Back to newsletter listDate:
Tue, April 29, 2008 07:12:01 AMFrom:
Robin Cover
Subject:
XML Daily Newslink. Monday, 28 April 2008
XML Daily Newslink. Monday, 28 April 2008
A Cover Pages Publication http://xml.coverpages.org/
Provided by OASIS http://www.oasis-open.org
Edited by Robin Cover
====================================================
This issue of XML Daily Newslink is sponsored by
BEA Systems, Inc. http://www.bea.com
====================================================
HEADLINES:
* Now Available for Public Review: The DocBook Schema Version 5.0
* InfoQ Interviews BPEL4People TC Representatives
* WS-MakeConnection: Replay Reconsidered
* Spring (Acegi) Security 2.0 Adds OpenID Support, REST Capabilities,
and Performance Improvements
* Conversion of MIB to XSD for NETCONF
* Adobe Flex Builder Speeds RIA Development
* Vegas Bets on BPEL
----------------------------------------------------------------------
Now Available for Public Review: The DocBook Schema Version 5.0
Norman Walsh (ed), OASIS Approved Committee Draft
OASIS announced that the DocBook Technical Committee recently approved
a Committee Draft specification for 60-day public review, ending
June 23, 2008. DocBook ("The DocBook Schema Version 5.0") defines a
general purpose XML schema particularly well suited to books and papers
about computer hardware and software, though it is by no means limited
to these applications. The OASIS DocBook Technical Committee maintains
the DocBook schema. Starting with V5.0, DocBook is normatively available
as a RELAX NG Schema (with some additional Schematron assertions). W3C
XML Schema and Document Type Definition (DTD) versions are also available.
The Version 5.0 release is a complete rewrite. In programming-language
terms, think of it as a code refactoring. This rewrite introduces a
large number of backwards-incompatible changes. Essentially all DocBook
V4.x documents will have to be modified to validate against DocBook V5.0.
An XSLT 1.0 stylesheet is provided to ease this transition. The DocBook
Technical Committee welcomes bug reports and requests for enhancement
(RFEs) from the user community. The current list of outstanding requests
is available through the SourceForge tracker interface. This is also the
preferred mechanism for submitting new requests. Old RFEs, from a previous
legacy tracking system, are archived for reference... In DocBook V5.0,
extra-grammatical constraints are expressed using the Schematron. Grammar
based validation technologies (like RELAX NG) and rule based validation
technologies (like Schematron) are naturally complementary. Mixing them
allows us to play to the strengths of each without stretching either to
enforce constraints that they aren't readily designed to enforce. For
example, DocBook NG requires that the root element of a document have
an explicit version attribute. Because there are a great many elements
that can be root elements in DocBook, and because they can almost all
appear as descendants of a root element as well, it would be tedious to
express this constraint in RELAX NG. But it is easy in a rule-based
schema language, so DocBook V5.0 uses Schematron where appropriate...
http://docs.oasis-open.org/docbook/specs/docbook-5.0-spec-cd-04.html
See also 'DocBook 5.0: The Definitive Guide': http://www.docbook.org/tdg5/en/html/docbook.html
----------------------------------------------------------------------
InfoQ Interviews BPEL4People TC Representatives
Mark Little, InfoQueue
In this interview, held at the time of the first OASIS BPEL4People
technical meeting, InfoQ spoke with several of the authors of the
BPEL4People and WS-HumanTask specifications. Three of the authors were
asked about the history of the specifications, how they see them
fitting within BPM and whether they will divide the community as much
as BPEL has so far. Manoj Das is Director of BPM Product Management
at Oracle; his focus is on BPMN, BPEL, Workflow, and Business Rules.
Dave Ings is a Program Director in the IBM Software Standards group,
and is currently the chair of the OASIS BPEL4People technical committee.
Ivana Trickovic is a standards architect in SAP's Industry Standards
Group. Since before it was first announced that BPEL4People/WS-HumanTask
were heading for a standards body, there has been a lot of interest
around this new attempt to provide a standard in BPM. BPEL (aka WS-BPEL)
has continued to split the workflow community, so isn't this the same
fate for BPEL4People? WS-BPEL is primarily concerned with defining Web
services-based executable processes. The primary goal of BPEL4People was
to extend BPEL to support human user interactions as part of a BPEL
process. BPEL4People is an extension layered on top of BPEL. While BPEL
provides all the mechanisms needed to orchestrate people interactions,
it does not differentiate between people activities and system activities.
