This issue of XML Daily Newslink is sponsored by:
IBM Corporation http://www.ibm.com
- Sun Microsystems Announces Sun OpenSSO Express
- Updated Charter Proposal: Web Services Resource Interactions Working Group
- SAML, JAAS, and Role-Based Access Control
- Introduction and Open Virtualization Format (OVF)
- The AGROVOC Concept Server Workbench: A Collaborative Tool for Managing Multilingual Knowledge
- Beyond REST: Building Data Services with XMPP PubSub
- Perl 6 Will Be First Truly Extensible Programming Language
- When Worlds Collide: Microsoft Funds Apache
- The Theory of (Identity) Relativity
Sun Microsystems Announces Sun OpenSSO Express
Staff, Sun Announcement
Sun Microsystems Inc. has announced the availability of Sun OpenSSO Express, a new offering that provides enterprise support and indemnification for the technologies available in the OpenSSO project. OpenSSO is the world's largest open source, identity management project, providing highly scalable, high-performance single sign-on, access management, federation, and secure web services capabilities. Founded 18 months ago, the OpenSSO community includes members from companies like Audi, Medavie Blue Cross, Telenet and France Telecom. Started as a Sun Microsystems-sponsored open source project, the OpenSSO community provides core identity functionality, such as: single sign-on, access management, federation and secure web services in a single Java technology-based distribution. The community also bases their development on enterprise-focused standards, including SAML 2.0, XACML, and WS-Federation, in addition to creating extensions to OpenSSO through sub-projects around other protocols like OpenID and Information Cards. New versions of Sun OpenSSO Express will be released approximately every three months to provide fast moving organizations with early access to the latest technologies available in the OpenSSO community. New or existing customers with a Sun Java System Access Manager, Sun Java Identity Management Suite or Java Enterprise System license or subscription will receive Sun OpenSSO Express at no additional charge. With more than 700 members, the OpenSSO project is attracting large enterprises with extensive identity infrastructures, who want an open source, identity management solution with Sun's support and indemnification. OpenSSO is now backed by Sun's world-class support, giving customers the choice of deploying the latest OpenSSO releases to help address their web access management or federation challenges right away instead of waiting for the next commercial product release.
See also: the web site
Updated Charter Proposal: Web Services Resource Interactions Working Group
Jeff Mischkinsky, Paul Lipton (et al), Memo to W3C
IBM, Oracle, CA, Fujitsu, and Hitachi updated the text of a proposed charter for technical work at W3C which now includes WS-Eventing. As proposed in draft form, the Web Services Resource Interactions Working Group Charter specifies a goal of producing "W3C Recommendations for a set of Web Services specifications by refining the 'WS-Transfer', 'WSResourceTransfer', 'WS-Enumeration', 'WS-MetadataExchange' and 'WSEventing' W3C Member Submissions. These submission specifications define SOAP-based mechanisms for interacting with the XML representation behind a resource-oriented Web Service, accessing metadata of that service, as well as a mechanism to subscribe to events related to that resource. WS-Transfer defines base CRUD (Create, Read, Update, Delete) type operations against Web Services. WS-ResourceTransfer enhances these operations, through the extensibility points of WS-Transfer, with the addition of fragment and batched access. WS-Enumeration provides a protocol that allows a resource to provide a context, called an enumeration context, to a consumer that represents a logical cursor through a sequence of data items. WS-Eventing allows interested parties to subscribe to a series of notifications from a Web Service. WS-MetadataExchange defines a mechanism by which metadata about a Web Service can be retrieved. When used in conjunction with WSTransfer, WS-ResourceTransfer and WS-Enumeration, this metadata can be accessed and managed just like any other Web Service resource. The proposed W3C Working Group would standardize a general mechanism for accessing and updating the XML representation and metadata of a Web Service as well as a mechanism to subscribe to receive events from the Web Service. Fourteen "in scope" features are identified, including for example: (1) Definition of the basic CRUD (Create, Read, Update, Delete) operations that provide access and update capabilities to a Web Service's XML representation. (2) Defining a mechanism by which a fragment of the XML representation of a resource can be specified for the purpose of accessing, updating or deleting. (3) Defining common Expression Dialects to identify these fragments... (14) Promoting interoperability by ensuring that the Work Group's specifications conform to relevant WS-I Basic Profiles... IBM has confirmed support for WS-Notification and for standardization of WS-Eventing.
See also: IBM's statement in the response thread
SAML, JAAS, and Role-Based Access Control
Frank Teti, DDJ
This article Part 2 examines how to attach a SAML token to a SOAP message from within a Java application to invoke a Web service that is secured using WS-Security SAML policy file. The focus is upon the mechanism needed to invoke a secure Web service. The articles does not discuss configuring SAML on an application server, generating Web service client stubs, annotating a Web service to use SAML as a WS-Security token, or configuring a SAML provider/authority. Those types of things are implementation-specific, but important when creating an end-to-end SOA security architecture. Part 1 of the article discussed using a Java application as a Web service client and a creative way to secure that client using Java Authentication and Authorization Service (JAAS) and Security Assertion Markup Language (SAML). Using an IDE or Ant script, it is relatively easy to design and create Web services (and to compile the bindings) that invoke the service from a remote client application. Adding security to the application, on the other hand, is a horse of a different color. However, if security is not seriously considered, then you should face the fact that you are building what I call a 'Pet Store' application. In the example 'SAML Application Architecture and the Security Workflow', we describe a high-level view of the deployment architecture for the target Java application, depicting the security model workflow. In the model, the Java application makes an HTTP(S) call to the SAML authority inside the firewall using a .NET service that integrates with AFDS (Active Directory Federation Service). The return parameter is a signed, SAML token that is generated based on the user's credentials (i.e., a Kerberos ticket). This token is injected into a SOAP header from within a Java application, which can then invoke a secure Web service that is protected using WS-Security. We illustrate how a Java application acquires a SAML token to invoke a secure Web service requests (Client-side Java Application Objects Roles and Responsibilities), and the the objects used for marshaling Web services, including injecting a SAML token into the SOAP message...
See also: article Part 1
Introduction and Open Virtualization Format (OVF)
Winston Bumpus, Vmware.com Standards Blog
"I am responsible for VMware's standards strategy and activities. I have been involved in standards for many years and have been president of the Distributed Management Task Force (DMTF) over ten years. I am passionate about management standards and how they improve interoperability of operation management tools in the support of IT. VMware is a supporter of open standards and participates in a number of standard setting organization. I will be blogging here on various standards that are important to VIOPS. These include server, desktop, data center, and virtualization management standards that are being implemented in products today and will have a major impact on the products of tomorrow. One of the latest standards that is being developed is Open Virtualization Format (OVF). A current version of the specification that as of this post is still a working progress can be seen here. This specification describes a new packaging format for virtual appliance which will improve the ease of deploying and installing virtual machines. To see a demo of how this can reduce the time to deploy an application or service you can see this demo of an OVF package used to deploy WebSphere V7 beta in a VMware environment. The OVF file is a TAR file which contains the actual virtual machine disk files, which can be either a VMDK, VHD, ISO image or any openly described virtual machine disk format. It also contains meta data regarding the virtual machine. This may include information regarding the resources required to run the virtual machine as well as licenses requirements for the virtual machine and associated applications and services. I look forward to posting more information in the future regarding OVF and other important system management standards..."
See also: OVF Submitted to DMTF
The AGROVOC Concept Server Workbench: A Collaborative Tool for Managing Multilingual Knowledge
Panita Yongyuth, et al (eds), AGROVOC Technical Report
"Ontology plays an important role in the enhancement performance of systems, addressing issues such as knowledge sharing, knowledge aggregation as well as information retrieval and question answering. This paper presents the AGROVOC Concept Server Workbench (ACSW) for multilingual ontological concept construction and maintenance. The ACSW is a web 2.0 based application consisting of two main functionalities that are user management and ontological knowledge management (i.e. concept, scheme, relationship, export, search, validate and consistency check) in order to maintain the knowledge acquisition life-cycle in food and agriculture domain. Knowledge is stored in the form of multilingual concept hierarchy and also kept in the OWL format in order to exchange between machines and to do reasoning. This workbench uses Protege API as an OWL framework. Moreover the Ontology Game conceptual framework is also presented in order to acquire ontology terms more pleasant." The Food and Agriculture Organization of the United Nations leads international efforts to defeat hunger. Serving both developed and developing countries, FAO acts as a neutral forum where all nations meet as equals to negotiate agreements and debate policy.
See also: W3C Web Ontology Language (OWL)
Beyond REST: Building Data Services with XMPP PubSub
Robert Kaye, OSCON 2008 Blog
Its good to be back in Portland for my favorite geek convention: O'Reilly's Open Source Conference. The overcast sky in Portland is making it a little easier this year to focus on the plethora of excellent speakers and sessions. The first session to really grip and and speak to me was Rabble and Kellan's "Beyond REST? Building Data Services with XMPP PubSub" presentation. They started out their presentation stating that they were not "Jabber Heads", but that they were in the business of building web sites. For Rabble and Kellan, Jabber presents one more tool in their huge tool-chest to build web sites. Jabber wasn't designed to be a part of a functioning web site, but they insist that it works great for building social web sites that require many people to be notified of updates. For example, Kellan talked about FriendFeed, a site that lets their users know when their friends share new items. In this example, Kellan pointed out that FriendFeed polls Flickr 2.9 million times in order to check on updates for 45 thousand users. And of those 45 thousand users, only 6.7 thousand are logged in at any one time... To solve this problem its key to leave standard REST web services behind and find a way to use message passing, which is a direct communication way of notifying users of changed content. The open and mature infrastructure that Rabble and Kellan found to use for this service is Jabber. Jabber has 10 years of experience of passing messages around the internet and has been embraced by many companies including Google. XMPP, Jabber's protocol, works well for message passing and does not have many of the problems/limitations of HTTP... Kellan and Rabble decided to piggy-back a notification system on Jabber by sending XML fragments using a PubSub paradigm. In this context, PubSub is a simple method for passing XMPP pubsub stanzas via Jabber. PubSub is nothing more than a convention for how to send XML via Jabber, including a method for embedding Atom fragments in the XML. Rabble presented using XMPP for FireEagle, Yahoo!'s new personal geolocation service that allows users to provide their current location to other users... It's clear that REST web-services provide the heavy lifting for many Web 2.0 sites, but its also clear that REST and its inherent polling mechanism isn't the best way of building a user notification system. With social networking sites not about to fade away, we're going to see an increasing need for capable message passing sites. And since Jabber is a well established and supported system, it only makes sense to piggyback on this great technology.
See also: XMPP references
Perl 6 Will Be First Truly Extensible Programming Language
Joab Jackson, Application Development Trends
Perl creator Larry Wall promised version 6 of Perl will be the first truly extensible programming language during his annual "State of the Onion" speech at the O'Reilly Open Source Conference (OSCON), being held this week in Portland, Oregon. Other languages have claimed to be extensible, though they have all fallen short in one way or the other, Wall asserted. "No computer language has ever taken extensibility seriously. All languages fall into the one true syntax syndrome, and we want to escape that," he said. For power-users of this open source language, such extensibility could mean that they will be able to augment the language with instructions, syntax, expressions, operators and other features to meet their own needs. An office of the National Cancer Institute, for instance, could extend Perl to include features that could aid in medical research. Initiated in 2000, version 6 of Perl will be a total rewrite of this widely-used programming language, one that has been called the duct tape of the Internet. Judging from the Wall's presentation, Perl 6 could turn out to be one of the most permuable programming languages ever devised. Nothing in Perl 6 will be immutable. Perl 6 has no core, no keywords, no built in operators. Everything that looks like an operator is actually defined by some grammatical rule or by a macro or by something that is added in... Perl developer Damian Conway, along with Wall, offered a few late additions to the Perl 6 feature set, including some exciting developments in module management, and streamlining of regular expressions. For instance, the naming scheme of new modules will include a placeholder to specify the version number of the module. This approach will allow multiple versions of a module to run simultaneously... One of Perl's biggest strengths has always been its ability to work with regular expressions, the syntax used to match patterns of text. Some additional shortcuts have been added to simplify the creation of regex statements. Wall relayed the now-familiar joke that Perl 6 would be out by Christmas. He just won't say which Christmas.
See also: Perl 6 Development
When Worlds Collide: Microsoft Funds Apache
Stephen Shankland, CNET News,com
Microsoft, one of the biggest rivals to open-source programming, has begun funding the Apache Software Foundation, one of open-source software's biggest supporters. The company has no apparent desire to let the programming world have its way with Windows, as is possible with Linux, but Microsoft has been trying to make nice in some circles. For example, Microsoft has released its own open-source licenses and has put some technology under its 'Open Specification Promise', which lets open-source programmers use it; the policy makes it clear the promise applies to commercial uses of the technology, too... the Apache License that governs the foundation's projects. Many of Microsoft's attacks on open-source software were aimed at the General Public License, which has a reciprocity provision: If you make a change to a GPL project, then distribute software employing that change, you must share the change under the GPL. The Apache License, though, lets programmers take software and combine it with proprietary software in any way, with no obligation to share. That's how IBM, for example, uses the Apache Web server software in its proprietary WebSphere product. For Microsoft, that means Apache's projects can be used within Microsoft. And there are some that could be of interest... Sam Ramji, senior director of Microsoft's platform strategy, wrote in his blog: "Microsoft is becoming a sponsor of the Apache Software Foundation (ASF). This sponsorship will enable the ASF to pay administrators and other support staff so that ASF developers can focus on writing great software. [This is] not a move away from IIS as Microsoft's strategic web server technology. We have invested significantly in refactoring and adding new, state-of-the-art features to IIS, including support for PHP. We will continue to invest in IIS for the long term and are currently under way with development of IIS 8. It is a strong endorsement of The Apache Way, and opens a new chapter in our relationship with the ASF. We have worked with Apache POI, Apache Axis2, Jakarta, and other projects in the last year, and we will continue our technical support and interoperability testing work for this open source software."
See also: Sam Ramji's blog
The Theory of (Identity) Relativity
Steve Coplan, Plausible Deniability Blog
From the official blog of The 451 Group's Enterprise Security Practice (ESP): "I was watching closely (albeit from afar), the observations and epiphanies emerging from the the Burton Group's Catalyst conference last month. One of the more interesting conclusions is that identity management is at a crossroads where even the outlines of the intersection are unclear—what I like to describe as a paradigm vacuum, although there are others who view it as a journey where the next destination is uncertain... Now we can see identity management from a different angle: it's not a matter of putting human relationship into system terms but managing the intersection between human organizations and systems, data and resources. I am still wrestling the idea that what's implied here is a resource-based model since at some level the resource and identity have to be reconciled in terms of policy and business definitions... There are a number of proposals on how we get there—the Internet Governance Framework's CARMLbeing one example—and we expect to see a lot more action in the directories realm than we have in years. My vote for protocol of the year goes to XACML, though. The language has its issues, is still too complex for developers to easily code policy and is verbose enough to create latency issues. However, of the vendors we have spoken to looking at being the logic and infrastructure behind that policy management layer — NextLabs, Axiomatics, Rohati, Jericho Systems, ObjectSecurity, BitKOO and Cisco Securent (in no particular order)—all use XACML to communicate policy..."
See also: XACML references
XML Daily Newslink and Cover Pages sponsored by:
|Sun Microsystems, Inc.||http://sun.com|
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: email@example.com
Newsletter unsubscribe: firstname.lastname@example.org
Newsletter help: email@example.com
Cover Pages: http://xml.coverpages.org/