The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Last modified: April 03, 2007
XML Daily Newslink. Tuesday, 03 April 2007

A Cover Pages Publication
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
IBM Corporation

SCA and SDO Become SOA Essentials for Banking System
Rich Seeley,

How useful are the Service Component Architecture (SCA) and Service Data Objects (SDO) specifications? Alan Walters, CTO at Cachet Solutions LLC, says his bank processing system couldn't run without them. Vendors in the Open SOA group that developed SCA and SDO, and submitted them to the OASIS and JCP standards bodies late last month, have argued the specs are already mature enough to be implemented in service-oriented architecture (SOA) applications. Walters has done just that. Cachet Solutions is a startup application service provider (ASP) that is betting its future on the implementations of SCA and SDO by Rogue Wave Software, a division of Quovadx, Inc., in its HydraSCA and HydraSDO products. Walters recalled showing his initial design for a bank processing system to Cory Isaacson, president of Rogue Wave, who suggested adding the SCA and SDO technology... The ability of Rogue Wave's SDO-based tool to handle multiple data formats is important because bank and customer data comes in an unpredictable mix of old and new standards, he said. 'There's lots of different formats,' Walters said. 'That's where we talk about SDOs. You've got the old BAI (Banking Administration Institute) format, you've got custom formats that are like BAI but aren't BAI, and then you've got EDI (Electronic Data Interchange). The newer systems use XML as well.

See also: the OSOA news story

SOA Software and Red Hat JBoss Partner
Tony Baer, Computer Business Review Online

SOA Software Inc has added to its list of partnerships Red Hat Inc's JBoss. Given JBoss's growing market reach, it's not surprising that both companies already have some joint customers. The difference here is that this is the first point where both have said that they will work together and certify integration. For now, that means certifying that SOA's agents and probes work against JBoss's server offerings, initially including the JBoss Application Server, JBoss Rules, and JBoss jBPM. "This is all about SOA becoming affordable," said Roberto Medrano, executive vice president for SOA, claiming that JBoss provides a lower cost of integration compared to other middleware platforms. Admittedly, most of the details and roadmaps for the partnership have yet to be determined, although a likely next target will be JBoss's ESB offering, which is still in community preview stage. Furthermore, both companies have yet to fully scope out what the partnership will include, leaving open the possibilities of joint technology development, support, and active go-to-market strategies that might include resales. But both took pains to emphasize that the partnership has gotten beyond exploratory stage, noting that SOA's management offerings have been tested for interoperability against JBoss's appserver, and that it will be an ongoing process.

See also: the PR

Simplify XML Reads and Writes with XPath
Cameron Laird, IBM developerWorks

XPath is an XML facility that you can start to use at low cost: You might well already have it built in to the XML library with the development language you use. At the same time, XPath has the potential to improve performance significantly, and its simple expressiveness definitely simplifies programming and maintenance. This article details a few specific examples that demonstrate what a difference query methods can make in even simple XML processing. You can incorporate XPath into your existing XML program development and reap immediate rewards of performance and maintainability. To me, it's much like the use of assemblers, compilers, and higher-order languages: I could and have written entire programs in machine language, but it's simple prudence to learn higher-productivity methods. Moreover, XPath often improves performance over hand-coded searches. Once you know XPath, you'll also be in a much better position to judge whether your work with XML is so demanding that more advanced tools like XQuery and XSLT will benefit you.

Shaping the Future of Secure Ajax Mashups
Brent Ashley, IBM developerWorks

Current Web browsers weren't designed to easily and securely get content from multiple sources into one page. In this article you discover how developers have stretched the available tools to fit the task and how doing so has put strain on the resulting applications with respect to security and scalability. You also learn about several browser improvements being proposed to remedy the situation and how to become part of the conversation that will bring Web development beyond this hurdle to a new level of interoperability. When the elements comprising the current browser environments were designed, Ajax mashups were not on anybody's radar. Nothing was built into the browsers, into the Hypertext Transfer Protocol (HTTP), or into HTML or XHTML that was specifically designed to accommodate the browser's asynchronous retrieval of content from multiple sources in a secure and robust manner. Some features in the World Wide Web Consortium (W3C) HTTP specifications that might have been used for mashups, such as Document Object Model (DOM) Level 3 Load and Save Specification, were either not fully implemented or not implemented at all by a majority of browsers. Most of the techniques available for retrieving content asynchronously inherit their security from the JavaScript security model, which allows scripts to interact only with elements that originate from the same server as the page to which the script belongs. This is the Same Origin Policy, which all browsers implement. The workarounds currently in wide use to enable Ajax mashups each come at some cost. When stretching a browser's designed limits, you affect other aspects of the application's overall operation. Doing so typically causes an application to become either less secure or less scalable. As developers, we all have a stake in the outcome of these discussions.

JavaScript 'Hijacking' Vulnerability Not Expected to Dampen Enthusiasm for AJAX
Jeffrey Schwartz, Application Development Trends

A newly announced security vulnerability in AJAX-based applications will place added onus on development teams to avoid such threats, but observers say the finding is unlikely to slow AJAX's rapid growth. AJAX applications are susceptible to "JavaScipt Hijacking," allowing unauthorized individuals to read private content within JavaScript messages, according to Fortify Software, a Palo Alto, Calif.-based supplier of threat identification and remediation tools. Fortify reported on Monday, April 2, 2007 that of twelve (12) widely used AJAX frameworks and eight client-side libraries the company evaluated, only those based on DWR 2.0 (supported by TIBCO) offer measures to prevent JavaScript hijacking. The vulnerable properties include Microsoft's ASP.NET AJAX tool (code-named Atlas), the Google Web Toolkit and libraries such as Prototype, DoJo and Yahoo! UI. Forrester Research analyst Jeffrey Hammond said it is possible a large number of AJAX applications are vulnerable to this threat, but it can be easily remediated by not letting private information be transmitted from a server without appropriate authentication. Brian Chess, Fortify's cofounder and chief scientist, said the workaround is fairly straightforward and that in many cases, toolkit providers will only have to revise a few lines of code. Fortify has already alerted the toolkit and framework vendors affected and many have said fixes are coming within weeks.

WS-Context Version 1.0 Becomes an OASIS Standard
Staff, OASIS Announcement

The "Web Services Context Specification (WS-Context) Version 1.0" balloted for approval has been ratified as an OASIS Standard. Produced by members of the OASIS Web Services Composite Application Framework (WS-CAF) Technical Committee, this specification defines a generic context model for Web Services, providing support for session management. WS-Context ensures that multiple Web services deployed in a variety of execution environments behave as if they are deployed in a single, consistent environment. For example, an organization's Service Oriented Architecture (SOA) may require security information, conversational session information, database and file handles and process IDs, among other services, to be shared across multiple execution environments built on different platforms. In this situation, WS-Context helps to make certain that the Java, .NET and any other Web services in the enterprise all behave similarly and as expected at runtime. The OASIS TC was chartered in September 2003 to "define a generic and open framework for applications that contain multiple services used in combination (composite applications)... [where] multiple web services combined in composite applications require interoperable mechanisms to set the boundaries of an activity (such as start/end, or success/failure), to create, access and manage context information, and to inform participants of changes to an activity. Composite applications might also need to work with a range of transaction models, including simple activity scoping, single and two phase commit ACID transactions, and recoverable long running activities."

Why Artix Registry/Repository is Different
Eric Newcomer, Blog

I'd like to add some more perspective about why the Artix Registry/ Repository is different. Today's registry/repository solutions are what I'd call passive. That means you store metadata in them, such as WSDL files, WS-Policy assertions, and other attributes descriptive of parts of the the SOA design. And then, like any database application, you look up things about what you stored. Sometimes you can even store things related to management, such as service level agreements and policy enforcement points. But you can't translate that into deployment configurations for your runtime container. Sure, there's even a notification system to alert interested parties when a service changes. But you are still stuck using manual procedures to create and update configuration and dependency information for your runtime container, using other tools. Yes, you can use today's registries to find services, and bind to services, notify someone of a change to a service, but you cannot do anything with the runtime implementation of the service. For that you need another tool or set of tools. Current registry/repository solutions are not active, at least not in the sense that they allow you to actually do anything with the implementation of the services. They are completely and totally disconnected from the SOA runtime. Today's passive registry/repository solutions just don't give you the capability to work the metadata to configure your runtime and push the change out to the SOA infrastructure. The industry is moving toward lightweight, configurable containers, via Spring and OSGi. A lightweight, distributed runtime is much better suited to SOA. Services can directly find and interact with each other, without having to go through a central application server or EAI hub.

See also: the Artix web site

Tibco Ships Ajax Testing Tool
Antone Gonsalves, DDJ

Tibco Software on Monday [2007-04-02] released to the open source community a quality assurance, testing tool for AJAX applications. The middleware is designed for message transport systems, such as IBM's MQ Series or Microsoft MQ. The Tibco General Interface Test Automation Kit (GITAK) includes a suite of class libraries, visual tools and automated QA test cases and scenarios. The kit is meant to reduce the amount of work involved in testing AJAX components. GITAK is built on the Selenium Core open-source test tool for Web applications. Both tools run directly in a browser. GITAK automates the process of validating whether an application is performing at an acceptable level. Once a library of test cases has been built, they can be reused in testing applications and changes to them, thereby saving time for developers. The tool suite is available through Tibco's developer Web site. Tibco makes enterprise service bus software (ESB) for companies building service-oriented architectures. ESBs are a new class of middleware that give message transport systems, such as IBM's MQ Series or Microsoft MQ, greater flexibility and adaptability. Tibco, along with rivals IBM and Cape Clear, is facing increased competition from open source competitors like MuleSource's Mule server software or Red Hat's JBoss Enterprise Service Bus 4.0 platform.

See also: the announcement

FSF Releases New Draft of LGPLv3
Steven J. Vaughan-Nichols, Linux-Watch

On the heels of releasing the latest draft of the GPLv3 (General Public License version 3), the Free Software Foundation on April 3, 2007 released a new draft of the LGPLv3. The LGPL was first released as Version 2.1 in February of 1999. It was the follow-up license to the GNU Library General Public License 2.0. Under its old name, the FSF (Free Software Foundation) felt that the license was too often used inappropriately. The key difference between the GPL and LGPL licenses is that software or a library under the LGPL can be 'linked to' or 'used by' either a GPLed or a proprietary program. This program can then be distributed to users without worrying with the GPL's requirements that the LGPLed part of the code be freely available to other developers. The code that is not covered by the LGPL, however, doesn't need to be shared. Brett Smith, the FSF's licensing compliance engineer explained in a note to FSF members that the new discussion draft has been released because "the license is currently written as a set of additional permissions on top of GPLv3, a number of terms have been updated to reflect changes in the GPLv3 draft released last week. Additionally, we have made a few small adjustments to clarify particular requirements." Within the new version, you'll also find explanations for the changes the FSF are proposing to make to the LGPL.

See also: the Affero GPL project


XML Daily Newslink and Cover Pages are sponsored by:

BEA Systems, Inc.
IBM Corporation
Sun Microsystems, Inc.

XML Daily Newslink:
Newsletter Archive:
Newsletter subscribe:
Newsletter unsubscribe:
Newsletter help:
Cover Pages:

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: