This issue of XML Daily Newslink is sponsored by:
Sun Microsystems, Inc. http://sun.com
- Alfresco Labs 3.0 Final Version Supports CMIS
- Draft W3C Social Web Incubator Group Charter
- OASIS Announces Informal Public Review of BIAS SOAP Profile v1.0
- Identity as a Service
- Java API for RESTful Web Services (JAX-RS): First GA of RESTeasy Released
- Vendors' Help Sought for NIEM's Next Step
- Government's Management Challenge
- Calls for Open Source Government
Alfresco Labs 3.0 Final Version Supports CMIS
Staff, Alfresco Announcement
Alfresco Software has announced the release of Alfresco Labs 3 Final. This is a milestone release for Alfresco Labs, and is immediately available for download under the open source GPL license. According to said John Newton, CTO of Alfresco Software: "This release is designed to be the open source content services platform for all Alfresco and non-Alfresco content applications from document management and web content management to wikis. Alfresco has already utilized the emerging CMIS standard to integrate content services to other open source systems like Joomla, as well as offering integrations to MediaWiki, Open Office and WordPress. We strongly recommend that our open source community download this release." Alfresco has seen major adoption of its open source ECM system throughout the world. There have been over 1.5 million downloads of Alfresco Labs. Alfresco Labs is designed to be the research vehicle for new features, enabling developers to access a nightly build with the latest functionality. The Alfresco Labs 3 build is a stable build with basic QA against an open source stack. Alfresco Enterprise is the supported Alfresco build and is used by more than 700 enterprise customers, including the NYSE, Los Angeles Times, Boise Cascade, Sony Pictures, Activision, Kaplan, FedEx, and KLM. In the Alfresco Labs 3.0 Content Application Platform, support features for Web Content Management (1) Alfresco Web Studio: Drag-and-drop visual editor for end user site development, built on Alfresco SURF; (2) Alfresco SURF: AJAX enabled Web UI component framework, built on REST WCM API; (3) REST based WCM Services API; (4) Content Deployment: Replicated, transactional deployment from staging area to live site. Collaboration with Alfresco Share includes [i] Native SharePoint protocol support: Seamless document editing via SharePoint protocol; [ii] Flex Document Previewer: Zoom, snap points and full-screen; [iii] AJAX Calendar: Drag-and-drop event support; [iv] Links Directory Manager: Share internal and external links. Open Source Content Services Platform Integration features include Joomla! CMIS integration offering document library support for Joomla! sites, MediaWiki Quercus integration offering content services for MediaWiki content, and Open Office: Native Open Office access to Alfresco content services, contributed by Westernacher...
Draft W3C Social Web Incubator Group Charter
Harry Halpin, Posting to W3C public-social-web-talk
An update was announced for the latest version of a draft charter to create a W3C Social Web Incubator Group. The W3C Incubator Activity is designed to foster rapid development, on a time scale of a year or less, of new Web-related concepts. Target concepts include innovative ideas for specifications, guidelines, and applications that are not (or not yet) clear candidates as Web standards developed through the more thorough process afforded by the W3C Recommendation Track. As proposed, the mission of the Social Web Incubator Group, part of the Incubator Activity, is to explore the development of social graph technologies and social media interoperability for the Web, built on existing W3C standards and open standards developed by the community, and to promote these solutions within the W3C. Scope: "The focus will be insuring social data portability can be built on open standards and existing deployed APIs as deployed by vendors and the community. The group will work to promote the work of other non-W3C groups working on the Social Web within the W3C and raise awareness of the landscape of Social Web technologies within the W3C. The group will survey the needs of users of social web sites, and propose use-cases for social data portability to address these needs, with a focus on social data portability and relationships of trust and privacy. The group will determine if these use-cases can be built on top of existing standards and help determine what other standards are needed. Most importantly, mappings between currently widely deployed technical solutions for both users and developers will be developed on the level of semantics, with an various syntax options and even data models (XML, JSON, RDF) being capable of expressing this information. Ideally working converters in a variety of programming languages will be created for these mappings. Furthermore, although more still an area for research, privacy, trust, and security concerns should be addressed and the landscape of technologies in this area will be surveyed." Halpin writes: "Within two or three weeks, hopefully consensus will emerge on the charter and then we can finalize it. Since I've edited the draft, I feel like I've had my say already, so I'm going to let it go into the wild and see what happens and not maintain any control of it for the next bit of time. Also, feel free to make major rewrites to the draft..." Any interested person is invited to contribute to the charter proposal.
See also: the W3C posting
OASIS Announces Informal Public Review of BIAS SOAP Profile v1.0
Staff, OASIS Announcement
Members of the OASIS Biometric Identity Assurance Services (BIAS) Integration Technical Committee are seeking review and comment on the current draft of the "Biometric Identity Assurance Services (BIAS) SOAP Profile, Version 1.0" specification. The 45-day review ends March 07, 2009. Feedback is invited especially relative to (1) Completeness of operations; (2) Is the message specification well-formed and follow expected usage/formats; (3) Identification of missing information; (4) Consistency with best practices and WS-I; (5) The open issues identified in provisional Annex F. This profile specifies how to use the Extensible Markup Language (XML) defined in "ANSI INCITS 442-2008 -- Biometric Identity Assurance Services" to invoke Simple Object Access Protocol (SOAP) -based services that implement BIAS operations. These SOAP-based services enable an application to invoke biometric identity assurance operations remotely in a Services Oriented Architecture (SOA) infrastructure. This OASIS BIAS profile specifies the design concepts and architecture, data model and data dictionary, message structure and rules, and error handling necessary to invoke SOAP-based services that implement BIAS operations. Together, the BIAS standard and the BIAS profile provide an open framework for deploying and remotely invoking biometric-based identity assurance capabilities that can be readily accessed across an SOA infrastructure. This relationship allows the leveraging of the biometrics and web services expertise of the two standards development organizations. Existing standards are available in both domains and many of these standards will provide the foundation and underlying capabilities upon which the biometric services depend... In late 2005/early 2006, a gap was identified in the existing biometric standards portfolio with respect to biometric services. The Biometric Identity Assurance Services standard proposal was for a collaborative effort between government and private industry to provide a services- based framework for delivering identity assurance capabilities, allowing for platform and application independence. This standard proposal required the attention of two major technical disciplines: biometrics and service architectures. The expertise of both disciplines was required to ensure the standard was technically sound, market relevant, and achieved widespread adoption. The International Committee for Information Technology Standards (INCITS) M1 provided the standards leadership relevant to biometrics, defining the 'taxonomy' of biometric operations and data elements. OASIS provided the standards leadership relevant to service architectures with an initial focus on web services, defining the schema and protocol.
Identity as a Service
Martin Kuppinger, Blog
Some days ago, I had a very interesting discussion with John de Santis and some of his colleagues from TriCipher, one of the vendors which provide IaaS (Identity as a Service) solutions, in that case particularly with their MyOneLogin service. That discussion is one among several I had with other vendors in the IaaS space like Multifactor Authentication, Arcot Systems, or Ping Identity... On the other hand, my colleague Joerg Resch (currently very active in organizing the European Identity Conference 2009, where we will have, amongst many other topics around thought leadership and best practice for IAM and GRC, definitely much content about IaaS) some weeks ago asked me about my opinion about approaches like Facebook Connect and related standards (Google Friend Connect, Myspace Data Availability) and, as a result, my overall opinion about IaaS. First of all, the positive things with all these initiatives is that they address the lock-in issues in todays social networks, which I've discussed more than a year ago in this blog... So where is the link between these two discussions? It is all about the way we can and should deal with identities in the future. In business as well as privately. First of all, identity is core to any of these initiatives like cloud computing and SaaS or Enterprise 2.0 or Web 2.0—even while many people haven't understood the impact of identity yet. How will you ever fulfill compliance requirements in an IT infrastructure which consists of multiple SaaS services provided by different companies as well as some still existing internal IT services? How is allowed to do what in that environment? Just think about SoD controls across multiple SaaS services: how do we control the way our employees act in the Internet, still representing our company? What about consistency and reliability there? How about the integration of Web 2.0 services into the enterprise, for corporate use—that what sometimes is called Enterprise 2.0.. We have some standards (like OpenID, Information Cards and the underlying federation standards, XACML...), some IaaS services (mainly for authentication and federation and some provisioning), and some proprietary approaches for exchanging information from social networks. Many areas like policy management and auditing aren't covered yet. And in the area of social networks, there should be one standard, which might make use of Information Cards instead of some vendor implementations. From my perspective, we are still at the very beginning of the IaaS market. We will need to create more standards and implement more use cases. There is a lot of room for vendors and service providers..."
