A Cover Pages Publication http://xml.coverpages.org/
Provided by OASIS and Sponsor Members
Edited by Robin Cover
This issue of XML Daily Newslink is sponsored by:
Primeton http://www.primeton.com
Headlines
Standard Configuration to Give Agencies a Real Test
Jason Miller, Government Computer News
Once the National Institute of Standards and Technology, Microsoft and other federal and private-sector experts finish developing the test image for the standard Windows desktop configuration for XP and Vista, agencies will face their toughest test—literally. Public- and private-sector experts say assessing agency applications against the baseline will mean making tough decisions on whether mission-critical systems need to be changed. This also includes making choices about whether to shut off certain Internet access ports that key software programs need, whether to ask the Office of Management and Budget (OMB) for waivers to modify core security settings and how to balance need against risk. NIST will release a Security Content Automation Protocol (SCAP) that describes in Extensible Markup Language (XML) the configuration guidance and benchmarks... Network administrators will be able to start testing the secure Windows desktop image by early August [2007], when NIST releases a virtual PC and virtual security settings, according to Tim Grance, NIST's manager of systems and network security for the information technology lab. Agencies will not deploy a configuration image until it has been tested in its network environment. Once agencies create their deployment images, network administrators will have to test them to make sure they meet the baseline settings or obtain a waiver from OMB if they do not. That is where the SCAP comes in; agencies and vendors can read the XML schema and check their applications against the deployment image... [Note: NIST SCAP Standards include Common Vulnerabilities and Exposures (CVE), Common Configuration Enumeration (CCE), Common Platform Enumeration (CPE), Common Vulnerability Scoring System (CVSS), Extensible Configuration Checklist Description Format (XCCDF), and Open Vulnerability and Assessment Language (OVAL)—featuring XML encoding. SCAP seeks to encourage the development of automated checklists, particularly those that are compliant or compatible with the XCCDF and/or OVAL.
See also: Security Content Automation Protocol (SCAP)
Apache CXF: Interview with Dan Diephouse and Paul Brown
Timothy M. O'Brien, O'Reilly Articles
"Three years ago, Dan Diephouse founded the XFire project to provide an alternative to Apache Axis. In the subsequent years, XFire has matured into an easy-to-use, high-performance SOAP stack with first-class support for the Spring Framework: once the challenging newcomer, now the new standard for deploying web services on the Java platform. I recently had a chance to sit down with both Dan Diephouse and Paul Brown of Envoi Solutions to discuss the merger of XFire and IONA's Celtix project into a new project, Apache CXF, currently under incubation at the Apache Software Foundation. In the following interview, I ask both Dan and Paul about CXF. What differentiates CXF from projects like Apache Axis? How has XFire been affected by the Apache Incubator? And, some questions about corporate support of open source projects?" [Dan and Paul:] "CXF is the newer shinier version of XFire; it is version 2.0. CXF is the combination of the Celtix and XFire communities coming together at Apache. We're working on building a fully featured easy to use web services framework. Support for SOAP, WS-*, RESTful standards, different data formats like XML and JSON, also CORBA for people that enjoy that... All your XFire services will be deployable inside CXF. The code to deploy those will change a little. It's like any 2.0 we have improved the API, improved the XML dsescriptors, but your services will still work straight from one to the other. We have a migration guide that we've worked on to show you the equivalent lines of code. So, instead of these three lines of code, you have these three lines of code. For most people it should be pretty simple and doable in an hour or two. If you took most modern SOAP frameworks and compared them side-by-side and compared features, a lot of frameworks check the same boxes (and, frankly, people check the same boxes using the same components). WS-Security components in common, WS-Policy components in common. I think it comes down to the mode in which you want to interact with a piece of software. Your relationship with the community. People will find things about Axis they like and they will want to use Axis, they will find things about CXF that make them want to use CXF... Spring support is very much a priority. We have support for Spring through and through, and the default mode of operation actually includes a Spring container. We support the Spring 2.0 syntax, and it is easy to declare beans or services inside Spring; it's very easy to use WS-Policy inside Spring."
See also: Apache CXF - An Open Source Service Framework
Versioning XML Languages Using XML Schema 1.1
David Orchard (ed), W3C Technical Report
Members of the W3C XML Schema Working Group have released an updated Working Draft for "Guide to Versioning XML Languages using new XML Schema 1.1 Features." The document is intended to provide an easily approachable description of the new versioning features in the XML Schema definition language, and should be used alongside the formal descriptions of the language contained in Parts 1 and 2 of the XML Schema Recommendation. The intended audience of this document includes application developers whose programs read and write schema documents, and schema authors who need to know about the features of the language, especially features that provide functionality above and beyond what is provided by DTDs. The examples and other explanatory material are provided to help you understand XML Schema, but they may not always provide definitive answers. In such cases, you will need to refer to the XML Schema specification. To help you do this, we provide many links pointing to the relevant parts of the specification. The W3C Technical Architecture Group is working on a TAG Finding that provides a language-independent rationale and description of languages, extensibility, versioning, and compatibility, and an XML specific finding; they are suggested reading for these topics. Creating and using multiple versions of a language is common and useful. As described in the Draft TAG finding, extensibility is a key contributor to versioning. It can enable forwards and backwards compatible versioning. The majority of this guide focuses on XML Schema 1.1 Part 1 extensibility techniques that enable forwards-compatible versioning. In schema terms, this is when a schema processor with an older schema can process and validate an instance that is valid against a newer schema. This does not include any material that describes versioning in schema 1.0. Every example shown is in Schema 1.1 and is illegal in Schema 1.0 unless otherwise stated.
See also: the W3C news item
WSO2 Web Services Application Server Version 2.0
Staff, WSO2 Announcement
WSO2, an open source middleware company, announced version 2.0 of the WSO2 Web Services Application Server (WSAS), which sets new standards for simplifying the delivery of Web services. WSAS 2.0 features the first data services to easily tap relational databases for mashups, Eclipse integration to let developers work directly in the IDE, and the first clustering available on a Web services server. WSO2 WSAS is a lightweight application server for Web services that incorporates leading open source components into a simple, easy-to-use and highly performant package. It supports Java components as services using both SOAP and REST models. Web services support include WS-Security, WS-Trust, WS-SecureConversation, WS-Reliable Messaging, WS-Addressing, WS-Policy, WS-SecurityPolicy and more, giving a full secure and reliable infrastructure that interoperates with both J2EE and .NET frameworks using open standard protocols. WSO2 WSAS is built on Apache Axis2, the popular Web services framework mainly developed by WSO2 engineers. It integrates other core Apache Web services projects such as Apache Axiom, Apache Rampart, Apache Sandesha2 and Apache Neethi to form a production quality, comprehensive Web services server platform. An open source product, WSO2 WSAS is available under the Apache Software License (v2.0). This includes all of the extra integration and management functionalities as well. WSO2 WSAS can be used as a standalone server or within a J2EE compliant servlet container. It also contains client components required to communicate with services. The support for WS-ReliableMessaging and WS-Security means that WSO2 WSAS is ideal for hosting B2B solutions, or building enterprise class integrated applications.
See also: the WSO2 web site
Microsoft Releases IronRuby
Darryl K. Taft, eWEEK
At the O'Reilly Open Source Convention in Portland, Oregon, Microsoft announced that it will deliver via RubyForge a core set of features of IronRuby, the company's implementation of the Ruby language, to solicit community feedback. RubyForge is a collaborative software development management system dedicated to projects related to the Ruby programming language. IronRuby is implemented on top of the DLR, a set of services that run on top of the CLR (Common Language Runtime) 2.0 and are used to execute dynamic languages on the .Net Framework. IronRuby will be fully integrated with the .Net Framework and will be able to run crossplatform through Silverlight 1.1 as well as run on Windows desktop and server platforms through all versions of the .Net Framework. Microsoft first introduced IronRuby and the DLR at its MIX conference in Las Vegas in April 2007, when it announced that the DLR and IronPython would be released on the Microsoft CodePlex community development site under the Microsoft Permissive License.
Xcalia Releases Intermediation Core (XIC) Version 1.5
Staff, Xcalia Announcement
Xcalia, a leading provider of dynamic integration software, has announced Xcalia Intermediation Core (XIC) version 5.1 featuring Data Access Service (DAS). Companies can now utilize a single solution to enable access to heterogeneous data sources based on Java, .NET and web services. Xcalia DAS also leverages the SDO and DAS standards as specified by the OASIS and Open SOA organizations, ensuring that customers can architect their solutions in synch with evolving industry standards initiatives... Main features of XIC 5.1 include: (1) XIC Data Access Service (DAS): XIC 5.1 now exposes a generic web services CRUD interface to allow for more interoperability and easier access for clients using any technology. XIC can now be used by any web service consumer programming language like BPEL or workflow engines. (2) SDO 2.01 Support: XIC 5.1 is now compliant with SDO 2.01. The Service Data Object (SDO) standard has been elaborated within the Open SOA standard committee... since March 2007, transferred to OASIS... (3) Microsoft .NET Support: starting with version 5.1, XIC comes with a .NET client for SDO 2, in addition to the already available Java client that was made available in XIC 5.0. Microsoft .NET applications written in C#, VisualBasic or any other .NET-compliant programming language can now rely on XIC to manipulate the various enterprise data sources supported by XIC, including RDBMS, XML, web services, mainframe transactions, and packaged applications. (4) Cost-based Execution Plans: XIC 5.1 now comes with an execution plan cost calculation framework, with several out-of-the-box cost calculators as well as the ability for clients to plug in their own execution plan cost calculators. (5) Enhanced Natural Language-Based Service Method Behavior Syntax: As a result of feedback received after our initial release of XIC's dynamic composition capabilities, we have revamped the syntax of SMBL, our service method behavior language, to follow a more natural language-based, third party narrative style...
See also: the Xcalia web site
Sponsors
XML Daily Newslink and Cover Pages are sponsored by:
BEA Systems, Inc. | http://www.bea.com |
IBM Corporation | http://www.ibm.com |
Primeton | http://www.primeton.com |
SAP AG | http://www.sap.com |
Sun Microsystems, Inc. | http://sun.com |
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: newsletter-subscribe@xml.coverpages.org
Newsletter unsubscribe: newsletter-unsubscribe@xml.coverpages.org
Newsletter help: newsletter-help@xml.coverpages.org
Cover Pages: http://xml.coverpages.org/