The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Last modified: June 19, 2008
XML Daily Newslink. Thursday, 19 June 2008

A Cover Pages Publication
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
Sun Microsystems, Inc.

Eclipse Readies Ganymede Release
Paul Krill, InfoWorld

The Eclipse Foundation is set to offer its annual simultaneous release of open-source project updates, this time called the Ganymede Release and featuring improvements in the core OSGI-based component model and SOA tools. All told, 23 projects are being upgraded in the Ganymede release train, ranging from the main Eclipse Project, featuring the Java IDE, to STP (SOA Tools Platform Project). Ganymede is to take flight on June 25, 2008. Release trains in 2007 and 2006 were called Europa and Callisto, respectively. All have been named after moons of Jupiter. Highlighted in Ganymede are improvements to Equinox, the OSGi component model used in the main Eclipse Project, which includes the base IDE. A new provisioning platform in Equinox, called Provisioning Platform (p2), offers an improved mechanism for updates to installed or deployed applications, such as a new component to be distributed to the installed base. P2 is a reengineering of Update Manager tool... Tools for SOA development in Ganymede include a BPMN (Business Process Modeling Notation) editor being added to STP. "Basically, it provides a visual tool for creating and editing BPMN," the standard scripting process flows in SOA applications, said Skerrett. Two other tools are debuting in STP: SCA Designer (Service Component Architecture), providing a graphical interface for developers to build composite applications using SCA, and Policy Editor, a collection of editors and validators for constructing and manipulating XML expressions that conform to the WS-Policy standard. In the modeling space, Eclipse is providing GUI tools. The ECore Tools technology is part of the Eclipse Modeling Framework and enables developers to manage data models. The SQL Query Builder tool enables visual programming of queries as opposed to manually programming them, Skerrett said. SQL Query Builder is part of the Eclipse Data Tools Platform project. A JavaScript editor in the Eclipse Web Tools Platform (WTP) project extends the IDE to enable JavaScript development. Developers can build Web applications based on AJAX (Asynchronous JavaScript and XML). Also featured in Ganymede are bug fixes and various enhancements to the different projects. Rich AJAX Platform features the ability to customize look and feel using CSS and the Presentation Factories concept. Eclipse Communication Framework Project offers real-time shared editing and other features for collaboration. The BIRT (Business Intelligence and Reporting Tools) project offers an improved JavaScript editor and debugger.

See also: the Ganymede web site

SailPoint Launches Open Role Exchange Initiative
Staff, Sailpoint Announcement

SailPoint Technologies has issued an open call for the development of a new standard that addresses the need to integrate roles and role models between tools and systems. The goal of this initiative is to bring the identity management community together to define role interoperability standards that will solve difficult integration problems and simplify role-based governance across diverse identity infrastructures. An interactive forum has been created—Open Role Exchange Forum (ORXF) -- to organize the industry effort and to facilitate the collaboration needed to define the model and foster adoption of the new standard. The Open Role Exchange seeks to provide a forum to discuss the requirements for role interoperability and to identify areas where new standardization is needed. In an open letter to the industry, Darran Rolls suggests that the industry should begin by addressing five key requirements for role interoperability. Key Requirements for Role Interoperability, as sketched in the announcement: (1) A Common Exchange Format to describe the role-based access control (RBAC) structure and control rules between systems; (2) Query and Exchange Operations so that structure, allocation and usage requests can flow between systems; (3) Change Control and Delegated Administration to determine how systems can extend or modify a shared model; (4) A Role Mapping and Resource Referencing scheme; (5) A Common State Model for shared RBAC systems. Darran Rolls, SailPoint's CTO: "Role interoperability is a pervasive issue for companies addressing identity governance. As an identity management community, I believe it's our responsibility to define a standardized operational exchange model for roles. This effort will reduce the need for custom integration and will lower the cost and complexity of deploying and maintaining integrated role-based systems." According to the web site FAQ document: "The existing role management standards address some of the issues related to role interoperability, but none provide a complete solution. For example, the recent work at INCITS around RBAC exchange operations provides a starting point for a set of exchange methods, but it does not provide guidance on the actual implementation of the abstract model it defines. At the same time, the XACML RBAC profile presents strong, concise guidance on how to describe a role model in XML, but its focuses on using RBAC in an access control decision, not how to define interoperation or how to define an operational context for roles in general. The goal of the Open Role Exchange initiative is to build on the work of these existing standards to create a new specification for role interoperability and exchange that defines the types of change control semantics needed when autonomous systems share a governance context around a common role model." A relevant session on "Role Management and Provisioning" at Burton Catalyst Conference June 23-27, 2008 will explore requirements.

See also: the Open Role Exchange Forum web site

Public Review Draft: Subject-based Profiles for SAML V1.1 Assertions
Tom Scavo (ed), OASIS PR Draft

OASIS announced the publication of the "Subject-based Profiles for SAML V1.1 Assertions" Public Review Draft 01, available for comment through August 12, 2008. The document was produced by members of the OASIS Security Services (SAML) TC. The Subject-based Profiles for SAML V1.1 Assertions specifies two profiles: (1) SAML V1.1 Subject Profile (2) SAML V1.1 Subject-based Assertion Profile The primary goal of the SAML V1.1 Subject-based Assertion Profile (which relies on the SAML V1.1 Subject Profile) is to provide guidance to deployments that support both SAML V1.1 and V2.0. In that case, there is some flexibility in SAML V1.1 that is not present in SAML V2.0 (and vice versa). This profile places constraints upon SAML V1.1 subjects and assertions so that they have properties similar to SAML V2.0 subjects and assertions. This may aid interoperability and speed the ultimate transition from SAML V1.1 to SAML V2.0. An implementation of the SAML V1.1 Web Browser SSO Profile is very likely conformant to this profile. Other applications of SAML may not be conformant, however. For example, the Web Services Security SAML Token Profile provides for both SAML V1.1 and SAML V2.0 tokens. Due to differences between the two versions of SAML, an implementation that wished to support both would tend to constrain the tokens such that they exhibited an equivalent semantic. This profile provides one such set of constraints. A major difference between SAML V1.1 and SAML V2.0 is that the latter elevates the 'saml2:Subject' element to be a child element of the 'saml2:Assertion' element, and therefore the 'saml2:Subject' element applies to all the statements in the assertion. In SAML V1.1, on the other hand, each statement has its own 'saml:Subject' element, which opens the door to a wide range of possibilities. This profile constrains SAML V1.1 assertions so that each statement contains an equivalent 'saml:Subject' element. Formally, this is done by extending the notion of strongly matches to an equivalence relation, which culminates in section 3.3.

See also: the announcement

W3C Draft Charter for Geolocation Working Group
Matt Womer, Posting to W3C Public List

Matt Womer (W3C/ERCIM) announced the publication of a draft proposal for a Geolocation Working Group Charter. As proposed, the mission of the Geolocation Working Group, part of the Ubiquitous Web Applications Activity, is to define a secure and privacy-sensitive interface for using client-side location information in location-aware Web applications. The number of Web enabled devices that are location-aware has increased markedly as of late. These devices are very common and include mobile phones with cell triangulation or Global Positioning System (GPS) capabilities, laptops with Wi-Fi triangulation capabilities and GPS receivers. The Geolocation WG is created in response to requests from the community for W3C to develop a standardized, secure and privacy-sensitive interface so that Web applications gain access to location information. The objective of the Geolocation WG is to enable Web access to the user's location information via a standardized interface or interfaces. The Working Group will develop one or more Recommendation Track documents that define interfaces for making this information accessible within the User-Agent. The interface should be usable regardless of the source of location information, and should be consistent across location technologies. The interface may be specified in a language independent manner, the Recommendation will include a normative ECMAScript form. In addition to the variety of techniques for determining location, there are also a variety of ways applications may wish to use that information. For example, applications may: (1) retrieve a user's location only once—e.g. finding the nearest bank; (2) require several data points over time—e.g. recording a route; (3) wish to be notified when the user enters or leaves an area—e.g. determining preferences based on environment. Matt says: "Some details remain unanswered: who will chair, workshops we may wish to hold, etc, and whatever else we may determine needs tweaking. Any and all feedback is greatly appreciated, either here on this list or to myself directly. Over the next few days, I'll collect and apply feedback, as well as detail the next steps."

OGC and buildingSMART Alliance AECOO Testbed Off to a Good Start
Louis Hecht, OGC Newsletter

Effective and efficient design, construction, ownership, management and use of buildings and other capital facilities increasingly requires information exchange among all disciplines and professions that have a stake in those facilities. Like other industries, the AECOO (Architecture, Engineering, Construction, Owner and Operator) industry has embarked on "business transformation" enabled by the latest information and communication technologies. Last year, the OGC and buildingSMART International signed an MOU to work together in addressing issues of geospatial and AEC information convergence. OGC also completed a similar agreement with the National Institute of Building Sciences. On May 2, 2008 a Request for Quotation (RFQ) and Call for Participation (CFP) for the AECOO-Phase 1 Testbed were issued by the buildingSMART alliance, the Open Geospatial Consortium, Inc. (OGC) and the Testbed's sponsors. The testbed is designed to support business transformation as defined in the US National Building Information Modeling Standard (NBIMS) by applying technology for interoperability involving intelligent building models with 3D geometric capabilities. Eleven responses from 24 companies were received by the May 30, 2008 deadline from organizations and individuals with expertise in the building information management field. A number of those who responded will be selected by the sponsors for cost sharing in the testbed, and all relevant-in-scope responses will be able to participate. The AECOO Testbed directly addresses several key interoperability issues defined as important to the industry. Business and communications, quantity take-off for cost estimating, and energy analysis in planning and design for a capital facility are the topics selected by the sponsors. Additionally, OGC members will benefit from testbed use cases that address detailed modeling, analysis and visualization related to safety, security, urban planning, logistics and transport, etc. RFQ Annex A (Management and Business Overview; Work Breakdown Structure and Work Items) and Annex B ( Testbed Architecture) reference several baseline XML standards relevant to the Testbed.

See also: the RFP


XML Daily Newslink and Cover Pages are sponsored by:

BEA Systems, Inc.
IBM Corporation
Sun Microsystems, Inc.

XML Daily Newslink:
Newsletter Archive:
Newsletter subscribe:
Newsletter unsubscribe:
Newsletter help:
Cover Pages:

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: