The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Last modified: April 28, 2008
XML Daily Newslink. Monday, 28 April 2008

A Cover Pages Publication
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
BEA Systems, Inc.

Now Available for Public Review: The DocBook Schema Version 5.0
Norman Walsh (ed), OASIS Approved Committee Draft

OASIS announced that the DocBook Technical Committee recently approved a Committee Draft specification for 60-day public review, ending June 23, 2008. DocBook ("The DocBook Schema Version 5.0") defines a general purpose XML schema particularly well suited to books and papers about computer hardware and software, though it is by no means limited to these applications. The OASIS DocBook Technical Committee maintains the DocBook schema. Starting with V5.0, DocBook is normatively available as a RELAX NG Schema (with some additional Schematron assertions). W3C XML Schema and Document Type Definition (DTD) versions are also available. The Version 5.0 release is a complete rewrite. In programming-language terms, think of it as a code refactoring. This rewrite introduces a large number of backwards-incompatible changes. Essentially all DocBook V4.x documents will have to be modified to validate against DocBook V5.0. An XSLT 1.0 stylesheet is provided to ease this transition. The DocBook Technical Committee welcomes bug reports and requests for enhancement (RFEs) from the user community. The current list of outstanding requests is available through the SourceForge tracker interface. This is also the preferred mechanism for submitting new requests. Old RFEs, from a previous legacy tracking system, are archived for reference... In DocBook V5.0, extra-grammatical constraints are expressed using the Schematron. Grammar based validation technologies (like RELAX NG) and rule based validation technologies (like Schematron) are naturally complementary. Mixing them allows us to play to the strengths of each without stretching either to enforce constraints that they aren't readily designed to enforce. For example, DocBook NG requires that the root element of a document have an explicit version attribute. Because there are a great many elements that can be root elements in DocBook, and because they can almost all appear as descendants of a root element as well, it would be tedious to express this constraint in RELAX NG. But it is easy in a rule-based schema language, so DocBook V5.0 uses Schematron where appropriate...

See also: 'DocBook 5.0

InfoQ Interviews BPEL4People TC Representatives
Mark Little, InfoQueue

In this interview, held at the time of the first OASIS BPEL4People technical meeting, InfoQ spoke with several of the authors of the BPEL4People and WS-HumanTask specifications. Three of the authors were asked about the history of the specifications, how they see them fitting within BPM and whether they will divide the community as much as BPEL has so far. Manoj Das is Director of BPM Product Management at Oracle; his focus is on BPMN, BPEL, Workflow, and Business Rules. Dave Ings is a Program Director in the IBM Software Standards group, and is currently the chair of the OASIS BPEL4People technical committee. Ivana Trickovic is a standards architect in SAP's Industry Standards Group. Since before it was first announced that BPEL4People/WS-HumanTask were heading for a standards body, there has been a lot of interest around this new attempt to provide a standard in BPM. BPEL (aka WS-BPEL) has continued to split the workflow community, so isn't this the same fate for BPEL4People? WS-BPEL is primarily concerned with defining Web services-based executable processes. The primary goal of BPEL4People was to extend BPEL to support human user interactions as part of a BPEL process. BPEL4People is an extension layered on top of BPEL. While BPEL provides all the mechanisms needed to orchestrate people interactions, it does not differentiate between people activities and system activities. What we find is that people activities have many particular characteristics, which are mentioned in the earlier response; while these can be addressed in BPEL, it would be a lot more complicated. In many ways, an analogy is trying to do object-oriented programming with C. By addressing the important aspect of people interactions in a powerful and intuitive manner, BPEL4People will pave the way for BPEL to become the lingua franca for BPM. Typically, business processes require human involvement, e.g., to comply with some regulations it is necessary to implement the 4-eyes principle. For these kinds of business processes a more direct integration of different human interaction patterns in WS-BPEL is needed. BPEL4People addresses exactly that... The donation of BPEL4People to OASIS marks an important milestone in the development of BPM standards. [We think] the next big step for BPM standards is to provide a similar level of standardization for modeling notation. Towards this goal several of the BPEL4People authors are actively participating in the Business Process Modeling Notation (BPMN) 2.0 work at the Object Management Group... The next major piece of work is in the area of process notation, including its alignment with BPEL and BPEL4People. First class support for common human workflow patterns may also emerge... Parallel with the BPEL4People standardization activity we would like to make sure this extension of BPEL and the related OMG work on Business Process Modeling Notation (BPMN) are aligned so that human interactions can be modeled with BPMN as well...

