Back to newsletter listDate:
Fri, March 14, 2008 10:07:36 AMFrom:
Robin Cover
Subject:
XML Daily Newslink. Friday, 14 March 2008
XML Daily Newslink. Friday, 14 March 2008
A Cover Pages Publication http://xml.coverpages.org/
Provided by OASIS http://www.oasis-open.org
Edited by Robin Cover
====================================================
This issue of XML Daily Newslink is sponsored by
Primeton http://www.primeton.com
====================================================
HEADLINES:
* Open Geospatial Consortium (OGC) and OASIS Collaborate on Standards
* W3C Workshop: Mobile Technologies and Fostering Social Development
* Blueprint for Successful SOA Integration
* Grid Computing: Classification of Emerging and Traditional Grid Systems
* Intalio and Alfresco Integrate BPM Suite with ECM
* IBM Moves on Secure Mashups: SMash Contributed to OpenAjax Alliance
* SMash: Secure Component Model for Cross-Domain Mashups on Unmodified
Browsers
* Microsoft Releasing OOXML SDK
----------------------------------------------------------------------
Open Geospatial Consortium (OGC) and OASIS Collaborate on Standards
Staff, (Joint) OGC/OASIS Announcement
Progress on ongoing collaborative efforts was announced today by two
international standards consortia, the Open Geospatial Consortium, Inc.
(OGC) and OASIS (the Organization for the Advancement of Structured
Information Standards). The groups have fostered an active commitment
to cooperation since signing a Memorandum of Agreement in 2006. The
two groups cite collaborative contributions and adoption of standards
for web services, emergency management, e-business, and security. The
groups point to Web services as a key area of their cooperation. With
the existing OGC Web Services (OWS) standards, most of the standards
needed to publish, discover and use Web-resident geospatial data and
services on the Web are in place. However, OWS must work in concert
with other Web services standards. That's why OGC members approved the
ebRIM (electronic business Registry Information Model) OASIS Standard
as the preferred cataloging meta-model foundation for future application
profiles of the OpenGIS Catalog Service Web (CS-W) Standard. In the
security space, the recently approved OGC GeoXACML standard represents
a spatial extension of the XACML (Extensible Access Control Markup
Language) OASIS Standard. GeoXACML was developed in close collaboration
with the OASIS XACML Technical Committee. OGC also plays an active
role in the OASIS Emergency Management Technical Committee, which
works to advance the fields of incident and emergency preparedness
and response. This committee developed the Common Alerting Protocol
(CAP) and Emergency Data Exchange Language (EDXL) OASIS Standards.
OGC members helped define a GML application very similar to GeoRSS GML
for use in CAP and EDXL, as well as in other specifications under
development including the Extensible Address Language (xAL), and
Hospital Availability Exchange (HAVE). The OGC's Sensor Web Enablement
(SWE) standards reference CAP and other relevant OASIS alerting
standards including the OASIS Web Services Notification (WS-N) and
Asynchronous Service Access Protocol (ASAP) specifications. The OGC
works with OASIS to harmonize these standards with the SWE
specifications.
http://xml.coverpages.org/OGC-OASIS-Standards.html
----------------------------------------------------------------------
W3C Workshop: Mobile Technologies and Fostering Social Development
Staff, W3C Announcement
W3C has announced a "Workshop on the Role of Mobile Technologies in
Fostering Social Development," to be held in Sao Paulo, Brazil, on
2-3 June 2008. The goal of the Workshop is to identify the challenges
of providing e-services on mobile phones to people in developing
economies. A specific topic in the scope of this workshop is about
eGovernment, or identifying the specific challenges of delivering
eGovermental services to underprivileged citizens, and the opportunities
and challenges of mobile phones in this context. The emergence of new
Information and Communication Technologies (ICT), the Web and Internet
in particular, in late 80s, has changed the World, offering a new
paradigm in communication, exchange and commerce. However, while the
new Information Society is still developing today, a new gap has also
appeared with those without regular, effective access and ability to
use these digital technologies. This is known as the Digital Divide,
which is particularly affecting developing countries. On another hand,
ICTs are also a great opportunity for the developing world. Providing
minimal services (health, education, business, government, etc.) to
rural communities and under-privileged populations is of major
importance to improve people lives, and to sustain development. Using
ICTs would be the easiest and possibly only way to develop and deploy
those services. It is therefore critical to work towards bridging this
Digital Divide. In this context, the recent explosion of mobile
telephony in the developing world is a great opportunity. At the end
of 2007, according to the GSMA and ITU, the total number of people
having accessing to a mobile phone was around 2.7 billions, and 80%
of the world population was currently covered by a GSM network. These
numbers illustrate the potential of the mobile platform to be the right
solution to deploy services now, compared to other options. W3C intends
for this public Workshop to be a multidisciplinary forum where mobile
and Web technology experts, NGO specialists, and egovernment
representatives gather to learn more about the specific needs,
expectations, and challenges of deploying services for underprivileged
populations. Information about participating in the Workshop is
available on the Workshop home page. W3C thanks NIC.br (Network
Information Center), CGI.br Internet Steering Committee, and Institute
CONIP for hosting this Workshop. The Workshop is organized with the
financial support of the European Union's 7th Research Framework
Programme (FP7) under the Digital World Forum project.
