This issue of XML Daily Newslink is sponsored by:
- ebXML Messaging Services 3.0 Approved as an OASIS Standard
- W3C First Public Working Draft: Language Bindings for DOM Specifications
- OOXML Payback Time as Global Standards Work in SC 34 "Grinds to a Halt"
- Call for Participation: W3C Workshop on Video on the Web
- SAP Open Sources Memory Analysis
- HTTP Response Signing Abstract Model
- Exploring Claims-Based Identity
- Creating Interactive Forms with GWT and XForms
- Google Says Its Health Platform Is Due in Early 2008
ebXML Messaging Services 3.0 Approved as an OASIS Standard
Staff, OASIS Announcemement
OASIS announced that its members have approved the "ebXML Messaging Services (ebMS) version 3.0: Part 1, Core Features" specification as an OASIS Standard. ebMS 3.0 defines a Web services-based method for the reliable, secure exchange of business information. It is the latest addition to the ebXML family of specifications that was launched as a global initiative by OASIS and the United Nations Centre for Trade Facilitation and Electronic Business (UN/CEFACT) and has been adopted worldwide. ebMS is designed to be used either with or without any of the other ebXML standards, including ebXML Business Process Specification Schema (BPSS) 2.0.4 and a forthcoming version of ebXML Collaboration Protocol Profile and Agreement (CPP/A). By design, ebMS 3.0 also fully supports composition with other SOAP-based Web services specifications. ebMS was developed under the Royalty-Free on Limited Terms Mode of the OASIS Intellectual Property Rights Policy. Axway, Fujitsu Computer Systems, and NEC all verified successful use of ebMS 3.0, in accordance with eligibility requirements for all OASIS Standards. The OASIS ebMS Technical Committee continues work on Part 2 of ebMS 3.0 that will provide functional extensions to the ebMS 3.0 Core. Participation in the Technical Committee remains open to all companies, non-profit groups, governments, academic institutions, and individuals.
See also: the specification
W3C First Public Working Draft: Language Bindings for DOM Specifications
Cameron McCormack (ed), W3C Technical Report
W3C announced that members of the Web API Working Group have released the First Public Working Draft for "Language Bindings for DOM Specifications." The document was produced as part of the Rich Web Clients Activity in the W3C Interaction Domain. The specification defines an Interface Definition Language (IDL) to be used by specifications that define a Document Object Model (DOM). How interfaces described with this IDL correspond to constructs within ECMAScript and Java execution environments is also detailed. It is intended to specify in detail the IDL language used by W3C specifications to define DOM interfaces, and to provide precise conformance requirements for ECMAScript and Java bindings of such interfaces. It is expected that this document acts as a guide to implementors of already-published DOM specifications, and that newly published DOM specifications reference this document to ensure conforming implementations of DOM interfaces are interoperable. The interface definition language (defined in a language independent manner) is based on the Object Management Group's Interface Definition Language, and is syntactically a subset thereof. The W3C Web API Working Group was chartered to develop specifications that enable improved client-side application development on the Web. This includes the development of programming interfaces to be made available in a Web client. The target platforms for this Working Group includes desktop and mobile browsers as well as many specialty, browser-like environments that use Web client technologies. The goal is to promote universal access both for devices and users, including those with special needs. Additionally, the Working Group has the goal to improve client-side application development through education, outreach and interoperability testing.
OOXML Payback Time as Global Standards Work in SC 34 "Grinds to a Halt"
Andy Updegrove, ConsortiumInfo.org Standards Blog
As you will recall, Microsoft's OOXML submission to ISO/IEC via Ecma did not garner enough votes to obtain approval in the first round of voting, which closed on September 2. As you may also recall, in the run up to that vote there were many sudden increases in membership not only in national standards bodies, but in SC 34, the ISO/IEC JTC1 committee where the national votes were cast. As part of the same trend, eleven countries upgraded their membership from Observer to Participating status in SC 34, in order to secure the greater influence over the final vote that could be gained as "P" members. The great majority of those upgrading companies voted to approve OOXML, but this influx was still insufficient to carry the day. Many felt that these events damaged the integrity of the standards process. It now appears that the damage is extending beyond reputation, and is affecting the ability of the standards process to function at all. Due to the fact that these newly minted "P" members have not participated in any of the voting required by SC 34 members other than the OOXML vote, the work of this very important committee, in the words of its chair, has "ground to a halt." In fact, not a single vote has achieved sufficient participation to pass - other than the OOXML vote - since the new members arrived.
See also: the SC 34 Secretariat Manager's Report
Call for Participation: W3C Workshop on Video on the Web
Staff, W3C Announcement
W3C issued a Call For Participation in an open "W3C Workshop on Video on the Web", to be held December 12-13, 2007 in San Jose, California, USA, hosted by Cisco Systems. Position papers are due November 21, 2007. The high-level goal: Make video a first class Web citizen, including making it easy to create, link to and from, describe, and search. Part of making video a first class Web citizen will involve addressing issues of accessibility, internationalization, privacy, digital rights, performance, and device-independence. Web based video is exploding. More and more we are seeing video on the Web used for advertising, enterprise collaboration, entertainment, product reviews, and other applications. As prices drop for consumer electronics, amateur and professionals alike are creating increasingly high quality videos. Social networks are sprouting up around Web-delivered media. "IP TV" (Internet-based delivery of television programming) is also maturing quickly. These rapid changes are posing challenges to the underlying technologies and standards to support the platform-independent creation, authoring, encoding/decoding, and description of video. W3C encourages people interested in the topics to participate in the Workshop; in-scope topics include strategic thinking about video on the Web, user experience, video production, and Web architecture. W3C membership is not required in order to participate in the Workshop; there is no participation fee, but registration is required. Position papers are the basis for the discussion at the Workshop. Position papers, agenda, accepted presentations, and report will be published online.
See also: W3C workshops
SAP Open Sources Memory Analysis
Larry Barrett, InternetNews.com
SAP has announced its first contribution to the Eclipse developer community, previously only available in its NetWeaver stack. Memory Analyzer, which was developed under the Eclipse Public License, is intended to make life easier for developers building applications that require lots of memory. Developers use the Eclipse Framework to create applications and toolkits for Java and other programming languages. The framework includes the open source, Java-based Eclipse integrated development environment (IDE) on which SAP's NetWeaver is based. Other competitive Java IDEs are also based on the Eclipse IDE, including those from IBM's Rational, BEA, and Oracle among others who may now also potentially benefit from this SAP contribution. SAP was an original member of the Eclipse consortium, which began in 2001, and it was a founding member of the Eclipse Foundation in 2004, so it's not surprising it chose Eclipse to contribute to. Memory Analyzer provides a graphics-based snapshot of object-retention patterns and provides developers with the information they need to optimize memory usage without interrupting the business applications in use or crashing the Java virtual machine hosting the application. Michael Bechauf, vice president of standards for SAP's Global Ecosystems and Partner Group, said SAP held off on sharing the code until it was confident the Eclipse environment was developed enough to support the needs of large enterprise customers running multiple, high-volume applications at the same time. A Memory Analyzer plug-in has been available for download from SAP's Web site at no cost for more than a year.
See also: the Memory Analyzer description
HTTP Response Signing Abstract Model
James Clark, Blog
I've argued that there's a need for an HTTP-specific mechanism for signing HTTP responses. So let's try and design one. Usually at this point, I would start coding, but with security-related stuff, I think it's better to have more discussion up front... Let's suppose that the mechanism will take the form of a new Signature header. Here is my current thinking as to the steps involved in constructing a Signature header: [eleven steps in the abstract design]... (1) What kinds of security token can be used? At least X.509 certificates should be supported. But there should be the potential to support other kinds of token. (2) How are security tokens identified? It depends on the type. For X.509, it would make sense to have a URI that allowed the client to fetch the certificate. It would also be desirable to have an identifier that uniquely identifies the certificate, so that the client can tell whether it already has the certificate without having to go fetch it. As far as I can tell, in the X.509 case, people mostly use the SHA-1 hash of the DER encoding of the certificate for this. (3) How does the server know what kind of signature (if any) the client wants? The client can provide a Want-Signature header in the request... (4) Can there be multiple signatures? Yes. In the normal HTTP style, the Signature header should support a comma-separated list of signatures. The order of this list would be significant. There should be a way for each signature in the list to specify which of the previous signatures in the list are included in what it signs. There's a semantic difference between two independent signatures, and a later signature endorsing an earlier signature... (5) How about streaming? Tricky. The fundamental problem is that HTTP 1.1 isn't very good at enabling the interleaved delivery of data and metadata...
See also: the followup article
Exploring Claims-Based Identity
Keith Brown, MSDN Magazine
This column introduces the new identity model in the Microsoft .NET Framework 3.0... Trust and Federated Identity: WCF and other communication frameworks use cryptography to ensure that the sender of a security token is indeed the subject and that the claims in the token were signed by the issuer named in the token. But all of this fancy plumbing doesn't have any idea how much you trust the issuer. If you don't trust him, you're not going to trust the claims he makes about his subjects! That's why the issuer is always identified when you receive a claim set, and it's the first thing you should look at when processing a claim set. It's easy to write code that accepts tokens from a single trusted issuer. Just make sure the claim set you received was issued by the one authority you trust, and then you can use those claims to make security decisions. You've essentially delegated responsibility to the STS for doing the heavy lifting such as mapping users onto roles and dealing with different types of security tokens. Now imagine you wanted to take this one step further. Instead of only accepting Windows credentials and X.509 certificates, what if your STS also accepted signed SAML tokens issued by an STS at a trusted partner? This leads to the realm of federated identity, which is very powerful. Instead of having to worry about managing user accounts for external users from partner companies, you can instead accept signed statements from those partners in the form of SAML tokens... Federated identity ultimately boils down to claims transformation, if you think about it. The partner's STS makes the client's life easy by accepting as input whatever credential is most natural for her, given her operating system and platform. For example, if the client is running Windows, the STS could use Kerberos to automatically authenticate her and issue a SAML token. Another partner company might run a completely different OS that uses other strong authentication protocols. But the STS at that company would use those protocols to seamlessly authenticate the user and issue a SAML token. Meanwhile, the user enjoys the benefits of single-sign on, even when using applications like yours from federated partner companies.
Creating Interactive Forms with GWT and XForms
Michael Galpin, IBM developerWorks
See also: XML and Forms
Google Says Its Health Platform Is Due in Early 2008
Richard Martin, InformationWeek
Telling her audience to "expect a lot of activity in the coming months," Marissa Mayer, Google's head of search, said today that the long-expected Google Health initiative will formally appear in early 2008. Speaking at the Web 2.0 Summit in San Francisco, Mayer outlined the ways in which the search giant plans to bring its immense data storage and organization capacities to the field of medical care and patient records. Google is already the starting point for a large majority of the health-related searches on the Web, she pointed out. "If you look at health care, there's already a huge user need, people are already using Google more than any other tool on the Web to find health information," Mayer said. "And the health care industry generates a huge amount of information every year. It's a natural core competency for us, to understand how to organize all that data." As in other areas of its business, Google faces a formidable competitor in the race to bring the resources of the Internet to personalized health care in the form of Microsoft (NSDQ: MSFT). Earlier this year, Microsoft acquired Medstory, a Foster City, Calif.-based startup specializing in search software optimized for finding health information. Microsoft has not publicly disclosed its plans for a health-related product, but is said to be working on an offering that combines software with an online component.
XML Daily Newslink and Cover Pages are sponsored by:
|BEA Systems, Inc.
|Sun Microsystems, Inc.
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: firstname.lastname@example.org
Newsletter unsubscribe: email@example.com
Newsletter help: firstname.lastname@example.org
Cover Pages: http://xml.coverpages.org/