Cover Pages: XML Daily Newslink: Wednesday, 22 August 2007

A Cover Pages Publication http://xml.coverpages.org/
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
EDS http://www.eds.com

Headlines

Session Initiation Protocol (SIP) Event Package for the Common Alerting Protocol (CAP)
Generating Semantically Precise XForms Applications Using the National Information Exchange Model (NIEM)
Public Review for OASIS Production Planning and Scheduling Specification
Mozilla Aims at Cross-Site Scripting With FF3
XML to DDL Imports, Synchronizes Database Schemata
WSO2 Web Services Open Source Framework for PHP (WSF/PHP) 1.0
CECID Launches Community Website for Hermes Messaging Gateway v2.0 (H2O)
Webswell Connect 2.1: AS2, SOA, and ebxml Integration Tool

Session Initiation Protocol (SIP) Event Package for the Common Alerting Protocol (CAP)
Brian Rosen, Henning Schulzrinne, Hannes Tschofenig (eds), IETF I-D

IETF has published an initial release of an Internet Draft for "Session Initiation Protocol (SIP) Event Package for the Common Alerting Protocol (CAP)." The memo defined a method to allow CAP documents to be distributed via the event notification mechanism available with the Session Initiation Protocol (SIP). The Common Alerting Protocol (CAP) is an XML document format for exchanging emergency alerts and public warnings. SIP is an application-layer control (signaling) protocol for creating, modifying, and terminating sessions with one or more participants. These sessions include Internet telephone calls, multimedia distribution, and multimedia conferences. RFC 3265 (Session Initiation Protocol (SIP)-Specific Event Notification) defines a SIP extension for subscribing to remote nodes and receiving notifications of changes (events) in their states. It leaves the definition of many aspects of these events to concrete extensions, known as event packages. An event package is an additional specification which defines a set of state information to be reported by a notifier to a subscriber; event packages also define further syntax and semantics based on the framework defined by this document required to convey such state information. This memo defines such an event package. Additionally, RFC 3903 defines an extension that allows SIP User Agents to publish event state. According to RFC 3903, any event package intended to be used in conjunction with the SIP PUBLISH method has to include a considerations section. We therefore define a new "common-alerting-protocol" event package. Event Publication Agents (EPA) use PUBLISH requests to inform an Event State Compositor (ESC) of changes in the common-alerting-protocol event package. Acting as a notifier, the ESC notifies subscribers about emergency alerts and public warnings. As specified in RFC 3265, this value appears in the Event header field present in SUBSCRIBE and NOTIFY requests. As specified in RFC 3903, this value also appears in the Event header field present in PUBLISH requests. Section 7 provides a registration of the 'common-alerting-protocol' Event Package and registration of the 'application/common-alerting-protocol+xml' MIME type.

Generating Semantically Precise XForms Applications Using the National Information Exchange Model (NIEM)
Dan McCreary, IBM developerWorks

The NIEM is a federal XML-centric metadata standard created for the precise exchange of documents. Although the scope of many of the NIEM sub-domains concerns national security issues, the NIEM is successfully implemented in other domains, such as K-12 education and property taxation. The NIEM contains a general "upper ontology" that is applicable to many other domains that deal with concepts such as activities, documents, organizations, regions (GIS), and persons. There are many benefits for beginning a Web application with a controlled vocabulary or metadata registry such as the NIEM. Metadata registries contain useful information that can be used to create a consistent set of XML schemas and forms. Using a metadata registry also forces users to declare early in the application lifecycle exactly what data elements they will transmit between organizations. This article demonstrates how XForms applications can be automatically created from a NIEM constraint schema, and shows how graphical tools can allow non-programmers to automatically create rich Web applications using a model-driven approach. It gives an example of how a short XML transformation (XSLT) is used to achieve this task and how the transformation can be modified and extended by developers. By using NIEM XML Schema structure, naming conventions, and additional metadata, the transformation task is much easier to extend. Although the example code included in this article will create working forms, its intent is a starting point to enable non-programmers to create working XForms applications. A software developer willing to become familiar with and modify the transformation can facilitate the extension of the transform to meet specific business requirements. This transform is just one of the first steps an IT department can adopt to empower non-programmers to create precise specifications that automatically generate correct Web forms. This process and many similar processes like it are part of the declarative revolution that has great potential to lower overall IT development costs and empowers a much larger audience to play a direct role in Web development.

See also: XML and Forms

Public Review for OASIS Production Planning and Scheduling Specification
Staff, OASIS Announcement

Members of the OASIS Production Planning and Scheduling (PPS) Technical Committee have approved a Public Review Draft of the PPS (Production Planning and Scheduling) specification. The review extends through 21-October-2007. The PPS Standard deals with problems in all manufacturing companies who want to have a sophisticated information system for production planning and scheduling. The PPS standard provides XML schema and communication protocols for information exchange among manufacturing application programs in the web-services environment. The "Part 1: Core Elements" document especially focuses on information model of core elements in the production planning and scheduling domain. Since the elements have been designed without specific contexts in planning and scheduling, they can be used in any specific type of messages as a building block depending on the context of application programs. The "Part 2: Transaction Messages" document especially focuses on transaction messages that represent domain information in accordance with the context of the communication, as well as transaction rules for contexts such as pushing and pulling of the information required. The "Part 3: Profile Specifications" document especially focuses on profiles of application programs that may exchange the messages defined in this standard. The profile shows capability of application programs in terms of services for message exchange. The profile can be used for definition of a minimum level of implementation of application programs who are involved in a community of data exchange. The OASIS Production Planning and Scheduling (PPS) TC was chartered to "develop common object models and corresponding XML schemas for production planning and scheduling software, which can communicate with each other in order to establish collaborative planning and scheduling on intra and/or inter enterprises in manufacturing industries."

See also: the announcement

Mozilla Aims at Cross-Site Scripting With FF3
Sean Michael Kerner, InternetNews.com

Web 2.0 has enabled a broad array of Websites to be more engaging for users. It has also enabled a new and now very common attack, namely cross site scripting, commonly referred to as XSS attacks. Mozilla is aiming to put an end to XSS attacks in its upcoming Firefox 3 browser. The Alpha 7 development release includes support for a new W3C working draft specification that is intended is secure XML over HTTP requests (often referred to as XHR) which are often the culprit when it comes to XSS attacks. XHR is the backbone of Web 2.0 enabling a more dynamic web experience with remote data. The W3C working draft is officially titled, "Enabling Read Access for Web Resources." It is intended to define a mechanism by which Web developers can safely provide cross-site Web resource access. The specification will let developers define via an HTTP header or an XML instruction which sites are allowed read-access and which are not. A typical XSS attack vector is one in which a malicious Web site reads the credentials from another that a user has visited. The new specification could well serve to limit that type of attack though it is still incumbent upon Web developers to be careful with their trusted data. The W3C working draft warns that "user agents which implement this specification should take care not to expose other trusted data (cookies, HTTP header data) inappropriately." In addition to the new XSS support in Firefox 3 Alpha 7, Mozilla developers have also fixed some bugs and implementation errors that cropped up in the Alpha 6 release, which came out in early July. The latest release isn't just about bug fixes and new feature support. Mozilla developers have actually dropped support for the SOAP Web services messaging protocol, according to the official Alpha 7 release notes. Firefox 3 is Mozilla's next generation browser and will be the successor to the current 2.x browser. The open source group has been working on Firefox 3 (code name Gran Paradiso) since October of 2006 when the first Firefox 3 alpha appeared.

XML to DDL Imports, Synchronizes Database Schemata
Ed Tittel, TechTarget.com

The Freshmeat.org project known as xml2ddl provides a set of Python programs under the GNU General Public License (GPL). Given a working Python runtime environment, this set of tools works on many operating systems, including most Windows, Linux, and UNIX platforms. It also works with the following database engines: PostgreSQL, MySQL, Oracle, and Firebird. Basically, xml2ddl permits users to convert an XML representation of a database into a corresponding set of SQL or DDL statements. According to its creator and custodian, Scott Kirkwood, "XML to DDL strives to be database independent so that the same XML can be used for a variety of databases. This is great for quickly testing out a variety of databases for performance, for example". Project description: XML to DDL is a set of Python programs that converts an XML representation of a database into a set of SQL or DDL (Data Definition Language) commands. In addition, it can examine the difference between two XML files and output a sequence of SQL statements (normally ALTER statements) to bring one database up-to-date with the XML schema. You can also download the XML schema directly from the database. Finally, there's a tool to convert your schema into HTML for documentation purposes. XML to DDL currently supports the most recent versions of PostgreSQL, MySQL, Oracle, and Firebird databases."

See also: the project web site

WSO2 Web Services Open Source Framework for PHP (WSF/PHP) 1.0
Staff, WSO2 Announcement

WSO2 has announced the launch of the WSO2 Web Services Framework for PHP (WSF/PHP) 1.0 open source framework for providing and consuming Web services in PHP. WSF/PHP 1.0 is "the only extension to the popular PHP scripting language that supports the full Web services (WS*-) stack. For the first time, developers can bring to PHP the security and reliable messaging that are required for trusted, enterprise-class SOAP-based Web services." WSF/PHP 1.0 is one of the first PHP extensions to support the Web Services Description Language (WSDL) on both the client and server side, as well as backward compatibility with the PHP5 SOAP extension. As a result, developers can create new PHP-based Web services and enable the use of existing code in Web services that take advantage of the WSF/PHP's enterprise-class capabilities. WSF/PHP 1.0 is a binding of the Web Services Framework for C (WSF/C) into PHP, providing a fully open source PHP extension based on Apache Axis2/C, Apache Sandesha2/C, and Apache Rampart/C. The WSO2 Web Services Framework for PHP supports basic Web services standards, including SOAP 1.1, SOAP 1.2, WSDL 1.1 and WSDL 2.0. It is fully tested and provides proven interoperability with Microsoft .NET, the Apache Axis2/Java-based WSO2 Web Services Application Server (WSAS), and other J2EE implementations. Key features of WSF/PHP 1.0 are: (1) Full support for the WS()- stack includes WS-Addressing, WS-Security, WS-SecurityPolicy, WS-Reliable Messaging, and SOAP Message Transmission Optimization Mechanism (MTOM). (2) Secure Web services are enabled by advanced WS-Security features, such as encryption and signing of SOAP messages. Users also can send messages with UsernameToken and TimeStamp support. (3) Reliable messaging for Web services and clients means basic SOAP messages, as well as messages with attachments can be sent in a reliable way. (4) Backward compatibility with PHP5 lets developers use their existing code as is within WSF/PHP. (5) WSDL generation lets developers generate WSDL for PHP service scripts (serving WSDL 1.1 or WSDL 2.0). (6) WSDL mode supports a contract-first style of implementing Web services. A user can simply provide a WSDL and implement Web services and clients based on the interface given in the WSDL. (7) Attachments with Web services and clients take two forms. Users can send and receive attachments with SOAP messages in optimized formats and non-optimized formats with MTOM support. (8) REST support lets a single service be exposed both as a SOAP-style and as a REST-style service. The client API also supports invoking REST services using HTTP GET and POST methods. As a fully open source solution released under the Apache License 2.0, WSF/PHP 1.0 does not carry any software licensing fees.

See also: the web site

CECID Launches Community Website for Hermes Messaging Gateway v2.0 (H2O)
Staff, CECID Announcement

The Center for E-Commerce Infrastructure Development (CECID), The University of Hong Kong (HKU) is pleased to announce the launch of Hermes Messaging Gateway v2.0 (H2O) community website to enhance support services to users. Despite that it has just been released for two months, H2O is already downloaded and adopted by developers and users from over forty (40) economies around the world. Overwhelming responses and valuable feedback are received daily via the mailing list. To enhance support to H2O users, a community website has been launched with useful information and articles ranging from technical issues to general usage of H2O in different platforms. A discussion forum is also being set up to facilitate users to share and exchange everything related to H2O. A first version was released in June 2002. Hermes has since become a popular award-winning open source solution for organizations to exchange information in ebXML Messaging (ebMS) or Applicability Specification 2 (AS2) formats with their business partners. The latest version, H2O (H-two-oh), replaces two predecessors (H2CE and H2EE) with additional tools and a full set of documentation to make configuration and administration even more easily. H2O and its source code are released under GNU General Public License Version 2. H2O operates as a Java web application The ebMS and AS2 messaging capabilities are operated by the corresp0nding plug-in, written according to the H20 SPA specification. The messaging operation requires a database with JDBC connectivity in keeping track of the messaging status H2O has open endpoints, and the enterprise backend applications can invoke H20's Web Services for message delivery. The message delivery can be secured by using SSL or e-certificates, which conforms the public standards.

Webswell Connect 2.1: AS2, SOA, and ebxml Integration Tool
Staff, Webswell Announcement

After several beta releases, the Webswell Connect 2.1.0, an open source SOA, ebxml and AS2 integration tool, has been finally released. Compared to previous versions the new release has the following new features: (1) It includes HSQLDB as a alternative database system to the PostgreSQL. Both databases are available out-of-the-box. (2) Includes Webswell Dispatcher 1.1.22. has improved handling of AS2 and ebxml Registry Repository messages. It was also optimized to work faster. (3) Upgraded installer with improved MS Windows installation process. Webswell Connect is a complete framework for e-business based on the ebXML and AS2 standards. It is used as an integration framework for heterogeneous business environments and for integration of incompatible legacy systems. With its messaging and Registry features it is a basic building block of SOA architecture implementation. Webswell Connect is open source software, licensed under GNU GPL. Webswell is a global integration company specialized in building ebXML, EDI and Webs Services B2B solutions. Webswell's mission is to help companies of any size and industry to build business integration solutions and exploit benefits that such integration provides. Webswell's software is based on open, non-proprietary standards and is open-source licensed.

See also: the SourceForge Project


SEARCH \| ABOUT \| INDEX \| NEWS \| CORE STANDARDS \| TECHNOLOGY REPORTS \| EVENTS \| LIBRARY

Headlines

Sponsors