The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Last modified: October 06, 2008
XML Daily Newslink. Monday, 06 October 2008

A Cover Pages Publication
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
Sun Microsystems, Inc.

OpenID Single Sign-On: Adding Authentication to Your Web Applications
Jeremy Weiskotten, DDJ

"OpenID is an open standard that defines a way that web-based applications ('consumers') can authenticate users by delegating the responsibility of authentication to identity providers. OpenID relies on the HTTP protocol to exchange messages between 'consumers' and 'identity providers.' With OpenID, users have a single identity that can be used on any OpenID-enabled application, and they only need to remember one password. OpenID provides several benefits to users and developers. Users only need to remember one username (their identity URI) and password to access multiple applications. With a simple cookie and Remember Me checkbox, an OpenID identity provider can act as a convenient Single Sign-On (SSO) solution for someone who uses multiple OpenID consumers. OpenID identity providers are responsible for the authentication of users, giving web developers one less thing to understand, implement, and maintain, and letting them focus on core business. Supporting OpenID removes a barrier to entry for many potential users who balk at yet another website asking them to sign up. It's not uncommon for web apps to offer OpenID support as an alternative to traditional authentication methods, but letting experts handle password security reduces the risk of accounts being compromised. In this article, I describe the OpenID authentication system and show how a web application built with Ruby on Rails can use OpenID to authenticate its users... OpenID is still evolving. New features are being standardized, new extensions are being developed, identity providers are continuously improving their support, and more applications support it everyday, either as the primary means of authentication or to supplement another method."

See also: the OpenID web site

Liberty ID-WSF Multi-Device SSO Deployment Guide
Paul Madsen, Liberty Alliance Draft

Members of the Liberty Alliance Project have published "Liberty ID-WSF Multi-Device SSO Deployment Guide" Version 1.0-02. This document profiles how to use the Liberty Identity Web Services Framework (ID-WSF) to support single sign-on for users that crosses devices, i.e., the session is initiated from one device or user-agent, and subsequently transferred to a second, as might be desirable in the enjoyment of long running media, e.g. streaming video. For a user to be able to enjoy 'uninterrupted' service at some SP from one device to another implies that the application context (i.e. what they were doing) they ended at the first device can be reestablished at the second. If the server is unable to track this (and thereby free the device/clients from the burden), it will be necessary for such context to be transferred from the first device to the second. The following is a representative scenario for the MD SSO use case: (1) While commuting home from work, Alice uses her mobile to browse free media content; (2) Alice begins watching a movie on mobile while riding the bus; (3) As she nears her bus stop, Alice decides to watch the rest of the movie on her home HD; (4) She stops the movie and purchases HD version; (5) IdP transmits Alice's identity to SP; (6) On arriving home, Alice swipes her phone by her set top box; (7) Alice watches the rest of movie from where she had previously stopped watching. More generally, the user would be able to access different SPs from the second device, but with the same degree of cross-device convenience. Enabling SSO across devices implies the transfer of a security context from the first device to the second. By using the passed security context, the second device will be able to re-establish a new security session on the behalf of the user.

Mono Project Releases Version 2.0 of Open Source .Net
John Fontana, Network World

The Mono Project, which develops an open source implementation of the .Net Framework, released the long-awaited 2.0 version on Monday [2008-10-06]. Mono 2.0 offers complete API compatibility with ASP.Net and Windows Forms applications, and is compatible with desktop and server components of Microsoft's 2.0 version of its .Net Framework. Mono 2.0 lets users develop and run .Net client and server applications on Linux and other operating systems. It also features the Mono Migration Analyzer, which helps determine changes applications need for .NET-to-Linux migrations, if any. The .Net Framework is used by developers and includes a collection of pre-coded programming components and a virtual machine that manages the execution of .Net applications. The current Microsoft version of the .Net Framework is 3.5, and Microsoft last week starting talking about the 4.0 version and support for parallel computing. Despite the 2.0 moniker for Mono, project leaders say the length of time it took to complete the version allowed them to add enough features so that it is more like a release that aligns with the .Net Framework 3.5. Mono 2.0 includes 3.5 features such as the C# 3.0 compiler and support for .NET Language-Integrated Query... Mono 2.0 also features one-click install for Suse Linux Enterprise and Open Suse, new installers for other platforms such as Windows and Mac OS X, improved scaling and performance for ASP.NET, ADO.NET and the Mono runtime, and a virtual machine image that comes with a ready-to-use development environment...

See also: the Mono 2.0 Release Notes

The Lessons Learned from "Forensic Architecture"
Anne Thomas Manes, Blog

Duane Nickull posted an interesting treatise regarding the lessons he's learned from four SOA-related architectural efforts he's participated in during the past 9 years, including ebXML, W3C Web Service Architecture, UN/CEFACT eBusiness Architecture, and OASIS Reference Model for SOA. I'll point out that Roy Fielding's dissertation on REST is an example of "forensic architecture" based on this definition. Dr Fielding wrote the dissertation after the Web had been implemented, and REST describes the architecture of the Web. And it's an excellent and very successful architectural document. But I will also point out that Roy had the advantage of writing his dissertation by himself rather than as part of a committee. At the end of Duane's post he plugs his new book on Web 2.0 Patterns, which is yet another attempt at forensic architecture -- this time exploring the various patterns that exemplify Web 2.0. I think Duane's treatise provides excellent insight into the challenges of working in a formal standardization committee with many representatives from many organizations with vested interests in developing standards that correlate with their existing products. It's extremely rare to find standardization efforts that develop greenfield architectures from scratch. In fact, I can't think of one formal standardization effort that developed a greenfield architecture. But that's the nature of standards bodies. They only get involved after an architecture or technology has demonstrated sufficient value to warrant standardization.

Call for Review: Synchronized Multimedia Integration Language (SMIL 3.0)
Dick Bulterman, Jack Jansen, Pablo Cesar (et al., eds), W3C Technical Report

W3C announced that members of the SYMM Working Group have published the Proposed Recommendation for "Synchronized Multimedia Integration Language (SMIL 3.0)." This document specifies the third version of the Synchronized Multimedia Integration Language (SMIL, pronounced "smile"). SMIL 3.0 has the following design goals: (1) Define an XML-based language that allows authors to write interactive multimedia presentations. Using SMIL 3.0, an author may describe the temporal behavior of a multimedia presentation, associate hyperlinks with media objects and describe the layout of the presentation on a screen. (2) Allow reusing of SMIL 3.0 syntax and semantics in other XML-based languages, in particular those who need to represent timing and synchronization. For example, SMIL 3.0 components are used for integrating timing into XHTML and into SVG. (3) Extend the functionalities contained in the SMIL 2.1 into new or revised SMIL 3.0 modules. (4) Define new SMIL 3.0 Mobile Profiles incorporating features useful within the industry. SMIL 3.0 is defined as a set of markup modules, which define the semantics and an XML syntax for certain areas of SMIL functionality. The SYMM Working Group believes that this specification addresses all Candidate Recommendation issues. Evidence of interoperability between at least two implementations of this specification are documented in the Implementation Report. The SMIL 3.0 test suite along with an implementation report are publicly released and are intended solely to be used as proof of SMIL 3.0 implementability... Video on the Web (and this includes audio, as the two are typically used together) has seen explosive growth, improving the richness of the user experience but leading to challenges in content discovery, searching, indexing and accessibility. Enabling users (from individuals to large organizations) to put video in the Web requires that we build a solid architectural foundation that enables people to create, navigate, search, link and distribute video, effectively making video part of the Web instead of an extension that doesn't take full advantage of the Web architecture. W3C Working Groups include: (i) Timed Text Working Group; (ii) Media Fragments Working Group; (iii) Media Annotations Working Group.

See also: the W3C Video in the Web activity

HP Bolsters SOA Governance in Systinet 3.00
Paul Krill, InfoWorld

HP is updating its SOA governance software, HP Systinet 3.00, which assists with discovering and reusing services in composite applications and business processes. Featured is support for standards such as BPEL (Business Process Execution Language) and integration with other HP SOA products. In Version 3.00, multiple users within an organization can discover and reuse services, the company said. With the upgrade, customers can automate service lifecycle policy compliance by capturing best practices to achieve SOA objectives. This is being accomplished by integration with HP Quality Service Center, a separately available product. Pre-built lifecycles and templates in Version 3.00 enable nonexperts to quickly use the product, HP said. More sophisticated users can customize service lifecycles through use of wizard-driven programming interfaces. Role-based dashboards provide information in a format related to a specific user's responsibilities. Automation of repetitive tasks across a large number of services is featured, with support for bulk operations and lifecycle "cloning," HP said. Support for Open SCA (Service Component Architecture) and WSDL 2.0, for exposing interfaces, is featured as well. Version 3.00 also can trigger business policies based on service quality through integration with HP Service Test Management or manage rogue services in production through linkage with HP Universal Configuration Management Database. HP acquired the Systinet product when it bought Mercury Interactive in 2006; Quality Center also came over with the Mercury buy. Users of the upgrade can build reusable business processes and include them in the governance framework through support for BPEL. Productivity can be increased via business processes that are easier to discover and reuse, HP said.

See also: the announcement

WSO2 Data Services: Expose Data as Web Services Without Programming
Staff, WSO2 Announcement

WSO2, the open source SOA company, has announceded the debut of WSO2 Data Services. The new WSO2 product lets database administrators (DBAs) expose data in minutes via a Web services application programming interface without programming. An open source product, WSO2 Data Services is available under the Apache Software License (v2.0); this includes all of the extra integration and management functionalities as well. With WSO2 Data Services, DBAs and database programmers now can contribute to a company's service-oriented architecture (SOA) by creating WS-* style Web services and REST-style Web resources based on enterprise data. The WSO2 Data Services solution allows users to enter queries and map them into services and operations. The simple user interface enables anyone with a knowledge of the industry-standard SQL language to quickly create powerful data services. Once the query or stored procedure has been exposed as a service, it can be accessed across the network as a service or Web resource. In its initial release, WSO2 Data Services supports access to data stored in relational databases such as Oracle, MySQL and IBM DB2 (virtually any database accessible via JDBC), as well as the comma-separated values (CSV) file format, and Excel spreadsheets. Services can be authenticated, encrypted and/or signed using the WS-Security and HTTP security standards, and the console includes a full security management capability. In addition, support for the WS-ReliableMessaging standard provides enterprise-level reliability. The standalone WSO2 Data Services solution builds on the proven performance of the data services functionality within the WSO2 Web Services Application Server (WSAS) 2.0. WSO2 Data Services is based on the popular Apache Axis2 toolkit. Key features of the new product include: (1) Data aggregation: administrators can create services that aggregate data from multiple data sources, in order to offer cleanly defined services to other departments and hide internal database details. (2) Wizards for easy configuration: users can create and modify a service using either the graphical Web-based wizard or Eclipse plug-in wizard. (3) XML configuration file format: XML is a familiar tool to both DBAs and programmers, and this allows service creation to be automated... (4) Dual REST and WS-* support: REST resources access data using a unique URL for each record; WS-* services use typical Web service access to expose data...

See also: the download

AtomPub Multipart Media Resource Creation
Joe Gregorio (ed), IETF Internet Draft

An updated -v04 version of the IETF Internet Draft "AtomPub Multipart Media Resource Creation" has been published. A color-coded diff version is also available from the editor's web site. The Atom Publishing Protocol (RFC 5023) defines Media Collections and how to create a Media Resource by POSTing the media to the Media Collection. RFC 5023 does not define handling multipart/related (RFC 2387) representations nor does it specify how the acceptance of such representations should be advertised in the Service Document. This specification covers both the processing and the Service Document aspects of handling multipart/related content. The primary objective of multipart/related POSTs is to reduce round-trips for creating Media Resources. There are three round trips in the typical Media Resource creation scenario; POST of the media, GET of the Media Link Entry, and subsequent PUT of the updated Media Link Entry. This specification reduces that to just a single round-trip by allowing the client to package up the media and the associated Media Link Entry into a single multipart/related representation which is POSTed to the Media Collection. The design of the handling of multipart/related representations is aimed at backward compatibility, that is for non-multipart/related aware clients to fully function. A second aim is to retain and utilize the expressiveness of the current app:accept element in the Service Document. The last aim is to ease the burden on clients by allowing the multipart representation to be constructed in an order that is convenient for the client. The applicability of multipart/related representations to AtomPub Collections is restricted to the creation of new entries in Media collections. It does not specify the creation or use of a resource that supports a GET to return the multipart/related representation nor does it specify the creation or use of a resource that supports a PUT of a multipart/related representation...

See also: Atom References

Hakia Retools Semantic Search Engine to Better Battle Google, Yahoo
Clint Boulton, eWEEK

Semantic search engine startup Hakia has retooled its Web site, adding tabs for news, images and "credible" site searches as a way to differentiate between its search approach and what it calls the "10 blue links" approach search incumbents Google, Yahoo and Microsoft have used in the first era of search engines. Hakia employs semantic search technologies, leveraging natural language processing to derive broader meaning from search queries. The new user interface shows tabs for all results, images and news, as well as one for the company's existing Meet Others social network. This feature puts visitors in touch with others searching for the same or similar information. Users can e-mail each other through this feature... The idea is to clearly define sites users can trust in an age when do-it-yourself chronicling via Wikipedia and other sites that enable crowdsourcing activities has led to some questionable results. I gave the credible sites a test drive today and they do work, but only for health and environmental-related queries so far. Hakia is working to expand coverage in finance, law and travel. For example, Pulatkonak had me do a Hakia search for "What prevents a migraine?" and I got some credible sites results from the Mayo Clinic and other professional information sites. Do the same search on Google and you'll see there are 350,000 or so results. Hakia calls these undifferentiated, meaning they have less value because, unlike with Hakia credible sites, the reader doesn't immediately know which sites to trust or ignore. I like what Hakia is doing, but it reminds me a little of what Powerset and Wikia have done with search. It seems semantic technologies, tabs and social search are becoming table stakes for companies that want to provide a differentiation point from Google, Yahoo and the other top-line search engines.

See also: the slide show


XML Daily Newslink and Cover Pages sponsored by:

IBM Corporation
Oracle Corporation
Sun Microsystems, Inc.

XML Daily Newslink:
Newsletter Archive:
Newsletter subscribe:
Newsletter unsubscribe:
Newsletter help:
Cover Pages:

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: