Cover Pages: XML Daily Newslink: Wednesday, 19 September 2007

A Cover Pages Publication http://xml.coverpages.org/
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
Sun Microsystems, Inc. http://sun.com

Headlines

Free Access for All to ITU-T Standards
The Power of One Password
Shibboleth 2.0, Beta 1 is Now Available
Enterprise Sign On Engine (ESOE) Beta 1
Oracle Links Business Process Analysis, SOA
Delivering Business Value Through a Comprehensive Standards-Based Approach to Enterprise SOA: Part 2
Boost Web Service Performance in JAX-WS with Fast Infoset

Free Access for All to ITU-T Standards
Staff, ITU-T Announcement

Standards produced by the International Telecommunication Union (ITU)—ITU-T Recommendations—are now available without charge. The announcement follows a highly successful trial conducted from January-October 2007, during which some two million ITU-T Recommendations were downloaded throughout the world. The experiment's aim was to "increase the visibility and easy availability of the output of ITU-T". Offering standards for free is a significant step for the standards community as well as the wider information and communication technologies (ICT) industry. Now, anyone with Internet access will be able to download one of over 3000 ITU-T Recommendations that underpin most of the world's ICT. The move further demonstrates ITU's commitment to bridging the digital divide by extending the results of its work to the global community. Director of ITU's Telecommunication Standardization Bureau (TSB) Malcolm Johnson, presenting the results of the trial to the 2007 meeting of ITU's Council [...] noted that it had helped efforts to bridge the 'standardization gap' between countries with resources to pursue standardization issues and those without. "There has been very positive feedback from developing countries," said Johnson. "Last year exactly 500 ITU-T Recommendations had been sold to developing countries; this year, after allowing free access, they have downloaded some 300,000." ITU-T Recommendations are developed in a unique contribution-driven and consensus-based environment by industry and government members, with industry providing the most significant input. A strong focus of current standards work is providing the foundations for the so-called next-generation network (NGN). Other key areas include IPTV, ICT in vehicles, cybersecurity, quality of service, multimedia, emergency communications and standards for access. [Note: OASIS participates as an international user group in a Memorandum of Understanding on Electronic Business with the International Electrotechnical Commission (IEC), the International Organization for Standardization (ISO), the International Telecommunication Union (ITU), and the United Nations Economic Commission for Europe (UN/ECE). In October 2006, a Joint ITU-T/ OASIS Workshop and Demonstration of Advances in ICT Standards for Public Warning was hosted at the ITU headquarters in Geneva. Various OASIS standards have been approved through ITU-T in the 'X-Series' Data networks, open system communications and security'.]

See also: ITU-T Recommendations

The Power of One Password
David Essex, Government Computer News

"Perhaps the biggest benefit of single sign-on (SSO) comes from avoiding labor costs of help-desk employees, who spend on average 25 percent of their time handling password-reset requests, according to reports collected by Novell. But the potential labor savings for users are also significant. They save time logging in several passwords, and productivity increases because instead of waiting weeks for access to applications, they get almost immediate access through SSO-enabled provisioning systems. Enterprise SSO (ESSO) typically operates inside firewalls and adds non-Web legacy applications. Some of the trickier applications to handle are mainframe programs, which often lack graphical front ends for authentication, instead employing scripting and batch processing, so ESSO tools require screen captures and other workarounds... Many ESSO vendors sell the core sign-on component bundled with two closely dependent modules: strong authentication tools and provisioning. Strong authentication tools contain digital certificates along with public-key infrastructure and other technologies for ensuring that users are who they claim to be. Provisioning, also known as identity-management, automates adding new employees and partners to the security system, setting up their rights to resources, and making sure access is revoked when they leave. Federation is perhaps the most important emerging technology in SSO for governments worldwide. It is largely driven, sources say, by the need to make unconnected departments that must nonetheless collaborate, along with their equally divided IT resources, securely accessible via the Web to constituents through a single point of contact... The main champions of federation are the Liberty Alliance and OASIS. They jointly support an Internet language called Secure Access Markup Language (SAML), which was designed to extend single sign-on across organizational boundaries using a federated model. 'Federation itself is about the portability of identity,' said Brian Campbell, a software engineer at Ping Identity, which makes federation software, and co-chairman of the OASIS technical committee that worked on SAML. 'What SAML seeks to do is allow users to carry identities between Web sites. It encodes, in a sort of XML security token, a message about the user's identity, based on trust. There is a digital certificate involved in most of the profiles'...

Shibboleth 2.0, Beta 1 is Now Available
Steven Carmody, Internet2 Announcement

"The Shibboleth team is pleased to announce the availability of the first public beta release of the next major version, v2.0, of the Internet2 Shibboleth software. Shibboleth v2.0 has many new features, including support for the SAML 2.0 specification. Shibboleth is a free, open-source system for federated, secure access to resources in multiple domains. Information about a user is sent from a home identity provider (IdP) to a service provider (SP) which prepares the information for protection of sensitive content and use by applications. A federation can be used to help providers trust each other in a scalable way. Shibboleth provides a federated Single-SignOn and attribute exchange framework. Shibboleth also provides extended privacy functionality allowing the browser user and their home site to control the Attribute information being released to each Service Provider. Using Shibboleth-enabled access simplifies management of identity and access permissions for both Identity and Service Providers. Shibboleth is developed in an open and participatory environment, is freely available, and is released under the Apache Software License. Note that this initial v2.0 beta release is not suitable for production use. Shibboleth 2.0 is fully backward compatible with Shibboleth 1.3, both from 2.0 SP to 1.3 IdP and from 1.3 SP to 2.0 IdP. The default profile of Shibboleth 2.0 is a fully compliant implementation of the SAML 2.0 Web Browser SSO Profile. Attributes are now by default included in an encrypted SAML 2.0 assertion sent from the IdP to the SP. This does not affect the privacy or security features of Shibboleth and should result in easier deployment. Shibboleth 1.3 and Shibboleth 2.0 both use SAML 2.0 standard metadata. The same metadata file can be used by providers of both versions. New SAML 2.0 functionality is located at different endpoints. However, to take advantage of the new encryption capabilities of Shibboleth 2.0, the providers need to have access to the public keys of their partners. All attributes used by Shibboleth 1.x are URIs, which continues to be the heavily preferred default for Shibboleth 2.0. However, Shibboleth 1.3 and earlier originally named attributes using a specialized namespace delegated by the MACE-Dir working group. This has been superceded in most cases by the SAML 2.0 specifications' LDAP attribute profile, which names attributes using a 'URN:OID' namespace. The default provider configuration will be compatible with both legacy names and OID-based names for maximum interoperability.

See also: the Shibboleth description

Enterprise Sign On Engine (ESOE) Beta 1
Bradley Beddoes, Shibboleth Mailing List Announcement

"For the past 10 months we've been working on a system we call the Enterprise Sign On Engine. Its a SAML2 implementation in both Java and C++ as well as being an implementation of (albeit reduced) XACML 2.0 spec. ESOE supports features like native windows integration, integration with Shibboleth, integration with OpenID and of extremely powerful, centralized authorization policies. It also performs tasks such as attribute aggregation and monitoring of client versions in use at service providers but to name a few of its features. While SAML 2 based if you thing of the CAS type of market then thats a good chunk of the space in which ESOE is playing. Its not a replacement for Shibboleth but we believe it to be extremely complimentary. The project is released under the Apache 2.0 license." From the web site description: "The ESOE is built using the OASIS SAML 2.0 specification, and the ESOE's powerful authorization engine is built around a reduced version of the OASIS XACML 2.0 standard which we have called Lightweight Extensible Authorization Control Markup Language or 'LXACML'. The ESOE can integrate identity from unlimited repositories, automatically create sessions for users whom are logged into Active Directory (true single sign on), provide for centralized authorization policy management and natively federate with technologies such as Shibboleth and OpenID. We hope you'll find the ESOE a good choice for your needs amongst the wide variety of SSO solutions that are available, both from commercial providers and other open source projects. Of course if you're already using an SSO solution, there is a pretty good chance the ESOE can interact with it, allowing you to use the enhanced capabilities of the ESOE without needing to replace everything you already have. Being heavily standards based, all your existing identity infrastructure such as LDAP compliant directories, databases and even flat files are only a plugin away."

See also: the ESOE features

Oracle Links Business Process Analysis, SOA
Paul Krill, InfoWorld

Oracle has announced an enhanced version of its business process analysis software that enhances collaboration between process modelers and implementers. Oracle Business Process Analysis Suite 10.1.3.3 features round-trip engineering and closed loop support for business analyst and IT collaboration. Modeling of processes is done in the business process analysis package and then executed in the SOA Suite, which features an SOA execution engine that leverages BPEL (Business Process Execution Language). Business users can build and change business models in the business process suite while IT persons can view and modify these processes in the SOA package. Integration between Oracle Business Process Analysis Suite and Oracle SOA Suite includes linking of business process analysis, execution, and monitoring tools. From the announcement: "This updated version supports the latest BPMN and BPEL standards and more closely aligns business and IT users, leading to greater productivity, operational efficiencies and innovation. Following the initial release of the Oracle Business Process Analysis Suite in December 2006, Oracle continues to enhance its portfolio of BPM capabilities. This new release marks a major step forward in Oracle's delivery of a comprehensive BPM offering, including components of the Oracle Business Process Analysis Suite and Oracle SOA Suite, which integrate business process analysis, execution and monitoring tools. Based on an underlying common model format, the Process Blueprint, this innovative integration offers customers closed-loop engineering and bi-directional synching capabilities, enabling business analysts and developers to closely collaborate throughout the entire BPM lifecycle using the best tools for their specific needs. With the latest release, business users can create and change business models in the Oracle Business Process Analysis Suite while IT users can view and modify these processes in parallel using Oracle SOA Suite. Similarly, IT users can make changes that are made visible to business users as proposals for improvements that can be incorporated into the model. Throughout the lifecycle of the process, both Oracle Business Process Analysis Suite and Oracle SOA Suite support the common Process Blueprint format with no code generation required."

