The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
SEARCH | ABOUT | INDEX | NEWS | CORE STANDARDS | TECHNOLOGY REPORTS | EVENTS | LIBRARY
SEARCH
Advanced Search
ABOUT
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors
NEWS
Cover Stories
Articles & Papers
Press Releases
CORE STANDARDS
XML
SGML
Schemas
XSL/XSLT/XPath
XLink
XML Query
CSS
SVG
TECHNOLOGY REPORTS
XML Applications
General Apps
Government Apps
Academic Apps
EVENTS
LIBRARY
Introductions
FAQs
Bibliography
Technology and Society
Semantics
Tech Topics
Software
Related Standards
Historic
Last modified: June 29, 2004
XML Industry News: 2004 Q2

XML News

This XML Industry News section consists mainly of links to company press releases announcing support for XML/XSL/XLink/XQuery etc. Other documents with reference collections:

Major articles on XML in the trade magazines, as well as the more substantive refereed articles on XML in technical publications, are listed in the dedicated database sections: Current XML Surveys and Overview Articles

Search: [Indexed Search]

  • [June 28, 2004] "Sun Contributes Four Java Breakthroughs to Open Source Community Including 'Project Looking Glass' and JAVA 3D. Project Looking Glass Will be Available to Developers on java.net. Additional Contributions Advance Adoption, Stimulate Growth and Promote Innovation." - "Sun Microsystems, Inc., the creator and leading advocate of Java technology, today underscored its commitment to open source and desktop technology leadership by contributing Project Looking Glass and Java 3D technology to the open source community. This contribution will unleash a new dimension of developer innovation by making Sun's cutting edge technology available at Sun's 3D Desktop Technology Open Source Project on java.net. Project Looking Glass' innovative desktop interface offers an intuitive, new 3D environment to interact with desktop applications featuring window transparency, rotation, zoom, multiple desktop workspaces and miniaturization. Sun also announced additional open source desktop efforts in collaboration with the Java developer community: the JDesktop Network Components (JDNC) and JDesktop Integration Components (JDIC). JDNC radically simplifies the development of rich networked desktop applications. JDIC seamlessly integrates cross-platform Java technology-based applications with the native desktop. These open source community contributions aim to promote innovation, ease of development, integration and interactivity on the desktop, and stimulate growth of the Java platform economy for all participants... JDNC aims to simplify the development of rich networked desktop applications. It offers a set of high-level user interface components with built-in networking and data-binding support that can be configured via Extensible Markup Language (XML). JDNC will lower the bar for rich client development and boost developer productivity, enabling a larger portion of developers to take advantage of highly interactive client applications..." See also "Sun Releases JDesktop Network Components (JDNC) as an Open Source Project."

  • [June 21, 2004] "OASIS oBIX Technical Committee Forms to Advance Web Services Standard for Building Management Industry." - "International standards consortium, OASIS, announced plans to advance oBIX (Open Building Information Xchange), a Web services implementation for the building management and controls industry. The new OASIS oBIX Technical Committee will define a standard method to enable mechanical and electrical systems in facilities and buildings to communicate with enterprise applications. oBIX is an example of the growing trend of vertical industries organizing within OASIS to develop standards that leverage Web services methods for their specific industry needs. oBIX will be applicable to a wide variety of smart systems embedded in facilities, such as heating, ventilation and air conditioning (HVAC), elevators, laboratory equipment, life/safety systems, access control, intruder detection, audio visual event management, closed circuit television monitoring, and many others. oBIX will also provide access to information from sensing devices that are not typically part of control systems, delivering real-time access to sensors that measure or monitor the physical space in a facility, including environmental sensing, electrical panels, and power meters. 'Currently, there is no easy way for IT departments to integrate their enterprise systems with those that run their buildings. Yet facilities represent the largest physical asset most companies have. Using Web services to enhance the effectiveness of building control systems promises to have an enormous impact on an organization's bottom line,' said Ron Zimmer, President & CEO of the Continental Automated Buildings Association (CABA). oBIX was originally established as a working group within CABA, which will continue its involvement through participation in OASIS... 'oBIX is an exciting example of applying Web services to solve a specific market requirement,' added Patrick Gannon, president and CEO of OASIS. 'The building controls industry recognized the need for a standard optimized for Internet technology. By choosing to advance this work within OASIS, CABA's domain experts join together with developers of more than 14 Web services initiatives currently underway at our consortium. We believe that proximity to other OASIS Web services standards efforts will help foster interoperability and encourage reuse of related work'..." See details in the news story "OASIS Forms Open Building Information Exchange (oBIX) Technical Committee."