What we find is that people activities have many particular characteristics,
which are mentioned in the earlier response; while these can be addressed
in BPEL, it would be a lot more complicated. In many ways, an analogy is
trying to do object-oriented programming with C. By addressing the
important aspect of people interactions in a powerful and intuitive manner,
BPEL4People will pave the way for BPEL to become the lingua franca for
BPM. Typically, business processes require human involvement, e.g., to
comply with some regulations it is necessary to implement the 4-eyes
principle. For these kinds of business processes a more direct integration
of different human interaction patterns in WS-BPEL is needed. BPEL4People
addresses exactly that... The donation of BPEL4People to OASIS marks an
important milestone in the development of BPM standards. [We think] the
next big step for BPM standards is to provide a similar level of
standardization for modeling notation. Towards this goal several of the
BPEL4People authors are actively participating in the Business Process
Modeling Notation (BPMN) 2.0 work at the Object Management Group... The
next major piece of work is in the area of process notation, including
its alignment with BPEL and BPEL4People. First class support for common
human workflow patterns may also emerge... Parallel with the BPEL4People
standardization activity we would like to make sure this extension of BPEL
and the related OMG work on Business Process Modeling Notation (BPMN)
are aligned so that human interactions can be modeled with BPMN as well...
http://www.infoq.com/articles/bpel4people-tc
See also BPEL4People references: http://xml.coverpages.org/bpel4people.html
----------------------------------------------------------------------
WS-MakeConnection: Replay Reconsidered
Gilbert Pilz, Blog
WS-ReliableMessaging describes a protocol that allows SOAP messages to
be delivered reliably between distributed applications in the presence
of software component, system, or network failures. One issue that has
long bedeviled WS-RM is how to support reliable responses to so-called
"anonymous clients". The OASIS WS-RX Technical Committee created the
WS-MakeConnection specification to deal with this issue. Another,
alternate solution is the use of the "replay model". This article
describes the technical defects of the replay model... The core dilemma
behind this issue is that "anonymous clients" (I prefer the term
"non-addressable clients" because I don't like to conflate the concepts
of addressability with those of identity) can only communicate
synchronously yet WS-RM, by its nature, potentially renders all
communications asynchronous. Uh huh. Let's break that down a bit.
Non-addressable clients are hosted on computers that, for reasons of
network topology (i.e., NATs), security (i.e. firewalls), or whatever,
cannot accept connections from systems outside their network. Although
you can't connect to these machines from the outside, they themselves
can create outbound connections. SOAP supports non-addressable clients
by leveraging HTTP to take advantage of this fact. Non-addressable SOAP
clients create an outbound connection to a server, send the request
message over this connection, then read the corresponding response from
that same connection (this response channel is sometimes referred to as
"the HTTP back-channel"). This is why non-addressable clients operate
synchronously. They have to use the connection they created to read the
server's response because, by definition, it is impossible for the
server to connect to them and send the response (as would happen in an
asynchronous exchange)... WS-RM is built on the concepts of
acknowledglements and retransmissions. One node (client, server, whatever)
sends a message to another and waits for an acknowledgement. If it doesn't
receive one it assumes the message didn't get through and sends it again.
So, regardless of when you think you are going to receive a message and
which connection you think you are going to receive that message over,
something may go wrong (the connection might break) and WS-RM will
retransmit the message at a later time over a different connection. This
doesn't present a problem for non-addressable clients on the request
side (where they control the creation of new connections) but it is a
problem on the response side. Suppose you are a server in the process
of sending a reliable response to a non-addressable client and the
connection goes down. Obviously you are never going to get an
acknowledgment for that response message so, as a WS-RM node, it is
your responsibility to resend it. But how are you supposed to do that?
You can't connect to the client and re-send the response because the
client is not addressable... We at BEA think that the WS-MakeConnection
protocol not only addresses the reliable request/response scenarios in
a way that is far less problematic than replay, it also addresses a
number of other scenarios of interest to our customers.