See also: the Oracle announcement

Delivering Business Value Through a Comprehensive Standards-Based Approach to Enterprise SOA: Part 2
David Burdett, Blog

This article provides an introduction to SAP's approach to standards for Enterprise SOA describing SAP's Standards Taxonomy which provides a way of categorizing and thinking about standards as well as covering "Technology Standards". SAP's approach to standards for enterprise SOA, that is embodied in the SAP NetWeaver Business Process Platform, is to first focus on evaluating the business benefit each standard can potentially deliver. In many ways, technology standards deliver a single value: they allow an enterprise service to be consumed from another environment. Technology standards do not address business semantics or rather how to use the information contained in the messages received and sent by a service. Only when combined with standardized business semantics can an enterprise service be used correctly in a composite application. Business value is delivered only when a service is implemented in a business process platform built to an "enterprise standard" that delivers reliability, scalability, performance and security. The SAP standards taxonomy describes a comprehensive approach to the relationships and consists of four layers: (1) Layer 1 Technology Standards that are designed to help computer systems work together. These standards provide the foundation for openness and interoperability that are the basic underpinnings of SAP NetWeaver 7.0. They cover: Metadata Infrastructure, Messaging, Component Frameworks, and Foundation (Transport and Core Languages) (2) Layer 2 Languages for Defining Business Semantics. These languages, such as XML, WSDL and BPEL, provide a common vocabulary that can be used to create formal, standardized definitions of, processes, services and messages in a machine processible form. They provide the bridge between technology standards and business semantic standards (3) Layer 3 Business Semantics Standards. These are descriptions of individual "standard" processes, services and messages generally defined using the languages from layer 2. They are key to enabling companies to collaborate with each other Many are defined by vertical industry standards organizations designed to meet the needs of one industry. There are also important initiatives, such as UN/CEFACT, that cross industries (4) Layer 4 Common Standards. These are important standards that either describe how standards are used together or are standards that cut across more than one of the other three layers. Common standards include: Profile, Management, Security, Policy, Ontology and Development standards.

See also: the SDN Standards pages

Boost Web Service Performance in JAX-WS with Fast Infoset
Young Yang, DevX.com

XML message transmission and processing are at the foundation of the web service programming model. To effectively improve web service performance, you need to reduce the overhead associated with parsing, serializing, and transmitting XML-based data. Fast Infoset is an open, standards-based solution for doing just that. It specifies several techniques for minimizing the size of XML encodings and maximizing the speed of creating and processing those encodings. Using these techniques, you can tune Fast Infoset encoding according to your specific domain requirements, whether that means favoring compression over processing performance or requiring efficient compression but not at the expense of processing performance. In general, Fast Infoset documents are smaller and therefore faster to process than corresponding XML representations. As such, they can be very useful when the size and processing time of XML documents are a concern. For an example, the W3C's XML Binary Characterization Working Group has identified two such use cases: (1) Web services for small devices that have bandwidth constraints, and (2) Web services within an enterprise that has high throughput requirements. This article introduces Fast Infoset, demonstrates it in an example based on the reference implementation of JAX-WS, and presents some empirical data comparing the effects of Fast Infoset and MTOM/XOP (another technology for optimizing XML data transmission and processing) on web service performance. Fast Infoset is on its way to being widely supported in various platforms and frameworks such as Microsoft .NET and .NET CF, Sun GlassFish, BEA WebLogic, IBM SDK for Java 6.0, and TMax Soft JEUS 6, as well as in the Linux, Solaris, and Win32 operating systems, where Fast Infoset support in JAX-WS is based on the FI project at java.net. Developers—particularly those in the SOA domain—should explore this promising technology and learn how they can work more efficiently with XML to deliver high-performing web services.

See also: ASN.1 Fast Infoset


SEARCH \| ABOUT \| INDEX \| NEWS \| CORE STANDARDS \| TECHNOLOGY REPORTS \| EVENTS \| LIBRARY

Headlines

Sponsors