See also: BPEL4People references

WS-MakeConnection: Replay Reconsidered
Gilbert Pilz, Blog

WS-ReliableMessaging describes a protocol that allows SOAP messages to be delivered reliably between distributed applications in the presence of software component, system, or network failures. One issue that has long bedeviled WS-RM is how to support reliable responses to so-called "anonymous clients". The OASIS WS-RX Technical Committee created the WS-MakeConnection specification to deal with this issue. Another, alternate solution is the use of the "replay model". This article describes the technical defects of the replay model... The core dilemma behind this issue is that "anonymous clients" (I prefer the term "non-addressable clients" because I don't like to conflate the concepts of addressability with those of identity) can only communicate synchronously yet WS-RM, by its nature, potentially renders all communications asynchronous. Uh huh. Let's break that down a bit. Non-addressable clients are hosted on computers that, for reasons of network topology (i.e., NATs), security (i.e. firewalls), or whatever, cannot accept connections from systems outside their network. Although you can't connect to these machines from the outside, they themselves can create outbound connections. SOAP supports non-addressable clients by leveraging HTTP to take advantage of this fact. Non-addressable SOAP clients create an outbound connection to a server, send the request message over this connection, then read the corresponding response from that same connection (this response channel is sometimes referred to as "the HTTP back-channel"). This is why non-addressable clients operate synchronously. They have to use the connection they created to read the server's response because, by definition, it is impossible for the server to connect to them and send the response (as would happen in an asynchronous exchange)... WS-RM is built on the concepts of acknowledglements and retransmissions. One node (client, server, whatever) sends a message to another and waits for an acknowledgement. If it doesn't receive one it assumes the message didn't get through and sends it again. So, regardless of when you think you are going to receive a message and which connection you think you are going to receive that message over, something may go wrong (the connection might break) and WS-RM will retransmit the message at a later time over a different connection. This doesn't present a problem for non-addressable clients on the request side (where they control the creation of new connections) but it is a problem on the response side. Suppose you are a server in the process of sending a reliable response to a non-addressable client and the connection goes down. Obviously you are never going to get an acknowledgment for that response message so, as a WS-RM node, it is your responsibility to resend it. But how are you supposed to do that? You can't connect to the client and re-send the response because the client is not addressable... We at BEA think that the WS-MakeConnection protocol not only addresses the reliable request/response scenarios in a way that is far less problematic than replay, it also addresses a number of other scenarios of interest to our customers.

See also: Reliable Messaging references

Spring (Acegi) Security 2.0 Adds OpenID Support, REST Capabilities, and Performance Improvements
Dionysios Synodinos, InfoQueue

Rod Johnson, the President and CEO of SpringSource, announced the release of Spring Security 2.0.0, which replaces Acegi Security as the official security module for Spring applications. As reported previously on InfoQ, Acegi security has been one of the most comprehensive Java security frameworks for enterprise software, that provides comprehensive authentication, authorization, instance-based access control, channel security and human user detection capabilities. The new features include simplified configuration, and new capabilities including OpenID, NTLM, JSR 250 annotations, AspectJ pointcut support, domain ACL enhancements, RESTful URI authorization, groups, hierarchical roles, user management API, database-backed "remember me", portlet authentication, additional languages, Web Flow 2.0 support, Spring IDE visualization and auto-completion, enhanced WSS support via Spring Web Services 1.5 and more. Spring Security 2.0.0 builds on Acegi Security's solid foundations, adding many new features (for example): (1) Simplified namespace-based configuration syntax. Old configurations could require hundreds of lines of XML but our new convention over configuration approach ensures that many deployments will now require less than 10 lines; (2) OpenID integration, which is the web's emerging single sign on standard -- supported by Google, IBM, Sun, Yahoo and others; (3) Windows NTLM support, providing easy enterprise-wide single sign on against Windows corporate networks; (4) Support for JSR 250 ('EJB 3') security annotations, delivering a standards-based model for authorization metadata; (5) AspectJ pointcut expression language support, allowing developers to apply cross-cutting security logic across their Spring managed objects; (6) Substantial improvements to the high-performance domain object instance security ('ACL') capabilities; (7) Comprehensive support for RESTful web request authorization, which works well with Spring 2.5's @MVC model for building RESTful systems...

See also: Spring Security

Conversion of MIB to XSD for NETCONF
Debao Xiao and Yanan Chang (eds), IETF Internet Draft

