This issue of XML Daily Newslink is sponsored by:
- The XML-Enabled Directory: Protocols
- NIST Issues Guidelines on Securing Web Services
- Voice Enabling XML, Part 2: Develop a Voice-Enabled Calendar
- Sun and Microsoft: Interoperability Now
- Protocol for Web Description Resources: Use Cases and Requirements
- Vote Closes on Draft ISO/IEC DIS 29500 Standard
The XML-Enabled Directory: Protocols
Steven Legg and Daniel Prager (eds), IETF Internet Draft
IETF announced the release of an updated version of the XED Protocols Internet Draft. The document defines semantically equivalent Extensible Markup Language (XML) renditions of the Lightweight Directory Access Protocol (LDAP) and X.500 directory protocols for use by the XML-Enabled Directory (XED). The XED Framework leverages existing Lightweight Directory Access Protocol (LDAP) and X.500 directory technology to create a directory service that stores, manages, and transmits Extensible Markup Language (XML) format data, while maintaining interoperability with LDAP clients, X.500 Directory User Agents (DUAs), and X.500 Directory System Agents (DSAs). The main features of XED (pronounced "zed") are: (1) semantically equivalent XML renditions of existing directory protocols, (2) XML renditions of directory data, (3) the ability to accept at run time, user-defined attribute syntaxes specified in a variety of XML schema languages, (4) the ability to perform filter matching on the parts of XML-format directory attribute values, (5) the flexibility for implementors to develop XED clients using only their favoured XML schema language. The XED framework does not aim for a complete specification of the directory in one schema language (e.g., by translating everything that isn't ASN.1 into ASN.1, or by translating everything that isn't XML Schema into XML Schema), but rather seeks to integrate specifications in differing schema definition languages into a cohesive whole. The motivation for this approach is the observation that although XML Schema, RELAX NG, and ASN.1 are broadly similar, they each have unique features that cannot be adequately expressed in the other languages. Thus a guiding principle for XED is the assertion that the best schema language in which to represent a data type is the language of its original specification. Consequently, a need arises for the means to reference definitions not only in different documents, but specified in different schema languages.
See also: the XED Roadmap
NIST Issues Guidelines on Securing Web Services
William Jackson, Government Computer News
The National Institute of Standards and Technology (NIST) has released a 128-page guide to help organizations understand the security challenges of Web services in service-oriented architecture. The document provides practical guidance on current and emerging standards applicable to Web services in addition to background information on the most common security threats to SOAs based on Web services. The guidelines are hardware and software independent and do not address perimeter security devices such as firewalls or access control tools. "Guide to Secure Web Services: Recommendations of the National Institute of Standards and Technology" (NIST Special Publication 800-95) was produced by Computer Security Division, Information Technology Laboratory, NIST, and edited by Anoop Singhal, Theodore Winograd, and Karen Scarfone. According to the document's Conclusions: "While several standards bodies (such as W3C and OASIS) are laying the foundation for Web services, several research problems must be solved to make secure Web services a reality. Service description, automatic service discovery as well as QoS are some of the important problems that need to be solved. Web services are increasingly becoming an integral part of organizational information technology (IT) infrastructures—even though there are still unmet security challenges. To this end, the development and deployment of secure Web services is essential to many organizations' IT infrastructures. However, Web service security standards do not provide all of the required properties to develop robust, secure, and reliable Web services. To adequately support the needs of the Web services based applications, effective risk management and appropriate deployment of alternate countermeasures are essential. Defense-indepth through security engineering, secure software development, and risk management can provide much of the robustness and reliability required by these applications."
See also: NIST Special Publication 800-95
Voice Enabling XML, Part 2: Develop a Voice-Enabled Calendar
Martin Brown, IBM developerWorks
This is the second article of a four-part series which shows several ways to combine voice and XML to develop the useful applications. It describes how to develop a voice-enabled calendar: how to save the data of the calendar as XML; then to modify calendar entries, have the application read VoiceXML that contains your specified commands. The calendar can also output VoiceXML to speak your daily tasks back to you. Everyone needs a good calendar tool during these busy times, so why not a voice-enabled one? With VoiceXML, you can create a calendar that you can manipulate using your own speech. This presentation shows how to create a menu-based application, accept input, write the input to a script for further processing, and read a data file and output VXML. The key is the 'submit' tag, which enables you to submit information to a script in the same way that you submit fields to any normal Web script. This exchange of information opens up a world of possibilities in terms of the interactivity between your applications, existing data, and a voice-based browser or interface.
