This issue of XML Daily Newslink is sponsored by:
IBM Corporation http://www.ibm.com
- OGC Announces Web Services Phase 5 Interoperability Initiative
- New OASIS Standard: Web Services Transaction (WS-Transaction) V1.1
- Web Services Business Process Execution Language Version 2.0 Primer
- Component Model for Process Constructs: The Process Virtual Machine
- Of MOICE and Microsoft: Securing Office 2003
- Three Open Source Web Service Testing Tools Get High Marks
- Agreement Concerning Partial Support of the SAML 2.0 Standard
OGC Announces Web Services Phase 5 Interoperability Initiative
Staff, Open Geospatial Consortium Announcement
The Open Geospatial Consortium (OGC) has issued a Request for Quotes/Call for Participation (RFQ/CFP) for the OGC Web Services, Phase 5 (OWS-5) Interoperability Initiative, a testbed to advance OGC's open geospatial interoperability framework. Based on sponsor requirements, the OWS-5 initiative is organized as six threads over two initiative phases: (1) Sensor Web Enablement (SWE), (2) Geo Processing Workflow (GPW), (3) Information Communities' Semantics (ICS), (4) Agile Geography, (5) Compliance Testing (CITE), (6) CAD/GIS/BIM. Significant work items include geospatial Web service chaining and workflow, enhancements to the XML-based KML language, practical application of the Sensor Web, and application of GML to real-world scenarios. The Agile Geography testbed focuses on process integration and 'right-sizing' of services to demonstrate the power of interoperability and service-oriented architectures using OGC Web Services. The Agile Geography thread has two distinct activities. The first explores the future of KML, OWS Context, and lightweight payloads of geospatial information on the Web in general, applying the concepts of links, bookmarks and Web pages to digital cartography and geospatial information management. Participants will explore the harmonization of KML and OWS Context XML encodings and prototype client and server software that exploits these document types. The second activity-GeoSynchronization and Sharing-extends the WFS-Transactional architecture to target a federated environment. OWS testbeds are part of OGC's Interoperability Program, a global, hands-on and collaborative prototyping program designed to rapidly develop, test and deliver proven candidate specifications into OGC's Specification Program, where they are formalized for public release. In OGC's Interoperability Initiatives, international teams of technology providers work together to solve specific geoprocessing interoperability problems posed by the Initiative's sponsoring organizations.
See also: Geography Markup Language (GML)
New OASIS Standard: Web Services Transaction (WS-Transaction) V1.1
Staff, OASIS Announcement
OASIS announced that its members have approved Web Services Transaction (WS-Transaction) version 1.1 as an OASIS Standard. WS-Transaction describes an extensible framework for providing protocols that coordinate the actions of distributed applications. Such coordination protocols can be used to support a wide variety of applications that require consistent agreement on the outcome of distributed transactions. WS-Transaction is offered on a Royalty-Free basis, as provided under OASIS policies. The WS-Transaction OASIS Standard comprises three specifications: WS-Coordination; WS-AtomicTransaction; and WS-BusinessActivity. WS-Coordination enables an application service to create the context necessary for propagating an activity to other services. WS-AtomicTransaction defines agreement protocols for short-lived activities having the all-or-nothing property, and WS-BusinessActivity defines protocols for long-running transactions that require compensation-based agreement. Working together, these specifications enable existing transaction processing, workflow, and other systems to hide their proprietary protocols and operate in a heterogeneous environment. Ian Robinson (IBM), co-chair of the OASIS WS-TX Technical Committee: "The technical committee recognized that there is no single transaction model appropriate for all use cases, and so WS-Transaction defines an extensible coordination framework that accommodates classic two-phase-commit, as well as more relaxed forms of transactions with isolation behavior appropriate in loosely-coupled systems." The WS-Transaction OASIS Standard was developed by representatives of Active Endpoints, Adobe Systems, AmberPoint, BEA Systems, Fujitsu, Hitachi, IBM, IONA, Microsoft, Nortel, Oracle, Red Hat, Ricoh, Sun Microsystems, TIBCO, and others.
See also: the TS-TX TC web site
Web Services Business Process Execution Language Version 2.0 Primer
OASIS WSBPEL TC Editorial Team, WS-BPEL Language Guide
Members of the OASIS Web Services Business Process Execution Language (WSBPEL) Technical Committee have published a final version of the "Web Services Business Process Execution Language Version 2.0 Primer." The WS-BPEL 2.0 specification provides a language for formally describing business processes and business interaction protocols. WS-BPEL was designed to extend the Web Services interaction model to support business transactions. The WS-BPEL Primer is a non-normative document intended to provide an easy to read explanation of the WS-BPEL 2.0 specification. It is designed to help readers understand the concepts and major components of the WS-BPEL language and assist readers in recognizing appropriate scenarios for using WS-BPEL. The document describes several features of WS-BPEL using examples and extensive references to the normative specification. WS-BPEL is designed to fit naturally into the Web services stack. In WS-BPEL, a business processes interact with services through Web services invocations, and are themselves externalized as Web services. This recursive composition enables a BPEL process to leverage the interoperability provided by the lower levels of the Web Services stack, such as WSDL, SOAP, and WS-Addressing. Application and business services can be designed to be process-agnostic and reusable. The business process assumes the management and coordination of state, freeing constituent services from a number of design constraints. Additionally, the business process logic is centralized in one location, as opposed to being distributed across and embedded within multiple services.
See also: the OASIS WSBPEL TC
Component Model for Process Constructs: The Process Virtual Machine
Tom Baeyens and Miguel Valdes Faura, JBoss Library
There are many process languages for Business Process Management (BPM), workflow and orchestration. There are two aspects to workflow: the process modelling aspect and the software implementation aspect. The biggest problem in workflow technologies today is that they don't handle the dual nature of those technologies properly. The main goal of this paper is to fix exactly that problem. The Process Virtual Machine does not define a process language. Instead it acknowledges some process language might be better suited for a certain situation then another and hence, there will be multiple process languages coexisting. The Process Virtual Machine defines a common model that can be shared between all the graph based execution languages. It also includes a strategy on how process constructs can be seen as software components. This will enable support for multiple process languages and also it will show much clearer how process technology fits right into software development projects. The article briefly describes process languages for which we have proven that they can be build on top of the Process Virtual Machine: BPEL (describes BPEL as an executable language to script web services as a function of other web services); XPDL (a standardized BPM process language; all references to resources, automatic activities and applications are adressed indirectly, meaning there is no implicit assumption of a technological environment such as enterprise Java or an ESB; jPDL (a process language of the JBoss jBPM platform, in essense the simplest wrapper around the Process Virtual Machine, to make it available in a Java environment); SEAM pageflow (a language that describes the navigation between web pages of a SEAM application graphically; nodes in the diagram represent pages and transitions represent the navigation between the pages).
See also: Messaging and Transaction Coordination
Of MOICE and Microsoft: Securing Office 2003
Brian Prince, eWEEK
Microsoft officials say plans are on the way for a weapon that can help protect Office 2003 from attacks, though users of even older versions of Office may find themselves left out in the cold. The company is developing a tool called MOICE (Microsoft Office Isolated Conversion Environment), which converts files from Office 2003 to the new Office 2007 Open XML format in a bid to strip exploits out of the file. Once a file has been cleansed of exploits, it can be opened as normal in Office 2003. Microsoft officials gave no specific date for when MOICE would be ready, but said the Redmond, Wash., company is working to make it available as soon as possible. The tool is specifically aimed at Office 2003. However, people using older versions such as Office 2000 or Office XP can use a compatibility pack that enables users to open, edit and save files in the Office 2007 format. John Pescatore (Gartner) says: "MOICE is not an end-all to the malicious or malformed Office .doc problem... But for enterprises that want to stay on Office 2003 for a few more years and have not invested in the desktop security products from folks like McAfee, Symantec and others that have behavior-based malware protections, MOICE will give a good increase in security." Josh Edwards, technical product manager for Microsoft Office, said the conversions take place in an isolated sandbox environment so they can be done securely. The tool was designed with enterprises in mind, he said, explaining that attacks involving MS Office are typically targeted attacks and not simply sent to the everyday user. The additional security comes with a potential drawback, though: It will take longer to open files, particularly large ones; just how long can depend on many factors, such as whether or not the document includes graphics: "The user will notice—is it something where you'll get up and get a coffee? No."
See also: Techtarget.com
Three Open Source Web Service Testing Tools Get High Marks
Rick Grehan, InfoWorld
In this software review, the author examined three tools that purport to verify that your Web services do what they are supposed to do, that they resist graceless failure, and that they conduct themselves with efficiency. The tools are soapUI, TestMaker, and WebInject. All are open source, and are available for free download and incorporation into your next Web services project. "If you need to assemble some code quickly for hurling tests at your Web service? WebInject is the logical choice; you'll be buffeting your Web service code in an afternoon. If you need a high-end tool that lets you create powerful tests that can be extended to draw upon other system resources—the filesystem, databases, e-mail, and such— then roll up your sleeves and plow into TestMaker. Grab a Jython manual first, though, and prepare yourself for some heavy lifting. I prefer the middle balance struck by soapUI. The skeletal tests created by soapUI's wizard were easier to flesh out than those built by TestMaker. In terms of how these products compare to commercial Web service testing tools, I'd say it's a mixed bag... they're somewhat less user-friendly than commercial tools and if you need to do something complex, you have to build it yourself. TestMaker comes closest to looking like a commercial product, but having to learn Jython means that it takes longer to set up some tests than it would with, say, Mindreef's SoapScope. soapUI is a tad less professional looking, but makes up for it by allowing you to construct useable tests without having to program. WebInject, however, is definitely a developer's tool. You need to know SOAP to use it well, and it isn't going to be as capable as soapUI or TestMaker because its test cases are very much driven by templates.
Agreement Concerning Partial Support of the SAML 2.0 Standard
Tilmeld Nyhedsbrev and Soren Peter Nielsen, OIO News
In 2006 the National IT and Telecom Agency sent an inquiry to Microsoft with an appeal for support of the open SAML 2.0 standard in Microsoft's products. This happened partly due to a wish to force the integration costs down by utilizing the same open standards for integration, and partly because the specification WS-Federation, that Microsoft uses is not interoperable with the common public recommended SAML 2.0 federation standard. The ongoing dialog between the National IT and Telecom Agency and Microsoft has resulted in an agreement on partial support of the SAML 2.0 standard in Microsoft's forthcoming version of their federation product named Active Directory Federation Services 2. The text agreed upon is as follows: "The Danish public sector has chosen SAML 2.0 as their federation standard. Microsoft products use WS-Federation and WS-Trust as the foundation of their federated identity architecture. The Danish government has agreed that the SAML 2.0 token format is sufficient to provide basic interoperability between WS-Federation and SAML 2.0 environments as a common assertion format, without loss of authentication integrity. To support interoperability between WS-Federation and SAML 2.0 based products Microsoft has agreed to support the SAML 2.0 token format in the future release of Active Directory Federation Services code-named Active Directory Federation Services '2'. Microsoft will provide the Danish public sector Centre of Service Oriented Infrastructure with pre-release code to help analysis and planning of solutions for integrating WS-Federation-based clients in the Danish federation, and to collect feedback on the feature implementation. In addition, the co-authors of WS-Federation (including Microsoft) have submitted the specification to OASIS for standardization. This step further enables interoperability between federated environments that deploy SAML 2.0-based products and those that deploy WS-Federation-based products..."
See also: GotzeBlogged
XML Daily Newslink and Cover Pages are sponsored by:
|BEA Systems, Inc.||http://www.bea.com|
|Sun Microsystems, Inc.||http://sun.com|
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: firstname.lastname@example.org
Newsletter unsubscribe: email@example.com
Newsletter help: firstname.lastname@example.org
Cover Pages: http://xml.coverpages.org/