The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Last modified: September 24, 2008
XML Daily Newslink. Wednesday, 24 September 2008

A Cover Pages Publication
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
Oracle Corporation

New Products and Services Pass SAML 2.0 Interoperability Testing
Staff, Liberty Alliance Announcement

Liberty Alliance, the global identity community working to build a more trustworthy Internet for businesses, governments and people worldwide, today announced that products from CA; NTT Software; Ping Identity; RSA, The Security Division of EMC; and Ubisecure have passed Liberty Alliance SAML 2.0 interoperability testing. These vendors participated in the second Liberty Interoperable event to offer full-matrix and eGovernment profile testing managed by the Drummond Group Inc. Liberty Alliance launched the Liberty Interoperable program in 2003 and since then nearly 85 identity products and solutions from vendors around the world have passed Liberty Alliance testing. The 2008 event offered the most extensive testing scope to date and featured an updated eGovernment profile, new Service Provider (SP) and Identity Provider (IdP) requirements and a new multiple SP logout scenario. In partnership with the Drummond Group Inc., Liberty Alliance enhanced the Interoperable program by incorporating Web-based full-matrix testing to meet growing global demand for interoperable, secure and privacy-respecting identity-enabled SAML 2.0 applications and services. The Web-based full-matrix testing allows vendors to participate from anywhere in the world with participants from the 2008 event located in Asia, Europe and North America. The Web-based approach also allows for more rigorous processes for ensuring products meet interoperability requirements for SAML 2.0 and the SAML 2.0 eGovernment profile. During the recent testing period, several products and services demonstrated interoperability based on a variety of SAML 2.0 conformance modes. (1) CA SiteMinder Federation Security Services r12.1, which extends the Web single sign-on experience provided by CA SiteMinder Web Access Manager to applications and portals provided internally by other organizational business units or externally on the Internet by partners or application outsourcers. (2) NTT Software TrustBind Federation Manager (1.1), which delivers a complete, high-performance, carrier-grade SAML 2.0 solution in the form of a Java component module. (3) Ping Identity's PingFederate, which provides an organization's users safe access to Internet applications without the need for repeat logins. (4) RSA Federated Identity Manager v4.1, which is engineered to enable enterprises to securely and confidentially share trusted user identities between disparate internal business units, customers, and/or partners. (5) Ubisecure's Ubilogin SSO 5.0, an efficient-to-deploy Single Sign-On, Access Control and Federation solution providing extensive Authentication and Authorization for Intranet, Extranet, Web Services and mobile applications.

See also: Liberty Alliance references

Verizon Uses BPEL Application to Cut Down On Code, Check For Fraud, and Go Green
Rich Seeley,

A service-oriented architecture application orchestrated by Oracle BPEL Process Manager places a business rules engine on the backend and a Web 2.0 UI out front to help stop fraud while dramatically reducing IT energy consumption at Verizon Wireless. Speaking from Oracle Open World, Jan Shook, principal architect for the fraud team at Verizon Wireless, noted that J2EE coders may be disappointed because he has re-architected the fraud detection application using Oracle Business Process Scripting Language, so there is no Java code left. He also explained how a BPEL-based application is reducing hardware and power consumption while providing the fraud detection team with better information for decision making... Besides reducing the amount of code, Shook and Chappell point out that it also dramatically reduced the amount of hardware and thus the amount of energy consumption. The less code intensive BPEL-based SOA implementation eliminates six E-class Sun Microsystems boxes using 192 processors and replaces them with a single eight core processor on a Sun UltraSPARC T1 using the Niagara chip architecture, Chappell noted. The database storage requirements have gone down from 20-plus Terabytes to 64 Gigabytes storage, according to the Oracle executive. Chappell estimates the change in software and hardware reduces energy consumption by 99.5%. Chappell credits this example of greening IT to the use of SOA standards including BPEL and an enterprise service bus (ESB). He said this allows "Verizon to extend the reach of their systems so that they don't have to store their 'golden record' call detail data locally. They can get the data remotely and on the fly, and use enrichment services along the way to get the data in the proper form to make decisions about fraud and overage, and generate detailed reports about the business exceptions that are identified.

See also: BPEL references

Extend Enumerated Lists in XML Schema
W. Paul Kiel, developerWorks

XML schema designers and implementers need a way to extend existing enumerated lists. An enumerated list is a set of specified values for a particular data point. For example, you might view a country code as a fixed list of values, including DE (Germany), US (United States), and JP (Japan). Given this value set, what happens when a new country is recognized, such as TL (East Timor) or BA (Bosnia and Herzegovina)? Anyone who uses the previous list of names will have to change the implementation to accommodate the new values. When you model data with XML schema, enumerated values are listed explicitly. So, a list of country codes includes each one in turn. Recognizing that new values to a list are common and must be accommodated, schema designers have long sought a way to extend enumerated lists—in effect, to build into the design a way to permit additional values that were not known at design time. Unfortunately, the XML Schema specification does not allow for extensibility in the creation of these lists. Values chosen at design time are fixed and are all that's available. Despite this limitation, people use various workarounds to enable the extension of lists. This functionality is a frequent request from my clients, many of whom work with existing schemas that cannot be changed. They want to add new functionality while maintaining backward compatibility Because the specification does not allow for this once you create an original list, a workaround is critical to make real-world implementation possible. Implementers can use the examples in this article to help design and extend enumerations. Each method has advantages and disadvantages, and none of them is the best practice in all cases. So, which approach should you use? This article provides guidelines that can empower schema designers with real-world, practical best practices and can help create easy-to-implement, extensible enumerated lists.

W3C Emergency Information Interoperability Framework (EIIF) XG Extended
Ian Jacobs and Mauro Nunez, W3C Announcement

W3C's Mauro Nunez, Incubator Activity Lead, announced that the W3C Emergency Information Interoperability Framework Incubator Group has been extended to 7-February-2009. The mission of the Emergency Information Interoperability Framework Incubator Group, part of the Incubator Activity, is to review and analyse the current state-of-the-art in vocabularies used in emergency management functions and to investigate the path forward via an emergency management systems information interoperability framework. These activities will lay the groundwork for a more comprehensive approach to ontology management and semantic information interoperability leading to a proposal for future longer-term W3C Working Group activity. The emergency management community encompasses a broad spectrum of local, national and international organisations with a role in emergency and disaster management. Comprehensive emergency management is generally composed of four key components: (1) Reduction: the reduction of hazard impacts and community vulnerabilities to natural and human-made events. (2) Readiness: increasing the capacity and capability of communities to response to events including planning, training, exercising, warning systems and public education. (3) Response: response to an event focusing on immediate life safety and survivals needs (medical, food, water, and shelter). (4) Recovery: the restoration of the impacted community to near or improved pre-event levels... The wide range of organisations involved in emergency management requires a collaborative approach to the sharing of information. Information systems to support a collaborative approach to emergency management can add significant value, especially as the scope and scale of an event increases, and with it the volume of information that is required to be managed and shared. It is essential that information is stored and communicated in common formats to ensure that information can be easily exchanged and aggregated to support the decision making process. A key component of this process is ensuring that consistent definitions (vocabulary) are used to support meaningful sharing of information. This W3C incubator group aims to encourage the emergency management community in the development of clearly defined vocabularies and a framework for information interoperability to ensure that meaningful sharing and aggregation of information to assist in emergency functions.

See also: the EIIF Incubator Group

Cisco Gets the XMPP Message, Buys Jabber
Kurt Cagle, O'Reilly Technical

In 1998 a group of open source developers led by Jeremy Miller created a new instant messaging application called Jabber, releasing the specification on the web and creating a new organization, the Jabber Software Foundation, in order to administer these standards under the aegis of the IETF. The core of these specification was the Extensible Messaging and Presence Protocol (or XMPP), an XML based communication standard that was seen as the HTTP of the IM world—indeed, XMPP can piggyback on HTTP as necessary, making it easier to send XMPP messages across the HTTP port 80 rather than trying to negotiate other ports in a firewall. The XMPP protocol very quickly found its way into other open source IM systems (such as GAIM) and in August, 2005, Google adopted the XMPP protocol as the foundation for GoogleTalk, including support for server-to-server communication in late 2006. The protocol, seen as a neutral, vendor-independent standard, was then picked up by the other IM vendors as calls for them to find some way of communicating between IM systems rose to a thunder-pitch... On September 19, 2008, Cisco Systems, Inc announced that they were buying The move serves to highlight the fact that Cisco itself, long known for the sale of routers, network adapters and related infrastructure products, has also quietly been pushing its way into the messaging infrastructure space. Indeed, the company has itself been one of the more consistent funders of the XMPP Standards Foundation and has been building its expertise up in the XMPP space, starting around 2005. Cisco's purchase of has some immediate effects: it adds products such Jabber XCP and JabberNow into the their product line, and it adds a considerable core of top XMPP developers and project managers into the Cisco fold, among other things... With the acquisition of Jabber, Cisco is now well positioned to start pushing XMPP into firmware, not just for dedicated messaging routers but also for more generalized routers and systems ... including mobile chipsets and network adapters. Firmware routing of XMPP in turn could proved a radical boost to the idea of using XMPP as a key protocol for just-in-time communication systems, such as emergency first-responder networks (police, EMTs and rescue services). Moreover, since XMPP can gateway into most existing IM networks, such a system provides an interesting bridge between IM, SMS and similar messaging services (such as twitters).

See also: Extensible Messaging and Presence Protocol (XMPP)

Model Portability in BPMN 2.0
Bruce Silver, BPMS Watch

In a series of three articles, Bruce Silver reviews revised version of the IBM, SAP, and Oracle submission of BPMN 2.0 to OMG. Silver: "The revised BPMN 2.0 submission is a significant improvement over BPMN 1.x and offers hope of eventual rapprochement with the BPDM proposal. However, it could go significantly further to resolve ambiguities over the most basic concepts and terminology that have persisted since the beginning of BPMN 1.0, terms like 'process', 'diagram', 'participant', and 'pool'. I expect that BPMN will become the universal standard in BPM, and it is vital the spec do a better job of defining its most important concepts and terms." In article #2 (Event Handling in BPMN 2.0): "The biggest change from BPMN 1.x in the orchestration notation is in the area of event handling... All in all, I like it. Going back to my New Wish List post, BPMN 2.0 supports all four wishes. Number one, the non-aborting attached event, is provided explicitly. Number two, the 'activity started' event, is allowed by combining the escalation event with a trigger thrown implicitly by the activity started state change. The spec provides an explicit state model for process activities, and going from ready to started is part of that model. So wish number two is not explicitly part of the spec, but indirectly supported. Wish number three, User Action, is another type of escalation event attached to a User task. Wish number four, Enabled to Finish, is not a new event type after all, but an inline escalation handler. The activity cannot finish until the escalation handler is complete. So, rough edges and all, I like it a lot... In article #3 (Model Portability in BPMN 2.0): "For me, process model portability is such an obvious goal of a notation standard like BPMN that it almost goes without saying. But we cannot take it for granted, because since BPMN 1.0 in 2004 the standard has not even provided an XML schema for the serialization. BPMN 2.0 was supposed to address this issue head-on at last. While it does offer a schema, it still lacks critical elements needed for model portability... So what else does the BPMN spec need to provide model portability? Four things: (1) Assignment of MUST-SUPPORT requirements to a subset of flow elements and semantics. (2) Beyond restriction to the subset of elements defined in a tier, in order for a tool to 'understand' the serialization provided by another tool, the rules for the serialization must be precisely defined. (3) BPDs can only be considered portable if they are valid; that requires BPD validation rules. (4) The fourth missing piece is something that allows users to know which tools comply with the portability provisions of the specification.

See also: Part 1

Web Distributed Authoring and Versioning (WebDAV) SEARCH
Julian F. Reschke, Surendra Reddy, Jim Davis, Alan Babich; IETF Internet Draft

The Internet Engineering Steering Group (IESG) announced the approval of "Web Distributed Authoring and Versioning (WebDAV) SEARCH" as an IETF Proposed Standard. WebDAV is a set of extensions to the Hypertext Transfer Protocol (HTTP) that allows users to collaboratively edit and manage files on remote World Wide Web servers. This IETF document specifies a set of methods, headers and properties composing WebDAV SEARCH, an application of the HTTP/1.1 protocol to efficiently search for DAV resources based upon a set of client-supplied criteria. DASL minimizes the complexity of clients so as to facilitate widespread deployment of applications capable of utilizing the DASL search mechanisms. DASL consists of the SEARCH method and the request/response formats defined for it; feature discovery through the "DASL" response header and the optional DAV:supported-grammar-set property; an optional grammar schema discovery; one mandatory grammar (DAV:basicsearch). The Query Grammar is a set of definitions of XML elements, attributes, and constraints on their relations and values that defines a set of queries and the intended semantics. This work was the product of an individual submittor. However, it is based on a draft developed by the concluded DASL WG and technical discussions have occured on the DASL mailing list. Some issues that were discussed as candidates for the base specification are covered in Appendix B and are believed suitable for future protocol extensions. There was some discussion of whether query schema discovery should be mandatory or optional, there is believed to be community rough consensus to keep it an optional feature. The framework defined in SEARCH (method, grammar discover via OPTIONS, response format) is supported at least in six implementations of which four support the DAV:basicsearch grammar and the other two expose only custom grammars. There has been at least one proposal for an additional documented query language. The responsible area director is Chris Newman who reviewed this specification in detail. The specification was also reviewed by multiple participants of the '' mailing list (formerly used by the DASL WG) as well as the '' (formerly WebDAV WG). During IETF last call, support was expressed by Tobias Schlauch and Javier Godoy on the IETF list. Additional review comments were provided by John Barone and Cyrus Daboo on the webdav lists during last call. Gonzalo Camarillo was the GEN-ART reviewer, Radia Perlman was the sec-dir reviewer. The IESG contact person is Chris Newman.

See also: the WWW Distributed Authoring and Versioning WG Status Pages

WSO2's PHP Play
John K. Waters, Application Development Trends

WSO2, the open-source SOA middleware maker, has joined the growing ranks of PHP supporters with the release of its new Web Services Framework for PHP (WSF/PHP) 2.0. The company is billing WSF/PHP as the industry's only PHP scripting language library designed to let developers create and consume both SOAP and REST Web services "with the security and reliability required for an enterprise service-oriented architecture (SOA)." The 2.0 version of WSF/PHP adds expanded REST functionality and new data services to provide developers with a framework for deploying PHP services. WSO2 CEO, Dr. Sanjiva Weerawarana: "We are trying to build is a service-oriented architecture platform that covers all aspects of SOA. WSO2 exists to enable heterogeneous SOAs. The reason we are supporting PHP natively is to make it possible for any PHP Web site to connect to any kind of back-end infrastructure, with the full-scale, enterprise-level security and reliability. It will also allow enterprises to tap an expansive community of PHP developers with a comprehensive framework for creating both SOAP and REST-style services. It provides this critical bridge between tens of thousands of PHP Web applications and the many enterprise data sources, applications and services driving today's enterprises." REST and SOAP are the two competing styles of Web services messaging. SOAP (Simple Object Access Protocol) is a lightweight XML-based messaging protocol used to encode the information in request and response messages before sending them over a network. REST (Representational State Transfer) is a collection of architectural principals first outlined in HTTP-spec co-author Roy Thomas Fielding's PhD dissertation. It's a model for Web services and Web apps based solely on HTTP. It assumes that the Web already has everything necessary for Web services, without having to add extra specifications such as SOAP and UDDI. And it relies on HTTP, universal resource indicators (URI) and standardized data formats through XML. WSF/PHP 2.0 comes with full support for REST, SOAP, and WS-* specs, and allows a single service to be exposed both as a SOAP-style and as a REST-style service. WSF/PHP 2.0 is part of a family of Web Services Framework (WSF) products the company developed to support heterogeneous enterprise SOAs. The product family members include: WSF/Ruby, WSF/Perl, WSF/Java, WSF/JavaScript, and WSF/Spring.

See also: the announcement

First Look at the T-Mobile G1
Tom Yager, InfoWorld

The first smartphone based on Google's Android marries a sophisticated HTC handset with software features that out-maneuver iPhone. Through an exclusive partnership with Google and Asian handset manufacturer HTC, the T-Mobile G1 will become the first shipping mobile device based on the Android platform. Google and company have worked hard to make the T-Mobile G1 both affordable and easy to use. And while it's too soon to know how far developers will take the open source Android platform, we now know what to expect from the first Android phone to arrive on store shelves. The T-Mobile G1's hardware design will be familiar to users of HTC's Windows Mobile handsets, a lineup that includes the AT&T/Cingular 8525 and T-Mobile's own Wing. This mature design, with fashionably subtle tactile buttons underneath the display, incorporates a touch screen that's sensitive to both fingertip and stylus, as well as a slide out full QWERTY keyboard. In T-Mobile G1's case, the keyboard swivels out in a half-moon motion while remaining parallel to the display; it's got actual keys that don't take up any space on the screen, and the keyboard disappears when you don't need it. The very Google applications that help define iPhone, namely Google Maps and the YouTube viewer, are present on the T-Mobile G1 as well, but with a bit of a kick. T-Mobile demonstrated street-level maps that include photographs of landmarks that match the user's perspective. Using the device's GPS and accelerometer, the T-Mobile G1 becomes a sort of viewfinder: As you turn yourself around and tilt the device, the display shows what Google Maps thinks the scene in front of you should look like. This it deduces from where it thinks you are or plan to go, the direction it thinks you're facing, and the photograph that it thinks is most recent and relevant. As one would expect, Google is hosting the cloud for T-Mobile G1. Gmail push e-mail, Google Talk IM, and Google's online calendar and contacts Web apps will provide mail and sync services...

See also: the Android Mobile Phone Platform


XML Daily Newslink and Cover Pages sponsored by:

IBM Corporation
Oracle Corporation
Sun Microsystems, Inc.

XML Daily Newslink:
Newsletter Archive:
Newsletter subscribe:
Newsletter unsubscribe:
Newsletter help:
Cover Pages:

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: