Back to newsletter listDate:
Wed, September 24, 2008 11:01:05 PMFrom:
Robin Cover
Subject:
XML Daily Newslink. Wednesday, 24 September 2008
XML Daily Newslink. Wednesday, 24 September 2008
A Cover Pages Publication http://xml.coverpages.org/
Provided by OASIS http://www.oasis-open.org
Edited by Robin Cover
====================================================
This issue of XML Daily Newslink is sponsored by
Oracle Corporation http://www.oracle.com
====================================================
HEADLINES:
* New Products and Services Pass SAML 2.0 Interoperability Testing
* Verizon Uses BPEL Application to Cut Down On Code, Check For Fraud
* Extend Enumerated Lists in XML Schema
* W3C Emergency Information Interoperability Framework (EIIF) XG Extended
* Cisco Gets the XMPP Message, Buys Jabber
* Model Portability in BPMN 2.0
* Web Distributed Authoring and Versioning (WebDAV) SEARCH
* WSO2's PHP Play
* First Look at the T-Mobile G1
----------------------------------------------------------------------
New Products and Services Pass SAML 2.0 Interoperability Testing
Staff, Liberty Alliance Announcement
Liberty Alliance, the global identity community working to build a more
trustworthy Internet for businesses, governments and people worldwide,
today announced that products from CA; NTT Software; Ping Identity;
RSA, The Security Division of EMC; and Ubisecure have passed Liberty
Alliance SAML 2.0 interoperability testing. These vendors participated
in the second Liberty Interoperable event to offer full-matrix and
eGovernment profile testing managed by the Drummond Group Inc. Liberty
Alliance launched the Liberty Interoperable program in 2003 and since
then nearly 85 identity products and solutions from vendors around
the world have passed Liberty Alliance testing. The 2008 event offered
the most extensive testing scope to date and featured an updated
eGovernment profile, new Service Provider (SP) and Identity Provider
(IdP) requirements and a new multiple SP logout scenario. In partnership
with the Drummond Group Inc., Liberty Alliance enhanced the
Interoperable program by incorporating Web-based full-matrix testing
to meet growing global demand for interoperable, secure and
privacy-respecting identity-enabled SAML 2.0 applications and services.
The Web-based full-matrix testing allows vendors to participate from
anywhere in the world with participants from the 2008 event located in
Asia, Europe and North America. The Web-based approach also allows for
more rigorous processes for ensuring products meet interoperability
requirements for SAML 2.0 and the SAML 2.0 eGovernment profile. During
the recent testing period, several products and services demonstrated
interoperability based on a variety of SAML 2.0 conformance modes. (1)
CA SiteMinder Federation Security Services r12.1, which extends the
Web single sign-on experience provided by CA SiteMinder Web Access
Manager to applications and portals provided internally by other
organizational business units or externally on the Internet by partners
or application outsourcers. (2) NTT Software TrustBind Federation
Manager (1.1), which delivers a complete, high-performance,
carrier-grade SAML 2.0 solution in the form of a Java component module.
(3) Ping Identity's PingFederate, which provides an organization's
users safe access to Internet applications without the need for repeat
logins. (4) RSA Federated Identity Manager v4.1, which is engineered
to enable enterprises to securely and confidentially share trusted user
identities between disparate internal business units, customers, and/or
partners. (5) Ubisecure's Ubilogin SSO 5.0, an efficient-to-deploy
Single Sign-On, Access Control and Federation solution providing
extensive Authentication and Authorization for Intranet, Extranet, Web
Services and mobile applications.
http://xml.coverpages.org/SAMLv20-InteropTesting200809.html
See also Liberty Alliance references: http://xml.coverpages.org/libertyAlliance.html
----------------------------------------------------------------------
Verizon Uses BPEL Application to Cut Down On Code, Check For Fraud
Rich Seeley, SearchSOA.com
A service-oriented architecture application orchestrated by Oracle BPEL
Process Manager places a business rules engine on the backend and a
Web 2.0 UI out front to help stop fraud while dramatically reducing
IT energy consumption at Verizon Wireless. Speaking from Oracle Open
World, Jan Shook, principal architect for the fraud team at Verizon
Wireless, noted that J2EE coders may be disappointed because he has
re-architected the fraud detection application using Oracle Business
Process Scripting Language, so there is no Java code left. He also
explained how a BPEL-based application is reducing hardware and power
consumption while providing the fraud detection team with better
information for decision making... Besides reducing the amount of
code, Shook and Chappell point out that it also dramatically reduced
the amount of hardware and thus the amount of energy consumption. The
less code intensive BPEL-based SOA implementation eliminates six
E-class Sun Microsystems boxes using 192 processors and replaces them
with a single eight core processor on a Sun UltraSPARC T1 using the
Niagara chip architecture, Chappell noted. The database storage
requirements have gone down from 20-plus Terabytes to 64 Gigabytes
storage, according to the Oracle executive. Chappell estimates the
change in software and hardware reduces energy consumption by 99.5%.
