This issue of XML Daily Newslink is sponsored by:
- OASIS Ballots SAML Metadata Profile and Extension Specifications
- Latest Revisions of SAML-lSSO and SAML OpenID Profile
- OSI Approves Two Microsoft Shared Source Licenses
- IBM DB2 Viper 2 Improves Transactional XML Data Performance
- Widgets 1.0: Updated W3C Working Draft
- Open Grid Forum Maintains Focus on the 2010 Goal
- Augmented BNF for Syntax Specifications: ABNF
- IBM Uses RFID to Track Conference Attendees
OASIS Ballots SAML Metadata Profile and Extension Specifications
Staff, OASIS Announcement
Two specifications related to the OASIS Standard "Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0" are being balloted for approval. (1) The "Metadata Profile for the OASIS Security Assertion Markup Language (SAML) V1.x" specification provides metadata support for SAML V1.x by profiling the SAML V2.0 metadata specification for use with the SAML V1.x-based profiles and exchanges. SAML profiles generally require agreements between system entities regarding identifiers, binding/profile support and endpoints, certificates and keys, etc. A metadata specification is useful for describing this information in a standardized way. However, SAML V1.0 and V1.1 did not include such a metadata profile and this specification is intended to address that shortcoming. This specification was edited by Greg Whitehead (Hewlett-Packard Company) and Scott Cantor (Internet2). (2) The "Metadata Extension for SAML V2.0 and V1.x Query Requesters" specification defines an extension to the SAML V2.0 metadata specification. The extension defines a set of role descriptor types that describe a standalone SAML query requester for each of the three predefined query types. The profile addresses both SAML V1.x and SAML V2.0 query requesters. This document was edited for the OASIS Security Services (SAML) TC by Tom Scavo (NCSA) and Scott Cantor (Internet2).
See also: Query Requesters
Latest Revisions of SAML-lSSO and SAML OpenID Profile
Jeff Hodges, Blog
I've updated the SAML-lSSO and SAML OpenID Profile specs just to bring them up-to-date with the latest revisions of various SAML and OpenID specs and to fix minor editorial issues. The SAML-lSSO spec is presently not a current IETF Internet-Draft—it's prior version expired a few months ago. We're thinking about whether we want to pursue that specification officially or not. The issue with it being that in implementing it, one can optionally turn security completely off—which is a 'feature' various folks advocating for so-called 'open Internet' identity management desire. But SDOs such as IETF, OASIS, W3C, Liberty Alliance, etc all would look askance at blessing such a spec. In fact the IETF definitely would not allow it to go forward in that they have an explicit policy against promulgating insecure protocols. "SAMLv2 Lightweight Web Browser SSO Profile" specifies a SAMLv2 lightweight Web Browser Single Sign-On Profile. This profile is modeled on the OASIS SAMLv2 Web Browser SSO profile, adding various constraints, and using a new lighterweight SAMLv2 HTTP POST binding offering an optional signature technique that is more simple-to-implement than the also optional XML Digital Signature approach.
See also: SAML references
OSI Approves Two Microsoft Shared Source Licenses
Elizabeth Montalbano, InfoWorld
The board of the Open Source Initiative (OSI) has approved two Microsoft licenses that allow proprietary source code to be shared, a move that is likely to inspire protest and spur controversy for die-hard open source proponents. The Microsoft Public License (MPL) and the Microsoft Reciprocal License (MRL), two of Microsoft's "shared source" licenses, are now viable OSI licenses for distributing open source code alongside more widely used community licenses such as the GNU General Public License and the Mozilla Public License. Microsoft submitted licenses from its Shared Source Initiative to the OSI in July , an announcement made at the O'Reilly Open Source Convention. The MPL and MRL are two of three licenses that Microsoft offers in its Shared Source Initiative, which it has offered for about five years as a way to share source code without having to work with open source organizations or companies. The other is the Microsoft Reference License, which is the most restrictive of the three and was not submitted for approval. The MPL is the least restrictive of the Shared Source licenses, allowing licensees to view, modify, and redistribute the source code for either commercial or noncommercial purposes. The license also allows licensees to alter the source code they share with others as well as to charge a licensing fee for their work if they choose. The MRL, which the company recommends for collaborative development projects, carries specific requirements if licensees combine their original code with MRL-licensed code. It does, however, allow for noncommercial and commercial modification and redistribution of licensed software. Red Hat executive Michael Tiemann, who also serves as president of the OSI, said Tuesday that while some in the community balked at the OSI accepting licenses from a company that historically has not been open source friendly, in the end, the licenses spoke for themselves.
IBM DB2 Viper 2 Improves Transactional XML Data Performance
Staff, IBM Announcement
IBM has introduced the DB2 9.5 'Viper 2' data server, featuring new data automation and performance enhancements that will dramatically improve the way customers store, manage and access business information. Enhancements include: automatic deep compression to save storage capacity and costs as a customer's database grows; autonomic memory management to reduce administrative burdens on database administrators; and integrated automated failover and backup to simplify system set-up and minimize downtime. Many DB2 customers have leveraged the unique XML capabilities provided by this hybrid data server to transform their use of XML from a convenient way of representing data to a true business asset. DB2 9.5 extends the extremely efficient management and querying capabilities of pureXML with the performance and efficiency required to leverage XML in a large scale transaction environment. To accomplish this, we first streamlined the management of small XML documents to minimize I/O and conserve storage space. In fact, pureXML can store these XML documents in about half the space required for restoring them in flat files or LOBs. The result is additional performance gains as much as 2x for a general transaction processing workload and as much as 5x for bulk inserts w/shema validation. DB2 9.5 is also the first major database to support the XQuery update standard. With this comes the ability for sub-document updates that can signifcantly improve performance when changing only a piece of the XML document.
See also: the product description
Widgets 1.0: Updated W3C Working Draft
Anne van Kesteren and Marcos Caceres (eds), W3C Technical Report
Members of W3C's Web Application Formats Working Group have released an updated Working Draft for the "Widgets 1.0" specification. The document was produced as part of the Rich Web Clients Activity in the W3C Interaction Domain. Widgets are written for users to run in their Web browser environment. Specifically, widgets "are a class of client-side web application for displaying and/or updating local or remote data, packaged in a way to allow a single download and installation on a client machine or device. Examples include clocks, stock tickers, news casters, games and weather forecasters. The Widgets 1.0 specification, when combined with other dependent specifications, defines a software solution for Widgets, including: (1) A packaging format defined in terms of the Zip File Format Specification, to provide authors with an interoperable way to encapsulate and distribute widgets. (2) An XML-based configuration format and processing model, to allow authors to declare metadata about a widget. (3) A model that allows a user-agent to automatically start a widget. (4) An HTTP-based model for version control, to allow user agents to automatically keep widgets up-to-date. (5) A set of ECMAScript implementable DOM APIs and events, including an API to allow instantiated widgets to communicate with one another. (6) A model that leverages the XML-Signature Syntax and Processing Specification to allow a widget to be digitally signed. (7) A security model to reduce privacy risks and reduce the potential for damage to an end-users machine or device. (8) A means for web browsers to automatically "discover" widgets from within a HTML document. (9) Accessibility requirements for user agents to ensure that perceptual and interactive parts of widgets are accessible.
