A Cover Pages Publication http://xml.coverpages.org/
Provided by OASIS and Sponsor Members
Edited by Robin Cover
This issue of XML Daily Newslink is sponsored by:
Sun Microsystems, Inc. http://sun.com
Headlines
- Identity Metasystem Interoperability (IMI) Approved as OASIS Standard
- Group Examining SAML, Information Card for European Identity System
- Workshop on Improving Access to Financial Data on the Web
- Google, Nokia, Palm: Web May Be Ultimate Mobile Platform
- W3C Last Call Review for Rule Interchange Format (RIF) Working Drafts
- DataDirect Brings Mainframe SOA to Large U.S. Utility
Identity Metasystem Interoperability (IMI) Approved as OASIS Standard
Staff, OASIS Announcement
OASIS announced that its members have approved the Identity Metasystem Interoperability Version 1.0 specification as an OASIS Standard, signifying the highest level of ratification. IMI is best known as the technical protocol that enables Information Cards, a new way for people to register, login, and share information with websites without needing a new username and password for each site. According to Marc Goodner of Microsoft, co-chair of the OASIS Identity Metasystem Interoperability (IMI) Technical Committee: "Information Cards offer the best of both worlds — greater privacy and easier access. As an approved OASIS Standard, IMI assures interoperability across platforms and services, which will result in Information Card usage becoming even more widespread."
Information Cards are the digital equivalent of the cards people carry in their wallet or purse. They are stored in a new application called a card selector and carry information about a person's identity and relationship to the card provider, such as their employer, bank, library, store, etc.
The approved IMI Standard "is intended for developers and architects who wish to design identity systems and applications that interoperate using the Identity Metasystem Interoperability specification. An Identity Selector and the associated identity system components allow users to manage their Digital Identities from different Identity Providers, and employ them in various contexts to access online services. In this specification, identities are represented to users as Information Cards. Information Cards can be used both at applications hosted on Web sites accessed through Web browsers and rich client applications directly employing Web services. The specification also provides a related mechanism to describe security-verifiable identity for endpoints by leveraging extensibility of the WS-Addressing specification. This is achieved via XML elements for identity provided as part of WS-Addressing Endpoint References. This mechanism enables messaging systems to support multiple trust models across networks that include processing nodes such as endpoint managers, firewalls, and gateways in a transport-neutral manner."
See also: references in the September 2008 story
Group Examining SAML, Information Card for European Identity System
John Fontana, Network World
"A group co-funded by the European Union has reversed its thinking and is considering both SAML and Information Card as technologies to help create an interoperable identity and authentication system to link EU members. The Secure Identity Across Borders Linked (STORK) interoperable electronic identity project decided late last month to consider both SAML 2.0 and Information Card technology to help EU member countries integrate their identity systems, according to Drummond Reed, executive director of the Information Card Foundation, which includes Deutsche Telekom, Equifax, Google, Intel, Microsoft, Novell and Oracle among its steering committee members. Both technologies can help entities, including countries, federate identities. At the Stork's Industry Group meeting late last month, the group outlined its plans to explore a SAML 2.0 profile called "holder of key" as a means for preventing man-in-the-middle attacks when countries exchange identity information..."
The SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0 specification "allows for transport of holder-of-key assertions by standard HTTP user agents with no modification of client software and maximum compatibility with existing deployments. The flow is similar to standard Web Browser SSO, but an X.509 certificate presented by the user agent via a TLS handshake supplies a key to be used in a holder-of-key assertion. Proof of possession of the private key corresponding to the public key in the certificate resulting from the TLS handshake strengthens the assurance of the resulting authentication context and protects against credential theft. Neither the identity provider nor the service provider is required to validate the certificate..."
See also: the SAML V2.0 Holder-of-Key Web Browser SSO Profile
Workshop on Improving Access to Financial Data on the Web
Staff, W3C Announcement
A Call for Participation has been issued for an October 2009 "Workshop on Improving Access to Financial Data on the Web," co-organized by W3C and XBRL International and hosted by the U.S. FDIC. The Workshop is free of charge and open to anyone, subject to review of their statement of interest. The Workshop materials will be made publically available, including statements of interest and presentations provided by the participants.
Background: "The US Securities and Exchange Commission (SEC) has mandated that US public companies file reports in XBRL, starting with the largest companies in mid-2009. Other countries have similar plans, e.g. in the UK, thousands of companies already report in XBRL, which will be mandatory in 2011. In Asia, XBRL has gained early adoption in capital markets with Stock Exchanges in China, Japan, Singapore and South Korea all mandating the use of XBRL. Governments in Australia, the Netherlands and New Zealand, have made commitments to reduce corporate compliance burden using XBRL as part of Standard Business Reporting efforts. Much of the effort on XBRL so far has gone into developing the standards and taxonomies of reporting concepts, and on helping companies with preparing filings. Comparatively little effort has been spent on how to exploit the expected flood of data. It is now time to take a good look at the opportunities and challenges for interactive access to XBRL data at all stages of the reporting pipeline...
Workshop participants will collectively help to identify opportunities and challenges for interactive access to business and financial data expressed in XBRL and related languages. The extensible business reporting language (XBRL), is being widely adopted all around the world, and is set to become the standard way of recording, storing and transmitting business financial information. The creation, distribution, and consumption of Financial Content across the web touch millions of users and affects business decisions that have global implications..."
See also: the XBRL International web site
Google, Nokia, Palm: Web May Be Ultimate Mobile Platform
Marin Perez, InformationWeek
While Google, Nokia, and Palm take different approaches to the mobile space, executives from each company agreed during MobileBeat 2009 that the mobile Web will play a significant role in future application development. Mobile program makers are facing an increasingly fragmented world, as the smartphone space consists of Apple's iPhone, Google's Android, Nokia's S60 Symbian, Microsoft's Windows Mobile, Research In Motion's BlackBerry, and Palm's webOS. Additionally, most content creators also have to make apps for the various versions of J2ME if they want to reach a broad audience of feature phone users.
Vic Gundotra, Google's VP of engineering, said even the search giant isn't rich enough to support this many platforms at a sustainable rate over the long term. Gundotra said the Web will become a strong mobile development platform as things like HTML 5 and offline improvements become standardized... Palm has also made its Mojo software development kit available to the masses, and Palm said it uses standard Web technologies like HTML, CSS, and JavaScript. Palm is hoping to attract millions of Web developers, even those with little or no experience with mobile devices..."
W3C Last Call Review for Rule Interchange Format (RIF) Working Drafts
Staff, W3C Announcement
Members of the W3C Rule Interchange Format (RIF) Working Group have released a collection of six Last Call Working Drafts for rule interchange format specifications. While the language design is not expected to change significantly going forward, and now is the key time for external review, before the implementation phase.
This Working Group was chartered to "specify a format for rules, so they can be used across diverse systems. This format (or language) should function as an interlingua into which established and new rule languages can be mapped, allowing rules written for one application to be published, shared, and re-used in other applications and other rule engines. Because of the great variety in rule languages and rule engine technologies, this common format should take the form of a core language to be used along with a set of standard and non-standard extensions..."
Three of the working drafts define XML formats with formal semantics for storing and transmitting rules: (1) The "RIF Production Rule Dialect (PRD)" is designed for the kinds of rules used in modern Business Rule Management systems. (2) The "RIF Basic Logic Dialect (BLD)" provides a foundation for Logic Programming, classical logic, and related formalisms. (3) The "RIF Core Dialect" is the common subset of PRD and BLD, useful when having a ubiquitous platform is paramount. Other drafts: (4) "RIF Datatypes and Builtins (DTB)" specifies the datatypes and standard operations modeled on XPath Functions, available in all RIF dialects. (5) "RIF RDF and OWL Compatibility" specifies how RIF works with RDF, RDFS, OWL 1, and OWL 2. (6) "RIF Framework for Logic Dialects (FLD)" provides a mechanism for specifying extended dialects, beyond BLD, when more expressive power is required..."
DataDirect Brings Mainframe SOA to Large U.S. Utility
Vance McCarthy, Integration Developer News
"American Electric Power, one of the largest electric utilities in the U.S., is using DataDirect Shadow and SOA to update its valuable mainframe-based customer information system. Shadow's ability to leverage IBM's zIIP engine for SOA is bringing new levels of operational efficiency to AEP's project, a DataDirect official told IDN. AEP provides service to more than five million customers in 11 states.
AEP officials wanted to improve customer service, and so decided to upgrade its mainframe-based customer service applications for the web. AEP's applications, which use COBOL, DB2 data and CICS 3270 screens, now offer web GUIs and support web-to-legacy integration. AEP found an SOA approach with DataDirect Shadow provided two key benefits: (1) An easy way to de-couple applications from underlying data, saving developers time and speeding application updates; (2) A way to reduce the use of expensive mainframe CPU capacity required for mainframe SOA. Using DataDirect Shadow, AEP is able to run SOA-to-legacy transformation and integration on IBM's System z Integrated Information Processor (zIIP) specialty engine, without using the mainframe's core general purpose processor (GPP), making mainframe SOA more efficient and cost-effective..."
Sponsors
XML Daily Newslink and Cover Pages sponsored by:
IBM Corporation | http://www.ibm.com |
Microsoft Corporation | http://www.microsoft.com |
Oracle Corporation | http://www.oracle.com |
Primeton | http://www.primeton.com |
Sun Microsystems, Inc. | http://sun.com |
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: newsletter-subscribe@xml.coverpages.org
Newsletter unsubscribe: newsletter-unsubscribe@xml.coverpages.org
Newsletter help: newsletter-help@xml.coverpages.org
Cover Pages: http://xml.coverpages.org/