The IETF NETCONF Working Group was chartered to produce a protocol suitable for network configuration for today's highly interoperable networks. Three layers of NETCONF have been already standardized in RFC4741, RFC4742, RFC4743 and RFC4744. However, there isn't a standard data modeling language or a standard data model for NETCONF content layer. If we can't make the content layer of NETCONF standardized, every vendor can define its own data model, which will cause trouble and confusion in understanding the syntax and semantics of data model in communication. Thus the NETCONF won't be applied widely as SNMP in future and the NETCONF defined in RFC4741 will have no sense. The work to standardize the content layer of NETCONF is of two ways: (1) Create a new data modeling language and then a new data model for NETCONF. YANG is a new data modeling language which defines a new SMI for NETCONF containing datatypes, node statement, and syntax specification and so on. (2) Conversion from MIB to XSD; this is being done by XSDMI group. The XSDMI effort is designed to produce a XSD specification by translating from MIB. NETCONF configuration is an improvement of CLI, not SNMP which has been widely used for performance, monitoring and fault management. However, some MIB-based monitoring data have become part of the operational framework of many networks. And many of the data names and meanings have been widely accepted by vendors for years. For a long run, to establish a new data modeling language and new data model is much better than simple conversion of MIB to XSD. However, its standardization will need a very long time and plenty of effort. On the other hand, IETF has spent over 20 years to make SMI MIB standardization and many vendors also have made great effort to supplement these MIBs which have been widely used in current network management systems... NETCONF uses XML-based data encoding for the configuration data as well as the protocol messages. Under such background, we should provide a standard translation to make using the MIB's managed objects with XSD easier... Data models which expressed by XSD can be accessed by NETCONF and any XML-based protocols such as IDMEF, XCAP, IDMEF, and ATOM, which improves the interoperability. XSD can generate any diverse data types, multi-dimensional arrays and can be used in real world devices which employ hash-tables which don't exist in SMI... Based on the XSDMI's and previous smidump's work, the documentation defines a standard expression of SMI MIBs in XSD for NETCONF to ensure uniformity and general interoperability and reusability of existing MIBs. In addition, we define a XML schema to give a restriction and validation to translated XSD files.

See also: the IETF NETCONF WG Status Pages

Adobe Flex Builder Speeds RIA Development
James R. Borck, InfoWorld Product Review

For improving the look and feel of browser-based applications, AJAX technologies work wonders, but RIAs (rich Internet applications) take the browser to a whole new level. RIAs deliver a consistently richer user experience, with functionality and data access more closely approximating native desktop apps. Adobe Flex Builder 3.0 is an Eclipse-based IDE for building RIAs on Adobe's Flash platform and the open source Flex SDK. Although you could use any text editor to cobble ActionScript and MXML into a Flex app, Flex Builder 3.0 delivers a streamlined experience for RIA development and Flex project code management. Flex Builder provides easy graphical tools for laying out rich Web GUIs, generating the underlying MXML code. It shines for creating real-time dashboards, thanks to graphing and charting widgets. Plus, you'll find plenty of community demos at Adobe Developer Connection to help jump-start your efforts... I'm very impressed with the additions in this release. The highlights include better visual layout tools and more control over CSS, new wizards for WSDL introspection and back-end data connectivity, and plug-ins that augment workflow between developers and design teams running Adobe Creative Suite 3 applications (such as Flash, Photoshop, Illustrator, and Fireworks). The WSDL introspection wizard makes it easy to pull together ActionScript and Web services inside Flex, while the CS3 plug-ins provide MXML-savvy templates that allow CS3 users to create Flex controls with familiar tools, versus learning to design directly in Flex... Flex Builder 3.0 trims development time for Flex and AIR apps with visual tools for interface layout, wizards for Web service and data binding, and extensions for Adobe CS3 aimed at bridging the designer-developer gap. The workflow between Builder and CS3 is a bit clumsy, but it's a good start. Debugging additions and profiling and memory tools in the Professional edition make it worth the additional cost.

Vegas Bets on BPEL
Joab Jackson, Government Computer News

When the inventory of replacement parts for the Las Vegas Water Pollution Control Facility dips below a certain threshold these days, the city's asset management system orders replacements automatically. When parts arrive, a facility employee logs them in, and the invoice for the part is automatically paid through the city's finance system. Although the process for ordering parts involves multiple software programs, such as the accounting software and the parts-inventory system, the series of transactions is managed from a single point thanks to the use of Business Process Execution Language, or BPEL. BPEL is a standardized workflow language for automating a series of events across different applications. The city was already using the Oracle E-Business Suite for financial and human resources management and Oracle Utilities Work and Asset Management (formerly STL) to manage assets and maintenance. With the help of contractor Innowave Technologies, the city used the Oracle BPEL Process Manager to pull these applications together. The project started in 2005 when the city was upgrading its supervisory control and data acquisition (SCADA) system. With an average of 2,500 new residents a month, Las Vegas has a tremendous growth rate so managers wanted to put an information technology architecture in place that would grow with the city. The overall plan is to integrate the outputs from the SCADA systems with the city's business applications. Feeding all the information into a central database makes it readily available to different applications. Reports and analyses can also be performed more easily. Each department of the city is working to pinpoint their lines of business and which strategic goals will support those lines of business. The city is establishing metrics and tying them to the data being collected. When the project began in 2005, BPEL was anything but proven... Las Vegas' implementation is one example of how BPEL could be used in government. BPEL could be used to extend the service of older systems, [Oracle's] Doolan said. Their functionality can facilitate Web services and combine to generate new processes. In particular, Oracle is encouraging use of BPEL with content management systems. The Securities and Exchange Commission has started to use Oracle's BPEL engine to store and manage 10K filings...

See also: BPEL references


XML Daily Newslink and Cover Pages are sponsored by:

BEA Systems, Inc.
IBM Corporation
Sun Microsystems, Inc.

XML Daily Newslink:
Newsletter Archive:
Newsletter subscribe:
Newsletter unsubscribe:
Newsletter help:
Cover Pages:

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: