This issue of XML Daily Newslink is sponsored by:
Microsoft Corporation http://www.microsoft.com
- OASIS Approves Web Services Standards from WS-RX, WS-SX, and WS-TX TCs
- W3C Workshop Report: Security for Access to Device APIs from the Web
- Buildings, Industry, Automation, and Smart Grids
- Linden Lab Structured Data
- IBM Links Web 2.0 and CRM
- Box.net Updates Interface, Puts More Emphasis on Social Features
- Johns Hopkins University Puts Its Expertise Online with Collexis
- Facebook Joins OpenID Foundation Board
OASIS Approves Web Services Standards from WS-RX, WS-SX, and WS-TX TCs
Staff, OASIS Announcement
OASIS announced that its members have approved new versions of nine Web Services specifications as OASIS Standards, a status that signifies the highest level of ratification. The WS Reliable Exchange (WS-RX), WS Transaction (WS-TX), and WS Secure Exchange (WS-SX) standards support reliable message exchange, coordinate the outcome of distributed application actions, and enable trusted relationships. These standards now include updated references to the latest versions of all cited specifications, enhancing their composability and stand alone use. Their approval marks a milestone in the maturity of Web services technology. Three standards from the WS-RX TC — "Web Services Reliable Messaging (WS-ReliableMessaging) Version 1.2", the "Web Services Reliable Messaging Policy Assertion (WS-RM Policy) Version 1.2" specification, and "Web Services Make Connection (WS-MakeConnection) Version 1.1" — allow messages to be transferred reliably despite failures in software components, systems, or networks. They enable a broad range of features, including ordered delivery, duplicate elimination, and guaranteed receipt. [See the announcement text for spec URIs] Three standards from the WS-TX TC — "Web Services Coordination (WS-Coordination) Version 1.2", "Web Services Atomic Transaction (WS-AtomicTransaction) Version 1.2", and "Web Services Business Activity (WS-BusinessActivity) Version 1.2" — describe an extensible framework for coordinating transactions across a mixed vendor environment. Three standards from the WS-SX TC — "WS-Trust 1.4", "WS-SecureConversation 1.4", and "WS-SecurityPolicy 1.3" — provide methods for issuing security tokens, establishing trust relationships, and allowing key material to be exchanged more efficiently.
See also: OASIS Web Services specifications
W3C Workshop Report: Security for Access to Device APIs from the Web
Staff, W3C Announcement
W3C announced the publication of a report from the W3C Workshop on "Security for Access to Device APIs", held December 10-1, 2008, in London. Participants in this open workshop included implementers and users of widget and browser runtime environments, researchers, and others who professed an interest in technologies used to facilitate access to sensitive, but useful APIs from the web context, and the security issues raised by such a model. The workshop had 44 participants from over 20 organizations; 29 position papers were received. The Workshop has identified a number of challenges as high-priority work items, including: (1) Declaration of APIs used by web applications and widgets; (2) Policy description; (3) API patterns and concrete APIs. A secure framework for device APIs access must be built on a solid foundation. One aspect of these foundations is the identity and capability of the APIs that are accessed. Code identity and the dependency of an application on a particular API is not only important from a security perspective, but is a runtime dependency issue as well. It should be noted that widgets and web applications may impose different constraints on the security model, in part due to the different models of declaring application identity. The security frameworks used by existing mobile application frameworks, such as Java and Symbian, include a policy enforcement mechanism as part of the application environment itself, and user application identity and trust models derived from certificate architectures. At least three of the papers presented suggest security frameworks where the notion of trust (the rule that determines what a particular application can rightfully access) can be provided by an architecturally distinct component. Two of these papers include specific candidate technologies which are either implemented, or in the process of implementation. There is considerable prior art in the area of policy description. Workshop participants noted that the XACML specification, represents a useful starting point and framework for any standardization work that is deemed necessary in this area. While several parties noted implementation experience that started out with XACML and led to purpose-specific and possibly simpler languages, other participants strongly suggested that future work should use (a profile of) XACML, and should liaise with the OASIS XACML Technical Committee to feed back experiences and requirements... W3C invites follow-up discussion on the Mobile Web Initiative public mailing list.