http://xml.coverpages.org/MobileTechnologies-SocialDev.html
See also the W3C white paper: http://www.w3.org/2006/12/digital_divide/ajc.pdf
----------------------------------------------------------------------
Blueprint for Successful SOA Integration
Dain Hansen, BEA Arch2Arch
SOA Integration has recently emerged as the de facto standard for
successful IT integration; it leverages the benefits of Service
Oriented Architecture (SOA) to solve one of the most fundamental
challenges IT is facing today. Some architects mistake SOA
Integration for the inclusion of an enterprise service bus or BPEL
along with some adapters. There's more to it. This article will
discuss how SOA Integration can be defined, what it solves, what
to look for, and some points to think about for your IT organization.
It also points out some of the most common mistakes, such as the
Accidental Integration Architecture pattern. SOA Integration is
meant to address the gaps exist in your IT. These gaps -- which are
between people, processes, and applications -- can take a toll on
the effectiveness of your business. If you are good at your job,
this is probably nothing new for you; you face it each and every day.
Companies like yours have spent vast IT budgets attempting to plug
these gaps. SOA Integration behaves as a completely integrated
solution. Components for service integration, process integration,
service orchestration, data services, connectivity, and unified
tooling, each work together to provide the necessary integration
patterns needed for abstracting multiple integration scenarios...
The combination of SOA Governance, BPM, and Composite Services adds
up to state-of-the art capabilities for integrating any type of
service, data, message, or event. Adopting a holistic approach to
SOA Governance, Management and Security will provide essential
visibility and control, and allow business processes to be tied into
integration services. Those services can then be shared with teams
across the enterprise.
http://dev2dev.bea.com/pub/a/2008/03/blueprint-soa-integration.html
See also the BEA SOA Center: http://dev2dev.bea.com/soa/
----------------------------------------------------------------------
Grid Computing: Classification of Emerging and Traditional Grid Systems
Heba Kurdi, Maozhen Li (et al), IEEE DS Online
Emerging grids could help bridge the gap between grid technologies and
users. The classification of grid systems aims to motivate research and
help establish a foundation in this developing field. The grid started
in the early '90s as a model of metacomputing in which supercomputers
share resources; subsequently, researchers added the ability to share
data. This is usually referred to as the first-generation grid. By the
late '90s, researchers had outlined the framework for second-generation
grids, characterized by their use of grid middleware systems to 'glue'
different grid technologies together. Third-generation grids originated
in the early millennium when Web technology was combined with
second-generation grids. As a result, the invisible grid,2 in which grid
complexity is fully hidden through resource virtualization, started
receiving attention. Subsequently, grid researchers identified the
requirement for semantically rich knowledge grids,2 in which middleware
technologies are more intelligent and autonomic. Recently, the necessity
for grids to support and extend the ambient intelligence vision has
emerged. In AmI, humans are surrounded by computing technologies that
are unobtrusively embedded in their surroundings However, third-generation
grids' current architecture doesn't meet the requirements of
next-generation grids (NGG) and service-oriented knowledge utility (SOKU).
In the literature, two characteristics categorize traditional grids: the
type of solutions they provide and the scope or size of the underlying
organization(s). We propose four additional nomenclatures to facilitate
the classification of emerging grids: accessibility, interactivity,
user-centricity, and manageability. We define each of these features
and explain our rationale for adding them... To make the NGG a reality,
researchers must address some critical aspects and serious challenges,
such as infrastructure agnostic grid middleware, dynamic service
composition, user-centricity, dependability, security, and scalability.
Some open ethical and philosophical concerns are striking as well.
Although grid technologies never had an explicit goal of changing our
society, it's likely that emerging grids will have long-term consequences
and ethical values (such as those relating to security and privacy) that
are much more influential than the Internet.
http://dsonline.computer.org/portal/pages/dsonline/2008/03/o3001.html
----------------------------------------------------------------------
Intalio and Alfresco Integrate BPM Suite with ECM
Staff, Intalio Announcement
Intalio, Inc. recently announced a partnership with Alfresco Software,
Inc., 'the Open Source alternative for Enterprise Content Management'.
The integrated offering of Intalio-BPMS and Alfresco ECM allows users
to manage advanced document-centric workflow processes and support the
collaborative development of complex business processes. Document-centric
workflow processes provide a powerful way to automate business
communications, allowing documents to be transmitted to the right people
based on complex rules. For example, insurance companies can use
workflow processes to handle end-to-end policy management processes and
provide better visibility to customers regarding the processing of
claims. The integrated solution also allows Business and IT to
collaboratively document complex business processes, making it easier
to understand business requirements and the rational behind new
procedures. The Alfresco integration project was funded under the
Demand Driven Development (D3) model introduced by Intalio in 2006. The
idea behind D3 is to allow customers to steer Intalio's product
development roadmap in specific directions, then participate in the
overall development process through syndicated funding. Development
is billed at cost, and sponsors receive credits toward the licensing
of Intalio-BPMS Enterprise Edition equivalent to 50% of their
participation in the D3 project. The Alfresco integration D3 project
is currently being funded by three sponsors worldwide. Genoko, an
Intalio System Integration partner in Asia, is planning to deploy the
solution in several large companies throughout the region.
http://xml.coverpages.org/Intalio-Alfresco.html
----------------------------------------------------------------------
IBM Moves on Secure Mashups: SMash Contributed to OpenAjax Alliance
Paul Krill, InfoWorld
IBM is unveiling technology to secure mashups and is donating it to
the OpenAjax Alliance, an organization promoting AJAX (Asynchronous
JavaScript and XML) interoperability. Mashups are defined by IBM as
Web applications that pull information from multiple sources such as
Web sites, enterprise databases, and e-mail to present a single view.
But mashups have been beset by security risks. Through IBM's SMash
(secure mashup) technology, information from different sources can
communicate with each other, but the sources are kept separate to
prevent the spread of malicious code. SMash keeps code and data from
each of the sources separated while allowing controlled sharing of
data through a secure communication channel. The technology is being
donated to the OpenAjax Alliance and is to become part of OpenAjax
Hub 1.1, which goes to general release in June, according to David
Boloker, CTO of emerging Internet technologies in the IBM software
group. Once available, SMash can be used in Web pages in mashups.
Jeffrey Hammond, senior analyst for application development at
Forrester Research: "This client-side cross-domain access pattern is
becoming increasingly popular when developers want to mix in
technology from multiple sites, but don't feel comfortable importing
that code into their server domains. Building on top of OpenAjax Hub
is a strength of SMash." The 'smash provider' is described in the
"OpenAjax Hub 1.1 Specification Managed Hub Overview" based upon an
IBM research paper (to be published in the WWW2008 Proceedings):
"The smash provider allows for secure inclusion of untrusted widgets
within a mashup. (1) Widgets are placed into IFRAMEs that have a
different subdomain than the mashup container application and the
other widgets. This technique leverages the same-domain policy that
is implemented in today's popular browsers whereby the browser disallows
JavaScript or DOM bridging between different-domain IFRAMEs. (2)
Inter-widget communication happens through a particular mechanism
(the window.location fragment identifier, aka "IFrame Proxy" technique)
that can be shared among the IFRAMEs. Note that the SMash techniques
sets up the IFRAMEs such that all communication via IFrame proxies is
mediated by the mashup container application, which prevents widgets
from listening in on the SMash communication channel..."
http://www.infoworld.com/article/08/03/12/ibm-smash-mashups_1.html
See also the OpenAjax Hub 1.1 Managed Hub: http://www.openajax.org/member/wiki/OpenAjax_Hub_1.1_Specification_Managed_Hub_Overview
----------------------------------------------------------------------
SMash: Secure Component Model for Cross-Domain Mashups on Unmodified
Browsers
Frederik De Keukelaere, Sumeer Bhola (et al.), WWW2008 Refereed Paper
This 13-page paper addresses the problem of securing mashup applications
which mix active content from different trust domains. It is an extended
version of the paper prepared for presentation at the Seventeenth
International World Wide Web Conference (WWW2008), to be held on April
21-25, 2008 in Beijing, China. "Mashup applications mix and merge content
(data and code) from multiple content providers in a user's browser, to
provide high-value web applications that can rival the user experience
provided by desktop applications. Current browser security models were
not designed to support such applications and they are therefore
implemented with insecure workarounds. In our project SMash, we present
a secure component model, where components are provided by different
trust domains, and can interact using a communication abstraction that
allows ease of specification of a security policy. We propose a secure
component model comprising a central event communication hub and governed
communication channels which mediate the communication between isolated
components. We illustrate how such a model can be used to enforce basic
access control policies which define the allowed interactions between
components. We here describe SMash, an implementation of this model on
current browsers, which can be used right away in building secure mashup
applications. Our implementation depends on iframes for isolation while
bootstrapping a publish-subscribe model of communication using URL
fragment identifiers. Our programming model is intentionally general
enough that other communication techniques could be used instead of URL
fragments. SMash is resilient to attacks such as channel spying, message
forging, and frame-phishing. We have evaluated our implementation and
find that it scales well with increasing number of components in the
mashup, and has enough data throughput to be useful in a number of
mashup application scenarios. Our implementation is available as an
open-source JavaScript library."
http://domino.research.ibm.com/comm/research_projects.nsf/pages/web_2.0_security.smash.html/$FILE/fp332-dekeukelaere.long.pdf
See also the abstract: http://domino.research.ibm.com/comm/research_projects.nsf/pages/web_2.0_security.smash.html
----------------------------------------------------------------------
Microsoft Releasing OOXML SDK
Eric Lai, InfoWorld
The Office Open XML (OOXML) format may not have gotten ISO's final
blessing as an open standard yet, but Microsoft is finalizing plans
to release a software development kit for it anyway. Microsoft plans
to put out the final beta of the OOXML SDK next month, and release
Version 1.0 in May, according to Doug Mahugh, a technical evangelist
at Microsoft. The final SDK beta and related information will be
available at openxmldeveloper.org, openxmlcommunity.org, and
microsoft.com. The SDK will enable developers to write applications
that can open, read, and otherwise work with OOXML documents, or port
existing applications that work with documents in older Microsoft
formats over to OOXML, Mahugh said. Moreover, the SDK will "put
Microsoft on the hook to keep your app in line with the OOXML standard"
as it changes, he said. For instance, if national members of ISO
decide at the end of this month to approve the OOXML specification --
which has been changed substantially since its failure to pass in
September 2007 -- those changes will be reflected in Version 1.0 of
the SDK, Mahugh said. And Microsoft would continue to update the SDK
to make sure that applications built with it remained compliant with
an Open XML standard as changes were made in the future, he said.
Microsoft first released a Community Technology Preview of the SDK
last June. It is targeted at developers of business intelligence,
content management and other applications in the Office and SharePoint
ecosystem. Microsoft also offers an API for packaging OOXML for
developers who need "more low-level control" over their code, Doug
Mahugh said.
http://www.infoworld.com/article/08/03/13/Microsoft-releasing-OOXML-SDK_1.html
See also the Open XML SDK Roadmap: http://blogs.msdn.com/dmahugh/archive/2008/03/13/open-xml-sdk-roadmap.aspx
----------------------------------------------------------------------
XML Daily Newslink and Cover Pages are sponsored by:
BEA Systems, Inc. http://www.bea.com
EDS http://www.eds.com
IBM Corporation http://www.ibm.com
Primeton http://www.primeton.com
SAP AG http://www.sap.com
Sun Microsystems, Inc. http://sun.com
----------------------------------------------------------------------
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: newsletter-subscribe@xml.coverpages.org
Newsletter ***: newsletter-***@xml.coverpages.org
Newsletter help: newsletter-help@xml.coverpages.org
Cover Pages: http://xml.coverpages.org/
----------------------------------------------------------------------
