The Component Framework Area, as illustrated in Figure 10, defines the underlying foundation and technical elements by which Service Components are built, integrated and deployed across Component-Based and Distributed Architectures. The Component Framework consists of the design of application or system software that incorporates interfaces for interacting with other programs and for future flexibility and expandability. This includes, but is not limited to, modules that are designed to interoperate with each other at runtime. Components can be large or small, written by different programmers using different development environments and may be platform independent. Components can be executed on stand-alone machines, a LAN, Intranet or on the Internet.
The Component Framework Service Categories, Standards, and Specifications are defined below:
3.1 Security
Security defines the methods of protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality and availability. Biometrics, two-factor identification, encryption, and technologies based on the NIST FIPS-140 standards are evolving areas of focus. http://csrc.nist.gov/cryptval/
3.1.1 Certificates / Digital Signature - Software used by a certification authority (CA) to issue digital certificates and secure access to information. The evolution of Public Key Infrastructure (PKI) is based on the verification and authentication of the parties involved in information exchange.
3.1.1.1 Digital Certificate Authentication - Authentication implementation for controlling access to network and internet resources through managing user identification. An electronic document, digital certificate, is issued and used to prove identity and public key ownership over the network or internet.
3.1.1.2 FIPS 186 (Digital Signature Standard (DSS) also Draft ANSI X9.30-199x Part 1; and 3.1.1.3 ISO/IEC JTC1/SC27/WG2, Project 1.27.08 Digital Signature with Appendix) - The DSS standard specifies a digital signature algorithm (DSA) appropriate for applications requiring a digital, rather than written, signature. The DSA authenticates the integrity of the signed data and the identity of the signatory. The DSA may also be used to prove that data was actually signed by the generator of the signature.
http://www.dice.ucl.ac.be/crypto/standards.html
3.1.1.4 SSL (Secure Sockets Layer) - An open, non-proprietary protocol for securing data communications across computer networks. SSL is sandwiched between the application protocol (such as HTTP, Telnet, FTP, and NNTP) and the connection protocol (such as TCP/IP, UDP). SSL provides server authentication, message integrity, data encryption, and optional client authentication for TCP/IP connections. http://www.webopedia.com/TERM/S/SSL.html
3.1.2 Supporting Security Services - These consist of the different protocols and components to be used in addition to certificates and digital signatures.
3.1.2.1 S/MIME (Secure Multipurpose Internet Mail Extensions) - Provides a consistent way to send and receive secure MIME data. Based on the Internet MIME standard, S/MIME provides cryptographic security services for electronic messaging applications: authentication, message integrity and non-repudiation of origin (using digital signatures) and data confidentiality (using encryption). S/MIME is not restricted to mail; it can be used with any transport mechanism that transports MIME data, such as HTTP.http://www.ietf.org/html.charters/smime-charter.html
3.1.2.2 TLS (Transport Layer Security) - Standard for the next generation SSL. TLS provides communications privacy over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. http://www.ietf.org/html.charters/tls-charter.html
3.1.2.3 WS-Security (Web Services Security) - Describes enhancements to SOAP messaging to provide message integrity, message confidentiality, and single message authentication. These mechanisms can be used to accommodate a wide variety of security models and encryption technologies including X.509, Kerberos, and SAML.
http://www.oasis-open.org/committees/wss/
http://www-106.ibm.com/developerworks/library/ws-secure/
3.1.2.4 SAML (Security Assertion Markup Language) - An XML-based framework for exchanging security information expressed in the form of assertions about subjects, where a subject is an entity (either human or computer) that has an identity in some security domain. SAML is expected to play a key role in the Federal-wide EAuthentication initiative, and is supported by both the Liberty Alliance and WSSecurity.
http://www.oasis-open.org/committees/security/
http://xml.coverpages.org/saml.html
3.1.2.5 SKIP (Simple Key Management Protocol) - A protocol developed by Sun Microsystems to handle key management across IP networks and VPNs. http://www.networksorcery.com/enp/rfc/rfc2356.txt
3.1.2.6 SSH (Secure Shell) - A strong method of performing client authentication. Because it supports authentication, compression, confidentiality and integrity, SSH is used frequently on the Internet. SSH has two important components, RSA certificate exchange for authentication and Triple DES for session encryption.
http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-13.txt
http://www.ietf.org/internet-drafts/draft-ietf-secsh-auth-kbdinteract-05.txt
3.2 Presentation / Interface
This defines the connection between the user and the software, consisting of the presentation that is physically represented on the screen.
