Cover Pages: XML Daily Newslink: Wednesday, 18 April 2007

A Cover Pages Publication http://xml.coverpages.org/
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
SAP AG http://www.sap.com

Headlines

PingFederate 4.3 Standalone SAML/WS-Federation Server
OASIS WS-Transaction 1.1 Has Been Committed
Google Releases AJAX Feed API
Sun's McNealy Calls for Merger of OASIS/ISO's ODF and China's UOF
Call for Participation: Workshop on eGovernment and the Web
Open Solutions Alliance Set to Deliver
Enabling SAML 2.0 in a Wiki
NIST MIP XML Tools Support Testing Against IRS Naming and Design Rules

PingFederate 4.3 Standalone SAML/WS-Federation Server
Staff, Ping Identity Announcement

Ping Identity has announced that PingFederate 4.3, the latest version of the company's standalone federated identity management server, is now available for download from the company Web site. PingFederate 4.3 now includes new virtualization capabilities that allow Software as a Service (SaaS) and Software on Demand providers to more easily deploy PingFederate in multi-tenant environments. PingFederate is a standalone federation server with multi-protocol capabilities for SAML 1.0, 1.1, 2.0, and WS-Federation single sign-on. The software is certified Liberty Alliance SAML 2.0 interoperable and GSA E-Authentication compliant. Federated identity management provides standards-based single sign-on (SSO) that works over the Internet. Based on the success organizations have seen with enterprise single sign-on and their desire to eliminate proprietary SSO mechanisms, a growing number are requiring their SaaS/Software on Demand providers to support the SAML identity federation protocol. SaaS providers have responded by embracing SAML in general and PingFederate specifically. PingFederate SaaS or Software on Demand customers include Advanced Health, Allscripts, ATG, InfoHRM, NelNet, Rapattoni, Rearden Commerce, Siebel CRM on Demand, SHPS, and Zantaz.

See also: SAML references

OASIS WS-Transaction 1.1 Has Been Committed
Ian Robinson, Blog

The OASIS WS-TX TC, chaired by IONA's Eric Newcomer and [IBM' Ian Robinson], has now delivered the WS-Transaction 1.1 OASIS Standard which comprises the following specifications: (1) WS-Coordination 1.1, which describes a common framework for Web services transaction models; (2) WS-AtomicTransaction 1.1, which uses WS-Coordination and describes a Web services protocol for atomic, 2PC transactions; (3) WS-BusinessActivity 1.1, which uses WS-Coordination and describes a Web services protocol for compensating transactions. The TC held its first meeting in November 2005 and took, as input, drafts of these three specs contributed by members of the TC including IBM, Microsoft, IONA, Hitachi and BEA. During the course of the TC, a number of the companies involved in the TC (IBM, Microsoft and JBoss/RedHat) developed implementations of the specifications to test the completeness of the specification by driving a number of pre-agreed AT and BA interop scenarios. We did this remotely using internet endpoints and it successfully validated all the parts of the specs covered by the scenarios. You can view the results for AT and BA scenarios. The TC will continue in maintenance mode to work on any maintenance issues brought to our attention and to produce a new version of the specifications with an updated references to WS-Policy 1.5 once the W3C has published a W3C Recommendation for WS-Policy 1.5 anticipated in August 2007.

Google Releases AJAX Feed API
Darryl K. Taft, eWEEK

Google has released a new tool to help developers more easily access data feeds. The Google AJAX Feed API simplifies mashup creation for Web developers by providing easy access to public data feeds through JavaScript. According to Bret Taylor, Google group manager for developer products, "the AJAX Feed API takes the pain out of the process by enabling developers to access feeds with just a few lines of JavaScript code instead of struggling with server-side proxies or delving into XML's complexities. One of the difficult parts of accessing data feeds is there are a lot of different versions of feed formats out there; but the AJAX Feed API does a lot of the heavy lifting in terms of which feed format is being used and then automatically supports it. You don't need to become an expert in every feed format." The AJAX Feed API supports Atom 1.0, Atom 0.3, RSS 2.0, RSS 1.0, RSS 0.94, RSS 0.93, RSS 0.92, RSS 0.91, and RSS 0.9. Moreover, using the AJAX Feed API, a developer can display a dynamic blogroll on a personal home page, display recent photos from a public Picasa Web Albums feed on a blog or even plot a feed of news events on a Google Map. The new API brings mashup creation within reach of users ranging from bloggers to hobbyists to professional coders. It can be used independently of the Google Web Toolkit.

Sun's McNealy Calls for Merger of OASIS/ISO's ODF and China's UOF
Andy Updegrove, Standards Blog

This article reports on a Beijing Conference "WTO and IPR's: Issues in Standardization," convened by the Chinese Ministry of Commerce, China's State Intellectual Property Office (SIPO) and Sun Microsystems, and supported by a half dozen other Chinese Ministries, Councils and Commissions. One of the keynote speakers was Scott McNealy, the Chairman of both Sun Microsystems and Sun Federal, Inc., Sun's government sales arm. The conference is also timely in that McNealy took a meaningful amount of time during his presentation to note that there are (in his words) three main document formats in existence today: Microsoft Office, Open Document Format (ODF) and China's Uniform Office Format (UOF). And he also called for the last two to be merged. What is significant about his statement is not the sentiment, as a harmonization or merger of the two formats has been a topic of conversation and speculation for some time. OASIS, for example, chartered a working group some months ago to explore with the Chinese how the two formats might be brought closer. At one level, ODF and UOF could be harmonized in such a way that implementations of each could natively (rather than through plugins) save documents in the other format. And at the highest level, the specifications for the two formats could actually be merged into one, which I'm told would be possible. Which approach (if either) is actually taken may have a lot to do with China's overall strategy, which for the last several years has been oriented towards developing "home grown" standards in areas where high foreign royalty payments, or product prices, would otherwise be encountered. These standards have most notably been in the area of wireless (WAPI), video (AVS), and 3G telephones (TD-SCMA), with other standards on the way. For China to give up independence with UOF would run counter to this trend, and would provide a very interesting bellwether indeed regarding China's future standards strategy.

Call for Participation: Workshop on eGovernment and the Web
Staff, W3C Announcement

W3C has announced a call for papers in connection with a Workshop "Toward More Transparent Government." This Workshop on eGovernment and the Web is co-sponsored by W3C and the Web Science Research Initiative (WSRI); it will be held 18-19 June 2007 in Washington, D.C., USA, hosted by the U.S. National Academy of Sciences. The workshop will bring together government officials, computer scientists and other academics specializing in both technical and legal eGovernment issues, leaders in the Web standards community, as well as a wide range of companies providing products and services in the government marketplace. The Workshop will help find ways of facilitating the deployment of Web standards across eGovernment sites, and help shape the ongoing research agenda in the development of Web technology and public policy in order to realize the potential of the Web for access to and use of government information. The first day will be composed of invited talks and panels concentrating on public policy goals of eGovernment strategies, as well as investigation of leading edge eGov Web applications. The second day will explore current best practices that can be gleaned from specific eGov Web applications with the aim of learning about new standardization requirements, as well as identify means to disseminate knowledge about the best practices of successful eGov applications. Internet-connected computers and the World Wide Web are revolutionizing the ways in which citizens and governments relate. Citizens can use an increasing number of services (e.g. apply for a driving license, ask for a tax return) and have easier access to information of public interest including legislation and regulatory information, basic data generated about the operation of government, public policy debates, as well as the basic information about public resources such as geospatial data.

See also: W3C Workshops and Symposia

Open Solutions Alliance Set to Deliver
Sean Michael Kerner, InternetNews.com

What is the key to open source solution interoperability? That's the question that the recently formed Open Solutions Alliance (OSA) has to answer. The group is publishing an Interoperability Roadmap that it hopes will help reduce the interoperability friction across open source software solutions. The OSA isn't likely to be publishing its own standards, but rather will be recommending how open source vendors can properly use and implement existing standards in their applications. Barry Klawans, CTO of Jaspersoft and OSA member, noted that the OSA is taking aim at a recommendation for how to implement application monitoring across open source applications. The OSA originally started in February at the LinuxWorld Open Solutions summit as a group that would just identify and make recommendations for standards. In the last two months the approach has changed a bit, according to Klawans. Apparently the OSA approach and message is one that is gaining converts, too. When the effort launched, Jaspersoft, Hyperic, EntepriseDB, Spikesource, Adaptive Planning, OpenBravo, Groundwork, CentricCRM, SourceForge.net, Collabnet and Unisys were charter members. Since then the Mambo Foundation, One point, Palamida, project.net, TalenD and the Open Source Technology Alliance have joined.

See also: the OSA web site

Enabling SAML 2.0 in a Wiki
Anders Lund and Andreas A. Solberg, Blog

Here are some slides for a presentation held at EuroCAMP in Helsinki, Finland, about how to SAML 2.0 enabling a wiki. The software used includes Dokuwiki and an OpenSSO PHP Extension (lightbulb). Dokuwiki pluggable authentication modules support ACL lists, and is using groups for authorization. OpenSSO PHP (open sourced from Sun, modified by Feide) is a pure PHP5 implementation of a SAML 2.0 SP; has extremely simple installation and configuration—but implemented as proof of concept, not yet feature-rich. Implementing an authentication module: A dokuwiki authentication module identifies whether the user is logged in or not and returns either true or false. If true it accociates the authenticated user with a list of groups the user is member of, and also sets a username and a mail address. When a user does not have a local session at the service, she is redirected to the Feide IdP with SAML 2.0 authentication request (this is done by OpenSSO php). After successfull authentication the user is sent back to OpenSSO php with a response, and the OpenSSO php library will set a session cookie for you. When a user is authenticated, you can get a userid through a OpenSSO method... After retrieving attributes and dynamic group membership generation, we set name, mail and groups readable for dokuwiki internals and return true. We configure access control of the wiki, using the dynamic groups. The auth module requires no local users at the wiki to map against. But optionally users can be configured custom group membership in a separate file.

See also: the blog

NIST MIP XML Tools Support Testing Against IRS Naming and Design Rules
KC Morris, NIST Announcement

"NIST is pleased to announce that IRS NDR tests are now available on NIST's XML Quality of Design (QOD) website Two enhancements to the website have been made. In collaboration with the Internal Revenue Service we have posted a testing profile for the adherence of XML schemas. The test profile may be used by developers of XML schemas for the IRS to see whether their are meeting the IRS guidelines. The tests for these guidelines were developed by the IRS. The second enhancement to the site is the addition of an "example page." This page is for users who want to see how the tool works. It allows a user to click on links to reach the various parts of the system, as well as, to execute some test. The page contains three sample Schematron rules encoded based on selections from the Department of Navy Naming and Design Rules (NDR) document. Each rule has associated with it two schemas: a "pass" schema with no errors and "fail" schema containing errors. The page demonstrates how to execute the rules with these schemas. The QOD tool is one of several provided by NIST for developing XML schemas for the purpose of data exchange and systems integration." From among the tools: (1) 'Naming Assister' improves schema readability and consistency, consequently speeding up future schema adoptions and implementations and provides consistent naming conventions for elements and types based on ISO 11179; (2) 'Naming Report' generates a list of terms used to construct the schema's elements, type, and attributes names; (3) 'NIST XML Schema and Validation Web Services' is a web service that can be used to remotely validate XML schema files; (4) 'Schematron Editor Tool' is a Java-based GUI tool to easily create, view, and modify Schematron constraint specification files for validating XML instances.

See also: the XML Testbed description


SEARCH \| ABOUT \| INDEX \| NEWS \| CORE STANDARDS \| TECHNOLOGY REPORTS \| EVENTS \| LIBRARY

Headlines

Sponsors