Sun and Microsoft: Interoperability Now
Staff, Sun Inner Circle
This article is a followup to Sun Net Talk in which Greg Papadopoulos and Harold Carr provided a detailed overview of Project Tango. "The reality is that most corporate IT environments run a mix of operating systems including the Solaris Operating System, Linux, and Windows... Business applications and service development must be interoperable. For this reason, Sun is particularly pleased with progress made in the Web Services Interoperability Technology (WSIT), an initiative Sun has code-named Project Tango, which demonstrates the continued collaboration between Sun and Microsoft. Project Tango leverages Web services specifications known as WS-* for delivery and creation in either Java EE or .the NET Windows Communication Foundation. These features allow Web services created in Java EE to interoperate with .NET-based systems and fall into three main categories: (1) Metadata Support: Annotation of the Web Service Description Language (WSDL) sets metadata policy statements for letting a client know what the Web service requires in terms of security and quality of service. (2) Security: Project Tango addresses security issues critical to enterprise Web services by supplying components such as WS-Security and WS-Trust, which provide end-to-end security at the message level rather than relying on transport level security, such as HTTPS, which terminates at load-balancers. And to ensure support for identity across platforms, Sun engineers have built Project Tango into Sun Java System Access Manager (AM) to enable AM support for the WS-Trust protocol. This makes it possible for a Microsoft client (that only uses WS-Trust to get security tokens) to use AM as an identity provider. (3) Quality of Service: The asynchronous model of computing used by Web services and service-oriented architecture (SOA) projects does not ensure reliability. In that model, a sender sends a message and does not wait for a reply. Typically, developers have had to program reliability into their applications. But Project Tango includes an implementation of WS-Reliable Messaging that ensures that all messages arrive at their destination, thereby saving developers time." Details on Tango are provided in the paper by Arun Gupta, "Project Tango: Adding Quality of Service and .NET Interoperability to the Metro Web Services Stack (July 2007).
See also: Arun Gupta's paper on Tango
Protocol for Web Description Resources: Use Cases and Requirements
Phil Archer (ed), W3C Working Group Note
W3C announced that the POWDER Working Group has released the "POWDER: Use Cases and Requirements" specification as a Working Group Note. The document will guide the development of a way to attach small, easily-produced annotations to large collections of Web content. The development of the Protocol for Web Description Resources has been motivated by both commercial and social concerns. On the social side, there is a demand for a system to identify content that meets certain criteria as they apply to specified audiences. Commercially, there is a demand to be able to personalize content for a particular user or delivery context. POWDER will address these demands by defining a method through which relatively small amounts of metadata, that can be produced quickly and easily, can be applied to large amounts of content. The use cases and requirements for POWDER were originally developed under the Web Content Label Incubator Activity. They have been revised and updated for this Working Group Note. The POWDER Working Group was chartered to specify an RDF vocabulary for specifying authorship of and authentication of Description Resources, a specification for associating a Description Resource with a class of Web resources, predicates for declaring classes of resources based on string functions of the resource URIs, and a protocol for accessing Description Resources.
See also: the W3C Semantic Web
Vote Closes on Draft ISO/IEC DIS 29500 Standard
Staff, ISO Announcement
"A ballot on whether to publish the draft standard ISO/IEC DIS 29500, Information technology — Office Open XML file formats, as an International Standard by ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission) has not achieved the required number of votes for approval. The five-month ballot process ended on 2 September and was open to the IEC and ISO national member bodies from 104 countries, including 41 that are participating members of the joint ISO/IEC technical committee, JTC 1, Information technology. Approval requires at least 2/3 (i.e., 66.66 %) of the votes cast by national bodies participating in ISO/IEC JTC 1 to be positive; and no more than 1/4 (i.e., 25 %) of the total number of national body votes cast negative. Neither of these criteria were achieved, with 53 % of votes cast by national bodies participating in ISO/IEC JTC 1 being positive and 26 % of national votes cast being negative. Comments that accompanied the votes will be discussed at a ballot resolution meeting (BRM) to be organized by the relevant subcommittee of ISO/IEC JTC 1 (SC 34, Document description and processing languages) in February 2008 in Geneva, Switzerland. The objective of the meeting will be to review and seek consensus on possible modifications to the document in light of the comments received along with the votes. If the proposed modifications are such that national bodies then wish to withdraw their negative votes, and the above acceptance criteria are then met, the standard may proceed to publication. Otherwise, the proposal will have failed and this fast-track procedure will be terminated. This would not preclude subsequent re-submission under the normal ISO/IEC standards development rules. ISO/IEC DIS 29500 is a proposed standard for word-processing documents, presentations and spreadsheets that is intended to be implemented by multiple applications on multiple platforms. According to the submitters, one of its objectives is to ensure the long-term preservation of documents created over the last two decades using programmes that are becoming incompatible with continuing advances in the IT field."
See also: the Microsoft announcement
XML Daily Newslink and Cover Pages are sponsored by:
|BEA Systems, Inc.||http://www.bea.com|
|Sun Microsystems, Inc.||http://sun.com|
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: firstname.lastname@example.org
Newsletter unsubscribe: email@example.com
Newsletter help: firstname.lastname@example.org
Cover Pages: http://xml.coverpages.org/