GIST v0.7 ― W
“W3” to “WWW”

W

- W3 n. 

See: World Wide Web.

- WAP n. 

See: wireless application protocol.

- war dialer n. 

RFC 2828 (2000)

(I) A computer program that automatically dials a series of telephone numbers to find lines connected to computer systems, and catalogs those numbers so that a cracker can try to break into the systems.

- warez n. 

NIST IR 7298 (2006)

SP 800-46

A term widely used by hackers to denote illegally copied and distributed commercial software from which all copy protection has been removed. Warez often contains viruses, Trojans and other malicious code and thus is very risky to download and use (legal issues notwithstanding).

- warm site n. 

NIST IR 7298 (2006)

SP 800-34

An environmentally conditioned workspace that is partially equipped with IT and telecommunications equipment to support relocated IT operations in the event of a significant disruption.

- Wassenaar Arrangement n. 

RFC 2828 (2000)

(N) The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies is a global, multilateral agreement approved by 33 countries in July 1996 to contribute to regional and international security and stability, by promoting information exchange concerning, and greater responsibility in, transfers of arms and dual-use items, thus preventing destabilizing accumulations. (See: International Traffic in Arms Regulations.)

(C) The Arrangement began operations in September 1996. The participating countries are Argentina, Australia, Austria, Belgium, Bulgaria, Canada, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan, Luxembourg, Netherlands, New Zealand, Norway, Poland, Portugal, Republic of Korea, Romania, Russian Federation, Slovak Republic, Spain, Sweden, Switzerland, Turkey, Ukraine, United Kingdom, and United States. Participants meet on a regular basis in Vienna, where the Arrangement has its headquarters. Participating countries seek through their national policies to ensure that transfers do not contribute to the development or enhancement of military capabilities that undermine the goals of the arrangement, and are not diverted to support such capabilities. The countries maintain effective export controls for items on the agreed lists, which are reviewed periodically to account for technological developments and experience gained. Through transparency and exchange of views and information, suppliers of arms and dual-use items can develop common understandings of the risks associated with their transfer and assess the scope for coordinating national control policies to combat these risks. Members provide semi-annual notification of arms transfers, covering seven categories derived from the UN Register of Conventional Arms. Members also report transfers or denials of transfers of certain controlled dual-use items. However, the decision to transfer or deny transfer of any item is the sole responsibility of each participating country. All measures undertaken with respect to the arrangement are in accordance with national legislation and policies and are implemented on the basis of national discretion.

- WAS-XML n. 

See: Web Application Security XML.

- watermarking n. 

See: digital watermarking.

- wavelet transform/scalar quantisation (WSQ) n.  

iAfB-ICSA 1999

A compression algorithm used to reduce the size of reference templates.

- weak bit n.  

ISO/IEC 2382-8:1998

A bit intentionally written on a disk with a weak magnetic field strength that may be interpreted as zero or one and that is written as part of a method of copy protection.

- weak template n.  

BEM 2002

A template created from a noisy, poor quality, highly varying or null image [biometric sample], which typically has a higher FAR than other templates.

- web n. & adj.  

Compare with Web.

RFC 2828 (2000)

(C) ISDs SHOULD NOT capitalize web when using the term (usually as an adjective) to refer generically to technology – such as web browsers, web servers, HTTP, and HTML – that is used in the Web or similar networks.

- Web n. & adj.  

Compare with web.

RFC 2828 (2000)

(I) ISDs SHOULD capitalize Web when using the term (as either a noun or an adjective) to refer specifically to the World Wide Web. (Similarly, see: internet, Internet.)

(C) IETF documents SHOULD spell out World Wide Web fully at the first instance of usage and SHOULD use Web and web especially carefully where confusion with the PGP web of trust is possible.

- web access management (WAM) n.

SCA ISCTAG (2007)

Systems that replace the sign-on process on various web applications, typically using a plug-in on a front- end web server. The systems authenticate users once, and maintain that user’s authentication state even as the user navigates between applications. These systems normally also define user groups and attach users to privileges on the managed systems. These systems provide effective access management and single sign-on to web applications. They do not, in general, support effective (or any) management of “legacy” systems such as network operating systems, mainframes, client/server applications, and e-mail systems.

- Web Application Security XML (WAS-XML) n.  

An XML schema to describe web security conditions that can be used by both assessment and protection tools.

This is one of the deliverables of the OASIS Web Application Security (WAS) Technical Committee (TC), formed to produce a classification scheme for web security vulnerabilities; a model to provide guidance for initial threat, impact and therefore risk ratings; and this XML schema.

The WAS TC will leverage and extend the work of the OWASP VulnXML project and liaise with the OASIS AVDL TC. There is a clear distinction between the description of the data and the subsequent inter-technology communication of it; the WAS TC will focus on the data portion of this problem and anticipates that AVDL will consume WAS data.

See: OASIS Web Application Security TC 

- web bug n. 

NIST IR 7298 (2006)

SP 800-46

Tiny images, invisible to a user, placed on web sites in such a way that they allow third parties to track use of web servers and collect information about the user, including IP address, host name, browser type and version, operating system name and version, and web browser cookie.

- web of trust n. 

RFC 2828 (2000)

(O) PGP usage: A trust-file PKI technique used in PGP for building a file of validated public keys by making personal judgments about being able to trust certain people to be holding properly certified keys of other people. (See: certification hierarchy, mesh PKI.)

- web server n. 

RFC 2828 (2000)

(I) A software process that runs on a host computer connected to the Internet to respond to HTTP requests for documents from client web browsers.

- web service, Web service n. 

“The term ‘Web service’ is broadly applicable to a wide variety of network based application topologies. In WS-Security usage, it describes application components whose functionality and interfaces are exposed to potential users through the application of existing and emerging Web technology standards including XML, SOAP, WSDL, and HTTP. In contrast to Web sites, browser-based interactions or platform-dependent technologies, Web services are services offered computer-to-computer, via defined formats and protocols, in a platform-independent and language-neutral manner.” [Security in a Web Services World: A Proposed Architecture and Roadmap]

- Web Services Federation Language (WS-Federation) n. 

“This specification defines mechanisms that are used to enable identity, account, attribute, authentication, and authorization federation across different trust realms.

“Modular Architecture: By using the XML, SOAP and WSDL extensibility models, the WS* specifications are designed to be composed with each other to provide a rich Web services environment. WS-Federation by itself does not provide a complete security solution for Web services. WS-Federation is a building block that is used in conjunction with other Web service and application-specific protocols to accommodate a wide variety of security models.”

[Web Services Federation Language (WS-Federation)]

- Web Services Security (WS-Security, WSS) n. 

1. WS-Security

“WS-Security describes enhancements to SOAP messaging to provide quality of protection through message integrity, message confidentiality, and single message authentication. These mechanisms can be used to accommodate a wide variety of security models and encryption technologies.

“WS-Security also provides a general-purpose mechanism for associating security tokens with messages. No specific type of security token is required by WS-Security. It is designed to be extensible (e.g. support multiple security token formats). For example, a client might provide proof of identity and proof that they have a particular business certification.

“Additionally, WS-Security describes how to encode binary security tokens. Specifically, the specification describes how to encode X.509 certificates and Kerberos tickets as well as how to include opaque encrypted keys. It also includes extensibility mechanisms that can be used to further describe the characteristics of the credentials that are included with a message.”

[Web Services Security (WS-Security)]

2. WSS

An OASIS Technical Committee (TC), the Web Services Security (WSS) TC was formed to continue work on the Web Services security foundations described in the WS-Security specification [1], which was written within the context of the Web Services Security Roadmap as published in April 2002 [2].

See: OASIS WSS TC 

- WEP n. 

See: wired equivalent privacy.

- wide track n. 

ISO/IEC 2382-8:1998

wide track

A set of two or more adjacent tracks on a disk onto which the same data are written, as part of a method of copy protection.

- Wiegand strip n.

SCA ISCTAG (2007)

Technology widely used for physical access applications. The technology includes an interface, a signal, a 26-bit format, an electromagnetic effect, and a card technology. A Wiegand strip is the implementation of Wiegand technology on an ID credential.

- wired equivalent privacy (WEP) n. 

NIST IR 7298 (2006)

SP 800-46

Wired Equivalent Privacy, a security protocol for wireless local area networks (WLANs) defined in the 802.11b standard. WEP was intended to provide the same level of security as that of a wired LAN.

- wired logic n.

SCA ISCTAG (2007)

A contactless card that has an electronic circuit that is designed for a specific function (e.g., security, authentication) without an embedded MCU.

The term describes the logic embedded in the electronic circuit rather than the card itself!

- wireless application protocol (WAP) n. 

NIST IR 7298 (2006)

SP 800-48

A standard for providing cellular telephones, pagers, and other handheld devices with secure access to e-mail and text-based Web pages

- wiretapping n. 

ISO/IEC 2382-8:1998

Surreptitious access to a some part of a data circuit to obtain, modify, or insert data.

• active wiretapping: Wiretapping with the purpose to modify or insert data.
• passive wiretapping: Wiretapping limited to obtaining data.

RFC 2828 (2000)

(I) An attack that intercepts and accesses data and other information contained in a flow in a communication system.

(C) Although the term originally referred to making a mechanical connection to an electrical conductor that links two nodes, it is now used to refer to reading information from any sort of medium used for a link or even directly from a node, such as gateway or subnetwork switch.

(C) active wiretapping attempts to alter the data or otherwise affect the flow; passive wiretapping only attempts to observe the flow and gain knowledge of information it contains. (See: active attack, end-to-end encryption, passive attack.)

- witness n.

SC 27 SD 6 (2002)

ISO/IEC 9798-5: 1999

Data item which provides evidence of the claimant’s identity to the verifier.

ISO/IEC 9796-3: 2000

A data item which provides evidence to the verifier. Note: In the context of this part of ISO/IEC 9796 the witness is based on a hash-token.

ISO/IEC 14888-1: 1998

A data item which provides evidence to the verifier.

- word n.

SC 27 SD 6 (2002)

ISO/IEC CD 10118-3 (11/2001)

A string of 32 bits in dedicated hash-funcitons 1, 2, 3 and 4, or a string of 64 bits in dedicated hash-functions 5 and 6.

ISO/IEC FDIS 9797-2 (09/2000)

String of 32 bits.

- work factor n. 

RFC 2828 (2000)

(I) general security usage: The estimated amount of effort or time that can be expected to be expended by a potential intruder to penetrate a system, or defeat a particular countermeasure, when using specified amounts of expertise and resources.

(I) cryptography usage: The estimated amount of computing time and power needed to break a cryptographic system.

- work product n.

SC 27 SD 6 (2002)

ISO/IEC WD 15443-1 (11/2001)

All items (i.e. documents, reports, files, data, etc.) generated in the course of performing any process for developing and supplying the deliverable.

- World Wide Web (the Web, WWW, W3) n. 

RFC 2828 (2000)

(N) The global, hypermedia-based collection of information and services that is available on Internet servers and is accessed by browsers using Hypertext Transfer Protocol and other information retrieval mechanisms. (See: web, Web, [R2084].)

- worm n. 

ISO/IEC 2382-8:1998

worm

A self-contained program that can propagate itself through data processing systems or computer networks. Note: Worms are often designed to use up available resources such as storage space or processing time.

RFC 2828 (2000)

(I) A computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively. (See: Morris Worm, virus.)

NIST IR 7298 (2006)

SP 800-61

A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.

- wrap n. 

RFC 2828 (2000)

(O) To use cryptography to provide data confidentiality service for a data object. (See: encrypt, seal.)

(D) ISDs SHOULD NOT use this term with this definition because it duplicates the meaning of other, standard terms. Instead, use encrypt or use a term that is specific with regard to the mechanism used.

- write access n. 

See: (secondary definition under) access mode.

- write-blocker n. 

NIST IR 7298 (2006)

SP 800-72

A device that allows investigators to examine media while preventing data writes from occurring on the subject media.

- WS-Federation n. 

See: Web Services Federation Language.

- WSQ n. 

See: wavelet transform/scalar quantisation.

- WS-Security n. 

See: Web Services Security (1).

- WSS n. 

See: Web Services Security (2).

- WWW n. 

See: World Wide Web.