This issue of XML Daily Newslink is sponsored by:
- SOA Security: One Treacherous Journey
- ElementTraversal for DOM Navigation: Working Draft
- XQuery, libferris, and Virtual Filesystems
- OASIS Announces Formation of Service Component Architecture TCs
- Device Independent Authoring Language (DIAL): New Working Draft
- Can BPM and Supply Chain Go Mainstream?
- Putting People Before BPEL
- OSI Approves New Open-Source License
- Java Web Services: Axis2 Data Binding
- ODF Plugin for Office: Walk-Through Slide Show
SOA Security: One Treacherous Journey
Andy Dornan, InformationWeek
Are you ready to deal with the risks of opening your service-oriented architecture to business partners? The biggest conflict is over identity management, the complex exercise of ensuring that a user or process logged on to one company's systems is authorized to use those of a partner. Most of [WS] standards eventually will be supported by all vendors in both the Enterprise Service Bus and Web services management areas, though at present they're too new to have had much impact on users. The exception is federated identity, where the relatively new WS-Federation and WS-Trust are competing with SAML 2.0, an established standard also published by Oasis. Federated identity aims to enable single sign-on by separating authentication from the resource being accessed A user logs on to an identity provider that provides him with a credential that can then be used to access multiple resources. The credential, called an "assertion" in SAML and a "token" in WS-Trust, is similar to a digital certificate; it vouches for the user's identity and adds information, such as how the user is authenticated and when. SAML covers the entire SSO process, while the WS-* stack splits it into two standards: WS-Trust handles initial authentication and issuing of tokens, then WS-Federation covers the use of those tokens to access other resources. The main practical difference is that SAML uses XML Encryption and XML Signature directly, meaning it can work with REST, whereas WS-Federation requires SOAP. SAML also has a large installed base, though this may not count for much because Microsoft has thrown its weight behind WS-Federation and said it will not support SAML. Unlike some other standards battles, this isn't simply a case of Microsoft vs. everyone else. Microsoft developed WS-Federation with IBM, which is also a big backer of SAML, and every other vendor in the SAML camp has promised to support WS-Federation if there's a demand for it. In the long term, it's likely that both will be used: WS-Federation in Microsoft and SOAP environments, SAML in REST Web services.
See also: the OASIS WSFED Technical Committee
ElementTraversal for DOM Navigation: Working Draft
Doug Schepers (ed), W3C Technical Report
W3C announced that members of the Web API Working Group have released the First Public Working Draft for the "ElementTraversal Specification." The specification defines the ElementTraversal interface, which allows script navigation of the elements of a DOM tree, excluding all other nodes in the DOM, such as text nodes. It also provides a property to expose the number of child elements of an element. It is intended to provide a more convenient alternative to existing DOM navigation interfaces, with a low implementation footprint. The document was originally published as part of the SVG Tiny 1.2 specification in the SVG namespace. At the request of the SVG, CDF, JCP, and other groups, it was transferred to the WebAPI WG, and migrated to DOM and DOM namespace as a generic facility. The Node interface is the primary datatype for the entire Document Object Model; it represents a single node in the document tree. The Node interface defines 11 node types, but most commonly authors wish to operate solely on nodeType 1, the element node. Other node types include the document element and text nodes, which include whitespace and line breaks. DOM 1 node traversal includes all of these node types, which is often a source of confusion for authors and which requires an extra step for authors to confirm that the expected element node interfaces are available. This introduces an additional performance constraint. ElementTraversal is an interface that allows the author to restrict navigation to element nodes. It permits navigation from an element to its first element child, its last element child, and to its next or previous element siblings. Because the implementation exposes only the element nodes, the memory and computational footprint of the DOM representation can be optimized for constrained devices.
See also: W3C Rich Web Clients Activity Statement
XQuery, libferris, and Virtual Filesystems
Ben Martin, XML.com
By bringing together an XQuery engine and a virtual filesystem you can use a familiar query language to access relational databases, Berkeley db4 databases, kernel filesystems, and network files as well as XML. The combination of XQilla and libferris allows you to combine access to the many filesystems that are supported by libferris within a single XQuery. In the case of db4 and XML, you can select between the two formats to gain the performance you desire with very little change to the XQuery itself. libferris, at its, core is a virtual filesystem allowing many different data sources to be exposed through a filesystem interface. These include the expected things like 'file://', 'http://', 'ftp://' as well as not-so-expected things like databases, XML files, and even applications like emacs, Evolution, XWindow, and Firefox. For example, a slight change in an XPath expression to use a db4 file instead of an XML file for a customer lookup can substantially improve query performance. Using a db4 file to perform a lookup is faster because the db4 file is indexed and the right piece of information can be directly accessed in only a few disk seeks. Using an XML file for the lookup table would require reading the whole file and parsing it; then there is no index in RAM so searching a large DOM would also require time. libferris is available for POSIX platforms. Because the data model of db4 is fairly flexible, both db4 and XML can appear very similar with libferris. The main difference is the underlying data storage; for example, slight modifications to db4 are much faster than for XML (db4 can save only the changes, XML updates usually mean streaming the entire DOM to disk).
OASIS Announces Formation of Service Component Architecture TCs
Staff, OASIS Announcement
On July 27, 2007 OASIS announced a Call for Participation in the six new Service Component Architecture (SCA) Technical Committees, as anticipated in the earlier publication of proposed TC charters: SCA-Assembly, SCA-Policy, SCA-Bindings, SCA-BPEL, SCA-J, and SCA-C-C++. "Service Component Architecture (SCA) defines a model for the creation of business solutions using a Service-Oriented Architecture, based on the concept of Service Components which offer services and which make references to other services. SCA models business solutions as compositions of groups of service components, wired together in a configuration that satisfies the business goals. SCA applies aspects such as communication methods and policies for infrastructure capabilities such as security and transactions through metadata attached to the compositions." (1) The purpose of the Service Component Architecture / Assembly Technical Committee is to define the core composition model of Service Component Architecture. (2) The purpose of the SCA-Policy TC is to define a Policy Framework and policies Reliable Messaging, Security and Transactions for the Service Component Architecture. (3) The purpose of the SCA-Bindings TC is to standardize bindings for the SCA services and references to various communication protocols, technologies and frameworks. (4) The SCA-BPEL TC will specify how SCA component implementations can be written using the WS-BPEL language; the SCA WS-BPEL specification must allow any executable WS-BPEL 2.0 and BPEL4WS 1.1 process to be used without any knowledge of SCA. (5) The purpose of the SCA-J TC is to develop specifications that standardize the use of the use of Java technologies within an SCA domain. (6) The purpose of the SCA-C TC is to develop specifications that standardize the use of C and C++ technologies within an SCA domain.
See also: the SCA-Assembly CFP
Device Independent Authoring Language (DIAL): New Working Draft
Kevin Smith (ed), W3C Technical Report
W3C's Ubiquitous Web Applications Working Group has published an updated Working Draft for the "Device Independent Authoring Language (DIAL)" specification. DIAL version 1 is a profile of XHTML, XForms and DISelect. Authoring Web page content in DIAL frees developers from the need to deal with the myriad variations across devices. That task is devolved to content adaptation software that transforms the content and associated resources to suit particular delivery contexts. In addition, DIAL enables higher level authoring tools through the ability to capture the author's intent more effectively than is possible when authoring directly in HTML. In other words, DIAL facilitates writing a Web page that can be presented by a range of devices, with differing capabilities and states; and consumed by users with differing preferences and entitlements (such varying conditions are illustrated in 'Delivery context characteristics'). This is achieved by allowing authors to declare authorial intent as to the conditions under which content should be chosen or filtered. In this simple example, the author intends that users subscribing to a service receive a premium representation of a content item, and other users receive a regular representation.
Can BPM and Supply Chain Go Mainstream?
David Worthington, SD Times
Microsoft contends BizTalk will change the economics of BPM. Business process and supply chain management are often thought of as tools for big shops, with steep price tags that only the Fortune 1000 can tolerate. But Microsoft aims to democratize both spaces by reducing costs and building out a partner ecosystem based on its forthcoming BizTalk 2006 R2. Burley Kawasaki, director of Microsoft's Connected Systems Division, reiterated that point when he revealed in July  that R2 would become generally available this September. Kawasaki said that Microsoft had cracked the code in terms of driving down costs: 'Many companies cannot start BPM projects. Taking a mainstream approach makes it much more accessible to the average program manager.' Kawasaki added that Microsoft will give customers the option to purchase a SOA and Business Process Pack alongside Biz Talk 2006 R2 and will provide vertical industry-specific supply chain solutions as part of the core platform. BizTalk Server 2006 R2 is central to Microsoft's RFID strategy, which places BizTalk in the middle of an integrated stack of RFID data, back-end systems and line-of-business applications. Kawasaki said that hub-and-spoke scenarios are typically not addressed by most integration and SOA type infrastructures. Microsoft has also announced more general plans to provide technical guidance to customers that are embarking on BPM projects, and is forming an ecosystem of ISVs, channel development partners and systems integrators around its platform. A network of ISVs called the Business Process Alliance is extending the functionality of the Windows platform for BPM.
Putting People Before BPEL
David Worthington, SD Times
A cadre of companies are collaborating to extend BPEL language for human involvement. Automated business processes contain a paradox. How can a process be automated at those points where people are involved? Many general-purpose business processes cannot be executed without human interaction, making it inherently more difficult to model processes with Business Process Execution Language (BPEL). The group of vendors have dubbed their solution to this problem 'BPEL4People' but its impact is a matter for debate. BPEL is a business process modeling language that provides an executable model based on Web services. BPEL 2.0 was approved by OASIS in April 2007, and vendors are already trying to plug the gaps it leaves in the areas where humans interact. Active Endpoints, Adobe Systems, BEA Systems, IBM, Oracle and SAP are collaborating to extend BPEL to support a broad range of human interaction patterns, extending its modeling capabilities. Diane Jordan, program director for IBM emerging Internet software standards, said that the impetus for a common effort was that BPEL implementations were diverging along this line, and vendors were tempted to address the problem with stopgap proprietary extensions. The BPEL4People specifications -- two specifications that build on the BPEL language—were published on June 25, 2007. WS-BPEL Extension for People defines how to describe human tasks in a BPEL process. The tasks may be incorporated as components in BPEL process definitions.
See also: the recent announcement
OSI Approves New Open-Source License
Peter Galli, eWEEK
The Open Source Initiative (OSI) on July 25, 2007 approved its first new license in quite some time: the Common Public Attribution License (CPAL), which is essentially the Mozilla Public License with a new attribution clause. Socialtext, the company which provides enterprise wikis, started the process some nine months ago with its original submission to the OSI, known as the General Attribution Provision, or GAP, with the goal of filling a gap that exists in open-source licensing around attribution, he said. The reason for that submission was that there were about 40 Mozilla-like attribution licenses, none of which followed the OSI submission process, including SugarCRM, Scalix, MuleSource, and Zimbra. Several of those licenses require developers to use "badgeware," a prominent display of the licensing company's chosen logo, if they use the code. In SugarCRM's case, that is a "Powered by SugarCRM" logo that must be at least 106 by 23 pixels in size. This, in turn, must link to the SugarCRM open-source Web site. Socialtext wanted to follow the community process and try to get a license approved, which would allow them to say that they were OSI-certified and call themselves an open-source company.
See also: the CPAL license
Java Web Services: Axis2 Data Binding
Dennis Sosnoski, IBM developerWorks
Even though XML message exchange is at the core of Web services, most Web service applications aren't concerned with XML. Instead, these applications want to exchange business data that's specific to the application. XML is, in this case, just a format used to represent the business data to support a Web service interface. XML works well for this purpose, because it provides a platform-independent representation that can be handled by a variety of tools. But applications ultimately need to convert the XML to or from their own internal data structures to use the data within the application. Data binding is the term used for techniques that handle this conversion between XML and application data structures. It's possible to write custom data-binding code for an application, but most developers find it more convenient to work with data-binding frameworks that handle conversions in a generic manner, applicable to a wide variety of applications. One of the main strengths of the Apache Axis2 Web services framework is that it was designed from the beginning to work with a variety of data-binding frameworks. You can pick the data-binding approach that best suits your needs and use that approach to handle conversions between XML and data structures while using the Axis2 framework (and extensions) to handle the actual Web services work. This article shows you how to use Axis2's data-binding flexibility with sample code for the same Web service implemented using three of the data bindings supported. Find out why you might prefer one of the data bindings over the others.
ODF Plugin for Office: Walk-Through Slide Show
Staff, eWEEK Labs
This presentation looks at how Sun's ODF plug-in aids MS Office interoperability, using 19 annotated slides. Sun's plug-in adds ODF support to MS Office. Installation of the Sun plug-in is easy, requires no other downloads. Wizards guide users through installation and set-up of the Sun ODF Plugin. [One of] the presentation problems: a hyperlink on the original ODP presentation's opening page did not translate into the modified .odp file. Formatting issues: Shading from the original .odp presentation didn't translate into the file saved and modified to .ppt in Office. Footer incompatibilities were found between original and modified files: The modified .odt file in Word failed to reproduce the document's entire page range inside the footer. Instead, the page range appeared as: "Page 3 of." The original and modified .ods files fare well: No discernable differences cropped up between the original .ods spreadsheet and the spreadsheet modified and saved to .ods in Office. A few DLL files needed to be relocated in order to get the ODF plug-in working properly with Word. As to default formatting: ODF could be set as Word's default format. Importing and exporting files: Spreadsheets must be imported explicitly — simply double-clicking on ODP files will bring on an unknown file type dialog. See the eWEEK software review. [Similar SourceForge Project: OpenXML/ODF Translator Add-in for Office. According to the SourceForge Project description, the goal for the project "is to provide translators to allow for interoperability between applications based on ODF (OpenDocument) 1.0 standards and Microsoft OpenXML based Office applications. As a part of this interoperability initiative, add-ins are being developed that can be installed on top of Microsoft Office Word (document processing), Excel (spreadsheet) and PowerPoint (presentation) applications (Office 2007 / 2003 / XP version) to allow for opening and saving OpenDocument format / ODF files (.odt, .ods and .odp) that adheres to ODF 1.0 specifications. We also provide command line translator utilities that allow doing batch conversions. The converter is based on XSL transformations between two XML formats, along with some pre- and post-processing to manage the packaging (zip / unzip), schema incompatibility processings and the integration into Microsoft Office applications like Word, Excel and PowerPoint. We chose to use an Open Source development model that allows developers from all around the world to participate and contribute to the project."]
See also [link corr.]: the download
XML Daily Newslink and Cover Pages are sponsored by:
|BEA Systems, Inc.||http://www.bea.com|
|Sun Microsystems, Inc.||http://sun.com|
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: firstname.lastname@example.org
Newsletter unsubscribe: email@example.com
Newsletter help: firstname.lastname@example.org
Cover Pages: http://xml.coverpages.org/