This issue of XML Daily Newslink is sponsored by:
ISIS Papyrus http://www.isis-papyrus.com
- The Open Group Releases SOA Ontology Standard
- Orleans: A Framework for Cloud Computing
- OASIS Specifications: Interoperable Security Standards for Web Services
- Cloud Computing on Rich Data
- Public Review for Open Grid Forum Open Cloud Computing Interface Core
- Salesforce.com Announces Multi-Platform Enterprise Cloud Database
- Web Sockets and the Risks of Unfinished Standards
The Open Group Releases SOA Ontology Standard
Staff, Open Group Announcement
"The Open Group has announced the availability of the Service Oriented Architecture (SOA) Ontology Technical Standard to develop and foster a common understanding between business and information technology (IT) communities regarding SOA concepts and terminology. Produced by members of the Open Group's SOA Work Group, the ontology in this 90 page document defines the concepts, terms and semantics of SOA in a common language that will allow for more precise and straightforward communications and facilitate SOA adoption without ambiguity. Three appendices include 'The OWL Definition of the Ontology', 'Relationship to Other SOA Standards', and 'Class Relationship Matrix'.
The ontology is represented in the Web Ontology Language (OWL) defined by the World-Wide Web Consortium (W3C). OWL has three increasingly expressive sub-languages: OWL-Lite, OWL-DL, and OWL-Full; this ontology uses OWL-DL, the sub-language that provides the greatest expressiveness possible while retaining computational completeness and decidability. The ontology contains classes and properties corresponding to the core concepts of SOA. The formal OWL definitions are supplemented by natural language descriptions of the concepts, with graphic illustrations of the relations between them, and with examples of their use. For purposes of exposition, the ontology also includes UML diagrams that graphically illustrate its classes and properties of the ontology.
The SOA Ontology is designed for use by: (1) business people, to give them a deeper understanding of SOA concepts and how they are used in the enterprise and its environment; (2) architects, as metadata for architectural artifacts; (3) architecture methodologists, as a component of SOA meta-models; (4) system and software designers, for guidance in terminology and structure. The SOA Ontology is also intended for use in conjunction with other industry standards and can also be used by computing systems to create modeling tools, automate standard terms and relationships, clarify working assumptions, and enable interoperability.
Angel Diaz, IBM vice president of Software Standards, notes: "Our customers have the need to create a shared understanding of SOA within their organization and among partners. The SOA Ontology provides a foundation for this, consistent with other standards such as SOA/ML and BPMN... we are leveraging it in other standards, including the SOA repository specification, S-RAMP, as well as supporting it across our portfolio'... Chris Harding, the Open Group's SOA Work Group forum director stated that 'The release of the SOA Ontologywill significantly benefit the industry considering the increased use of SOA within organizations, especially due to the rise of cloud adoption... it is critical for business and technical executives across disciplines and organizations to have a lingua franca for SOA to ensure the success of their deployments'..."
Orleans: A Framework for Cloud Computing
Sergey Bykov, Alan Geller (et al), Microsoft Research Report
"Client + cloud computing is a disruptive, new computing platform, combining diverse client devices — PCs, smartphones, sensors, and single-function and embedded devices—with the unlimited, on-demand computation and data storage offered by cloud computing services such as Amazon's AWS or Microsoft's Windows Azure. As with every advance in computing, programming is a fundamental challenge as client + cloud computing combines many difficult aspects of software development.
Orleans is a software framework for building client + cloud applications. Orleans encourages use of simple concurrency patterns that are easy to understand and implement correctly, building on an actor-like model with declarative specification of persistence, replication, and consistency and using lightweight transactions to support the development of reliable and scalable client + cloud software.
This paper makes the following contributions: (1) Identifies the challenges in building client + cloud software. (2) Describes a solution to these problems based on concurrent, replicated, asynchronous units of computation. (3) Extends the basic solution with light-weight transactions that ensure isolation, consistency, and error recovery. (4) Integrates persistence, replication, and consistency into the programming model and supports it in the language runtime. (5) Shows how a runtime can improve an application's performance by transparently distributing computations among servers...
Orleans defines an actor-like model of isolated grains that communicate through asynchronous messages and manage asynchronous computations with promises. The isolated state and constrained execution model of grains allows the Orleans runtime to persist, migrate, replicate, and reconcile grain state without programmer intervention. Orleans also provides lightweight, optimistic, distributed transactions that provide predictable consistency and failure handling for distributed operations across multiple grains. We believe that this framework will significantly simplify the development of complex cloud applications, by incorporating fundamental distributed computing functionality and abstractions into the system and by promoting the use of design patterns that promote scalability and reliability..."
OASIS Specifications: Interoperable Security Standards for Web Services
Sitaraman Lakshminarayanan, IEEE IT Professional
"Web services provide an interoperable mechanism that lets two different systems exchange messages. Securing Web services isn't any different from securing any other application: it requires authentication, authorization, encryption, digital signatures, and non-repudiation. However, to highlight the interoperable nature of Web services in addressing these security issues, the Organization for the Advancement of Structured Information Standards (OASIS) established the Web Services (WS)-Security standards. Here, I describe WS-Security and related standards and their roles in cloud computing environments.
WS-Security standards address not only confidentiality and integrity challenges but also challenges related to exchanging various security tokens, such as username and password, X.509, or the Security Assertion Markup Language (SAML). In a nutshell, a WS-Security-compliant message will contain information such as a security token represented as SAML (or some other token type), encrypted data represented as XML Encryption, and digitally signed data represented as an XML Signature. Although WS-Security might seem straightforward, it's important to understand the various standards it supports and how to leverage other related security standards to make the integration flexible and interoperable. For example, WS-Security supports SAML as a token type, but when a service provider is configured to require SAML as the authentication token, can the Web service consumer create a SAML token with the necessary information? [...]
The standards I mentioned here aren't the only ones that address Web services security. Other standards exist, including the OASIS Digital Signature Services for signature processing, the XML Key Management Interoperability Specification for distributing and registering public keys, and the WS-Metadataexchange (proposal) for exchanging metadata for Web services security. However, the standards mentioned here address the most common challenges experienced when securing a service.
The architecture I outlined will be more beneficial in cases where there's a mix of heterogeneous systems and cloud service models, and a need to control access from one place (authentication and authorization) and express policies in an interoperable manner. However, when the deployment scenario is very limited, as long as appropriate risks are understood, a variety of alternate options—such as such HTTPS mutual authentication and Internet Protocol Security—are available..."
Cloud Computing on Rich Data
Michael Kozuch, Jason Campbell, Babu Pillai (et al), DDJ
"In recent years, advances in semiconductor electronics have pushed the instrumentation of our world to unprecedented levels. Sensors are now all around us: many cell phones contain GPS receivers as well as cameras, doorways have motion detectors, stop lights sense vehicles at intersections, and satellites orbiting overhead are constantly imaging the Earth. Additionally, we have data sourced electronically: feeds from social networking sites, crawls of Web pages, repositories of medical images, results from computer simulations, etc. Many of the data objects from these sources are collected for analysis, archived, subjected to re-analysis, cross-correlated with other data objects, and processed to create additional, derived data sets. The result is that we live in a world that is data rich. In this article, we consider two types of data sources: stored and streaming. A stored data object is just that, information that has been archived in some way.
Cloud computing technologies enable many users to share modern computing clusters while providing mechanisms for scaling applications as needed. As a result, researchers in Intel Labs are investigating what challenges arise when leveraging cloud computing technologies in the context of rich data applications operating on either stored or streaming data, and what solutions may address those challenges. This research program includes support of the Open Cirrus research test bed, development of an open source software stack for operating on stored data, development of a runtime system for operating on streaming data, and exploration of the benefits resulting from integration of optical networks in compute clusters
To help provide cloud computing resources to this community, Intel, HP, and Yahoo!, in collaboration with the National Science Foundation, sponsored the Open Cirrus cloud computing testbed. The goals of the Open Cirrus project are to foster systems-level research in cloud computing, encourage new cloud computing applications and applications-level research, collect and share experimental datasets, and develop open-source stacks and APIs for the cloud...
As our world becomes increasingly data rich, new technologies are required to support the applications that process data sources—whether they are stored or streaming. In both cases, cloud-computing technologies provide an infrastructure that enables a large number of users to process shared data sets. However, the bandwidth and/or latency requirements of these applications dictate that special care must be taken when designing systems for these applications..."
Public Review for Open Grid Forum Open Cloud Computing Interface Core
Thijs Metsch, Andy Edmonds, Ralf Nyren (eds), Open Grid Forum Review Document
Members of the Open Grid Forum (OGF) Open Cloud Computing Interface Working Group (OCCI-WG) have released a specification Open Cloud Computing Interface - Core for public review through February 05, 2011. This document, part of a document series, produced by the OCCI working group within the Open Grid Forum (OGF), provides a high-level definition of a Protocol and API. The document is based upon previously gathered requirements and focuses on the scope of important capabilities required to support modern service offerings. A companion document "Open Cloud Computing Interface - Infrastructure", also out for public review, presents the definition of the OCCI Infrastructure extension for the IaaS domain. It defines additional resource types, their attributes and the actions that can be taken on each resource type.
The Open Cloud Computing Interface (OCCI) is a RESTful Protocol and API for all kinds of Management tasks. OCCI was originally initiated to create a remote management API for IaaS1 model based Services, allowing for the development of interoperable tools for common tasks including deployment, autonomic scaling and monitoring. It has since evolved into an exible API with a strong focus on interoperability while still offering a high degree of extensibility. The current release of the Open Cloud Computing Interface is suitable to serve many other models in addition to IaaS, including e.g., PaaS and SaaS.
The current OCCI specification is released as a suite of complimentary documents which together form the complete specification. The documents are divided into three categories consisting of the OCCI Core, the OCCI Renderings and the OCCI Extensions. The OCCI Core specification consist of a single document defining the OCCI Core Model. The OCCI Core Model can be interacted with renderings (including associated behaviours) and expanded through extensions. The OCCI Rendering specifications consist of multiple documents each describing a particular rendering of the OCCI Core Model. Multiple renderings can interact with the same instance of the OCCI Core Model and will automatically support any additions to the model which follow the extension rules defined in OCCI Core. The OCCI Extension specifications consist of multiple documents each describing a particular extension of the OCCI Core Model. The extension documents describe additions to the OCCI Core Model defined within the OCCI specification suite.
The OGF Open Cloud Computing Interface WG (OCCI-WG) was chartered to design a practical solution to interface with Cloud infrastructures exposed as a service (IaaS). We will focus on a solution which covers the provisioning, monitoring and definition of Cloud Infrastructure services. The group should create this API in an agile way as we can have advantages over other groups if we deliver fast. Overlapping work and efforts will be contributed and synchronized with other groups. The group will deliver an API specification for remote management of cloud computing infrastructure, allowing for the development of interoperable tools for common tasks including deployment, autonomic scaling and monitoring. The scope of the specification will be all high level functionality required for the life-cycle management of virtual machines (or workloads) running on virtualization technologies (or containers) supporting service elasticity..."
Salesforce.com Announces Multi-Platform Enterprise Cloud Database
Jeffrey Schwartz, Application Development Trends
"Billing it as the first database for the cloud, Salesforce.com announced Database.com, targeted at next-generation enterprise apps. Database.com, the underlying infrastructure for the company's Sales Cloud, Service Cloud and Force.com, is aimed at powering cloud, social and mobile apps running on its namesake service.
The company announced Database.com at its annual Dreamforce conference, taking place this week in San Francisco. Salesforce.com bills Database.com as a language independent database that can be accessed by any platform or device. It will be commercially available at an unspecified time next year but is available for free trials now.
Calling it the first database for the cloud may be open for debate. Among others, Amazon Web Services offers SimpleDB and Microsoft offers SQL Azure. But Salesforce.com is billing Database.com as a platform aimed at next-generation apps that can be used with its own or other cloud services. According to the company, Database.com will support applications written in any language, including Java, Microsoft's C#, Ruby and PHP, among others. It will provide connectivity via the REST or SOAP APIs. It supports identity access standards oAuth and SAML. In addition to running their apps on Force.com, apps developed for Database.com will run on VMware's VMforce, Amazon EC2, Google App Engine, the Ruby-based Heroku and Microsoft's Windows Azure. The company said apps written for Database.com can run on a number of devices including Android, iPhone, iPad and BlackBerry..."
From the White Paper: "An ever-growing list of enterprises trust salesforce.com products and services to deliver critical business applications, in large part because of salesforce.com's commitment to security and privacy. This paper first explains the terms security, privacy, and trust, and then explores the basic requirements for secure cloud computing. Subsequent sections of this paper provide a comprehensive introduction to the inherent security and privacy features of the Database.com cloud database service. And finally, this paper explains features that application providers using Database.com can use to build and secure their applications and customer data..."
Web Sockets and the Risks of Unfinished Standards
Stephen Shanklan, CNET News.com
"Enthusiasm for a promising new standard called Web Sockets has quickly cooled in some quarters as a potential security problem led some browser makers to hastily postpone support."
'The Web Sockets API" Working Draft "defines an API that enables Web pages to use the Web Sockets protocol for two-way communication with a remote host." And according to the October 17, 2010 IETF draft of The WebSocket Protocol: "The WebSocket protocol enables two-way communication between a user agent running untrusted code running in a controlled environment to a remote host that has opted-in to communications from that code. The security model used for this is the Origin-based security model commonly used by Web browsers. The protocol consists of an initial handshake followed by basic message framing, layered over TCP. The goal of this technology is to provide a mechanism for browser-based applications that need two-way communication with servers that does not rely on opening multiple HTTP connections (e.g.. using XMLHttpRequest or 'iframe's and long polling)."
Shanklan: "The Web Sockets technology, which opens up a live communication link between a browser and a server, remains an important part of plans to make the Web a home for more dynamic, interactive sites. It could, for example, speed up Google Instant searching and multiplayer games. But Mozilla and Opera put their Web Socket plans on hold this week until the wrinkles are ironed out.
The reversal is only the latest difficulty, though. Web Sockets development already had become somewhat contentious as eager browser makers — Google in particular — began including support for a specification they knew wasn't done. Overall, the Web Sockets history illustrates some pitfalls of the style and pace of Web standards development...."
XML Daily Newslink and Cover Pages sponsored by:
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: firstname.lastname@example.org
Newsletter unsubscribe: email@example.com
Newsletter help: firstname.lastname@example.org
Cover Pages: http://xml.coverpages.org/