This issue of XML Daily Newslink is sponsored by:
BEA Systems, Inc. http://www.bea.com
SAML: The Master Key?
Joab Jackson, Government Computer News
Imagine a day when instead of setting up an account with each organization you do business with, you set up a single account, which all the parties can consult. Such a setup could be useful for federal agencies for a number of reasons. For one, federal employees often need to access systems and data held by agencies other than their own. For another, e-government initiatives involve people who often hold no government-recognized credentials. How does the government authenticate their identities? The General Services Administration's E-Authentication Identity Federation initiative can meet these needs, said David Temoshok, director of identity policy and management at GSA's Office of Governmentwide Policy. The program is a central hub for facilitating interactions among different organizations. And one of the ways E-Authentication can offer this service is through an emerging Extensible Markup Language-based standard, called the Security Assertion Markup Language (SAML), which was first developed by OASIS and later adopted by the Liberty Alliance as the backbone for its efforts to offer tools for federated network identity... Through the Liberty Alliance, GSA also maintains a list of SAML-based products that are interoperable. Like the common terminology, this streamlines the process of setting up an authenticating relationship with another party. In September , GSA mandated that all products undergoing SAML interoperability testing be certified to be interoperable with Version 2.0 of SAML.
See also: SAML references
Thinking About HTML5
Norm Walsh, Blog
HTML 5 is big. Big in a lot of different ways. I'm trying to understand some of them. Let the random mutterings begin... The genesis of this essay was some thinking about validity, well-formedness, markup minimization, and parsing. The design space for markup, especially markup that will be authored by hand (directly or indirectly), is pretty big. It's interesting to compare how SGML, XML, and HTML 5 fit in that space. SGML was designed with ease of authoring in mind, at least to the extent that minimizing how much markup one had to type was an ease to authoring. Because SGML required (pre-corrigendum) all documents to be valid, this flexibility came at a terrible price. SGML parsers were fiendishly hard to implement correctly. In the SGML world, those typing conveniences go hand-in-hand with validity. XML was designed with ease of parsing in mind. In particular, it relaxed the validity constraint and obviated the need for a DTDs. Without a DTD, it's impossible to know where implied markup boundaries should go, so you can't have any. Because you don't know the vocabulary. SGML and XML are both 'meta markup languages': they have no defined vocabulary. SGML includes a mechanism that allows users to invent their own tag vocabularies; XML has several such mechanisms. HTML 5, in contrast, is explicitly a single vocabulary (or perhaps a small family of vocabularies). As such, it would be much less interesting where it not for two facts: first, it is a revision of the single most important vocabulary on the planet and second, it is neither SGML nor XML. One of the two 'authoring formats' described by the HTML 5 specification is a custom one. The other is XML, but in fact both are described as just concrete syntaxes for 'an abstract language for describing documents and applications' which is what is really being defined. The goal of the custom parser, as I understand it, is that it imposes an unambiguous HTML 5 interpretation on any random stream of characters... While that offers some apparent benefits to end users (they don't for example, have to remember to type quotes around their attribute values), I harbor some reservations about whether or not this strategy will be a good thing for the broader markup community in the long run.
See also: the HTML5 news story and references
Wal-Mart Is Piloting E-Health Record System
Marianne Kolbasuk McGee, InformationWeek
A small number of employees have been given secure access to digitized information—such as prescription drug records, lab results, and more -- about their own personal health. The rollout by Wal-Mart is part of a larger project announced more than a year ago by Dossia, a coalition that includes Wal-Mart and several other large employers, including Intel, British Petroleum, Pitney Bowes, Cardinal Health, Applied Materials, AT&T, and Sanofi-Aventis. Dossia is partnering with Children's Hospital Boston in developing the e-health system, which is based on Indivo, a scalable, secure, open-source personal health record system that Children's Hospital built in 1998 for its patients. By providing Wal-Mart workers with e-health records, the company believes employees will be more "engaged in their own healthcare" and better equipped to make good decisions regarding their health. [Note: According to an article in 'BMC Medical Informatics and Decision Making' (12-September-2007) "personally controlled health records (PCHRs), a subset of personal health records (PHRs), enable a patient to assemble, maintain and manage a secure copy of his or her medical data. Indivo is an open source, open standards PCHR with an open application programming interface. The article describes how the PCHR platform can provide standard building blocks for networked PHR applications. Indivo allows the ready integration of diverse sources of medical data under a patient's control through the use of standards-based communication protocols and APIs for connecting PCHRs to existing and future health information systems. The approach to interoperability of PCHRs with electronic medical records (EMRs) and other information systems relies on a simple principle—use widely-adopted, standardized methods for exchanging (importing and exporting) data. Currently, Indivo handles both the Continuity of Care Record (CCR) and the Continuity of Care Document (CCD) for such information transfer and is working closely with the Healthcare Information Technology Standards Panel (HITSP) on interoperability. Standard coding systems, such as LOINC, may be used when the source data provider supports them. Our mechanism for importing data from EMRs and other sources, the subscription agent, is discussed below. The Indivo architecture is document-centric, with a document model adapted for information needed by patientcentric applications, rather than one which simply wraps electronic health record data."]