3.2.1 Static Display - Static Display consists of the software protocols that are used to create a pre-defined, unchanging graphical interface between the user and the software.
3.2.1.1 HTML (Hyper Text Markup Language) - The language used to create Web documents and a subset of Standard Generalized Markup Language (SGML). http://www.w3.org/MarkUp/
3.2.2 Dynamic / Server-Side Display - This consists of the software that is used to create graphical user interfaces with the ability to change while the program is running.
3.2.2.1 JSP (Java Server Pages) - JSP is part of Sun's J2EE architecture and provide template capabilities for presenting dynamically generated Web content. JSPs are text files written in a combination of standard HTML tags, JSP tags, and Java code. http://java.sun.com/products/jsp/
3.2.2.2 ASP (Active Server Pages) - A Web server technology from Microsoft that allows for the creation of dynamic, interactive sessions with the user.
http://msdn.microsoft.com/library/default.asp?url=/nhp/Default.asp?contentid=28000522
3.2.2.3 ASP.Net (Active Server Pages .Net) - ASP.NET is a set of technologies in the Microsoft .NET Framework for building Web applications and XML Web Services. ASP.NET pages execute on the server and generate markup such as HTML, WML or XML that is sent to a desktop or mobile browser.
http://msdn.microsoft.com/library/default.asp?url=/nhp/Default.asp?contentid=28000440
3.2.3 Content Rendering - This defines the software and protocols used for transforming data for presentation in a graphical user interface.
3.2.3.1 DHTML (Dynamic HTML) - A collective term for a combination of new Hypertext Markup Language (HTML) tags and options, style sheets, and programming that will allow Web pages that are more animated and more responsive to user interaction than previous versions of HTML.
http://msdn.microsoft.com/library/default.asp?url=/nhp/Default.asp?contentid=28000522
3.2.3.2 XHTML (eXtensible HTML (emerging)) - The W3C's recommendation for the next generation of HTML leveraging XML http://www.w3.org/TR/2001/REC-xhtml11-20010531/
3.2.3.3 Cascading Style Sheets (CSS) - A style sheet format for HTML documents endorsed by the World Wide Web Consortium. CSS1 (Version 1.0) provides hundreds of layout settings that can be applied to all the subsequent HTML pages that are downloaded. http://www.wdvl.com/Authoring/Style/Sheets/
3.2.4 Wireless / Mobile / Voice - Consists of the software and protocols used for wireless and voice-enabled presentation devices.
3.2.4.1 WML (Wireless Markup Language) - An XML-based protocol designed for Wireless devices.
http://www.oasis-open.org/cover/wap-wml.html
3.2.4.2 XHTMLMP (XHTML Mobile Profile (emerging)) - XHTMLMP is designed for resource-constrained Web clients that do not support the full set of XHTML features, such as mobile phones, PDAs, pagers and set-top boxes. It extends XHTML Basic with modules, elements and attributes to provide a richer authoring language. XHTML replaces the Wireless Markup Language (WML). http://www.wapforum.org/what/technical.htm
3.2.4.3 VXML (Voice XML (emerging)) - VXML is an XML vocabulary for specifying IVR(Integrated Voice Response) Systems
http://www.w3c.org/Voice/
http://www.voicexml.org/
您对本站有任何意见或建议,请直接与管理员联系
Copyright© 1998-2008 ITCore版权所有. All
rights reserved.