Back to newsletter listDate:
Fri, June 20, 2008 09:51:19 AMFrom:
Robin Cover
Subject:
XML Daily Newslink. Thursday, 19 June 2008
XML Daily Newslink. Thursday, 19 June 2008
A Cover Pages Publication http://xml.coverpages.org/
Provided by OASIS http://www.oasis-open.org
Edited by Robin Cover
====================================================
This issue of XML Daily Newslink is sponsored by
Sun Microsystems, Inc. http://sun.com
====================================================
HEADLINES:
* Eclipse Readies Ganymede Release
* SailPoint Launches Open Role Exchange Initiative
* Public Review Draft: Subject-based Profiles for SAML V1.1 Assertions
* W3C Draft Charter for Geolocation Working Group
* OGC and buildingSMART Alliance AECOO Testbed Off to a Good Start
----------------------------------------------------------------------
Eclipse Readies Ganymede Release
Paul Krill, InfoWorld
The Eclipse Foundation is set to offer its annual simultaneous release
of open-source project updates, this time called the Ganymede Release
and featuring improvements in the core OSGI-based component model and
SOA tools. All told, 23 projects are being upgraded in the Ganymede
release train, ranging from the main Eclipse Project, featuring the
Java IDE, to STP (SOA Tools Platform Project). Ganymede is to take
flight on June 25, 2008. Release trains in 2007 and 2006 were called
Europa and Callisto, respectively. All have been named after moons of
Jupiter. Highlighted in Ganymede are improvements to Equinox, the OSGi
component model used in the main Eclipse Project, which includes the
base IDE. A new provisioning platform in Equinox, called Provisioning
Platform (p2), offers an improved mechanism for updates to installed
or deployed applications, such as a new component to be distributed to
the installed base. P2 is a reengineering of Update Manager tool...
Tools for SOA development in Ganymede include a BPMN (Business Process
Modeling Notation) editor being added to STP. "Basically, it provides
a visual tool for creating and editing BPMN," the standard scripting
process flows in SOA applications, said Skerrett. Two other tools are
debuting in STP: SCA Designer (Service Component Architecture),
providing a graphical interface for developers to build composite
applications using SCA, and Policy Editor, a collection of editors and
validators for constructing and manipulating XML expressions that
conform to the WS-Policy standard. In the modeling space, Eclipse is
providing GUI tools. The ECore Tools technology is part of the Eclipse
Modeling Framework and enables developers to manage data models. The
SQL Query Builder tool enables visual programming of queries as opposed
to manually programming them, Skerrett said. SQL Query Builder is part
of the Eclipse Data Tools Platform project. A JavaScript editor in the
Eclipse Web Tools Platform (WTP) project extends the IDE to enable
JavaScript development. Developers can build Web applications based
on AJAX (Asynchronous JavaScript and XML). Also featured in Ganymede
are bug fixes and various enhancements to the different projects. Rich
AJAX Platform features the ability to customize look and feel using
CSS and the Presentation Factories concept. Eclipse Communication
Framework Project offers real-time shared editing and other features
for collaboration. The BIRT (Business Intelligence and Reporting Tools)
project offers an improved JavaScript editor and debugger.
http://www.infoworld.com/article/08/06/19/Eclipse-readies-Ganymede-release_1.html
See also the Ganymede web site: http://www.eclipse.org/ganymede/
----------------------------------------------------------------------
SailPoint Launches Open Role Exchange Initiative
Staff, Sailpoint Announcement
SailPoint Technologies has issued an open call for the development of
a new standard that addresses the need to integrate roles and role models
between tools and systems. The goal of this initiative is to bring the
identity management community together to define role interoperability
standards that will solve difficult integration problems and simplify
role-based governance across diverse identity infrastructures. An
interactive forum has been created -- Open Role Exchange Forum (ORXF) --
to organize the industry effort and to facilitate the collaboration
needed to define the model and foster adoption of the new standard.
