not carry a signature belonging to a defined and recognised identity.

Untrusted Application

An application is considered untrusted if it has not been assigned any specific level of trust, and is thus assigned to a default level of trust. [Source: WAC]

User profile

It is a collection of personal data associated to a specific user. A profile refers therefore to the explicit digital representation of a person's identity. A user profile can also be considered as the computer representation of a user model.


A flaw or weakness in a system?s design, implementation, or operation and management that could be exploited to violate the system?s integrity or security policy. [RFC 2828]


The Wholesale Applications Community (WAC) is an open global alliance formed from the world?s leading telecoms operators. It has been established to increase the overall market for mobile applications. It strives to unite a fragmented applications marketplace by providing common developer tools, a revenue share model across the entire ecosystem and common network and terminal APIs. For more information, see

For further information related to the latest WAC Waikiki Beta Releases, see also

Web Analytics

The Official WAA:"" Definition of Web Analytics: "Web Analytics is the measurement, collection, analysis and reporting of internet data for purposes of understanding and optimizing web usage".

Web Application

The term used generically to refer to an application authored in Web formats, including HTML, JavaScript, CSS and various media formats. [Source: WAC]

Web Browser

A terminal application which provides a Web Runtime Environment supporting Websites. [Source: WAC]


Webinos is the system we are developing to deliver the "one application for all devices" vision. It includes:

Webinos API

An API that exposes access to some internal functionality of a piece of software for use by Webinos developers, to get access to specific information, to trigger special behavior, or to perform some other action. The Webinos APIs are typically client-side script APIs, for use in Webinos browsers and similar Webinos user agents (as opposed to server-side APIs, for example).
[Inspired by W3C Web APPs WG's definition of API]

Webinos application

An application written using webinos technologies that will run on a device, across a range of devices reflecting the domains mobile, stationary devices, automotive or home media and/or server. The application will be able to securely and consistently access device specific features, communicate over the cloud and adjust to the device and context specific situation.

Webinos Component

A term to indicate any component augmented with webinos-based intelligence that interact with or manage a Webinos Network (i.e. Webinos Agent, Webinos Device, Webinos Runtime)

Webinos Consortia

The webinos project has been defined by a strong consortium of 22 founding partners from nine countries. These companies are academic and industrial with a cross-domain focus; they include mobile phone manufacturers, telecommunication operators, automotive company, research and analytics firm, a communication company and a range of well-known research facilities. It is the intention to engage further companies in the definition and adoption of webinos ? as such the current webinos project members reach out to external companies via a range of communication tools (website, conferences, etc.)

Webinos project

The webinos project refers to the commitment of the 22 webinos founding members to collaborate, define and deliver webinos within the three year time period following the official kick-off in September 2010.

Web technology

Commonly associated with web applications that facilitate interactive systemic biases, interoperability, user-centered design, and developing the World Wide Web.


A remotely hosted collection of resources authored in Web formats (including HTML, JavaScript, CSS and various media formats) and served by a web server so as to be viewable in a Browser. [Source: WAC]


An interactive application for displaying and/or updating local data or data on the Web, packaged in a way to allow a single download and installation on a user's machine or mobile device. [Source: WAC]

Web Runtime Environment (WRT)

A WRT is considered as terminal software which supports the execution of web applications.

Zero Knowledge Proof

An interactive method for one party to prove to another that a give statement is true without revealing anything else. This can be used for privacy friendly authentication where one party proves to another certain properties, such as membership of a named group, or an age range, without disclosing their identity or actual age. See Idemix for a library implementing zero knowledge proofs.


Acronym Definition
ACL Access Control List
API Application Programming Interface
CA Certification Authority
DAC Device API and Policy (W3C)
DLNA Digital Living Network Alliance
DNS Domain Name Service
IETF Internet Engineering Task Force
IDL Interface Definiton Language
JID Jabber ID
IRI ???
LTE Long Term Evolution?
MNO mobile Network Operator
mDNS multicast DNS?
NAS Network Attached Storage
NPAPI Netscape Plugin API
OEM Original Equipment Manufacturer
PAP Policy Administration Point
PDP Policy Decision Point
PEP Policy Enforcement Point
PII Personally Identifiable Information
PIP Policy Information Point
POS Point of Sale
PWN Personal Webinos Network
WAA Web Analytics Association
WAC The Wholesale Applications Community
WRT Web Runtime Environment
RBAC Role-Based Access Control
SSO Single Sign-On
TLS Transport Layer Security
TTS Text to speech
UPnP Universal Plug and Play
URI Uniform Resource Identifier
URL Uniform Resource Locator
URN Uniform Resource Name
VoD Video-on-demand
XMPP Extensible Messaging and Presence Protocol


Source Citation and Link
WAC WAC Waikiki Beta Release Core Specification - Definitions
BS ISO/IEC 15408-2:2008 Evaluation criteria for IT security (British Standards Online)
BS ISO/IEC 27001:2005 Information security management systems (British Standards Online)
BS EN ISO 13407:1999 Human-centred design processes for interactive systems (British Standards Online)
SWDB Statewide Database - the Redistricting Database for the State of California
SANS SANS Glossary of Security Terms
FOLDOC The Free Online Dictionary of Computing (Editor - Denis Howe)
The Laws of Identity The Laws of Identity by Kim Cameron, 5/12/2005
PH10TERMINOLOGY Andreas Pfitzmann and Marit Hansen. A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management v0.34, 10 Aug 2010. url:
RFC 2828 Internet Security Glossary, May 2000, url:
NIST SP 800-53 NIST Special Pubblication 800-53 - Recommended Security Controls for Federal Information Systems and Organizations - Rev. 3, Aug 2009, url:
STORK Glossary and Acronyms FP7 Project STORK (Secure Identity Across Borders Linked), Glossary and Acronyms, 10 Jul. 2009, url:

Outstanding Definitions

The following words and phrases have been drawn from the top 20 stories and may need definitions or examples. Please complete an entry and add it to the section above.

Creating applications for webinos

Converging applications within and across devices

Smart Device Integration

Manageable privacy policies across the application lifecycle

Multiple Device Gaming

Context Sensitive Triggering

Input method dictionary sharing across devices and platforms

Share GPS Receiver Across Devices

Geo-location data

Sharing Music within a Community Social Context

Social Event Sharing

Seamless Navigation

Cross Domain App Store

Content Sharing service