See also: the supporting discussion list
Open Grid Forum Maintains Focus on the 2010 Goal
John Ehrig, iSGTW
Grid and grid-like technologies—including virtualization, automation, service oriented architecture (SOA) and distributed computing—are all part of the IT infrastructure solution being used by leading organizations around the world to enable this knowledge-based, global economy. The Open Grid Forum is a standards development organization dedicated to developing open standards for grid interoperability. OGF serves as a global forum where the grid community gathers to identify common requirements, develop best practices and share use cases. As a community-initiated not-for-profit organization, OGF involves more than 300 organizations from 50 countries. OGF has extensive engagement with national and regional grid initiatives in 25 countries, including TeraGrid and Open Science Grid in the U.S., EGEE in Europe, NAREGI in Japan, APAC in Australia, and UK eScience in the UK. Leading hardware, software, and solutions vendors such as Hewlett-Packard, IBM, Intel, Microsoft, Oracle, and Platform Computing are also actively engaged. OGF aims to have scientific and commercial organizations build operational grids using OGF-defined, standards-based components by 2010. This work is well underway, however much more effort is needed to develop and mature specifications. A June 2007 OGF roadmap document ('Technical Strategy for the Open Grid Forum 2007-2010') identifies six high priority capabilities including grid security, application provisioning, job submission, file movement, data provisioning and grid application programming interfaces (APIs). OGF recognizes that it takes cooperation and collaboration across the entire distributed computing community to effectively build open standards. For instance, many OGF standards are based on the foundational protocols, information, and web services standards developed by other standards development organizations, including W3C, IETF, SNIA, DMTF, and OASIS. OGF proactively engages in liaison activities with these organizations and they, in turn, look to OGF as uniquely chartered to define interoperable grid architectures, specifications and community practices.
See also: the 21st Open Grid Forum Schedule
Augmented BNF for Syntax Specifications: ABNF
Dave Crocker (ed), IETF Standard
The Internet Engineering Steering Group (IESG) announced the approval of the "Augmented BNF for Syntax Specifications: ABNF" specification as a Full IETF Standard. ABNF is used for formal language description in IETF RFCs, W3C specifications, and elsewhere. The document was reviewed by Bill Fenner, Frank Ellerman, Julian Reschke, Steven Legg, Alexey Melnikov. An implementation report is available. Abstract: "Internet technical specifications often need to define a formal syntax. Over the years, a modified version of Backus-Naur Form (BNF), called Augmented BNF (ABNF), has been popular among many Internet specifications. The current specification documents ABNF. It balances compactness and simplicity, with reasonable representational power. The differences between standard BNF and ABNF involve naming rules, repetition, alternatives, order-independence, and value ranges. This specification also supplies additional rule definitions and encoding for a core lexical analyzer of the type common to several Internet specifications.
See also: the implementation report
IBM Uses RFID to Track Conference Attendees
Patrick Thibodeau, Computerworld
At its "Information on Demand" conference, IBM is deploying RFID technology on name tags worn by attendees that automatically tracks their session and meal attendance. This is the first time that IBM has used RFID technology at this conference, and the company is not making a secret of it. There are signs at the registration desk offering attendees the option of getting a name tag without the chip. Of the 6,500 people here, approximately 2% didn't want a name tag with an RFID chip in it. From a simple unique identifier on the chip, begins what could be a long tail of data analysis. The chip's 24-character identifier includes the name, title and company of the person wearing it. There is no other personal information on the chip. As a person walks through the door leading into a conference session, an RFID receiver logs the chip's data. The system, by AllianceTech in Austin is networked and the data is received in real time by its on-site systems at the conference. The data is organized in a DB2 database. The RFID system, coupled with what the conference knows about the person wearing the name badge, is providing lots of raw data. Mary Ann Alberry, IBM's conference manager, said the data will be used to help organizers with future conference planning, such as optimizing sessions around interests and demands of conference attendees. It will also let organizers know the number of people who have received meals so they can plan meals in such a way that food is available at the right time. Because RFID keeps count of people getting meals at the conference, it creates a means to audit and help control conference costs. The real-time aspects of the system help with day-to-day conference management. If a room gets filled to capacity, a decision can be made to repeat the session. If a person needs to be reached in an emergency, he can also be tracked down. Many conferences already track who enters sessions by scanning bar codes on name badges, but Art Borrego, CEO of AllianceTech, said RFID allows people to enter a room without delay. He said conference goers have accepted it in much the same way many use RFID to avoid having to stop on a highway to pay a toll.
XML Daily Newslink and Cover Pages are sponsored by:
|BEA Systems, Inc.||http://www.bea.com|
|Sun Microsystems, Inc.||http://sun.com|
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: email@example.com
Newsletter unsubscribe: firstname.lastname@example.org
Newsletter help: email@example.com
Cover Pages: http://xml.coverpages.org/