Cover Pages: XML Daily Newslink: Monday, 29 October 2007

A Cover Pages Publication http://xml.coverpages.org/
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
Sun Microsystems, Inc. http://sun.com

Headlines

Sieve Email Filtering: Representing Sieves and Display Directives in XML
GSA Mandates Liberty Alliance SAML 2.0 Interoperability Testing
Updated W3C Working Draft: XMLHttpRequest Object for Ajax
The Hypertext Transfer Protocol (HTTP) Entity Tag ("ETag") Response Header in Write Operations
Committee OKs Bill to Give NIST Role in Federal Health IT
IBM Offers 'SOA Healthcheck' Workshops
OASIS Issues Call for Participation: Service Data Objects (SDO) TC
Microsoft Joins the Open Geospatial Consortium (OGC)

Sieve Email Filtering: Representing Sieves and Display Directives in XML
Ned Freed and Srinivas Saisatish Vedam (eds), IETF Internet Draft

This document describes a way to represent Sieve email filtering language scripts in XML. Sieve ("Sieve: An Email Filtering Language") is a language for filtering email messages at or around the time of final delivery. It is designed to be implementable on either a mail client or mail server. It is meant to be extensible, simple, and independent of access protocol, mail architecture, and operating system and it is intended to be manipulated by a variety of different user interfaces. Some user interface environments have extensive existing facilities for manipulating material represented in XML. While adding support for alternate data syntaxes may be possible in most if not all of these environments, it may not be particularly convenient to do so. The obvious way to deal with this issue is to map sieves into XML, possibly on a separate backend system, manipulate the XML, and convert it back to normal Sieve format. Several Sieve extensions have already been specified (RFC 3431, RFC 3598, RFC 3685, RFC 3934) and many more are planned. The set of extensions available varies from one implementation to the next and may even change as a result of configuration choices. It is therefore essential that the XML representation of Sieve be able to accommodate Sieve extensions without requiring schema changes. It is also desirable that Sieve extensions not require changes to the code that converts to and from the XML representation. This specification defines an XML representation for sieve scripts and explains how the conversion process to and from XML works. The XML representation is capable of accommodating any future Sieve extension as long as the underlying Sieve grammar remains unchanged. Furthermore, code that converts from XML to the normal Sieve format requires no changes to accommodate extensions, while code used to convert from normal Sieve format to XML only requires changes when new control commands are added—a rare event. An XML Schema and sample code to convert to and from XML format are also provided in the appendices.

GSA Mandates Liberty Alliance SAML 2.0 Interoperability Testing
Staff, Liberty Alliance Announcement

"Liberty Alliance, the global identity consortium working to build a more trusted Internet for consumers, governments and businesses worldwide, today announced that the E-Authentication Solution program of the U.S. General Services Administration (GSA) now mandates passing Liberty Alliance SAML 2.0 interoperability testing as a prerequisite for participating in the US E-Authentication Identity Federation. This news comes as governments around the world build and deploy SAML 2.0-based applications to offer millions of citizens secure and privacy-respecting online services and to provide businesses and public sector trading partners with an open, proven interoperable and trusted platform for conducting and managing a wide variety of identity-based transactions. Countries building and deploying identity-based applications using Liberty Federation, which consists of ID-FF 1.1, 1.2 and SAML 2.0 specifications, include Austria, Australia, France, Finland, Germany, Iceland, Ireland, Italy, Japan, New Zealand, Norway, countries in the Middle East, Portugal, Spain, Sweden, the United Kingdom, and the United States. The decision by the E-Authentication Solution to require Liberty Alliance SAML 2.0 interoperability testing for vendors participating in the US E-Authentication Identity Federation is furthering the deployment of trusted inter-federations among governments and private sector organizations worldwide. Originally launched in 2002 as part of the President's Management Agenda, the E-Authentication Solution assists federal agencies in mitigating the security and privacy risks associated with e-government and helps control government costs associated with authenticating large numbers of end users. E-Authentication Solution's move to have vendors pass Liberty Alliance testing recognizes the important role interoperability plays in advancing the deployment of trusted identity federations."

See also: Liberty Alliance references

Updated W3C Working Draft: XMLHttpRequest Object for Ajax
Anne van Kesteren (ed), W3C Technical Report

Members of the W3C Web API Working Group have released an updated Working Draft of "The XMLHttpRequest Object" specification, superseding the document of 2007-06-18. The core component of Ajax, the XMLHttpRequest object is an interface that allows scripts to perform HTTP client functions, such as submitting form data or loading data from a remote Web site. The name "XMLHttpRequest" is used for compatibility with the Web, but may be misleading. First, the object supports any text based format, including XML. Second, it can be used to make requests over both HTTP and HTTPS (some implementations support protocols in addition to HTTP and HTTPS, but that functionality is not covered by this specification). Finally, it supports "requests" in a broad sense of the term as it pertains to HTTP; namely all activity involved with HTTP requests or responses for the defined HTTP methods. The XMLHttpRequest object can be used by scripts to programmatically connect to their originating server via HTTP. The document is being produced as part of the Rich Web Clients Activity in the W3C Interaction Domain. With the ubiquity of Web browsers and Web document formats across a range of platforms and devices, many developers are using the Web as an application environment. Examples of applications built on rich Web clients include reservation systems, online shopping or auction sites, games, multimedia applications, calendars, maps, chat applications, weather displays, clocks, interactive design applications, stock tickers, currency converters and data entry/display systems. Web client applications typically have some form of programmatic control. They may run within the browser or within another host application. A Web client application is typically downloaded on demand each time it is "executed," allowing a developer to update the application for all users as needed. Such applications are usually smaller than regular desktop applications in terms of code size and functionality, and may have interactive rich graphical interfaces.

See also: W3C Rich Web Clients

The Hypertext Transfer Protocol (HTTP) Entity Tag ("ETag") Response Header in Write Operations
Julian F. Reschke (ed), IETF Internet Draft

A revised version of the IETF specification "The Hypertext Transfer Protocol (HTTP) Entity Tag ('ETag') Response Header in Write Operations" has been released in connection with the formation of a new HTTPbis Working Group activity. The Hypertext Transfer Protocol (HTTP) specifies a state identifier, called "Entity Tag", to be returned in the "ETag" response header. However, the description of this header for write operations such as PUT is incomplete, and has caused confusion among developers and protocol designers, and potentially interoperability problems. This document explains the problem in detail and suggests both a clarification for a revision to the HTTP/1.1 specification (RFC 2616) and a new header for use in responses, making HTTP entity tags more useful for user agents that want to avoid round-trips to the server after modifying a resource. The RFC 2616 specification is a bit vague about what an ETag response header upon a write operation means, but this problem is somewhat mitigated by the precise definition of a response header. The proposal for enhancing RFC 2616 in this regard is made in document Section 3.

Committee OKs Bill to Give NIST Role in Federal Health IT
Nancy Ferris, Federal Computer Week

The U.S. House Science and Technology Committee has approved a bill to give the National Institute of Standards and Technology a sizable role in federal efforts to advance health information technology. Approval came on a voice vote after the bill's sponsor, Committee Chairman Bart Gordon (D-Tenn.), amended the bill to clarify that the new NIST programs in the bill would complement existing federal health IT programs under the Office of the National Coordinator for Health IT. The Gordon bill, the Healthcare IT Enterprise Integration Act, would establish a health care information enterprise integration program at NIST. Its activities would include standards, interoperability analysis, software conformance and certification, security and privacy technical issues, information management and medical device communication. The bill encourages NIST to work with outside organizations and federal agencies to establish technical road maps for the development of application protocols, interoperability, data integrity, and security and privacy standards, plus conformance testing protocols. The bill also directs NIST to work with federal agencies on interoperability, security, and privacy standards and guidelines for use by federal agencies. A new interagency council would coordinate development of a federal health IT infrastructure.

IBM Offers 'SOA Healthcheck' Workshops
Paul Krill, InfoWorld

IBM's global services organization is adding "health check" services to its repertoire of technical services for SOA deployments, looking to assist users dealing with issues resulting from poor planning or partnerships with inexperienced or so-called proprietary IT vendors. The company also is offering its "identity-aware ESB," which is an enterprise service bus that combines existing IBM products to provide identity management capabilities. Health-check services and software will be offered in two workshops to be held at customer sites, featuring specialized diagnostics and triage capabilities to help identify potentially unhealthy areas and recommend cures for problem areas. The applications and services workshop is intended to provide assurance that an SOA can expand beyond pilot projects. Factors such as application reuse and service use will be assessed, as will identification of rogue services as part of a governance policy. Security also will be checked for service controls and identity management. The infrastructure workshop features an assessment of infrastructure supporting applications and services layers in an SOA. Elements examined include infrastructure flexibility, the ability to adapt to spikes in demand, and verifying SOA configurations for connectivity. A service management review ensures that services are being monitored. IBM's identity-aware ESB combines WebSphere ESB products with Tivoli security and identity management software to help ensure that access to information, services, and applications is protected. Auditing of identity and access activity is enabled.

See also: the IBM announcement

OASIS Issues Call for Participation: Service Data Objects (SDO) TC
Staff, OASIS Announcement

OASIS announced the formation of a new Service Data Objects (SDO) Technical Committee. The purpose of this TC is to evolve and standardize the specifications defining the Service Data Objects architecture and API. Service Data Objects (SDO) is a data programming architecture and an API whose main purpose is to simplify data programming. The key concepts, structures and behaviours of SDO will be defined by the SDO for Java specification from the JCP and the same SDO functionality defined by the Java specification available from C++. As far as possible, the SDO behaviour should behave consistently across the languages while also fitting naturally into each language's native programming environment. The first phase of work will be for SDO use with the C++ programming language. In particular, this TC shall maintain functional equivalence with the SDO for Java V2.1.1 Specification, under the stewardship of the Java Community Process (JCP). This TC will continue development of the "SDO for C++ V2.1" specification and aim to establish it as an OASIS Standard. In a second phase, the TC will evolve the SDO specifications (for both Java and C++) to a Version 3.0 level of functionality. Further programming languages may be selected from the scoped list by the TC. The TC is encouraged to consider an effective manner of evolving SDO functionality, keeping the multiple language specifications current and in alignment. Service Data Objects (SDO) Version 3.0 is intended to build upon the SDO Version 2.1.1 architecture and APIs by providing additional functionality to further simplify data programming so that developers can focus on business logic rather than the underlying technologies. Subject to the agreement of the Member Section Steering Committee, the new TC will affiliate with the Open CSA Member Section as it commences work.

Microsoft Joins the Open Geospatial Consortium (OGC)
Patrick Marshall, Government Computer News

In a move that is bound to have lasting repercussions for geospatial application developers, Microsoft has formally joined the Open Geospatial Consortium (OGC), a nonprofit standards organization. The move underlines Microsoft's commitment to make its geospatial applications—including Microsoft Virtual Earth and SQL Server 2008—conform to open standards, which will make it easier for third-party developers to integrate their own applications more effectively. According to Ed Katibah, Microsoft's spatial program manager for SQL Server, SQL Server 2008, which introduces spatial data types and methods, was designed to conform to OGC standards. The new version of the database, which is expected to be released in the second quarter of 2008, will undergo testing in the next few weeks to ensure its conformity. OGC Chairman and Chief Executive Officer David Schell said that Microsoft's decision to join OGC represents a major change in the industry. In its early years, OGC was supported primarily by developers of geospatial tools for vertical markets, such as ESRI and Autodesk. The recent addition of Google and now Microsoft represents a sea change, according to Schell. Schell expects Microsoft's participation to serve as a stabilizing force. As developers build new applications they can be assured that, by following OGC standards, their efforts will not meet with immediate obsolescence as a result of some major company introducing a new standard that suddenly changes everything. Schell: "The center of gravity of the market is now shifting; this really does indicate a significant maturation in the industry. It indicates a very broad acceptance of geospatial information as part of infrastructure development. And it also indicates that the dialogue concerning the harmonization of spatial best practices has reached the highest level." OGC is an international industry consortium of 346 companies, government agencies and universities participating in a consensus process to develop publicly available interface specifications. OpenGIS Specifications support interoperable solutions that "geo-enable" the Web, wireless and location-based services, and mainstream IT.

See also: OpenGIS Standards


SEARCH \| ABOUT \| INDEX \| NEWS \| CORE STANDARDS \| TECHNOLOGY REPORTS \| EVENTS \| LIBRARY

Headlines

Sponsors