http://dev2dev.bea.com/blog/gpilz/archive/2008/04/replay_reconsid.html
See also Reliable Messaging references: http://xml.coverpages.org/reliableMessaging.html
----------------------------------------------------------------------
Spring (Acegi) Security 2.0 Adds OpenID Support, REST Capabilities,
and Performance Improvements
Dionysios Synodinos, InfoQueue
Rod Johnson, the President and CEO of SpringSource, announced the
release of Spring Security 2.0.0, which replaces Acegi Security as the
official security module for Spring applications. As reported previously
on InfoQ, Acegi security has been one of the most comprehensive Java
security frameworks for enterprise software, that provides comprehensive
authentication, authorization, instance-based access control, channel
security and human user detection capabilities. The new features
include simplified configuration, and new capabilities including OpenID,
NTLM, JSR 250 annotations, AspectJ pointcut support, domain ACL
enhancements, RESTful URI authorization, groups, hierarchical roles,
user management API, database-backed "remember me", portlet authentication,
additional languages, Web Flow 2.0 support, Spring IDE visualization and
auto-completion, enhanced WSS support via Spring Web Services 1.5 and
more. Spring Security 2.0.0 builds on Acegi Security's solid foundations,
adding many new features (for example): (1) Simplified namespace-based
configuration syntax. Old configurations could require hundreds of lines
of XML but our new convention over configuration approach ensures that
many deployments will now require less than 10 lines; (2) OpenID
integration, which is the web's emerging single sign on standard --
supported by Google, IBM, Sun, Yahoo and others; (3) Windows NTLM support,
providing easy enterprise-wide single sign on against Windows corporate
networks; (4) Support for JSR 250 ('EJB 3') security annotations,
delivering a standards-based model for authorization metadata; (5)
AspectJ pointcut expression language support, allowing developers to
apply cross-cutting security logic across their Spring managed objects;
(6) Substantial improvements to the high-performance domain object
instance security ('ACL') capabilities; (7) Comprehensive support for
RESTful web request authorization, which works well with Spring 2.5's
@MVC model for building RESTful systems...
http://www.infoq.com/news/2008/04/spring-security
See also Spring Security: http://static.springframework.org/spring-security/site/index.html
----------------------------------------------------------------------
Conversion of MIB to XSD for NETCONF
Debao Xiao and Yanan Chang (eds), IETF Internet Draft
The IETF NETCONF Working Group was chartered to produce a protocol
suitable for network configuration for today's highly interoperable
networks. Three layers of NETCONF have been already standardized in
RFC4741, RFC4742, RFC4743 and RFC4744. However, there isn't a standard
data modeling language or a standard data model for NETCONF content
layer. If we can't make the content layer of NETCONF standardized,
every vendor can define its own data model, which will cause trouble
and confusion in understanding the syntax and semantics of data model
in communication. Thus the NETCONF won't be applied widely as SNMP in
future and the NETCONF defined in RFC4741 will have no sense. The work
to standardize the content layer of NETCONF is of two ways: (1) Create
a new data modeling language and then a new data model for NETCONF.
YANG is a new data modeling language which defines a new SMI for
NETCONF containing datatypes, node statement, and syntax specification
and so on. (2) Conversion from MIB to XSD; this is being done by XSDMI
group. The XSDMI effort is designed to produce a XSD specification by
translating from MIB. NETCONF configuration is an improvement of CLI,
not SNMP which has been widely used for performance, monitoring and
fault management. However, some MIB-based monitoring data have become
part of the operational framework of many networks. And many of the
data names and meanings have been widely accepted by vendors for years.
For a long run, to establish a new data modeling language and new data
model is much better than simple conversion of MIB to XSD. However,
its standardization will need a very long time and plenty of effort.
On the other hand, IETF has spent over 20 years to make SMI MIB
standardization and many vendors also have made great effort to
supplement these MIBs which have been widely used in current network
management systems... NETCONF uses XML-based data encoding for the
configuration data as well as the protocol messages. Under such
background, we should provide a standard translation to make using
the MIB's managed objects with XSD easier... Data models which
expressed by XSD can be accessed by NETCONF and any XML-based protocols
such as IDMEF, XCAP, IDMEF, and ATOM, which improves the
interoperability. XSD can generate any diverse data types,
multi-dimensional arrays and can be used in real world devices which
employ hash-tables which don't exist in SMI... Based on the XSDMI's
and previous smidump's work, the documentation defines a standard
expression of SMI MIBs in XSD for NETCONF to ensure uniformity and
general interoperability and reusability of existing MIBs. In addition,
we define a XML schema to give a restriction and validation to
translated XSD files.
nla_internal_2823312.jpg also the IETF NETCONF WG Status Pages: http://tools.ietf.org/wg/netconf
----------------------------------------------------------------------
Adobe Flex Builder Speeds RIA Development
James R. Borck, InfoWorld Product Review
For improving the look and feel of browser-based applications, AJAX
technologies work wonders, but RIAs (rich Internet applications) take
the browser to a whole new level. RIAs deliver a consistently richer
user experience, with functionality and data access more closely
approximating native desktop apps. Adobe Flex Builder 3.0 is an
Eclipse-based IDE for building RIAs on Adobe's Flash platform and the
open source Flex SDK. Although you could use any text editor to cobble
ActionScript and MXML into a Flex app, Flex Builder 3.0 delivers a
streamlined experience for RIA development and Flex project code
management. Flex Builder provides easy graphical tools for laying out
rich Web GUIs, generating the underlying MXML code. It shines for
creating real-time dashboards, thanks to graphing and charting widgets.
Plus, you'll find plenty of community demos at Adobe Developer Connection
to help jump-start your efforts... I'm very impressed with the additions
in this release. The highlights include better visual layout tools and
more control over CSS, new wizards for WSDL introspection and back-end
data connectivity, and plug-ins that augment workflow between developers
and design teams running Adobe Creative Suite 3 applications (such as
Flash, Photoshop, Illustrator, and Fireworks). The WSDL introspection
wizard makes it easy to pull together ActionScript and Web services
inside Flex, while the CS3 plug-ins provide MXML-savvy templates that
allow CS3 users to create Flex controls with familiar tools, versus
learning to design directly in Flex... Flex Builder 3.0 trims development
time for Flex and AIR apps with visual tools for interface layout,
wizards for Web service and data binding, and extensions for Adobe CS3
aimed at bridging the designer-developer gap. The workflow between
Builder and CS3 is a bit clumsy, but it's a good start. Debugging
additions and profiling and memory tools in the Professional edition
make it worth the additional cost.
http://www.infoworld.com/article/08/04/24/17TC-adobe-flex-builder_1.html
----------------------------------------------------------------------
Vegas Bets on BPEL
Joab Jackson, Government Computer News
When the inventory of replacement parts for the Las Vegas Water Pollution
Control Facility dips below a certain threshold these days, the city's
asset management system orders replacements automatically. When parts
arrive, a facility employee logs them in, and the invoice for the part
is automatically paid through the city's finance system. Although the
process for ordering parts involves multiple software programs, such
as the accounting software and the parts-inventory system, the series
of transactions is managed from a single point thanks to the use of
Business Process Execution Language, or BPEL. BPEL is a standardized
workflow language for automating a series of events across different
applications. The city was already using the Oracle E-Business Suite
for financial and human resources management and Oracle Utilities Work
and Asset Management (formerly STL) to manage assets and maintenance.
With the help of contractor Innowave Technologies, the city used the
Oracle BPEL Process Manager to pull these applications together. The
project started in 2005 when the city was upgrading its supervisory
control and data acquisition (SCADA) system. With an average of 2,500
new residents a month, Las Vegas has a tremendous growth rate so
managers wanted to put an information technology architecture in place
that would grow with the city. The overall plan is to integrate the
outputs from the SCADA systems with the city's business applications.
Feeding all the information into a central database makes it readily
available to different applications. Reports and analyses can also be
performed more easily. Each department of the city is working to pinpoint
their lines of business and which strategic goals will support those
lines of business. The city is establishing metrics and tying them to
the data being collected. When the project began in 2005, BPEL was
anything but proven... Las Vegas' implementation is one example of how
BPEL could be used in government. BPEL could be used to extend the
service of older systems, [Oracle's] Doolan said. Their functionality
can facilitate Web services and combine to generate new processes. In
particular, Oracle is encouraging use of BPEL with content management
systems. The Securities and Exchange Commission has started to use
Oracle's BPEL engine to store and manage 10K filings...
http://www.gcn.com/print/27_9/46173-1.html
See also BPEL references: http://xml.coverpages.org/bpel4ws.html
----------------------------------------------------------------------
XML Daily Newslink and Cover Pages are sponsored by:
BEA Systems, Inc. http://www.bea.com
EDS http://www.eds.com
IBM Corporation http://www.ibm.com
Primeton http://www.primeton.com
SAP AG http://www.sap.com
Sun Microsystems, Inc. http://sun.com
----------------------------------------------------------------------
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: newsletter-subscribe@xml.coverpages.org
Newsletter ***: newsletter-***@xml.coverpages.org
Newsletter help: newsletter-help@xml.coverpages.org
Cover Pages: http://xml.coverpages.org/
----------------------------------------------------------------------