Chappell credits this example of greening IT to the use of SOA
standards including BPEL and an enterprise service bus (ESB). He
said this allows "Verizon to extend the reach of their systems so
that they don't have to store their 'golden record' call detail data
locally. They can get the data remotely and on the fly, and use
enrichment services along the way to get the data in the proper form
to make decisions about fraud and overage, and generate detailed
reports about the business exceptions that are identified.
http://searchsoa.techtarget.com/news/article/0,289142,sid26_gci1331852,00.html
See also BPEL references: http://xml.coverpages.org/bpel4ws.html
----------------------------------------------------------------------
Extend Enumerated Lists in XML Schema
W. Paul Kiel, developerWorks
XML schema designers and implementers need a way to extend existing
enumerated lists. An enumerated list is a set of specified values
for a particular data point. For example, you might view a country
code as a fixed list of values, including DE (Germany), US
(United States), and JP (Japan). Given this value set, what happens
when a new country is recognized, such as TL (East Timor) or BA
(Bosnia and Herzegovina)? Anyone who uses the previous list of names
will have to change the implementation to accommodate the new values.
When you model data with XML schema, enumerated values are listed
explicitly. So, a list of country codes includes each one in turn.
Recognizing that new values to a list are common and must be
accommodated, schema designers have long sought a way to extend
enumerated lists -- in effect, to build into the design a way to
permit additional values that were not known at design time.
Unfortunately, the XML Schema specification does not allow for
extensibility in the creation of these lists. Values chosen at design
time are fixed and are all that's available. Despite this limitation,
people use various workarounds to enable the extension of lists. This
functionality is a frequent request from my clients, many of whom
work with existing schemas that cannot be changed. They want to add
new functionality while maintaining backward compatibility Because
the specification does not allow for this once you create an original
list, a workaround is critical to make real-world implementation
possible. Implementers can use the examples in this article to help
design and extend enumerations. Each method has advantages and
disadvantages, and none of them is the best practice in all cases.
So, which approach should you use? This article provides guidelines
that can empower schema designers with real-world, practical best
practices and can help create easy-to-implement, extensible enumerated
lists.
http://www.ibm.com/developerworks/library/x-extenum/
----------------------------------------------------------------------
W3C Emergency Information Interoperability Framework (EIIF) XG Extended
Ian Jacobs and Mauro Nunez, W3C Announcement
W3C's Mauro Nunez, Incubator Activity Lead, announced that the W3C
Emergency Information Interoperability Framework Incubator Group has
been extended to 7-February-2009. The mission of the Emergency
Information Interoperability Framework Incubator Group, part of the
Incubator Activity, is to review and analyse the current
state-of-the-art in vocabularies used in emergency management
functions and to investigate the path forward via an emergency
management systems information interoperability framework. These
activities will lay the groundwork for a more comprehensive approach
to ontology management and semantic information interoperability
leading to a proposal for future longer-term W3C Working Group
activity. The emergency management community encompasses a broad
spectrum of local, national and international organisations with a
role in emergency and disaster management. Comprehensive emergency
management is generally composed of four key components: (1)
Reduction: the reduction of hazard impacts and community
vulnerabilities to natural and human-made events. (2) Readiness:
increasing the capacity and capability of communities to response
to events including planning, training, exercising, warning systems
and public education. (3) Response: response to an event focusing
on immediate life safety and survivals needs (medical, food, water,
and shelter). (4) Recovery: the restoration of the impacted community
to near or improved pre-event levels... The wide range of
organisations involved in emergency management requires a
collaborative approach to the sharing of information. Information
systems to support a collaborative approach to emergency management
can add significant value, especially as the scope and scale of an
event increases, and with it the volume of information that is
required to be managed and shared. It is essential that information
is stored and communicated in common formats to ensure that
information can be easily exchanged and aggregated to support the
decision making process. A key component of this process is ensuring
that consistent definitions (vocabulary) are used to support
meaningful sharing of information. This W3C incubator group aims
to encourage the emergency management community in the development
of clearly defined vocabularies and a framework for information
interoperability to ensure that meaningful sharing and aggregation
of information to assist in emergency functions.
http://lists.w3.org/Archives/Public/public-xg-eiif/2008Sep/0041.html
See also the EIIF Incubator Group: http://www.w3.org/2005/Incubator/eiif/
----------------------------------------------------------------------
Cisco Gets the XMPP Message, Buys Jabber
Kurt Cagle, O'Reilly Technical
In 1998 a group of open source developers led by Jeremy Miller created
a new instant messaging application called Jabber, releasing the
specification on the web and creating a new organization, the Jabber
Software Foundation, in order to administer these standards under the
aegis of the IETF. The core of these specification was the Extensible
Messaging and Presence Protocol (or XMPP), an XML based communication
standard that was seen as the HTTP of the IM world -- indeed, XMPP can
piggyback on HTTP as necessary, making it easier to send XMPP messages
across the HTTP port 80 rather than trying to negotiate other ports
in a firewall. The XMPP protocol very quickly found its way into other
open source IM systems (such as GAIM) and in August, 2005, Google
adopted the XMPP protocol as the foundation for GoogleTalk, including
support for server-to-server communication in late 2006. The protocol,
seen as a neutral, vendor-independent standard, was then picked up by
the other IM vendors as calls for them to find some way of communicating
between IM systems rose to a thunder-pitch... On September 19, 2008,
Cisco Systems, Inc announced that they were buying Jabber.com. The
move serves to highlight the fact that Cisco itself, long known for
the sale of routers, network adapters and related infrastructure
products, has also quietly been pushing its way into the messaging
infrastructure space. Indeed, the company has itself been one of the
more consistent funders of the XMPP Standards Foundation and has been
building its expertise up in the XMPP space, starting around 2005.
Cisco's purchase of Jabber.com has some immediate effects: it adds
products such Jabber XCP and JabberNow into the their product line,
and it adds a considerable core of top XMPP developers and project
managers into the Cisco fold, among other things... With the acquisition
of Jabber, Cisco is now well positioned to start pushing XMPP into
firmware, not just for dedicated messaging routers but also for more
generalized routers and systems ... including mobile chipsets and
network adapters. Firmware routing of XMPP in turn could proved a
radical boost to the idea of using XMPP as a key protocol for
just-in-time communication systems, such as emergency first-responder
networks (police, EMTs and rescue services). Moreover, since XMPP
can gateway into most existing IM networks, such a system provides
an interesting bridge between IM, SMS and similar messaging services
(such as twitters).
http://broadcast.oreilly.com/2008/09/cisco-gets-the-xmpp-message-bu.html
See also Extensible Messaging and Presence Protocol (XMPP): http://xml.coverpages.org/xmpp.html
----------------------------------------------------------------------
Model Portability in BPMN 2.0
Bruce Silver, BPMS Watch
In a series of three articles, Bruce Silver reviews revised version of
the IBM, SAP, and Oracle submission of BPMN 2.0 to OMG. Silver: "The
revised BPMN 2.0 submission is a significant improvement over BPMN 1.x
and offers hope of eventual rapprochement with the BPDM proposal.
However, it could go significantly further to resolve ambiguities over
the most basic concepts and terminology that have persisted since the
beginning of BPMN 1.0, terms like 'process', 'diagram', 'participant',
and 'pool'. I expect that BPMN will become the universal standard in
BPM, and it is vital the spec do a better job of defining its most
important concepts and terms." In article #2 (Event Handling in BPMN
2.0): "The biggest change from BPMN 1.x in the orchestration notation
is in the area of event handling... All in all, I like it. Going back
to my New Wish List post, BPMN 2.0 supports all four wishes. Number
one, the non-aborting attached event, is provided explicitly. Number
two, the 'activity started' event, is allowed by combining the
escalation event with a trigger thrown implicitly by the activity
started state change. The spec provides an explicit state model for
process activities, and going from ready to started is part of that
model. So wish number two is not explicitly part of the spec, but
indirectly supported. Wish number three, User Action, is another
type of escalation event attached to a User task. Wish number four,
Enabled to Finish, is not a new event type after all, but an inline
escalation handler. The activity cannot finish until the escalation
handler is complete. So, rough edges and all, I like it a lot...