Java API for RESTful Web Services (JAX-RS): First GA of RESTeasy Released
Mark Little, InfoQueue
One of the relative new comers to the REST-based frameworks and JSR 311 compliant implementation space is RESTeasy, lead by Bill Burke, the first GA of which has now been released. According to the release announcement: "JBoss RESTEasy is a framework that allows you to write RESTFul Web Services in Java. It is a fully certified and portable implementation of JAX-RS specification. JAX-RS is a new JCP specification that provides a Java API for RESTful Web Services over the HTTP protocol. RESTEasy can run in any Servlet container, but tighter integration with the JBoss Application Server is also available to make the user experience nicer in that environment. While JAX-RS is only a server-side specification, RESTEasy has innovated to bring JAX-RS to the client through the RESTEasy JAX-RS Client Framework. This client-side framework allows you to map outgoing HTTP requests to remote servers using JAX-RS annotations and interface proxies..." Of course being a JBoss project there is good integration with JBoss Application Server, but it can run in any servlet container running JDK 5 or higher. There's also a client framework aspect to RESTeasy, something which is not part of the JAX-RS standard. Other features in the release include: (1) Embeddedable server implementation for junit testing; (2) Rich set of providers for: XML, JSON, YAML, Fastinfoset, Atom, etc; (3) JAXB marshalling into XML, JSON, Fastinfoset, and Atom as well as wrappers for arrays, lists, and sets of JAXB Objects; (4) Asynchronous HTTP (Comet) abstractions for JBoss Web, Tomcat 6, and Servlet 3.0; (5) EJB, Spring, and Spring MVC integration; (6) Client framework that leverages JAX-RS annotations so that you can write HTTP clients easily—JAX-RS only defines server bindings... In a recent entry on Integrating JAX-RS and Spring MVC, Solomon Duskis reports that RESTEasy can now be used with the Spring MVC DispatcherServlet. All you need to do is [...] This has quite a few benefits: You can manage JAX-RS Resources along side SprngMVC Controllers, or Wicket Objects or Tapestry or Struts2 Actions. JAX-RS can be set up to handle XML and JSON interactions, and your favorite MVC framework can handle the HTML creation. Your JAX-RS resources can be full-fledged MVC Controllers by returning a Spring ModelAndView. It can be a JSP view, a Freemarker, XSLT or Velocity template, or an RSS view...
Vendors' Help Sought for NIEM's Next Step
Ben Bain, Federal Computer Week
Technology integrators and commercial software providers are being asked for help as officials seek to expand the use of their common data standard to help information sharing... The NIEM program was launched in 2005 by the Homeland Security and Justice departments. Its users extend beyond homeland security and law enforcement, and officials want to expand adoption to a wide range of communities. NIEM gives users a standard vocabulary, guidance and processes to make data flow more effectively across various levels of government. The framework defines data components—such as people, places events and things -- and provides a method for communicating that data using Extensible Markup Language. To share information, officials use a packet that has the correct NIEM structure and semantics. The specifications for particular data exchanges are stored as Information Exchange Package Documentation. NIEM program managers will hold an industry day on February 17, 2009 to expand the program to new users. The U.S. Homeland Security Department announced the event through a draft request for information on January 15, 2009; it said officials were seeking descriptions of products that have the potential to make the next generation of NIEM a reality. The final RFI is expected by February 27, 2009... Officials say more software tools are needed as organizations look to roll out addition NIEM-based information sharing programs. The draft RFI said that NIEM's executive leadership believes that commercial software companies are best suited to provide the types of software tools to meet NIEM's needs.
Government's Management Challenge
Faisal Hoque, Baseline Magazine
In government, as well as in the private sector, making good things happen with technology is primarily management challenge, not a technological one. Technology investment must flow from a clearly articulated strategy, and technology must be deployed by and in organizational structures that are designed to make holistic decisions about technology—and to take full advantage of it. President Barack Obama emphasizes open government and education, but there are many other [U.S.] national issues that technology can address, e.g., (1) The U.S. population grew nearly 20 percent between and 2001, but traffic increased 236 percent. Roadside sensors, radio frequency tags and global positioning systems can fit in where there is no room for more roads. A system in Stockholm resulted in 22 percent less and a 40 percent drop in emissions. London, Brisbane Singapore also are taking advantage of this technology. (2) Intelligent oil-field technology can increase both performance and well productivity in a business only 20 percent to 30 percent of the reservoir is extracted and turned into some form of energy. Meanwhile, lose between 40 percent and 70 percent of our electrical energy due to 'dumb' electric grids. (3) Electronic health records and networking could eventually save $81 billion annually. And Computerized Physician Order Entry (CPOE) increases patient by listing instructions for physicians to follow when prescribe drugs. If installed in all hospitals, CPOE potentially eliminate 200,000 adverse drug events save about $1 billion a year. (4) Establishing information-sharing mechanisms to improve homeland security. (5) Protecting the federal government's information systems and the nation's critical infrastructures...
Calls for Open Source Government
Maggie Shiels, BBC News
The secret to a more secure and cost effective government is through open source technologies and products. The claim comes from one of Silicon Valley's most respected business leaders Scott McNealy, a co-founder of Sun Microsystems. He revealed he has been asked to prepare a paper on the subject for the new administration. "It's intuitively obvious open source is more cost effective and productive than proprietary software," he said. "Open source does not require you to pay a penny to Microsoft or IBM or Oracle or any proprietary vendor any money." Improvements: Mr. McNealy told the BBC he wants to ensure the government does not get "locked in" to one specific vendor or company. "The government ought to mandate open source products based on open source reference implementations to improve security, get higher quality software, lower costs, higher reliability—all the benefits that come with open software. [...] The Open Source Initiative, or OSI, is fully supportive of Mr McNealy's efforts which both believe is one of the main solutions the new President cannot afford to ignore. Mr McNealy says the benefits of open source products can't be ignored "Scott is absolutely correct about the benefits which have been demonstrated time and again," said OSI President Michael Tiemann. "It's an accident of history that proprietary standards became so entrenched so early and it's been a colossal expense for government." Mr Tiemann said while some departments already use open source technologies, overall it has been estimated that the global loss due to proprietary software is "in excess of $1 trillion a year." [...] Mr McNealy said a new cabinet post of chief information officer (CIO) was necessary to drive this fundamental root and branch change. He added that the CIO should "have veto power, the right to eliminate any hardware, software or networking product that touches the federal network... [Other commentary from CNet News.com.]
See also: on Obama and 'electronic health records'
XML Daily Newslink and Cover Pages sponsored by:
|Sun Microsystems, Inc.||http://sun.com|
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: email@example.com
Newsletter unsubscribe: firstname.lastname@example.org
Newsletter help: email@example.com
Cover Pages: http://xml.coverpages.org/