See also: the BMC Medical Informatics article
IE Struggles to Be Compatible
Joe Wilcox, eWEEK
There's a new browser war brewing, and it's not between Microsoft and Mozilla. Internet Explorer is in a state of conflict with itself and Web standards. The conflict will expand next month, when Microsoft sends enterprises an Internet Explorer 7 Valentine. On February 12, IE 7 will dispatch through WSUS (Windows Server Update Services). The days of enterprises blocking the browser will end. Desktops running Windows XP and IE 6 will get the update. Those running Windows Vista already have it. IE 7 is notorious for breaking applications and some Web sites, and the reasons for both calamities are somewhat different. Security architectural changes, mainly around ActiveX controls, are the compatibility killer for many homegrown applications and for some Web sites. Microsoft's efforts to make Internet Explorer a standards-based browser has caused Web site compatibility problems... In a long blog posted overnight, Chris Wilson, Microsoft's IE platform architect, comes clean about efforts to achieve some kind of balance between standards compliance and backwards compatibility. It's an ugly story that he tells. But they say that confession is good for the soul -- or perhaps software development. To me, the scariest part of Wilson's story is what's not yet written: IE 8. Microsoft's solution : Put more onus on Web developers, which must insert a tag for rightly rendering the content in the most standards way. IE 8 will keep the same quirks and standards modes as IE 7. What he's really say is this: IE 7 broke the Web once, and Microsoft doesn't want IE 8 to do the same. So for the mess of DOCTYPE rendering modes everywhere, IE 8 will hold to the IE 7 status quo. But to get the benefits of the new IE 8 rendering engine, Web developers will have to tag their sites to support the new browser. I wouldn't exactly call that a formula for mass adoption.
See also: on IE 8
Ajax and XML: Use Ajax Techniques to Create Input Forms
Jack D. Herrington, IBM developerWorks
Zend Targets Enterprise PHP with App Server, IDE
Paul Krill, InfoWorld
Focusing on the enterprise, PHP (Hypertext Preprocessor) tools vendor Zend Technologies is shipping Tuesday version 3.6 of its Zend Platform application server for PHP as well as Zend Studio for Eclipse, an IDE for PHP based on Eclipse open source technology. Featured in Zend Platform 3.6 are capabilities to monitor HTTP, Apache, and Java events; expanded performance alerts; and better diagnostics through the debugging of production problems on development servers. These improvements are part of Zend Platform's "PHP intelligence" functions for monitoring PHP application performance. Zend Platform monitors PHP applications in real time, reporting on script errors, database and performance issues, and other matters. Downtime is reduced by recording the full context for reported problems to enable root cause diagnostics and short time to resolution. Also highlighted in version 3.6 are automatic output compression to save bandwidth and enhanced job queues for deferred and offline processing. An improved download server optimizes delivery of large content and media files. Version 3.6 also features expanded options for caching content, with support for file or URL-based caching, client-side caching, and in-memory or disk-based caching... Zend Studio for Eclipse is built on top of the Eclipse PDT (PHP Development Tools) project. Studio improves the quality of PHP applications, speeds development cycles, and simplifies complex projects. It features a set of editing, debugging, analysis, and database tools. Agile development processes are supported, such as unit testing, refactoring, and code coverage. Eclipse plug-ins can be accessed for capabilities such as database access and source control.
Selected from the Cover Pages, by Robin Cover
The World Wide Web Consortium (W3C) has announced the publication of a First Public Working Draft of HTML 5: A Vocabulary and Associated APIs for HTML and XHTML. The specification is intended to replace, viz., become the new version of, what was previously defined in the HTML4, XHTML 1.x, and DOM2 HTML specifications. The HTML 5 specification defines the fifth major revision of the core language of the World Wide Web: HTML. In this version: (1) new features are introduced to help Web application authors, (2) new elements are introduced based on research into prevailing authoring practices, and (3) special attention has been given to defining clear conformance criteria for user agents in an effort to improve interoperability. The new features are presented in the companion Working Draft HTML 5 Differences from HTML 4. According to the W3C announcement, the HTML 5 specification "helps to improve interoperability and reduce software costs by giving precise rules not only about how to handle all correct HTML documents but also how to recover from errors. Ajax and related innovations have propelled demands for a new standard that allows people to create Web applications that interoperate across desktop and mobile platforms. Some of the most interesting new features for authors are APIs for drawing two-dimensional graphics, embedding and controlling audio and video content, maintaining persistent client-side data storage, and for enabling users to edit documents and parts of documents interactively." The new specification differs from previous versions of "HTML" in that it defines an abstract language for describing documents and applications, as well as some APIs for interacting with in-memory representations of resources that use this language.
XML Daily Newslink and Cover Pages are sponsored by:
|BEA Systems, Inc.||http://www.bea.com|
|Sun Microsystems, Inc.||http://sun.com|
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: firstname.lastname@example.org
Newsletter unsubscribe: email@example.com
Newsletter help: firstname.lastname@example.org
Cover Pages: http://xml.coverpages.org/