In article #3 (Model Portability in BPMN 2.0): "For me, process model
portability is such an obvious goal of a notation standard like BPMN
that it almost goes without saying. But we cannot take it for granted,
because since BPMN 1.0 in 2004 the standard has not even provided an
XML schema for the serialization. BPMN 2.0 was supposed to address
this issue head-on at last. While it does offer a schema, it still
lacks critical elements needed for model portability... So what else
does the BPMN spec need to provide model portability? Four things:
(1) Assignment of MUST-SUPPORT requirements to a subset of flow
elements and semantics. (2) Beyond restriction to the subset of
elements defined in a tier, in order for a tool to 'understand' the
serialization provided by another tool, the rules for the serialization
must be precisely defined. (3) BPDs can only be considered portable
if they are valid; that requires BPD validation rules. (4) The fourth
missing piece is something that allows users to know which tools
comply with the portability provisions of the specification.
http://www.brsilver.com/wordpress/2008/09/21/model-portability-in-bpmn-20/
See also Part 1: http://www.brsilver.com/wordpress/2008/09/15/concepts-and-terminology-in-bpmn-20/
----------------------------------------------------------------------
Web Distributed Authoring and Versioning (WebDAV) SEARCH
Julian F. Reschke, Surendra Reddy, Jim Davis
The Internet Engineering Steering Group (IESG) announced the approval
of "Web Distributed Authoring and Versioning (WebDAV) SEARCH" as an
IETF Proposed Standard. WebDAV is a set of extensions to the Hypertext
Transfer Protocol (HTTP) that allows users to collaboratively edit and
manage files on remote World Wide Web servers. This IETF document
specifies a set of methods, headers and properties composing WebDAV
SEARCH, an application of the HTTP/1.1 protocol to efficiently search
for DAV resources based upon a set of client-supplied criteria. DASL
minimizes the complexity of clients so as to facilitate widespread
deployment of applications capable of utilizing the DASL search
mechanisms. DASL consists of the SEARCH method and the request/response
formats defined for it; feature discovery through the "DASL" response
header and the optional DAV:supported-grammar-set property; an optional
grammar schema discovery; one mandatory grammar (DAV:basicsearch).
The Query Grammar is a set of definitions of XML elements, attributes,
and constraints on their relations and values that defines a set of
queries and the intended semantics. This work was the product of an
individual submittor. However, it is based on a draft developed by
the concluded DASL WG and technical discussions have occured on the
DASL mailing list. Some issues that were discussed as candidates for
the base specification are covered in Appendix B and are believed
suitable for future protocol extensions. There was some discussion
of whether query schema discovery should be mandatory or optional,
there is believed to be community rough consensus to keep it an
optional feature. The framework defined in SEARCH (method, grammar
discover via OPTIONS, response format) is supported at least in six
implementations of which four support the DAV:basicsearch grammar
and the other two expose only custom grammars. There has been at
least one proposal for an additional documented query language.
The responsible area director is Chris Newman who reviewed this
specification in detail. The specification was also reviewed by
multiple participants of the 'www-webdav-dasl@w3.org' mailing list
(formerly used by the DASL WG) as well as the 'w3c-dist-auth@w3.org'
(formerly WebDAV WG). During IETF last call, support was expressed
by Tobias Schlauch and Javier Godoy on the IETF list. Additional
review comments were provided by John Barone and Cyrus Daboo on
the webdav lists during last call. Gonzalo Camarillo was the GEN-ART
reviewer, Radia Perlman was the sec-dir reviewer. The IESG contact
person is Chris Newman.
http://xml.coverpages.org/draft-reschke-webdav-search-18.txt
See also the WWW Distributed Authoring and Versioning WG Status Pages: http://tools.ietf.org/wg/webdav/
----------------------------------------------------------------------
WSO2's PHP Play
John K. Waters, Application Development Trends
WSO2, the open-source SOA middleware maker, has joined the growing
ranks of PHP supporters with the release of its new Web Services
Framework for PHP (WSF/PHP) 2.0. The company is billing WSF/PHP as
the industry's only PHP scripting language library designed to let
developers create and consume both SOAP and REST Web services "with
the security and reliability required for an enterprise
service-oriented architecture (SOA)." The 2.0 version of WSF/PHP adds
expanded REST functionality and new data services to provide
developers with a framework for deploying PHP services. WSO2 CEO, Dr.
Sanjiva Weerawarana: "We are trying to build is a service-oriented
architecture platform that covers all aspects of SOA. WSO2 exists
to enable heterogeneous SOAs. The reason we are supporting PHP
natively is to make it possible for any PHP Web site to connect to
any kind of back-end infrastructure, with the full-scale,
enterprise-level security and reliability. It will also allow
enterprises to tap an expansive community of PHP developers with a
comprehensive framework for creating both SOAP and REST-style
services. It provides this critical bridge between tens of thousands
of PHP Web applications and the many enterprise data sources,
applications and services driving today's enterprises." REST and
SOAP are the two competing styles of Web services messaging. SOAP
(Simple Object Access Protocol) is a lightweight XML-based messaging
protocol used to encode the information in request and response
messages before sending them over a network. REST (Representational
State Transfer) is a collection of architectural principals first
outlined in HTTP-spec co-author Roy Thomas Fielding's PhD dissertation.
It's a model for Web services and Web apps based solely on HTTP. It
assumes that the Web already has everything necessary for Web
services, without having to add extra specifications such as SOAP
and UDDI. And it relies on HTTP, universal resource indicators (URI)
and standardized data formats through XML. WSF/PHP 2.0 comes with
full support for REST, SOAP, and WS-* specs, and allows a single
service to be exposed both as a SOAP-style and as a REST-style
service. WSF/PHP 2.0 is part of a family of Web Services Framework
(WSF) products the company developed to support heterogeneous
enterprise SOAs. The product family members include: WSF/Ruby,
WSF/Perl, WSF/Java, WSF/JavaScript, and WSF/Spring.
http://www.adtmag.com/article.aspx?id=23316
See also the announcement: http://wso2.com/about/news/wso2-web-services-framework-for-php-20-significantly-enhances-industry%E2%80%99s-only-php-library-for-creating-both-soap-and-rest-services/
----------------------------------------------------------------------
First Look at the T-Mobile G1
Tom Yager, InfoWorld
The first smartphone based on Google's Android marries a sophisticated
HTC handset with software features that out-maneuver iPhone. Through an
exclusive partnership with Google and Asian handset manufacturer HTC,
the T-Mobile G1 will become the first shipping mobile device based on
the Android platform. Google and company have worked hard to make the
T-Mobile G1 both affordable and easy to use. And while it's too soon
to know how far developers will take the open source Android platform,
we now know what to expect from the first Android phone to arrive on
store shelves. The T-Mobile G1's hardware design will be familiar to
users of HTC's Windows Mobile handsets, a lineup that includes the
AT&T/Cingular 8525 and T-Mobile's own Wing. This mature design, with
fashionably subtle tactile buttons underneath the display, incorporates
a touch screen that's sensitive to both fingertip and stylus, as well
as a slide out full QWERTY keyboard. In T-Mobile G1's case, the keyboard
swivels out in a half-moon motion while remaining parallel to the
display; it's got actual keys that don't take up any space on the
screen, and the keyboard disappears when you don't need it. The very
Google applications that help define iPhone, namely Google Maps and
the YouTube viewer, are present on the T-Mobile G1 as well, but with
a bit of a kick. T-Mobile demonstrated street-level maps that include
photographs of landmarks that match the user's perspective. Using the
device's GPS and accelerometer, the T-Mobile G1 becomes a sort of
viewfinder: As you turn yourself around and tilt the device, the
display shows what Google Maps thinks the scene in front of you should
look like. This it deduces from where it thinks you are or plan to go,
the direction it thinks you're facing, and the photograph that it
thinks is most recent and relevant. As one would expect, Google is
hosting the cloud for T-Mobile G1. Gmail push e-mail, Google Talk IM,
and Google's online calendar and contacts Web apps will provide mail
and sync services...
http://weblog.infoworld.com/yager/archives/2008/09/first_look_at_t.html
See also the Android Mobile Phone Platform: http://www.ddj.com/mobile/210300551
----------------------------------------------------------------------
XML Daily Newslink and Cover Pages are sponsored by:
IBM Corporation http://www.ibm.com
Oracle Corporation http://www.oracle.com
Primeton http://www.primeton.com
Sun Microsystems, Inc. http://sun.com
----------------------------------------------------------------------
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: newsletter-subscribe@xml.coverpages.org
Newsletter ***: newsletter-***@xml.coverpages.org
Newsletter help: newsletter-help@xml.coverpages.org
Cover Pages: http://xml.coverpages.org/
----------------------------------------------------------------------