Buildings, Industry, Automation, and Smart Grids
Bill Cox, AutomatedBuildings.com
As wholesale energy markets have developed, and mandates for re-purchase by utilities and power grids of alternate energy such as wind and solar, your building may be a net consumer at one time and a net provider at another. Many of us are working to foster collaboration between smart buildings and smart grids. The National Institute of Standards and Technology Industry-to-Grid (I2G) and Building-to-Grid (B2G) Domain Expert Working Groups are working on issues and requirements for future standardization along these lines. The NIST effort started as a result of the Energy Independence and Security Act of 2007 (EISA)... Industrial and building concerns overlap — there are similarities between industrial facilities, large campuses, microgrids, office developments — and differences. The energy consumption and co-generation capabilities of industrial facilities set them apart, but as solar and wind power are integrated in larger buildings and campuses these are mostly differences of scale. In many ways the level of collaboration between the power grids and buildings is where the growth of the Internet and electronic commerce was years ago. There are few consistent standards for interaction, and the many sets of rules make interoperation difficult. The Internet started out with a notion of a host and an Internet terminal. Computing has evolved, first to client-server and later to peer-to-peer interactions. Symmetry in processing is becoming more obvious, but the model used by regulators and utilities is not very symmetric. You buy power from a utility. The utility controls the price, the delivery, and the characteristics. If you generate power, you may be very restricted in what you can do with your surplus... As wholesale markets have developed for buying and selling of power, so-called curtailment (or demand-response) markets are being created -- treating reduction of use as the mathematical and nearly practical equivalent of additional generation. This opens up opportunities for building managers and building automation system providers. A building or campus or industrial site may be able to save money buying energy in the marketplace, and directly earn money by selling reduction in use through efficiencies, changing set points, or on-site generation, all of which needs to be managed and communicated. Real Time Pricing is coming... Opportunities for Building Automation: (1) There is value to your customers in defining and implementing higher level building interactions, both with the power grid and with the business operating in the facility. (2) You can enable energy buying (and selling, if you have generation) through the portal. (3) By enabling selling of co-generation, solar, or wind power, you can bring money directly to the facilities manager who pays your bills. (4) By saving energy and money for your facilities, you help to reduce and delay the need for expensive upgrades in the electrical delivery infrastructure, helping make energy more cost-effective for all of us... An online "OASIS Blue Initiative" white paper explains more about energy and interoperation standards.
See also: the NIST Smart Grid project web site
Linden Lab Structured Data
Meadhbh Siobhan Hamrick, Aaron Brashears (et al), IETF Internet Draft
This document describes the Linden Lab Structured Data (LLSD) abstract type system, interface description and serialization formats. LLSD is a language-neutral facility for maintaining and transporting structured data. It provides dynamic data features for loosely-coupled collections of software components, even in statically-typed languages. LLSD includes an abstract type system, an interface description language (LLIDL) and three canonical serialization schemes (XML, JSON and Binary). Section 6 provides the MIME Type Registrations ('application/llsd+xml', 'application/llsd+json', 'application/llsd+binary'). Appendices include: Appendix A: ABNF of Real Values, Appendix B: XML Serialization DTD, Appendix C: ABNF of LLIDL. Details: "Linden Lab Structured Data (LLSD) is an abstract type system intended to provide a language-neutral facility for the representation of structured data. It provides a type system, a serialization system and an interface description language. The type system of LLSD defines nine simple types (Undefined, Boolean, Integer, Real, String, UUID, Date, URI and Binary) and two composite types (Array and Map.) It is used to represent an ideal dynamic type system in programming languages that may not exhibit dynamic type behaviors. This type system is advantageous in computing environments that make use of loosely-coupled components, each of which may be implemented in a different programming language. When loosely-coupled systems need to communicate structured data, LLSD instances are serialized into a neutral format for transmission across a process or system boundary. LLSD instances may be serialized into one of three defined formats: XML, JSON and binary. When meta-information regarding LLSD instances is required, an interface description language (LLIDL) may be used to define the structure of LLSD instances. LLIDL is especially suited to describing the structure of requests and responses in distributed systems using representational state transfer (RESTful) semantics... XML Serialization: XML serialization of LLSD data is in common use in protocols implementing virtual worlds. When used to communicate protocol data with a transport that requires the use of a Type, the type 'application/llsd+xml' is used. When serializing an instance of LLSD structured data into an XML document, the DTD given in Appendix B is used. This DTD defines elements for each of the defined LLSD types. Immediately subordinate to the root LLSD element, XML documents representing LLSD serialized data include either a single instance of an simple type (Undefined, Boolean, Integer, Real, UUID, String, Date, URI or Binary) or a single composite type (Array or Map)..."
See also: the Second Life Wiki
IBM Links Web 2.0 and CRM
Paul Krill, InfoWorld
IBM announced that its WebSphere sMash 1.1 platform for situational applications can function with the SugarCRM Sugar 5.2 CRM system, offering capabilities such as workflow. Announced last year, sMash is positioned as a Web 2.0 platform supporting SOA, RESTful services, and agile development. It serves as a development and execution platform for agile, Web-based applications. "With the tools we have, you can extend the [functionality] in SugarCRM to do things like workflows, to do things like connect to back-end systems, and to use resources that are potentially not in PHP" but enabled by Java, said Jerry Cuomo, IBM vice president and CTO of WebSphere, during the SugarCRM SugarCon 2009 conference in San Francisco. In sMash, the PHP and Groovy scripting languages are enabled along with Java technology. A PHP interpreter runs on top of Java, providing the foundation of the sMash server, according to Jerry Cuomo. "This gives us the ability to run applications like SugarCRM — and it's not just running them but it's also providing that experience or that environment that you can enrich." WebSphere sMash is available free to developers but must be purchased once a sMash application is put into production... Sun also has been accommodating scripting languages in the Java platform, offering JRuby, for example, which provides a version of the Ruby language on top of the Java Virtual Machine.
See also: the product description
Box.net Updates Interface, Puts More Emphasis on Social Features
Frederic Lardinois, ReadWriteWeb
"Box.net, the popular document hosting and sharing service, announced a major redesign of its user interface today, which also puts a lot more emphasis on social features like profiles and activity streams. The new version of Box.net also focuses on collaboration and effectively turns Box.net into a social network for small to medium-sized businesses and groups. While Box.net featured profile pages before, it now puts them at the center of the user experience. Your profile pages now show the latest updates from your network on Box.net. These activity streams now show you when a file has been uploaded, edited, or downloaded, which makes tracking the progress of a document on Box.net a lot easier. Box.net now also provides the ability to be notified of any updates in your activity stream by RSS or email. With this update, Box.net positions itself as a small social network for businesses. As Jen Grant, Box.net's VP of Marketing, explained to us, the reasoning behind this is that, according to Box.net, social networks work best when they are built around a certain type of content (like MySpace and music). Thanks to its integration with other online productivity services including Zoho, EchoSign, and Scribd, you could potentially run a large part of your business through Box.net and its affiliated services." According to the announcement, "Box.net provides a flexible solution that currently helps over 50,000 businesses easily share content, move company file systems online, and create team workspaces. Today's new Box melds the best of traditional content management with the most effective elements of social software to better capture and centralize the collective knowledge of an organization, and make that knowledge available to dispersed teams..."
See also: the announcement
Johns Hopkins University Puts Its Expertise Online with Collexis
Staff, Collexis Announcement
Collexis, a leading developer of semantic search and knowledge discovery software, announced that Johns Hopkins University (JHU) has put the institution's Collexis Expertise Portal online. The portal is a public website where individuals can search, sort, or view compiled views of the research conducted by JHU and its faculty. Collexis builds profiles for each Johns Hopkins researcher automatically. When a researcher has a new paper published, the system updates their profile overnight -- meaning the information stays current. The Collexis approach has become popular with research intensive institutions like the National Institutes of Health that want to have a complete system to identify potential partnerships, translational research projects, or other unique connections between research experts. To date, most institutions have limited their systems to internal collaborations. Johns Hopkins University has elected to give public access to help promote relationships and translational research with other partnering institutions in the public and private sector. JHU has also contracted with Collexis for an ongoing search engine optimization project designed to make Johns Hopkins researchers more widely read and identified online through search engines like Yahoo, Microsoft, and Google. From the Collexis FAQ document: "Initially, Collexis differentiates itself from full-text search engines by making use of thesauri for information retrieval. The high-quality search is based on semantics that have been defined in a thesaurus or ontology: synonymous terms and terms in different languages are linked to a single concept. Hierarchical relations between concepts, links between definitions and terms, and other semantic relationships are utilized in the search applications. This process helps to highlight those terms most relevant to the searcher's query. Additionally, Collexis' matching technology is unique. The matching technology computes 'distances' between the query and the content items that are being searched, which allows discovery of partially matching documents. Users do not have to construct a complicated (Boolean) search query, but can simply enter a free text search without the risk of getting 'no results' due to extensive search term use. In fact, with matching technology the use of more search terms means faster and more accurate search results in general. Yet another aspect that differentiates Collexis is that the computer can easily manipulate the Fingerprints generated by the software. They can be aggregated, associated, clustered, etc. These manipulations also allow Collexis to provide information that goes beyond the level of a single document. Searchers can see information distributed over different documents as well as discernible patterns in a group of documents, e.g., a group of documents written by one author or belonging to a particular semantic category..."
See also: the Collexis FAQ document
Facebook Joins OpenID Foundation Board
David Recordon and Chris Messina, OpenID News
Facebook has now joined the OpenID Foundation's board as a sustaining corporate member. "Luke Shepard, a key member of Facebook's Platform and Connect teams and a huge internal advocate for OpenID, has been selected as their representative and joins the current board of seven community elected board members and six sustaining corporate members: Google, IBM, Microsoft, PayPal (joined last week), VeriSign and Yahoo!. Additionally, to maintain the ratio of community and corporate board members, Joseph Smarr will be joining the board as our eighth community member. As the OpenID community entered 2009 two key topics have become the focal points on the road to mainstream adoption: user experience and security. Given the popularity and positive user experience of Facebook Connect, we look forward to Facebook working within the community to improve OpenID's usability and reach. As a first step, Facebook will be hosting a design summit next week at their campus in Palo Alto which follows a similar summit on user experience hosted at Yahoo! last year. The summit will convene some of the top designers from Facebook, the DiSo Project, Google, JanRain, MySpace, Six Apart and Yahoo!, focusing on how existing OpenID implementations could support an experience similar to Facebook Connect. Facebook's financial contribution along with its membership on the board signals the company's enthusiasm to work more closely with the OpenID community, building up momentum towards their adoption of OpenID as a standard. Facebook furthering its commitment to openness couldn't have come at a better time to make 2009 an amazing year for OpenID and the wider social web..."
See also: Mike Schroepfer's blog
Paul Krill, InfoWorld
See also: Opera's Jens Lindstroem blog
XML Daily Newslink and Cover Pages sponsored by:
|Sun Microsystems, Inc.||http://sun.com|
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: firstname.lastname@example.org
Newsletter unsubscribe: email@example.com
Newsletter help: firstname.lastname@example.org
Cover Pages: http://xml.coverpages.org/