This issue of XML Daily Newslink is sponsored by:
Sun Microsystems, Inc. http://sun.com
Eclipse Readies Ganymede Release
Paul Krill, InfoWorld
See also: the Ganymede web site
SailPoint Launches Open Role Exchange Initiative
Staff, Sailpoint Announcement
SailPoint Technologies has issued an open call for the development of a new standard that addresses the need to integrate roles and role models between tools and systems. The goal of this initiative is to bring the identity management community together to define role interoperability standards that will solve difficult integration problems and simplify role-based governance across diverse identity infrastructures. An interactive forum has been created—Open Role Exchange Forum (ORXF) -- to organize the industry effort and to facilitate the collaboration needed to define the model and foster adoption of the new standard. The Open Role Exchange seeks to provide a forum to discuss the requirements for role interoperability and to identify areas where new standardization is needed. In an open letter to the industry, Darran Rolls suggests that the industry should begin by addressing five key requirements for role interoperability. Key Requirements for Role Interoperability, as sketched in the announcement: (1) A Common Exchange Format to describe the role-based access control (RBAC) structure and control rules between systems; (2) Query and Exchange Operations so that structure, allocation and usage requests can flow between systems; (3) Change Control and Delegated Administration to determine how systems can extend or modify a shared model; (4) A Role Mapping and Resource Referencing scheme; (5) A Common State Model for shared RBAC systems. Darran Rolls, SailPoint's CTO: "Role interoperability is a pervasive issue for companies addressing identity governance. As an identity management community, I believe it's our responsibility to define a standardized operational exchange model for roles. This effort will reduce the need for custom integration and will lower the cost and complexity of deploying and maintaining integrated role-based systems." According to the web site FAQ document: "The existing role management standards address some of the issues related to role interoperability, but none provide a complete solution. For example, the recent work at INCITS around RBAC exchange operations provides a starting point for a set of exchange methods, but it does not provide guidance on the actual implementation of the abstract model it defines. At the same time, the XACML RBAC profile presents strong, concise guidance on how to describe a role model in XML, but its focuses on using RBAC in an access control decision, not how to define interoperation or how to define an operational context for roles in general. The goal of the Open Role Exchange initiative is to build on the work of these existing standards to create a new specification for role interoperability and exchange that defines the types of change control semantics needed when autonomous systems share a governance context around a common role model." A relevant session on "Role Management and Provisioning" at Burton Catalyst Conference June 23-27, 2008 will explore requirements.
See also: the Open Role Exchange Forum web site
Public Review Draft: Subject-based Profiles for SAML V1.1 Assertions
Tom Scavo (ed), OASIS PR Draft
OASIS announced the publication of the "Subject-based Profiles for SAML V1.1 Assertions" Public Review Draft 01, available for comment through August 12, 2008. The document was produced by members of the OASIS Security Services (SAML) TC. The Subject-based Profiles for SAML V1.1 Assertions specifies two profiles: (1) SAML V1.1 Subject Profile (2) SAML V1.1 Subject-based Assertion Profile The primary goal of the SAML V1.1 Subject-based Assertion Profile (which relies on the SAML V1.1 Subject Profile) is to provide guidance to deployments that support both SAML V1.1 and V2.0. In that case, there is some flexibility in SAML V1.1 that is not present in SAML V2.0 (and vice versa). This profile places constraints upon SAML V1.1 subjects and assertions so that they have properties similar to SAML V2.0 subjects and assertions. This may aid interoperability and speed the ultimate transition from SAML V1.1 to SAML V2.0. An implementation of the SAML V1.1 Web Browser SSO Profile is very likely conformant to this profile. Other applications of SAML may not be conformant, however. For example, the Web Services Security SAML Token Profile provides for both SAML V1.1 and SAML V2.0 tokens. Due to differences between the two versions of SAML, an implementation that wished to support both would tend to constrain the tokens such that they exhibited an equivalent semantic. This profile provides one such set of constraints. A major difference between SAML V1.1 and SAML V2.0 is that the latter elevates the 'saml2:Subject' element to be a child element of the 'saml2:Assertion' element, and therefore the 'saml2:Subject' element applies to all the statements in the assertion. In SAML V1.1, on the other hand, each statement has its own 'saml:Subject' element, which opens the door to a wide range of possibilities. This profile constrains SAML V1.1 assertions so that each statement contains an equivalent 'saml:Subject' element. Formally, this is done by extending the notion of strongly matches to an equivalence relation, which culminates in section 3.3.
See also: the announcement
W3C Draft Charter for Geolocation Working Group
Matt Womer, Posting to W3C Public List
Matt Womer (W3C/ERCIM) announced the publication of a draft proposal for a Geolocation Working Group Charter. As proposed, the mission of the Geolocation Working Group, part of the Ubiquitous Web Applications Activity, is to define a secure and privacy-sensitive interface for using client-side location information in location-aware Web applications. The number of Web enabled devices that are location-aware has increased markedly as of late. These devices are very common and include mobile phones with cell triangulation or Global Positioning System (GPS) capabilities, laptops with Wi-Fi triangulation capabilities and GPS receivers. The Geolocation WG is created in response to requests from the community for W3C to develop a standardized, secure and privacy-sensitive interface so that Web applications gain access to location information. The objective of the Geolocation WG is to enable Web access to the user's location information via a standardized interface or interfaces. The Working Group will develop one or more Recommendation Track documents that define interfaces for making this information accessible within the User-Agent. The interface should be usable regardless of the source of location information, and should be consistent across location technologies. The interface may be specified in a language independent manner, the Recommendation will include a normative ECMAScript form. In addition to the variety of techniques for determining location, there are also a variety of ways applications may wish to use that information. For example, applications may: (1) retrieve a user's location only once—e.g. finding the nearest bank; (2) require several data points over time—e.g. recording a route; (3) wish to be notified when the user enters or leaves an area—e.g. determining preferences based on environment. Matt says: "Some details remain unanswered: who will chair, workshops we may wish to hold, etc, and whatever else we may determine needs tweaking. Any and all feedback is greatly appreciated, either here on this list or to myself directly. Over the next few days, I'll collect and apply feedback, as well as detail the next steps."
OGC and buildingSMART Alliance AECOO Testbed Off to a Good Start
Louis Hecht, OGC Newsletter
Effective and efficient design, construction, ownership, management and use of buildings and other capital facilities increasingly requires information exchange among all disciplines and professions that have a stake in those facilities. Like other industries, the AECOO (Architecture, Engineering, Construction, Owner and Operator) industry has embarked on "business transformation" enabled by the latest information and communication technologies. Last year, the OGC and buildingSMART International signed an MOU to work together in addressing issues of geospatial and AEC information convergence. OGC also completed a similar agreement with the National Institute of Building Sciences. On May 2, 2008 a Request for Quotation (RFQ) and Call for Participation (CFP) for the AECOO-Phase 1 Testbed were issued by the buildingSMART alliance, the Open Geospatial Consortium, Inc. (OGC) and the Testbed's sponsors. The testbed is designed to support business transformation as defined in the US National Building Information Modeling Standard (NBIMS) by applying technology for interoperability involving intelligent building models with 3D geometric capabilities. Eleven responses from 24 companies were received by the May 30, 2008 deadline from organizations and individuals with expertise in the building information management field. A number of those who responded will be selected by the sponsors for cost sharing in the testbed, and all relevant-in-scope responses will be able to participate. The AECOO Testbed directly addresses several key interoperability issues defined as important to the industry. Business and communications, quantity take-off for cost estimating, and energy analysis in planning and design for a capital facility are the topics selected by the sponsors. Additionally, OGC members will benefit from testbed use cases that address detailed modeling, analysis and visualization related to safety, security, urban planning, logistics and transport, etc. RFQ Annex A (Management and Business Overview; Work Breakdown Structure and Work Items) and Annex B ( Testbed Architecture) reference several baseline XML standards relevant to the Testbed.
See also: the RFP
XML Daily Newslink and Cover Pages are sponsored by:
|BEA Systems, Inc.||http://www.bea.com|
|Sun Microsystems, Inc.||http://sun.com|
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: firstname.lastname@example.org
Newsletter unsubscribe: email@example.com
Newsletter help: firstname.lastname@example.org
Cover Pages: http://xml.coverpages.org/