The Open Role Exchange seeks to provide a forum to discuss the
requirements for role interoperability and to identify areas where new
standardization is needed. In an open letter to the industry, Darran Rolls
suggests that the industry should begin by addressing five key
requirements for role interoperability. Key Requirements for Role
Interoperability, as sketched in the announcement: (1) A Common Exchange
Format to describe the role-based access control (RBAC) structure and
control rules between systems; (2) Query and Exchange Operations so that
structure, allocation and usage requests can flow between systems; (3)
Change Control and Delegated Administration to determine how systems
can extend or modify a shared model; (4) A Role Mapping and Resource
Referencing scheme; (5) A Common State Model for shared RBAC systems.
Darran Rolls, SailPoint's CTO: "Role interoperability is a pervasive
issue for companies addressing identity governance. As an identity
management community, I believe it's our responsibility to define a
standardized operational exchange model for roles. This effort will
reduce the need for custom integration and will lower the cost and
complexity of deploying and maintaining integrated role-based systems."
According to the web site FAQ document: "The existing role management
standards address some of the issues related to role interoperability,
but none provide a complete solution. For example, the recent work at
INCITS around RBAC exchange operations provides a starting point for
a set of exchange methods, but it does not provide guidance on the
actual implementation of the abstract model it defines. At the same
time, the XACML RBAC profile presents strong, concise guidance on how
to describe a role model in XML, but its focuses on using RBAC in an
access control decision, not how to define interoperation or how to
define an operational context for roles in general. The goal of the
Open Role Exchange initiative is to build on the work of these existing
standards to create a new specification for role interoperability and
exchange that defines the types of change control semantics needed
when autonomous systems share a governance context around a common
role model." A relevant session on "Role Management and Provisioning"
at Burton Catalyst Conference June 23-27, 2008 will explore requirements.
http://xml.coverpages.org/ORXF-Announce.html
See also the Open Role Exchange Forum web site: http://www.openroleexchange.org/
----------------------------------------------------------------------
Public Review Draft: Subject-based Profiles for SAML V1.1 Assertions
Tom Scavo (ed), OASIS PR Draft
OASIS announced the publication of the "Subject-based Profiles for
SAML V1.1 Assertions" Public Review Draft 01, available for comment
through August 12, 2008. The document was produced by members of the
OASIS Security Services (SAML) TC. The Subject-based Profiles for
SAML V1.1 Assertions specifies two profiles: (1) SAML V1.1 Subject
Profile (2) SAML V1.1 Subject-based Assertion Profile The primary goal
of the SAML V1.1 Subject-based Assertion Profile (which relies on the
SAML V1.1 Subject Profile) is to provide guidance to deployments that
support both SAML V1.1 and V2.0. In that case, there is some flexibility
in SAML V1.1 that is not present in SAML V2.0 (and vice versa). This
profile places constraints upon SAML V1.1 subjects and assertions so
that they have properties similar to SAML V2.0 subjects and assertions.
This may aid interoperability and speed the ultimate transition from
SAML V1.1 to SAML V2.0. An implementation of the SAML V1.1 Web Browser
SSO Profile is very likely conformant to this profile. Other applications
of SAML may not be conformant, however. For example, the Web Services
Security SAML Token Profile provides for both SAML V1.1 and SAML V2.0
tokens. Due to differences between the two versions of SAML, an
implementation that wished to support both would tend to constrain
the tokens such that they exhibited an equivalent semantic. This
profile provides one such set of constraints. A major difference between
SAML V1.1 and SAML V2.0 is that the latter elevates the 'saml2:Subject'
element to be a child element of the 'saml2:Assertion' element, and
therefore the 'saml2:Subject' element applies to all the statements in
the assertion. In SAML V1.1, on the other hand, each statement has its
own 'saml:Subject' element, which opens the door to a wide range of
possibilities. This profile constrains SAML V1.1 assertions so that
each statement contains an equivalent 'saml:Subject' element. Formally,
this is done by extending the notion of strongly matches to an
equivalence relation, which culminates in section 3.3.
http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml1-profiles-assertion-subject-cd-01.html
See also the announcement: http://lists.oasis-open.org/archives/tc-announce/200806/msg00009.html
----------------------------------------------------------------------
W3C Draft Charter for Geolocation Working Group
Matt Womer, Posting to W3C Public List
Matt Womer (W3C/ERCIM) announced the publication of a draft proposal
for a Geolocation Working Group Charter. As proposed, the mission of
the Geolocation Working Group, part of the Ubiquitous Web Applications
Activity, is to define a secure and privacy-sensitive interface for
using client-side location information in location-aware Web applications.
The number of Web enabled devices that are location-aware has increased
markedly as of late. These devices are very common and include mobile
phones with cell triangulation or Global Positioning System (GPS)
capabilities, laptops with Wi-Fi triangulation capabilities and GPS
receivers. The Geolocation WG is created in response to requests from
the community for W3C to develop a standardized, secure and
privacy-sensitive interface so that Web applications gain access to
location information. The objective of the Geolocation WG is to enable
Web access to the user's location information via a standardized
interface or interfaces. The Working Group will develop one or more
Recommendation Track documents that define interfaces for making this
information accessible within the User-Agent. The interface should be
usable regardless of the source of location information, and should
be consistent across location technologies. The interface may be
specified in a language independent manner, the Recommendation will
include a normative ECMAScript form. In addition to the variety of
techniques for determining location, there are also a variety of ways
applications may wish to use that information. For example, applications
may: (1) retrieve a user's location only once -- e.g. finding the nearest
bank; (2) require several data points over time -- e.g. recording a
route; (3) wish to be notified when the user enters or leaves an
area -- e.g. determining preferences based on environment. Matt says:
"Some details remain unanswered: who will chair, workshops we may wish
to hold, etc, and whatever else we may determine needs tweaking. Any
and all feedback is greatly appreciated, either here on this list or
to myself directly. Over the next few days, I'll collect and apply
feedback, as well as detail the next steps."
http://www.w3.org/2008/06/geolocation/charter/
http://lists.w3.org/Archives/Public/public-geolocation/2008Jun/0072.html
----------------------------------------------------------------------
OGC and buildingSMART Alliance AECOO Testbed Off to a Good Start
Louis Hecht, OGC Newsletter
Effective and efficient design, construction, ownership, management
and use of buildings and other capital facilities increasingly requires
information exchange among all disciplines and professions that have a
stake in those facilities. Like other industries, the AECOO (Architecture,
Engineering, Construction, Owner and Operator) industry has embarked on
"business transformation" enabled by the latest information and
communication technologies. Last year, the OGC and buildingSMART
International signed an MOU to work together in addressing issues of
geospatial and AEC information convergence. OGC also completed a similar
agreement with the National Institute of Building Sciences. On May 2,
2008 a Request for Quotation (RFQ) and Call for Participation (CFP) for
the AECOO-Phase 1 Testbed were issued by the buildingSMART alliance,
the Open Geospatial Consortium, Inc. (OGC) and the Testbed's sponsors.
The testbed is designed to support business transformation as defined
in the US National Building Information Modeling Standard (NBIMS) by
applying technology for interoperability involving intelligent building
models with 3D geometric capabilities. Eleven responses from 24
companies were received by the May 30, 2008 deadline from organizations
and individuals with expertise in the building information management
field. A number of those who responded will be selected by the sponsors
for cost sharing in the testbed, and all relevant-in-scope responses
will be able to participate. The AECOO Testbed directly addresses several
key interoperability issues defined as important to the industry.
Business and communications, quantity take-off for cost estimating,
and energy analysis in planning and design for a capital facility are
the topics selected by the sponsors. Additionally, OGC members will
benefit from testbed use cases that address detailed modeling, analysis
and visualization related to safety, security, urban planning, logistics
and transport, etc. RFQ Annex A (Management and Business Overview; Work
Breakdown Structure and Work Items) and Annex B ( Testbed Architecture)
reference several baseline XML standards relevant to the Testbed.
http://www.opengeospatial.org/pressroom/newsletters/200806/#C1
See also the RFP: http://www.opengeospatial.org/projects/initiatives/aecoo-1rfq
----------------------------------------------------------------------
XML Daily Newslink and Cover Pages are sponsored by:
BEA Systems, Inc. http://www.bea.com
IBM Corporation http://www.ibm.com
Primeton http://www.primeton.com
Sun Microsystems, Inc. http://sun.com
----------------------------------------------------------------------
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: newsletter-subscribe@xml.coverpages.org
Newsletter ***: newsletter-***@xml.coverpages.org
Newsletter help: newsletter-help@xml.coverpages.org
Cover Pages: http://xml.coverpages.org/
----------------------------------------------------------------------
