Cover Pages: XML Daily Newslink: Wednesday, 21 March 2007

A Cover Pages Publication http://xml.coverpages.org/
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
Sun Microsystems, Inc. http://sun.com

Headlines

European W3C Symposium on eGovernment Report
SCA BPEL White Paper
Rethinking SOA Governance
Liberty Alliance Struggles With Its Own Identity
IBM Gets Serious About SOA
DRAMA Project's Fedora Authentication Code Alpha Release
OpenAJAX Alliance Welcomes Microsoft at AJAXWorld
Google: AJAX is All About Abusing Standards
Web Services Tips: Operational Risk and WS-Policy

Cover Pages

Open SOA Collaboration Vendors Advance SCA and SDO Specifications for Standardization

European W3C Symposium on eGovernment Report
Staff, W3C Report

On February 1 and 2, 2007, W3C Spain Office held an European W3C Symposium on eGovernment in the Feria Internacional de Muestras de Asturias (FIDMA) at the Palacio de Congresos (International Trade Fair of Asturias), in Gijón, Spain, to understand specific government and citizens' needs related to delivery of eGovernment services over the Web, identify aspects that put Web interoperability at risk and learn how governments can deliver better and more efficient services through computer technologies. The symposium program had 11 invited talks and four panels, structured into four sessions. Most speakers came from European Governments and organizations that work closely with them. Attendance was free and open to the public. The first session was an introductory one and the reminding three had three talks each showing the point of view of the governments, citizens and organizations. After the talks there was a panel for each session to discuss issues raised during the talks and take questions from the audience. Participants considered a number of issues that affect eGovernment today, mainly the lack of interoperability, Web accessibility, need of Best Practices, privacy and identity theft issues, and others. These issues surfaced during several talks and panels. Some projects on how to deal with them were presented. There is a big difference between electronic services and "old" or "paper-based" ones. Governments seem to build the electronic ones starting from the old ones, and this does not work as expected. Electronic ones require a procedural change and a totally different approach to be effective; they should not be constraint by old ones.

See also: the press release

SCA BPEL White Paper
Mike Edwards, OSOA Technical Report

WS-BPEL, much like the OSOA Service Component Architecture (SCA), is built around the Web Services concept of separating implementation code from service interfaces. SCA and WS-BPEL, although based on similar concepts of connecting services together, do so in different ways. Fortunately, it is easy to map between the two. SCA and WS-BPEL are complementary with one another. WS-BPEL is a language for defining a business process, which can be invoked by clients and can itself invoke other services. These external interactions, together with the activities that may occur inside the process, provide a business orchestration view of a component. SCA, on the other hand, provides a compositional view of interconnection among service components. SCA does not in itself allow one to define business or application logic. This is left to the implementation languages. SCA does support the aggregation of business services without relying on application states. It models a birds-eye-view of the system that includes WS-BPEL processes and other components with which they interact. This overall view provides a convenient tool to manage the deployment and configuration of a system. The WS-BPEL Client and Implementation (C+I) Model is designed to allow any WS-BPEL 2.0 and 1.1 process to be used without them needing any knowledge of SCA. It allows any executable WS-BPEL process to be deployed into the SCA runtime without change. The SCA runtime provides features not defined by the WS-BPEL specification such as initialization of endpoint references of partnerLinks via wiring in SCA and initialization of WS-BPEL variable via SCA properties. Without SCA, such features are provided by vendor dependent mechanisms.

See also: the related SCA news

Rethinking SOA Governance
Quinton Wall, BEA Arch2Arch Technical Paper

This article looks at the incentives for organizations to undertake an effective SOA governance model through a pragmatic approach to addressing cost and profit. Through the definition of five levels of governance, pragmatic advice is given here in an attempt to address the incentives that drive many lines of business-funded initiatives that may undermine enterprise service adoption. The discussions provide insight into how a centralized governance process may actually be assisting in limiting the proliferation of non reusable services developed by individual lines of business that, through simple cost benefits analysis, determine it is cheaper to build their own rather than leverage an enterprise service. Successful governance initiatives to support SOA adoption are often detailed through two primary and complementary factors: cost and profit. Both factors form strong incentives for business leads to counter any governance recommendations and must be addressed early with the SOA initiative. Many organizations, through individual bargaining, already have established ad-hoc processes of governance. Care must be taken when centralizing this function to ensure both cost and profit remain on the charter of more mature governance models. Even as organizations centralize these governance processes, it is very difficult to sustain efficiency until a market of demand is established to promote organic growth of shared services and reuse. As the Law of Diminishing Returns identifies, there will always be a portion of IT or business functions that will not be cost-effective to transform into shared services. However, as long as the market-based demand exists, all lines of business will strive for reuse to increase profit and reduce costs.

Liberty Alliance Struggles With Its Own Identity
Alex Handy, SD Times

The Liberty Alliance is having an identity crisis. The group of vendors and independent developers that came together in 2001 to build standards and practices for digital identity management will be changing its tactics in 2007, due to what has been described as a proliferation of fear, uncertainty and doubt in the marketplace. The 6-year-old project will attempt to open its processes and discussions to the public in the coming year, something that it has not done in the past. The alliance will also be seeking out other identity management projects to foster collaboration and interoperability. At this year's RSA Conference, a noticeable number of vendors were offering new solutions to identity problems. The Liberty Alliance, however, must fight to make its solutions known, said Roger Sullivan, Liberty Alliance management board president and vice president of identity management at Oracle. Among the alliance's goals for 2007 is to collaborate with existing and new identity projects. You've got OpenID, the Identity Commons, and the Eclipse-based Project Higgins... Complicating the task of the Liberty Alliance has been the confusion around Web services and the overlap between the alliance's work and WS-* specifications, said Jason Rouault, vice president of the Liberty Alliance and CTO of identity management at HP Software. "The WS-* set of specifications are, in essence, plumbing for Web services. The Liberty work in Web services is really about the efficient profiling of how you do identity-based Web services in a secure manner. In some cases where specifications don't exist, then we add that into the [WS-*] framework. They're not two separate stacks at this point, though they might get positioned that way."

IBM Gets Serious About SOA
Edward J. Correia, SD Times

IBM has unveiled the SOA Quality Management Portfolio, a series of new and enhanced tools and services for end-to-end SOA testing and QA, part of which it claims can turn BPEL code into use cases that perform automated functional testing. Performing this feat is Tester for SOA Quality. "The bulk of the job is automating," asserted Dave Locke, IBM Rational's director of offerings marketing, in a phone interview yesterday. "For business analysts using BPEL tools to illustrate their processes, we can read BPEL in as a testing scenario and test against it. We're the only company in the world to do that," he claimed. Further automation, he said, includes the ability to analyze a service's interface and, for those lacking graphical UI characteristics, create the framework for testing them anyway. "To test a component, you have to feed it something and get something back. Having your developers build code for that testing is a time-consuming process. With this capability, we generate a shell for a GUI-less component, with all the calls and test scripts to ensure that that component really works as advertised." Supported components include those written to Web services standards such as SOAP, HTTP and UDDI, Locke said. "The component has to conform to an SOA approach for us to test it." Tester for SOA Quality begins shipping on March 27 [2007]. Also new and shipping two weeks from today is Performance Tester Extension for SOA Quality, a monitoring tool that Locke said can quickly pinpoint trouble spots in an SOA.

DRAMA Project's Fedora Authentication Code Alpha Release
Staff, DigitalKoans Blog

The DRAMA (Digital Repository Authorization Middleware Architecture) project has released an alpha version of its Fedora authentication code. DRAMA is part of the RAMP (Research Activityflow and Middleware Priorities Project) project. Here's an excerpt from the fedora-commons-users announcement about the release's features: (1) Federated authentication (using Shibboleth) for Fedora; (2) Extended XACML engine support via the introduction of an XML database for storing and querying policies and XACML requests over web services; (3) Re-factoring of Fedora XACML authorization into an interceptor layer which is separate from Fedora; (4) A new web GUI for Fedora nicknamed "mura". [From the project description: "The Research Activityflow and Middleware Priorities (RAMP) project seeks to improve national research effectiveness by addressing two of the most challenging components of the DEST/JISC E-Framework for Education and Research and the DEST Accessibility Framework—the areas of people-oriented workflows for research processes, and open standards authorisation for protected repositories. [One] challenging component of the E-Framework that RAMP addresses is open standards authorisation (using XACML). There is an increasing need for flexible management of protected content as part of repositories such as Institutional Repositories, E-Reserves, etc, but most approaches to protected content rely on hardwired or proprietary authorisation mechanisms that are inefficient, costly, inflexible and promote system lock-in. The RAMP project will address the need for open standards authorisation through the creation of a generalised XACML authorisation module that could potentially be adopted by any repository system. This module will be implemented and tested initially using the Fedora repository, based on existing work on Fedora and XACML from MAMS and ARROW. Subsequent implementation with other repository systems will be explored."]

OpenAJAX Alliance, an open industry collaboration dedicated to developing and expanding AJAX, today announced AJAXWorld Conference & Expo in New York City that its membership has grown to 72 with the addition of Microsoft Corporation and 30 other companies. "Microsoft is joining the OpenAJAX Alliance to collaborate with other industry leaders to help evolve AJAX-style development by ensuring a high degree of interoperability," said Keith Smith, group product manager of the Core Web Platform & Tools to UX Web/Client Platform & Tools team at Microsoft Corp. "By joining OpenAJAX, Microsoft is continuing its commitment to empower Web developers with technology that works cross-browser and cross-platform." The newest OpenAjax Alliance members include: 24SevenOffice, ActiveGrid, ActiveState, Appeon, Aptana, Arimaan Global Consulting, Custom Credit Systems (Thinwire), ESRI, Getahead (DWR), Global Computer Enterprises, GoETC, Helmi Technologies, HR-XML, iPolipo, Isomorphic Software, JSSL, Lightstreamer, Microsoft, MobileAware, NetScript Technologies, OpenSpot, OpenSymphony (OpenQA), OpSource, OS3.IT, Redmonk, Tealeaf Technology, Teleca Mobile, Transmend, Visible Measures, Visual WebGui and Volantis Systems. [Bertrand Le Roy Blog: "I'm extremely pleased to announce that we're joining OpenAjax today and that I'll represent the company in the organization's meetings starting this Thursday. This is a way for us to ensure that our user community can combine the Microsoft AJAX Library and ASP.NET 2.0 AJAX Extensions with other frameworks, today and in the future. Interoperability in the browser is a hard problem but it opens key Ajax scenarios. An industry-wide organization such as OpenAjax is a great way to ensure this goal is met in the long-term."]

See also: the Blog

Google: AJAX is All About Abusing Standards
Sean Michael Kerner, Internetnews.com

If there is one application that propelled the term AJAX into the mainstream it is Google Maps. Before Google Maps, the Internet world was a flat place without dragable maps and without online mailboxes that looked like their desktop counterparts. Google project manager Bret Taylor said AJAX has become a mainstream development approach since he and his team rolled out the first AJAX version of Google Maps in 2005, with sites big and small implementing the technology. "AJAX has revolutionized the way people expect Web applications to behave," Taylor told a capacity crowd at the AjaxWorld conference here. "Users now expect the same level of interactivity as the desktop." Two years ago, a WSDL would have been necessary to enable mash-ups; today, using AJAX-friendly APIs, a developer can embed a Google map with just three lines of JavaScript. What, besides Google Maps, helped AJAX use grow? Taylor argued that it wasn't standards, as most people might think. After all, HTTP, CSS, JavaScript, XML and DOM were all kicking around at the time and had not changed in years. "AJAX is not defined by standards but by abusing standards," Taylor boldly proclaimed. DOM, for example, which is supposed to be about documents, is "abused" in Google Maps because it does something it was never intended to do with graphics: cross host communication. This, Taylor explained, is achieved by abusing the JavaScript script tag injection feature...

Web Services Tips: Operational Risk and WS-Policy
Mark R. Temple-Raston, SearchWebServices.com

WS-Policy is a soon-to-be proposed W3C standard that has received a great deal of focus from both technology product vendors and their customers. As is often the case, the vendor provides one useful view, and the customer provides another. Occasionally they agree. There seems to be agreement on the importance of a policy standard for Web architectures. This is not surprising for two reasons. One, from a business perspective, policy is how a company is managed. Two, Web architectures are an increasingly important part of the global business architecture. We note that operational risk is distributed by nature—and therefore can benefit from Web architecture. Other types of financial risk, like market and credit risk, tend towards centralization and remote procedure-like calls. Service-oriented architectures must, of course, operate usefully and effectively in both environments. WS-Policy introduces a standard policy formulation that can be correctly interpreted (in other words, inter-operable) and enforced across various elements of the infrastructure. WS-Policies are expressed as valid intersections of constraints and conditions that govern how a Web service and its consumers interact. A given policy assertion in WS-Policy identifies a domain (e.g. security, messaging, reliability and transaction) and a required behavior that can be effectively managed across departments, business units and partners. Compare the WS-Policy domains just mentioned with the first five operational risk loss categories defined by the regulators. They align. It seems quite possible that the link between Operational Risk Policy and WS-Policy will yield insights into the evolution of business IT infrastructure, governance and WS-Policy.

See also: Web Services Policy

Selected from the Cover Pages, by Robin Cover

Open SOA Collaboration Vendors Advance SCA and SDO Specifications for Standardization

The OSOA Collaboration represented by eighteen leading technology vendors announced that key Service Component Architecture (SCA) and Service Data Objects (SDO) specifications have completed incubation and will be submitted to OASIS and the Java Community Process for advancement through formal standardization processes. The vendors include BEA Systems, Cape Clear, IBM Corporation, Interface21, IONA, Oracle, Primeton Technologies, Progress Software, Red Hat, Rogue Wave Software, SAP AG, Siemens AG, Software AG, Sun Microsystems, Sybase, TIBCO Software, Xcalia, and Zend. The Service Component Architecture (SCA) specifications have been in progress since 2005, and are now considered mature; the industry partners intend to turn over their standardization process to OASIS. Additionally, the partners have completed work on the SDO specifications, designed to enable uniform access to data residing in multiple locations and formats, and will turn over stewardship of SDO/Java work to the Java Community Process (JCP), and non-Java (C++) work to OASIS. The OSOA industry partners will continue to incubate and drive technology initiatives focused on simplifying SOA application development. Additionally, the group's vendor-neutral Web site (www.OSOA.org) will continue to serve as an information resource for access to draft specifications and white papers, and provide a forum for industry input and feedback.


SEARCH \| ABOUT \| INDEX \| NEWS \| CORE STANDARDS \| TECHNOLOGY REPORTS \| EVENTS \| LIBRARY

Headlines

Cover Pages

Sponsors