The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Last modified: November 12, 2008
XML Daily Newslink. Wednesday, 12 November 2008

A Cover Pages Publication
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
Sun Microsystems, Inc.

Sun Announces OpenSSO Enterprise 8.0
Erica Pereira, On the Record (Blog)

OpenSSO Enterprise 8, Sun's first open, high-performance and unified solution for access management, federation and secure Web services capabilities to address the core single sign-on (SSO) problems that organizations face today, is now available for download. New features in version 8.0: (1) The Fedlet: a lightweight way for service providers to quickly federate with a SAML 2.0 identity provider; (2) Multi-Protocol Hub: allows companies that are members of a circle of trust to speak different federation protocols; () Identity Services: invoke AAA services using your IDE of choice or any programming language. e.g. Java, .NET, PHP, Ruby, etc; (4) Express Builds: deploy next-generation features from the OpenSSO community with the same support and indemnification provided with commercial releases; (5) Ease of Use: new task-based UI for common federation-related operations; (6) Ease of Install: just drop the WAR file into your servlet-container of choice, hit it with a browser and, in the simplest case, supply admin passwords; (7) More: centralized server configuration (no more text file), centralized agent configuration (no more text files)... "OpenSSO Enterprise 8 is the only integrated open source, access and federation management offering on the market today. Sun allows customers to deploy commercial or open source versions of OpenSSO Enterprise, known by OpenSSO community members as Express builds, and provides full support and indemnification." What's next for OpenSSO? According to Pat Patterson, "coming up we have carrier-grade monitoring, more ease-of-use work, task flows for SaaS federation (think Google and federation setup with the absolute minimum number of clicks) and entitlement management. Oh, and Express Build 7 will be coming up in about three months..."

See also: Pat Patterson's blog

OASIS Committee Draft: Identity Metasystem Interoperability Version 1.0
Michael B. Jones and Michael McIntosh (eds), OASIS TC Committee Draft

Mike Jones, Secretary of the OASIS Identity Metasystem Interoperability (IMI) TC, announced the publication of an initial Committee Draft for the "Identity Metasystem Interoperability Version 1.0" specification. The document is intended for developers and architects who wish to design identity systems and applications that interoperate using the Identity Metasystem Interoperability specification. An Identity Selector and the associated identity system components allow users to manage their Digital Identities from different Identity Providers, and employ them in various contexts to access online services. In this specification, identities are represented to users as 'Information Cards'. Information Cards can be used both at applications hosted on Web sites accessed through Web browsers and rich client applications directly employing Web services. This specification also provides a related mechanism to describe security-verifiable identity for endpoints by leveraging extensibility of the WS-Addressing specification. This is achieved via XML (XML 1.0) elements for identity provided as part of WS-Addressing Endpoint References. This mechanism enables messaging systems to support multiple trust models across networks that include processing nodes such as endpoint managers, firewalls, and gateways in a transport-neutral manner. This first OASIS Committee Draft "consists primarily of the merger of the content from the input documents: [1] 'Identity Selector Interoperability Profile V1.5', [2] 'A Guide to Using the Identity Selector Interoperability Profile V1.5 within Web Applications and Browsers', and [3] 'Application Note: Web Services Addressing Endpoint References and Identity'. The Security Considerations and Conformance sections of the committee draft are known to require more work on the part of the committee." A session was held at the Internet Identity Workshop (IIW) on 2008-11-12 for discussion on the progress of the IMI Technical Committee and this Version 1.0 Committee Draft.

See also: OASIS Identity Metasystem Interoperability TC

Thinking XML: Enrich Schema Definitions with SKOS
Uche Ogbuji, IBM developerWorks

Major industry initiatives do not tackle terminology to drive schema development in most applications of XML; more often you need to define your own specialized data dictionaries. Architects realize that data dictionaries alone are not enough to support richer information integration. In XML documents you need to refer to people, places, and things with inter-relationships ranging from general to more specific, part and kind, and synonym and antonym. You need to describe connections to geographical points, to key times and dates, to policies, and to business rules. Sometimes you expand your scope beyond your specialized information space toward larger industry conventions. These details are why Semantic Web technology is such a good fit for supporting XML development, and it makes sense to start with the most modest, simplest Semantic Web technologies. Simple Knowledge Organization System (SKOS) is just such a technology, presently in the last call stage of the Working Draft process, but already well understood, implemented, and discussed. SKOS has unfortunately lost some of its simplicity in the latest drafts, as its committee ties it to the far more complex Web Ontology Language (OWL), but it's still quite useful if you ignore some of the more arcane flourishes. It at least provides the word-relationship aspect of connecting basic meaning relationships of terms, and this is a great first step for enriching XML schemata. This article shows how to attach concepts from the business problem domain to XML applications. Attaching SKOS concepts to constructs in richer schema languages such as RELAX NG and Schematron (both of which I personally prefer) is even easier than for WXS. In such cases you can put the SKOS elements in-line wherever it makes sense, thanks to its separate namespace. What you gain, regardless of schema language, is not a magic wand that suddenly makes all XML documents transparent to every person and application. What you get is what I call an anchor in this column—a hand-hold that gives people the clues they need to direct integration and to improve data quality. Schema annotations connected to overall information sharing tools such as wikis make it possible for all the people involved in an interest to collaborate and contribute regardless of their technical ability. SKOS is a good language to express the technical substance of such interchange.

See also: W3C Simple Knowledge Organization System (SKOS)

RESTful Web Services: The Basics
Alex Rodriguez, IBM developerWorks

Representational State Transfer (REST) defines a set of architectural principles by which you can design Web services that focus on a system's resources, including how resource states are addressed and transferred over HTTP by a wide range of clients written in different languages. If measured by the number of Web services that use it, REST has emerged in the last few years alone as a predominant Web service design model. In fact, REST has had such a large impact on the Web that it has mostly displaced SOAP- and WSDL-based interface design because it's a considerably simpler style to use. REST is not always the right choice. It has caught on as a way to design Web services with less dependence on proprietary middleware (for example, an application server) than the SOAP- and WSDL-based kind. And in a sense, REST is a return to the Web the way it was before the age of the big application server, through its emphasis on the early Internet standards, URI and HTTP. As you've examined in the so-called principles of RESTful interface design, XML over HTTP is a powerful interface that allows internal applications, such as Asynchronous JavaScript + XML (Ajax)-based custom user interfaces, to easily connect, address, and consume resources. In fact, the great fit between Ajax and REST has increased the amount of attention REST is getting these days. Exposing a system's resources through a RESTful API is a flexible way to provide different kinds of applications with data formatted in a standard way. It helps to meet integration requirements that are critical to building systems where data can be easily combined (mashups) and to extend or build on a set of base, RESTful services into something much bigger.

See also: Roy Fielding's dissertation, Chapter 5

SIP SAML Profile and Binding
Hannes Tschofenig, Jeff Hodges (et al., eds), IETF Internet Draft

Members of the IETF Session Initiation Protocol (SIP) Working Group have released a candidate Last Call Working Draft of the "SIP SAML Profile and Binding" specification. This document specifies composition of the Security Assertion Markup Language (SAML) V2.0 with SIP (IETF RFC 3261) in order to accommodate richer authorization mechanisms and enable "trait-based authorization." Trait-based authorization is where one is authorized to make use of some resource based on roles or traits rather than ones identifier(s). Motivations for trait-based authorization, along with use-case scenarios, are presented in RFC 4484 ("Trait-Based Authorization Requirements for the Session Initiation Protocol"). Security Assertion Markup Language (SAML) v2.0, "SAMLv2", is an XML-based framework for creating and exchanging security information. Various means of providing trait-based authorization exist: authorization certificates RFC 3281, SPKI (RFC 2693, or extensions to the authenticated identity body, per RFC 3893. The authors selected SAML due to its increasing use in environments such as the Liberty Alliance, and the Internet2 project, areas where the applicability to SIP is widely desired. According to co-editor Jeff Hodges: "The key changes in this revision are that we're aiming for experimental track (for now) due to a subtle-but-important impedance mismatch with the 'SIP Identity' spec (RFC 4474, which we build upon), and we've add an additional profile to the specification. This new profile simply specifies SAML assertion conveyance 'by value' in the body of SIP message(s) rather than 'by reference'. Note that the overall notion of 'SIP Identity' has been in-flux over the last year+. Once that set of issues is (hopefully) resolved, then we can create another SIP-SAML specification on the IETF standards track. Also, the SIP WG co-chairs have called for Working Group Last Call on this -05 nternet Draft revision."

See also: Jeff Hodges' blog

URN for Early Warning Emergency Services and Location-to-Service Translation (LoST) Protocol Usage
Brian Rosen, Henning Schulzrinne, Hannes Tschofenig (eds), IETF Internet Draft

Members of the IETF Session Initiation Proposal Investigation (SIPPING) Working Group have published a Standards Track Internet Draft for "A Uniform Resource Name (URN) for Early Warning Emergency Services and Location-to-Service Translation (LoST) Protocol Usage." The Common Alerting Protocol (CAP) is an XML document format for exchanging emergency alerts and public warnings. Different organizations issue alerts for specific geographical regions. The Location-to-Service Translation (LoST) protocol provides a way to discover servers that distribute these alerts for a geographical region. This document defines the Service Uniform Resource Names (URN)s for warnings in the same way as they have been defined with RFC 5031 for citizen-to-authority emergency services. Additionally, this document suggests to use LoST for the discovery of servers distributing alerts. This document makes use of RFC 5222 ("LoST: A Location-to-Service Translation Protocol"). However, instead of performing a translation from location information and a Service URN to a PSAP URI (plus supplementary information), as used with "Best Current Practice for Communications Services in support of Emergency Calling", for the citizen-to-authority emergency services use case, the LoST client asks the LoST server for a URI to receive further information on how to obtain warning alerts. In a response the URIs in the 'uri' element MUST be from the following format: sip, xmpp or http. The SIP URI MUST subsequently be used with "Session Initiation Protocol (SIP) Event Package for the Common Alerting Protocol (CAP)". An XMPP URI MUST be used as described in "Common Alerting Protocol (CAP) Over XMPP". An HTTP URI MUST be used with GeoRSS. In a LoST response the optional 'serviceNumber' element is not used by this specification. In mapping citizen-to-authority services, receiving multiple mappings is an exception. However, since many organizations may provide warnings for the same area, this is likely to be more common for alerts. As such, the extensions defined in "Location-to-Service Translation Protocol (LoST) Extensions" (e.g., the ability to limit the number of returned mappings) are useful in this context...

Important Topics at the Internet Identity Workshop IIW2008b
George Fletcher, 'Identity in Practice' Blog

The Internet Identity Workshop "focuses on what has been called user-centric identity. Basically asking the question how can people manage their own identity across the range of websites, services, companies and organizations that they belong to, purchase from and participate with. IIW is a working meeting for a range of groups focused on the technical, social and legal issues arising with the emergence identity, relationship and social layer of the web." George Fletcher identified some key issues that he's hopeful the community will be able to address at the Fall IIW2008b Workshop: (1) User eXperience (UX) for Relying Parties (RP). This is a critical element of making OpenID understandable and valuable to the "masses". There has been quite a bit of work on this recently and I'm excited to see what will develop from the face to face meetings on this topic. (2) XRDS and Discovery. This is really important for the "open stack" and deals with the concept of describing meta-data for resources. (3) OpenID TX Extension. This extension being proposed into an OpenID working group is about adding a layer of trust to OpenID transactions. Right now it focuses on tying transactions to contracts between parties but hopefully the working group will extend this to adding a "trust fabric" to OpenID. (4) Email as an OpenID identifer (or as a pointer to an OpenID). This is part of the UX discussion in that many/most people don't know they have an OpenID but they do know their email address. (5) Email verification. This is slightly related to #4 but also different. In the SREG and AX models, an RP can request an email address but it doesn't know whether the OP has verified that email or not. (6) OpenID + OAuth "Extension". This topic is addressing how to allow a Consumer to both authenticate a user and get an OAuth access token and secret in a way that the user only has to authenticate and authorize once. There are a number of significant issues with this effort especially if the extension tackles allowing one SP/OP to verify/validate another SP/OP's tokens. Right now, this effort is focusing on allowing the OP to present not only authentication but also authorization UI so the flow is simplified for the user. (7) OAuth Extensions: Custom Response Data Formats, Session Extenstion, Problem Reporting, Language Extension; (8) OAuth support for Mobile/Desktops/Appliances/etc. This topic deals with a simple mechanism for mobile apps or appliances to participate in the OAuth flow even if the device doesn't have browser support and very limited input capabilities.

See also: the Workshop Wiki

Five RESTful Friends
Dan McCreary, O'Reilly Technical

Resource orientation asks the web application developer to think about creating consistent and precise URLs (URIs) for things that you want to manage. If you manage customers, invoices, purchase orders or products, think about how you identify these items and the data they contain. After you do this you will find that you have some new friends to help your web application fly. (1) Your first friend is the resource your local computer's local memory or RAM. Local memory is very fast and you can usually transform resources in memory to the screen in fractions of a millisecond... (2) Your second friend is your local hard drive or what is known as your web browser cache. Although the local cache is much, much slower then your local hard drive (by about three orders of magnitude) it still is a great resource to put your data items into... (3) Your third friend is your regional web cache, or corporate cache. If you manage IT within your organization you may know that a corporate proxy cache dramatically reduces your Internet bandwidth needs and improves response times for your users by caching and reusing frequently- requested web resource including static pages, images and XML resources... (4) A fourth friend is the web cache in your own web application server cluster. Web application servers frequently are not a single web server but cluster of multiple web servers that have a load-balancing device in front of it.. (5) And lastly, consider that databases servers themselves also may have a cache of information that they hold before they decide to do additional work. Many new databases have an innovative column store structure that pre-calculate sums and averages for you... if you design your URIs correctly your five friends will be standing by to help. This is one reason why the XRX web application architectures are becoming so popular. They try to leverage the infrastructure of the web and they don't try to short-circuit a system that is already in place to help you. Before you bother your database server to do a huge number of SELECTs with joins on dozens of tables, considering asking your five friends for some help. You might just find your web application runs a little faster. And remember that native XML databases like MarkLogic are usually inherently faster then RDBMS systems since they may already store the information in the appropriate hierarchical structures.

Java FX Technology Preview
Charles Humble, InfoQueue

For writing long running server-side code typical in modern Enterprise Computing, and for other situations such as mobile development where cross-platform support, stability and security are key factors, Java represents an excellent choice. There are however some programming tasks that benefit from a degree of specialisation and for which Java, in common with other general purpose languages, is less well suited. An example is modern GUI design which raises both technical and managerial challenges... Pitched into the Rich Internet Application space as a competitor to Adobe's Flex and Microsoft's Silverlight, Sun's JavaFX is one part of Sun's strategy for addressing these issues for Java developers. JavaFX aims provide a new foundation platform for building Rich Internet Applications across desktop, internet and mobile devices. It also represents a significant shift in the way Sun engages with the Java product market, seeing them building up a complete solution rather than focusing solely on the underlying technology. The current technology preview comprises two major components: Project Nile, which focuses on designer/developer workflow, and JavaFX Script, a new declarative language for writing Java GUI applications. Whilst both Flex and Silverlight use XML as their declarative language (MXML and XAML respectively) Sun have chosen to develop a new scripting language, JavaFX Script, for the task. Sun Staff Engineer Joshua Marinacci told us that Sun have no plans to add an XML dialect at this point... JavaFX Script is a declarative, statically typed, compiled, Domain Specific Language (DSL) for creating user interfaces on top of the Java Standard and Micro Editions, with current Java packages accessible from the JavaFX environment. It targets two distinct user groups: (1) Java developers who are already familiar with Swing and are looking for a way of building feature rich interfaces in a faster, more productive way. (2) Web developers who are more familiar with other scripting languages such as JavaScript or ActionScript... JavaFX overhauls a number of ideas familiar from Java itself. One worthy of attention is the Javadoc equivalent JavaFXDoc which makes some much needed updates to the documentation tool. In place of HTML, JavaFXDoc produces an XML format document which can then be transformed into a secondary output format. The current format is XHTML 1.0 but this two step process offers a degree of future proofing opening up the possibility of support for other formats such as PDF, or a database to build up a knowledge base. The new output format doesn't use frames, and can easily be skinned using CSS. It also allows for some basic filtering for individual profiles—so for example the JavaFX APIs are split into common, desktop and mobile profiles and the documentation can be filtered as appropriate...

Intel XML Software Suite 1.2 Optimized for Intel Core i7 SSE 4.2
Staff, DDJ

Intel has released Version 1.2 of its XML Software Suite. The Intel XML Software Suite is a set of C++ and Java runtime libraries for Linux and Windows. The XML Software Suite is standards compliant for easy integration into existing XML environments and optimized for future Intel processors implementing the new Intel Streaming SIMD Extensions (Intel SSE) instructions and other features, to deliver extended capabilities, enhanced performance and greater energy efficiency for many applications. This updated Intel XML Software Suite includes support for Intel Core i7 processors, StAX API for Java, and compatibility with IBM WebSphere and Oracle WebLogic. This new version is also engineered to automatically take advantage of the new Intel Core i7 SSE 4.2 processor instructions to further boost XML processing performance. From the published description: "Today's applications rely on data feeds from many sources, using technologies that are based on XML. XML is an omnipresent data representation standard in web service, Service Oriented Architecture (SOA) and other new web technology deployments. The verbosity, extensibility and flexibility of XML messages can create performance challenges for software developers and productivity challenges for enterprise applications. The Intel XML Software Suite delivers outstanding XML processing performance, great scalability across multi-processing environments and easy integration into existing XML applications, providing higher return on your XML investment. The Intel XML Software Suite is a comprehensive suite of C++ and Java software-based runtime libraries for Linux and Windows operating systems. The Intel XML Software Suite is standards compliant, to allow for easy integration into existing XML environments and is optimized for future Intel processors implementing the new Intel Streaming SIMD Extensions (Intel SSE) instructions and other features, to deliver extended capabilities, enhanced performance and greater energy efficiency for many applications..."

See also: the Intel software evaluation download

Learning to Tag and Tagging to Learn: A Case Study on Wikipedia
P. Mika, M. Ciaramita, H. Zaragoza, J. Atserias; IEEE Intelligent Systems

Natural language technologies will play an important role in the Web's future. Recent Web developments, such as the huge success of Web 2.0, demonstrate annotated data's great potential. However, when it comes to annotating documents even at the most primitive levels, human effort alone can't scale to the Web. Recently, the focus in the Semantic Web has shifted from text to user-supplied explicit annotations... An interesting question, is how to leverage existing human effort in annotating user-generated content to provide improved support for machine annotation of the remaining content. The example we consider is Wikipedia. Our basic approach is based on linking Wikipedia's text to the structured knowledge found in the project's infoboxes, consistently formatted tables that provide summary information. First, we annotate the Wikipedia collection using an off-the-shelf named entity recognition (NER) tool trained on a standard corpus. Next, we link these semantic annotations with the structured knowledge the DBpedia project makes available. We enrich DBpedia with additional class hierarchies, type information for resources, and range restrictions for properties. We then apply this mapping to the corpus, thereby generating additional training sentences for our semantic tagger, this time using sentences from the Wikipedia collection... DBpedia, which is available for download in RDF, is a lightweight ontology consisting of a straightforward extraction of the information in Wikipedia infoboxes. In DBpedia, a resource represents each page—the underlying assumption being that each Wikipedia page represents a unique entity... [We follow] the idea of annotating the text with the metadata or, more specifically, creating a corpus annotated with DBpedia properties... Our tool achieves this by processing Wikipedia's XML corpus on a per-article basis, looking up for every article the resource in [instance set] being described... Our investigation of enriching the DBpedia metadata collection through the use of an NLP tagger and statistical analysis provided significant information... We see the possibility of generalizing our approach to other situations with semantic annotations or where parallel text and metadata are available. In particular, Web pages annotated with microformats or Resource Description Framework attributes (RDFa) would provide an interesting testing ground with a larger scale, but certainly noisier metadata, than Wikipedia.

Blue, Buildings, and Energy: The Shift from Green to Blue Has Started
Laurent Liscia, Toby Considine, William Cox;

Adam Werbach says that real strides in sustainability will only be realized when we view our efforts in terms of business opportunities, not sacrifices. According to Werbach, each decision and each transaction should be made mindful of price, purpose and process—and the benefits of economic growth can be guided by the ethos of sustainability. He named this new synthesis Blue, invoking the earth as seen by the astronauts... The future of smart energy operations in smart power grids and in smart buildings has much in common with the running and management of eCommerce enterprise systems. Each has similar needs for reliable, secure, and scalable infrastructure, and each requires embracing diversity to enable innovation. OASIS Blue Energy: The power grid's inability to negotiate and anticipate energy needs causes great inefficiencies in the generation and transmission of power. OASIS Blue standards will empower energy consumers and suppliers to negotiate contracts, understand the source and characteristics of their energy, and calculate the real cost of energy in the present and near future. OASIS Blue Security: Security is not about locking the door. It is about responding in the right way at the right time to the right party. Good security facilitates genuine transactions while preventing pickpockets from joining the crowd. Working with any number of organizations, each with changing employees, delegated rights, and commercial relationships, will require federated identity management. The effective energy commerce envisioned by OASIS Blue Energy will require the fine-grained security that OASIS standards define... To effectively interact with the grid, building systems must become responsive to their occupants and environment. oBIX and other OASIS specifications will enable competitive development of software to mediate between building-based systems and the intelligent power grid. Open standards are the way to incorporate business needs, household needs, and other information into energy decisions in an interoperable manner, creating new markets. Intelligent buildings, intelligent energy grids, consumers, providers, and enterprise scale—this is our dream. oBIX and other building management standards are a start on the intelligent buildings side; we believe that the application of broadly deployed and used eCommerce and security technologies will be the most rapid means of moving toward effective markets and distributed control.

No Deep Cuts for IT Spending Seen in 2009
Herb Torrens, Application Development Trends

Despite a troublesome economy, IT staff and executive positions are safe for now, according to a market study released on Wednesday. That's one of the conclusions of a Computer Economics study, which surveyed 159 North American IT organizations in October 2008. The Irvine, Calif.-based research firm found that "IT executives are not anticipating deep cuts in IT operational spending or staffing levels" in 2009. Organizations currently are focused on retaining their employees, according to the report, "Outlook for 2009 IT Spending and Staffing Levels." However, some respondents (35 percent) are reducing spending in areas such as travel, training, filling open positions and initiating major planned projects... In a released statement, Computer Economics noted that IT organizations responding "at the median and 25th percentiles forecast no change in headcount in 2009, while companies at the 75th percentile are actually forecasting a 5% growth in staffing levels." In essence, one in four IT firms actually plans to increase the head count... Still, IT budgeting is under the microscope. According to the report, 35 percent of surveyed organizations will be cutting back on equipment upgrades, 33 percent will reduce contractors and temps, 26 percent will cut back IT training, 25 percent will reduce costs of meals/entertainment, and 17 percent will defer planned pay increases.


XML Daily Newslink and Cover Pages sponsored by:

IBM Corporation
Microsoft Corporation
Oracle Corporation
Sun Microsystems, Inc.

XML Daily Newslink:
Newsletter Archive:
Newsletter subscribe:
Newsletter unsubscribe:
Newsletter help:
Cover Pages:

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: