Cover Pages: XML Daily Newslink: Friday, 14 March 2008

A Cover Pages Publication http://xml.coverpages.org/
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
Primeton http://www.primeton.com

Headlines

Open Geospatial Consortium (OGC) and OASIS Collaborate on Standards
W3C Workshop: Mobile Technologies and Fostering Social Development
Blueprint for Successful SOA Integration
Grid Computing: Classification of Emerging and Traditional Grid Systems
Intalio and Alfresco Integrate BPM Suite with ECM
IBM Moves on Secure Mashups: SMash Contributed to OpenAjax Alliance
SMash: Secure Component Model for Cross-Domain Mashups on Unmodified Browsers
Microsoft Releasing OOXML SDK

Open Geospatial Consortium (OGC) and OASIS Collaborate on Standards
Staff, (Joint) OGC/OASIS Announcement

Progress on ongoing collaborative efforts was announced today by two international standards consortia, the Open Geospatial Consortium, Inc. (OGC) and OASIS (the Organization for the Advancement of Structured Information Standards). The groups have fostered an active commitment to cooperation since signing a Memorandum of Agreement in 2006. The two groups cite collaborative contributions and adoption of standards for web services, emergency management, e-business, and security. The groups point to Web services as a key area of their cooperation. With the existing OGC Web Services (OWS) standards, most of the standards needed to publish, discover and use Web-resident geospatial data and services on the Web are in place. However, OWS must work in concert with other Web services standards. That's why OGC members approved the ebRIM (electronic business Registry Information Model) OASIS Standard as the preferred cataloging meta-model foundation for future application profiles of the OpenGIS Catalog Service Web (CS-W) Standard. In the security space, the recently approved OGC GeoXACML standard represents a spatial extension of the XACML (Extensible Access Control Markup Language) OASIS Standard. GeoXACML was developed in close collaboration with the OASIS XACML Technical Committee. OGC also plays an active role in the OASIS Emergency Management Technical Committee, which works to advance the fields of incident and emergency preparedness and response. This committee developed the Common Alerting Protocol (CAP) and Emergency Data Exchange Language (EDXL) OASIS Standards. OGC members helped define a GML application very similar to GeoRSS GML for use in CAP and EDXL, as well as in other specifications under development including the Extensible Address Language (xAL), and Hospital Availability Exchange (HAVE). The OGC's Sensor Web Enablement (SWE) standards reference CAP and other relevant OASIS alerting standards including the OASIS Web Services Notification (WS-N) and Asynchronous Service Access Protocol (ASAP) specifications. The OGC works with OASIS to harmonize these standards with the SWE specifications.

W3C Workshop: Mobile Technologies and Fostering Social Development
Staff, W3C Announcement

W3C has announced a "Workshop on the Role of Mobile Technologies in Fostering Social Development," to be held in Sao Paulo, Brazil, on 2-3 June 2008. The goal of the Workshop is to identify the challenges of providing e-services on mobile phones to people in developing economies. A specific topic in the scope of this workshop is about eGovernment, or identifying the specific challenges of delivering eGovermental services to underprivileged citizens, and the opportunities and challenges of mobile phones in this context. The emergence of new Information and Communication Technologies (ICT), the Web and Internet in particular, in late 80s, has changed the World, offering a new paradigm in communication, exchange and commerce. However, while the new Information Society is still developing today, a new gap has also appeared with those without regular, effective access and ability to use these digital technologies. This is known as the Digital Divide, which is particularly affecting developing countries. On another hand, ICTs are also a great opportunity for the developing world. Providing minimal services (health, education, business, government, etc.) to rural communities and under-privileged populations is of major importance to improve people lives, and to sustain development. Using ICTs would be the easiest and possibly only way to develop and deploy those services. It is therefore critical to work towards bridging this Digital Divide. In this context, the recent explosion of mobile telephony in the developing world is a great opportunity. At the end of 2007, according to the GSMA and ITU, the total number of people having accessing to a mobile phone was around 2.7 billions, and 80% of the world population was currently covered by a GSM network. These numbers illustrate the potential of the mobile platform to be the right solution to deploy services now, compared to other options. W3C intends for this public Workshop to be a multidisciplinary forum where mobile and Web technology experts, NGO specialists, and egovernment representatives gather to learn more about the specific needs, expectations, and challenges of deploying services for underprivileged populations. Information about participating in the Workshop is available on the Workshop home page. W3C thanks NIC.br (Network Information Center), CGI.br Internet Steering Committee, and Institute CONIP for hosting this Workshop. The Workshop is organized with the financial support of the European Union's 7th Research Framework Programme (FP7) under the Digital World Forum project.

See also: the W3C white paper

Blueprint for Successful SOA Integration
Dain Hansen, BEA Arch2Arch

SOA Integration has recently emerged as the de facto standard for successful IT integration; it leverages the benefits of Service Oriented Architecture (SOA) to solve one of the most fundamental challenges IT is facing today. Some architects mistake SOA Integration for the inclusion of an enterprise service bus or BPEL along with some adapters. There's more to it. This article will discuss how SOA Integration can be defined, what it solves, what to look for, and some points to think about for your IT organization. It also points out some of the most common mistakes, such as the Accidental Integration Architecture pattern. SOA Integration is meant to address the gaps exist in your IT. These gaps—which are between people, processes, and applications—can take a toll on the effectiveness of your business. If you are good at your job, this is probably nothing new for you; you face it each and every day. Companies like yours have spent vast IT budgets attempting to plug these gaps. SOA Integration behaves as a completely integrated solution. Components for service integration, process integration, service orchestration, data services, connectivity, and unified tooling, each work together to provide the necessary integration patterns needed for abstracting multiple integration scenarios... The combination of SOA Governance, BPM, and Composite Services adds up to state-of-the art capabilities for integrating any type of service, data, message, or event. Adopting a holistic approach to SOA Governance, Management and Security will provide essential visibility and control, and allow business processes to be tied into integration services. Those services can then be shared with teams across the enterprise.

See also: the BEA SOA Center

Grid Computing: Classification of Emerging and Traditional Grid Systems
Heba Kurdi, Maozhen Li (et al), IEEE DS Online

Emerging grids could help bridge the gap between grid technologies and users. The classification of grid systems aims to motivate research and help establish a foundation in this developing field. The grid started in the early '90s as a model of metacomputing in which supercomputers share resources; subsequently, researchers added the ability to share data. This is usually referred to as the first-generation grid. By the late '90s, researchers had outlined the framework for second-generation grids, characterized by their use of grid middleware systems to 'glue' different grid technologies together. Third-generation grids originated in the early millennium when Web technology was combined with second-generation grids. As a result, the invisible grid,2 in which grid complexity is fully hidden through resource virtualization, started receiving attention. Subsequently, grid researchers identified the requirement for semantically rich knowledge grids,2 in which middleware technologies are more intelligent and autonomic. Recently, the necessity for grids to support and extend the ambient intelligence vision has emerged. In AmI, humans are surrounded by computing technologies that are unobtrusively embedded in their surroundings However, third-generation grids' current architecture doesn't meet the requirements of next-generation grids (NGG) and service-oriented knowledge utility (SOKU). In the literature, two characteristics categorize traditional grids: the type of solutions they provide and the scope or size of the underlying organization(s). We propose four additional nomenclatures to facilitate the classification of emerging grids: accessibility, interactivity, user-centricity, and manageability. We define each of these features and explain our rationale for adding them... To make the NGG a reality, researchers must address some critical aspects and serious challenges, such as infrastructure agnostic grid middleware, dynamic service composition, user-centricity, dependability, security, and scalability. Some open ethical and philosophical concerns are striking as well. Although grid technologies never had an explicit goal of changing our society, it's likely that emerging grids will have long-term consequences and ethical values (such as those relating to security and privacy) that are much more influential than the Internet.

Intalio and Alfresco Integrate BPM Suite with ECM
Staff, Intalio Announcement

Intalio, Inc. recently announced a partnership with Alfresco Software, Inc., 'the Open Source alternative for Enterprise Content Management'. The integrated offering of Intalio-BPMS and Alfresco ECM allows users to manage advanced document-centric workflow processes and support the collaborative development of complex business processes. Document-centric workflow processes provide a powerful way to automate business communications, allowing documents to be transmitted to the right people based on complex rules. For example, insurance companies can use workflow processes to handle end-to-end policy management processes and provide better visibility to customers regarding the processing of claims. The integrated solution also allows Business and IT to collaboratively document complex business processes, making it easier to understand business requirements and the rational behind new procedures. The Alfresco integration project was funded under the Demand Driven Development (D3) model introduced by Intalio in 2006. The idea behind D3 is to allow customers to steer Intalio's product development roadmap in specific directions, then participate in the overall development process through syndicated funding. Development is billed at cost, and sponsors receive credits toward the licensing of Intalio-BPMS Enterprise Edition equivalent to 50% of their participation in the D3 project. The Alfresco integration D3 project is currently being funded by three sponsors worldwide. Genoko, an Intalio System Integration partner in Asia, is planning to deploy the solution in several large companies throughout the region.

IBM Moves on Secure Mashups: SMash Contributed to OpenAjax Alliance
Paul Krill, InfoWorld

IBM is unveiling technology to secure mashups and is donating it to the OpenAjax Alliance, an organization promoting AJAX (Asynchronous JavaScript and XML) interoperability. Mashups are defined by IBM as Web applications that pull information from multiple sources such as Web sites, enterprise databases, and e-mail to present a single view. But mashups have been beset by security risks. Through IBM's SMash (secure mashup) technology, information from different sources can communicate with each other, but the sources are kept separate to prevent the spread of malicious code. SMash keeps code and data from each of the sources separated while allowing controlled sharing of data through a secure communication channel. The technology is being donated to the OpenAjax Alliance and is to become part of OpenAjax Hub 1.1, which goes to general release in June, according to David Boloker, CTO of emerging Internet technologies in the IBM software group. Once available, SMash can be used in Web pages in mashups. Jeffrey Hammond, senior analyst for application development at Forrester Research: "This client-side cross-domain access pattern is becoming increasingly popular when developers want to mix in technology from multiple sites, but don't feel comfortable importing that code into their server domains. Building on top of OpenAjax Hub is a strength of SMash." The 'smash provider' is described in the "OpenAjax Hub 1.1 Specification Managed Hub Overview" based upon an IBM research paper (to be published in the WWW2008 Proceedings): "The smash provider allows for secure inclusion of untrusted widgets within a mashup. (1) Widgets are placed into IFRAMEs that have a different subdomain than the mashup container application and the other widgets. This technique leverages the same-domain policy that is implemented in today's popular browsers whereby the browser disallows JavaScript or DOM bridging between different-domain IFRAMEs. (2) Inter-widget communication happens through a particular mechanism (the window.location fragment identifier, aka "IFrame Proxy" technique) that can be shared among the IFRAMEs. Note that the SMash techniques sets up the IFRAMEs such that all communication via IFrame proxies is mediated by the mashup container application, which prevents widgets from listening in on the SMash communication channel..."

SMash: Secure Component Model for Cross-Domain Mashups on Unmodified Browsers
Frederik De Keukelaere, Sumeer Bhola (et al.), WWW2008 Refereed Paper

This 13-page paper addresses the problem of securing mashup applications which mix active content from different trust domains. It is an extended version of the paper prepared for presentation at the Seventeenth International World Wide Web Conference (WWW2008), to be held on April 21-25, 2008 in Beijing, China. "Mashup applications mix and merge content (data and code) from multiple content providers in a user's browser, to provide high-value web applications that can rival the user experience provided by desktop applications. Current browser security models were not designed to support such applications and they are therefore implemented with insecure workarounds. In our project SMash, we present a secure component model, where components are provided by different trust domains, and can interact using a communication abstraction that allows ease of specification of a security policy. We propose a secure component model comprising a central event communication hub and governed communication channels which mediate the communication between isolated components. We illustrate how such a model can be used to enforce basic access control policies which define the allowed interactions between components. We here describe SMash, an implementation of this model on current browsers, which can be used right away in building secure mashup applications. Our implementation depends on iframes for isolation while bootstrapping a publish-subscribe model of communication using URL fragment identifiers. Our programming model is intentionally general enough that other communication techniques could be used instead of URL fragments. SMash is resilient to attacks such as channel spying, message forging, and frame-phishing. We have evaluated our implementation and find that it scales well with increasing number of components in the mashup, and has enough data throughput to be useful in a number of mashup application scenarios. Our implementation is available as an open-source JavaScript library."

See also: the abstract

Microsoft Releasing OOXML SDK
Eric Lai, InfoWorld

The Office Open XML (OOXML) format may not have gotten ISO's final blessing as an open standard yet, but Microsoft is finalizing plans to release a software development kit for it anyway. Microsoft plans to put out the final beta of the OOXML SDK next month, and release Version 1.0 in May, according to Doug Mahugh, a technical evangelist at Microsoft. The final SDK beta and related information will be available at openxmldeveloper.org, openxmlcommunity.org, and microsoft.com. The SDK will enable developers to write applications that can open, read, and otherwise work with OOXML documents, or port existing applications that work with documents in older Microsoft formats over to OOXML, Mahugh said. Moreover, the SDK will "put Microsoft on the hook to keep your app in line with the OOXML standard" as it changes, he said. For instance, if national members of ISO decide at the end of this month to approve the OOXML specification -- which has been changed substantially since its failure to pass in September 2007—those changes will be reflected in Version 1.0 of the SDK, Mahugh said. And Microsoft would continue to update the SDK to make sure that applications built with it remained compliant with an Open XML standard as changes were made in the future, he said. Microsoft first released a Community Technology Preview of the SDK last June. It is targeted at developers of business intelligence, content management and other applications in the Office and SharePoint ecosystem. Microsoft also offers an API for packaging OOXML for developers who need "more low-level control" over their code, Doug Mahugh said.

See also: the Open XML SDK Roadmap


SEARCH \| ABOUT \| INDEX \| NEWS \| CORE STANDARDS \| TECHNOLOGY REPORTS \| EVENTS \| LIBRARY

Headlines

Sponsors