  • [June 07, 2004] "OpenLink Releases Universal Server Platform. Virtuoso 3.5 Enables Organizations to Cost-Effectively Develop, Integrate, and Deploy SOA and Event-Driven Solutions." - "OpenLink Software, Inc., technology leader in the development and deployment of secure, high-performance database connectivity middleware, today announced the availability of Virtuoso 3.5, the company's universal server platform for service-oriented and event-driven applications. Designed for the emerging event-driven and service-oriented executable web, it comprises several traditionally distinct server features in a single server solution that includes: Web Services Platform, Object-Relational Database (SQL & XML), Replication Server, Web Application Server, and more. Virtuoso 3.5 provides an adaptable architecture that allows organizations to cost-effectively transition to real-time enterprises, leveraging the newest technologies on top of existing or legacy infrastructure. As a cross platform and standards compliant universal server, Virtuoso provides businesses with the ability to 'mix and match' the optimal combination of infrastructure components — e.g., databases, operating systems, application development and content management tools — to best meet ever-evolving technical requirements. At no point does a decision to deploy Virtuoso lock you into a platform, database engine, or programming language. 'We describe Virtuoso as a universal server because it's a single product that includes Unified Storage (SQL, XML, Free Text, and File-system Objects), Heterogeneous Data Integration, Web Services Composition, Web Services Orchestration, and more. This unique set of integrated features provides enterprises with a springboard into the new event-driven and service-oriented frontier popularly known as Web 2.0,' said Kingsley Idehen, CEO and Founder of OpenLink Software. "Our latest product release is a continuation of OpenLink Software's commitment to innovation and technology leadership in the areas of Data Access, Data Integration, and Web Services.' New enhancements available in Virtuoso 3.5 include: (1) Additional Web Services protocol support: WS-Security, WS-Policy, WS-Trust, WS-ReliableMessaging, WS-Routing; (2) Runtime Hosting enhancements: power to extend Virtuoso SQL with Microsoft .NET, Mono, or Java code, bringing application-tier logic into the database without compromising security; (3) Web Application Server enhancements: enabling deployment of Web Services and ASP.NET Web pages outside of the Windows platform; (4) SQL200N support: support features include SQLX compliant SQL and XML data integration; (5) SyncML support: for synchronizing data with disparate servers and Mobile devices..."

  • [June 01, 2004] "Sun Doubles Down on Identity Management Innovations and Alliances Underscore Commitment to Take Lead in Growing $4 Billion Market." - "During its second quarterly Network Computer '04 launch Sun Microsystems, Inc. announced a comprehensive set of products and alliances to power its position in the $4 billion identity management market. The new Sun identity management product line is one of the most open, modular and integratable solutions on the market and includes: the Sun Java System Identity Manager, the Sun Java System Access Manager and the Sun Java System Directory Server Enterprise Edition... Sun Java System Identity Manager, Sun Java System Access Manager and Sun Java System Directory Server Enterprise Edition are the three new identity management products, that combine Sun's deep technology expertise with industry-leading software acquired from Waveset Technologies. The Java System Identity Manager is the first product on the market to combine user provisioning and meta-directory capabilities — a trend analysts have been predicting. Java System Identity Manager securely manages both identity permissions and profiles, while also providing synchronization services for identities across the enterprise. The Java System Access Manager is designed to help customers manage secure access to both internal and external web-based resources. With the introduction of the Java System Access Manager, Sun will lead the industry in the support of federation standards, including both Liberty Phase 2 and SAML 1.1 specifications. The Java System Directory Server Enterprise Edition, a central repository for storing enterprise identity information, is the first to deliver enterprise-level services such as built-in fail-over, load-balancing, security and integration with Microsoft Active Directory — yet another proof-point in Sun and Microsoft's commitment to work together on interoperability in order to enable better network services compatibility..." See also: (1) Sun End-to-end identity management; (2) "Security Assertion Markup Language (SAML)"; (3) "Liberty Alliance Specifications for Federated Network Identification and Authorization."

  • [May 05, 2004] "Common Alerting Protocol (CAP) Ratified as OASIS Standard." - "The OASIS standards consortium today announced that its members have approved the Common Alerting Protocol (CAP) version 1.0 as an OASIS Standard, a status that signifies the highest level of ratification. CAP enables the exchange of emergency alert and public warning information over data networks and computer-controlled warning systems. By limiting transport-specific nomenclature, CAP remains remains fully compatible with existing public warning systems, including those designed for multilingual and special-needs populations, as well as with XML applications such as Web services. 'The CAP OASIS Standard has been designed to allow a consistent warning message to be communicated simultaneously over different systems, ' explained Allen Wyke, chair of the OASIS Emergency Management Technical Committee. 'By standardizing on a format, technology developers and vendors in the emergency, incident, and business continuity fields will be able to take a huge step forward in sharing this critical, and potentially life saving, information.' CAP is also expected to reduce costs and operational complexity by helping simplify the software interfaces needed to interact with the many sources and dissemination systems involved in all-hazard warnings. The new OASIS Standard addresses emergencies and incidents that apply to both the private and public sectors. CAP has been implemented by U.S. national and local agencies including the Department of Homeland Security, the National Weather Service, the United States Geological Survey, California Office of Emergency Services, and the Virginia Department of Transportation as well as companies such as Blue292. CAP data elements have been incorporated in the U.S. Department of Justice's 'Global Justice XML Data Model'..." General references in "XML and Emergency Management."

  • [April 27, 2004] "World Wide Web Consortium Publishes First Public Working Draft of Web Services Choreography Description Language 1.0 W3C's WS-CDL Targets Peer-to-Peer Web Services Collaboration." - "The World Wide Web Consortium (W3C) has issued the Web Services Choreography Description Language Version 1.0 as a W3C First Public Working Draft. The Web Services Choreography Description Language (WS-CDL) is targeted to coordinate interactions among Web services and their users. This is the first in the series of WS-CDL drafts... The WS-CDL specification defines peer-to-peer collaboration between Web service participants. A user of a Web service, automated or otherwise, is a 'client' of that service. Users may be other Web services, applications and human beings. In WS-CDL, a set of client interactions may be related over time in a 'collaboration group.' A collaboration group could be for example, a set of components that make up a business transaction or a database transaction. The future of e-business applications is in the loosely coupled, decentralized environment of the World Wide Web. This environment requires the ability to perform long-lived, peer-to-peer collaborations between the participating services, within or across the trusted domains of an organization. Applications that implement WS-CDL can accomplish this shared business goal, as the Working Group developed its requirements document to consider both broad practical business needs and sound theories. The WS-CDL specification brings together important resources from both industry and research. WS-CDL incorporates not only business requirements, but also seminal mathematical work in pi calculus, an algebra based on naming used to model systems that are physically or virtually mobile. Invited Experts in the W3C Web Services Choreography Working Group include Professor Robin Milner, the principal creator of pi calculus; Dr. Kohei Honda; and Dr. Nobuko Yoshida. Their collective work on pi calculus and correctness properties (livelock, deadlock and leak freedom) is the underpinning of WS-CDL, giving the language mathematical soundness..." See details in the news story: "W3C Publishes Web Services Choreography Description Language (WS-CDL)."

  • [April 22, 2004] "Forgent Networks Sues 31 Companies for Patent Infringement." - "Forgent Networks announced today that its wholly owned subsidiary, Compression Labs Inc., has initiated litigation against 31 companies for infringement of United States Patent No. 4,698,672 (the '672 Patent) in the United States District Court for the Eastern District of Texas, Marshall Division. Over the last two years, Forgent's intellectual property business has generated approximately $90 million from licensing the '672 Patent to 30 different companies in Asia, Europe and the United States. Forgent has sought to reach agreements on numerous occasions with all these companies, but as of today, none of the defendants have chosen to license. Forgent has retained Jenkens & Gilchrist, a national law firm, and The Roth Law Firm, of Marshall Texas, to represent it in the litigation. The defendants are: Adobe Systems Incorporated, Agfa Corporation, Apple Computer Incorporated, Axis Communications Incorporated, Canon USA, Concord Camera Corporation, Creative Labs Incorporated, Dell Incorporated, Eastman Kodak Company, Fuji Photo Film Co USA, Fujitsu Computer Products of America, Gateway Inc., Hewlett-Packard Company, International Business Machines Corp., JASC Software, JVC Americas Corporation, Kyocera Wireless Corporation, Macromedia Inc., Matsushita Electric Corporation of America, Oce' North America Incorporated, Onkyo Corporation, PalmOne Inc., Panasonic Communications Corporation of America, Panasonic Mobile Communications Development Corporation of USA, Ricoh Corporation, Riverdeep Incorporated (d.b.a. Broderbund), Savin Corporation, Thomson S.A., Toshiba Corporation and Xerox Corporation. The '672 Patent relates to digital image compression, and fields of use include any digital still image device used to compress, store, manipulate, print or transmit digital still images such as digital cameras. However, the '672 patent extends beyond digital cameras and includes many digital still image devices such as personal digital assistants, cellular telephones, printers, scanners and other devices used to compress, store, manipulate, print or transmit digital still images. Forgent has the exclusive right to use, license and enforce all the claims under the '672 Patent in all fields of use involving digital still image compression. 'Forgent is committed to developing all of its assets and technologies to maximize shareholder value. We believe we will prevail in this litigation as the '672 Patent is valid, enforceable and infringed,' said Richard Snyder, chairman and CEO of Forgent. 'It's unfortunate that despite the many opportunities these companies have had to license the patent, they have all declined to participate, leaving us no alternative but to litigate'..." See general references in "Patents and Open Standards."

  • [April 21, 2004] "Universal Application Network and Siebel Business Integration Applications Help Leading Organizations Achieve Unprecedented Success. UAN Unlocks Departmental Information and Creates End-to-End Business Processes for Improved Customer Satisfaction and Business Efficiency." - "Siebel Systems, a leading provider of business applications software, today announced at Siebel User Week 2004 significant customer successes, increased partner momentum, a continued demonstrated commitment to open standards, and expanded industry-specific business integration applications for Universal Application Network (UAN). UAN is a standards-based architecture for business integration that eliminates the cost and complexity associated with traditional integration methods by delivering pre-packaged business integration applications that run on leading integration servers. With UAN, companies can leverage their existing IT investments; deploy best-in-class applications; and streamline their business processes across departments, partners, vendors, and IT systems — unlocking customer data and distributing it throughout the enterprise. 'Business application integration is a significant issue for organizations with IT infrastructures that, on average, are chartered with supporting from 50 to 100 different technology systems,' said Nimish Mehta, Group Vice President, Universal Application Network, Siebel Systems. 'Due to the cost and complexity associated with integration, companies have historically been unable to integrate systems that would result in providing better and more aligned customer service and sales support. Siebel Systems and its partners share a vision of providing integration as a customer-centric, out-of-the-box solution with pre-built, industry-specific functionality. We are pleased that many leading global organizations have realized firsthand the business benefits gained by deploying UAN.' To support this growth and drive superior business performance, Siebel Systems and its partners today announced that its library of UAN-compliant Siebel Business Integration Applications (BIAs) now includes 165 cross-industry and industry-specific processes. Siebel Systems has also continued to demonstrate its commitment to open XML and Web Services standards by ensuring that UAN and Siebel BIAs support the latest version of Business Process Execution Language (BPEL 1.1). Siebel Systems is among the first enterprise software companies to express processes based on the BPEL 1.1 specification..." General references in "Business Process Execution Language for Web Services (BPEL4WS)."

  • [April 21, 2004] "Unicode Consortium Sponsors Locale Data Project." - "The Unicode Consortium announced today that it will be hosting the Common Locale Data Repository project, providing key building blocks for software to support the world's languages. To support users in different languages, programs must not only use translated text, but must also be adapted to local conventions. These conventions differ by language or region and include the formatting of numbers, dates, times, and currency values, as well as support for differences in measurement units or text sorting order. Most operating systems and many application programs currently maintain their own repositories of locale data to support these conventions. But such data are often incomplete, idiosyncratic, or gratuitously different from program to program. In the age of the internet, software components must work together seamlessly, without the problems caused by these discrepancies. The Common Locale Data Repository (CLDR) provides a general XML format for the exchange of locale information for use in application and system software development, combined with a public repository for a common set of locale data generated in that format. 'The consortium's goal is to enable people around the globe to use computers in their own languages,' said Mark Davis, president of the Unicode Consortium. 'The past ten years have seen great progress towards that goal: all modern software, and all standards based on XML, have adopted Unicode as the underlying representation of text on computers. We are now taking another major step by hosting the Common Locale Data Repository.' The Common Locale Data Repository was initially developed under the sponsorship of the Linux Application Development Environment (aka LADE) Workgroup of the Free Standards Group's OpenI18N team, with a 1.0 version released in January 2004. The founding members of the workgroup were IBM, Sun, and OpenOffice.org, later joined by Apple Computer. CLDR will be managed by a dedicated technical committee of the Unicode Consortium. Work continues to proceed apace during the transition: CLDR version 1.1 is expected in mid-May 2004, and a beta 1.1 version is available now..." See details in the news story "Unicode Consortium Hosts the Common Locale Data Repository (CLDR) Project."

  • [April 21, 2004] "WASP UDDI 5.0 Beta: Support for OASIS UDDI V3 Specification." - "Systinet has announced the Beta availability of WASP UDDI, 5.0, with full support for the OASIS UDDI V3 Specification. Systinet WASP UDDI is the first and only commercial registry to fully support the latest V3 specification, which provides new functionality specifically for private, enterprise deployments. A major advancement in the Version 3 specification is the support for digital signatures. By allowing UDDI entities to be digitally signed, a new level of data integrity and authenticity is delivered by UDDI. Inquirers of a registry can now filter their queries, only requesting data that has in fact been signed. When an inquirer then retrieves and verifies data from a registry, the inquirer can be confident that the data is exactly as the publisher intended it. Using the policy guide that is now part of the Version 3 specification, different UDDI implementations can mold a particular registry given its context. Some UDDI aspects that have been identified as policy decisions include the following: authorization models, data custody and confidentiality, key generation, value set validation, subscription, user publication limits, and audit policy. V3 makes is much easier to search and discover a relevant services. Now it is possible to conduct multi-step queries, use new qualifiers, wildcards and also to sort and handle large result flows. The subscription API set also provides for tracking registry activity and has been updated to support multi-registry environments. In such a way, users can establish a subscription based on a specific query or set of entities that the user is interested in. In the case of a query-based subscription, if the result set changes within a given time span, the user is notified. In the case of entity-based subscription, if the contents of one of those entities were to change, the user is notified. UDDI Version 3 introduces the notions of root and affiliate registries. The existence of a root registry enables its affiliates to share data with the root registry and among themselves with the knowledge that keys remain unique. The notion of registry topologies is thus enabled..." General references: "Universal Description, Discovery, and Integration (UDDI)."

  • [April 20, 2004] "New Alliance to Drive Adoption of Grid Computing in the Enterprise. Alliance to Focus on Pragmatic Solutions Using Grid Technology." - "Leading technology companies today launched the Enterprise Grid Alliance (EGA), a consortium formed to develop enterprise grid solutions and accelerate the deployment of grid computing in enterprises. Grid computing connects pools of computers, storage and networks, enabling enterprises to dynamically allocate resources based on changing business needs. Exploiting rapid advances in technology, enterprise grids enable organizations in the public and private sectors to adapt their Information Technology (IT) resources to their business needs. The EGA is an open, independent and vendor-neutral community addressing the near-term requirements for deploying commercial applications in a grid environment. Initial focus areas include reference models, provisioning, security and accounting. The Alliance will address obstacles that organizations face using enterprise grids, by looking at best practices and solutions that are open and interoperable. By focusing exclusively on the needs of enterprise users, the EGA will enable businesses to realize the many benefits of grid computing such as faster response to changing business needs, better utilization and service level performance and lower IT operating costs. The initial EGA Board includes EMC, Fujitsu Siemens Computers, HP, Intel, NEC, Network Appliance, Oracle and Sun Microsystems. Other founding members are AMD, Ascential Software, Cassatt, Citrix, Data Synapse, Enigmatec, Force 10 Networks, Novell, Optena, Paremus and Topspin. In addition to providing an open forum for enterprise software, hardware, service companies and end users, the EGA is working with other consortia and standards organizations to promote integrated enterprise grid solutions and improve adoption rates... The Enterprise Grid Alliance is an open consortium focused on developing and promoting enterprise grid solutions. Membership is open to all organizations via multiple participation tiers..." See other details and references in the news story: "Technology Companies Form Enterprise Grid Alliance (EGA) Consortium."

  • [April 20, 2004] "SchemaLogic and Innodata Isogen Sign Alliance Agreement. Cross-System Metadata Management Technology is Key Part of Content Supply Chain, Driving Major Cost Savings and Improved Information Retrieval." - "SchemaLogic, a software firm providing enterprise metadata and taxonomy management solutions, and Innodata Isogen, a leading provider of content supply chain solutions, today announced they have formed a new business alliance. Under the agreement, SchemaLogic and Innodata Isogen will work cooperatively on marketing and sales activities in the information management and content integration marketplace. Together, the companies provide a complete solution for large organizations producing and aggregating XML content. 'Innodata Isogen's expertise in XML and other open information standards, content management and publishing technologies and business process re-engineering is complemented by the enterprise metadata and taxonomy management software developed by SchemaLogic,' said Jeff Dirks, president and CEO of SchemaLogic. 'Together we can help customers better realize cost-savings and productivity gains in their content operations, while enabling them to improve compliance, agility and the findability of distributed information.' Innodata Isogen optimizes content supply chains — the sequence of activities necessary to create, use and distribute information or information products. SchemaLogic software manages the cross-system metadata, schema, taxonomies and vocabularies that define and describe distributed information. Together the firms deliver an enterprise view of data structures and semantics used by various systems, along with business processes that dramatically simplify content integration and information retrieval. 'Part of what we do is help clients organize and deliver information more effectively, more efficiently and more economically. SchemaLogic plays a key role by unifying the various metadata, schema and taxonomies used across disparate systems,' said George Kondrach, executive vice president of Innodata Isogen. 'SchemaLogic represents the state-of-the-art for reconciliation and synchronization of structural and semantic definitions used within different systems. In business terms, this makes it easier for systems to talk to each other and deliver information to the right people at the right time, no matter how it is created or where it is stored'... The never-ending demand to cut costs and make better decisions faster — plus new regulations (e.g., Sarbanes-Oxley, HIPAA) — mandate greater coordination, governance and control over distributed information. For these reasons, many companies place enterprise information architecture high on their 2004 priority list. Nick Gall, senior vice president of the META Group, recently wrote, 'Our research indicates that 2004 will be the breakout year for a unified concept of model-oriented architecture that better weaves together its various aspects: models, markup, schemas, self-description, reflection, and metadata'..."

  • [April 19, 2004] "Web Services Security (WSS) Ratified as OASIS Standard. AmberPoint, BEA Systems, Betrusted, Commerce One, Computer Associates, Documentum, Entrust, Fujitsu, HP, Hitachi, IBM, Microsoft, Netegrity, Nokia, Novell, Oblix, OpenNetwork, Oracle, Reactivity, RSA Security, SAP, Sarvega, SeeBeyond Technology, Sun Microsystems, Verisign, and Others Develop Foundational Standard for Security." - "The OASIS international standards consortium today announced that its members have approved the Web Services Security (WSS) version 1.0 (WS-Security 2004) as an OASIS Standard, a status that signifies the highest level of ratification. WSS offers a trusted means for applying security to Web services by providing the necessary technical foundation for higher-level services. Gartner analyst, Ray Wagner, advised, 'Enterprises should adopt WSS formatting for all across-the-firewall Web service deployments, even in cases where no security needs have been identified. Gartner believes that WSS will be the standard for the majority of Web services, and committing to it now will allow enterprises to easily modify the security profile of deployed Web services in the future.' WSS builds upon existing security technologies such as XML Digital Signature, XML Encryption and X.509 Certificates to deliver an industry standard way of securing Web services message exchanges. Providing a framework within which authentication and authorization take place, WSS lets user apply existing security technology and infrastructure in a Web services environment. 'By enabling applications to share information regarding network access regardless of the underlying platform, Web Services Security paves the way for broader adoption of Web services,' said Chris Kaler of Microsoft, co-chair of the OASIS WSS Technical Committee. 'The OASIS WSS TC is pleased by the support and commitment of the Web services community leading to the ratification of Web Services Security as an industry standard.' WSS handles complex confidentiality and integrity for SOAP (Simple Object Access Protocol) messages, providing a general-purpose mechanism for associating security tokens with message content. Designed to be extensible, WSS supports multiple security token formats. 'A client might provide one format for proof of identity and another format to verify their business certification,' explained Kelvin Lawrence of IBM, co-chair of the OASIS WSS Technical Committee. 'Using WSS, a system can authenticate the identity of a person connecting to several networks at once or pass data between two applications securely.' 'The Web Services Security OASIS Standard represents a truly impressive collaboration from across the industry,' noted Patrick Gannon, president and CEO of OASIS. 'It is testament to the value of the open standards process where users and vendors, large and small, come together to advance a common good. WSS delivers a much-needed foundational technology that will enable Web services to be deployed with confidence'..." See details in the news story "OASIS Web Services Security Specification Approved as an OASIS Standard."

  • [April 15, 2004] "Parasoft SOAPtest 2.6 Supports WS-Security in Comprehensive Web Services Testing Solution. Web Services Testing Product Boasts WS-Security Support, Application Logic Testing, and Asynchronous Testing." - "Parasoft, leading provider of Automated Error Prevention (AEP) software solutions, announced today the release of SOAPtest 2.6, the most comprehensive Web services testing product available today, verifying every aspect of a Web service from WSDL validation, to client/server unit and functional testing, to performance testing. The latest version of SOAPtest offers full support for the recently approved WS-Security 2004, application logic testing, asynchronous testing support, and other features designed to help development teams prevent errors and accelerate time to market for their Web service initiatives. 'Cybersource chose Parasoft's SOAPtest for Web Services testing due to its breadth of functionality,' said Mike Jimenez, Chief Architect, Cybersource Corporation. 'It clearly stood out that Parasoft's SOAPtest was architected to not only meet the functional demands of today's environment but also to evolve as future standards and protocols are released. The flexibility of the product has enabled us to verify the most complex behaviors of our Web services including security and workflow and the level of automation has allowed us to build our tests in a surprisingly short amount of time'... What's new in SOAPtest 2.6: (1) Enhanced WS-Security features including options for interoperability with various implementations of WS-Security; (2) Fully integrated asynchronous HTTP testing including Parlay, Parlay X and SOAP Conversation Protocol support; (3) Application logic testing: Can pass along dynamic results to subsequent tests, specify test suite logic and specify 'start-up' and 'clean-up' tests; (4) Enhanced XML transformation tools with the ability to specify transformation and extractions; (5) Detailed load testing report option with the ability to select and view individual hits in graphical or table mode; (6) Uniform and Poisson randomization options in 'Hits per Second' and 'Virtual Users' mode... 'We are constantly adding new features and functionality to SOAPtest in order to stay on the leading edge of Web services technology,' said Gary Brunell, Parasoft Vice President of Professional Services. 'Web services are maturing rapidly and Parasoft aims to give customers turnkey solutions to help them improve the software development lifecycle and prevent errors in the development process'..."

  • [April 14, 2004] "Oracle JDeveloper 10g Enhances Productivity in Grid and Service-Oriented Architectures." - "Oracle JDeveloper 10g, the newest release of Oracle's award-winning Java and Web services development environment, is now available. This version features Oracle Application Development Framework (ADF), an innovative 'productivity layer' that simplifies application development, enabling developers of all skill levels to create J2EE applications and Web services. 'We've been using Oracle JDeveloper to develop our Enterprise Java Beans-based business services, and are now leveraging Oracle ADF to develop the Web interface for the system,' said Les Morton, project team leader at Associated Wholesalers Inc., an early adopter of Oracle JDeveloper 10g. 'Oracle JDeveloper simplifies the development of our J2EE application with its visual approach to development and its productive and open framework. This tool helps us accelerate our development cycle, providing a higher ROI for IT projects at our company'... Oracle JDeveloper 10g helps developers use the latest Service-Oriented Architecture (SOA) development methodologies to quickly and easily assemble more efficient applications from a set of shared business services. Now, developers can create more flexible applications that seamlessly evolve with changing business requirements, such as integrating systems after an acquisition, customizing hosted applications for a new client, or expanding data collection and analysis across several strategic partners. 'The emergence of SOAs and grid computing are essential to making the agile enterprise a reality,' said Mark Driver, vice president and research director, Gartner Group. 'By building Web services for enterprise grid computing, applications become easier to maintain, manage, access and integrate to respond to changing business needs'... Today's developers often find they must choose between productivity and openness when selecting tools because many vendors focus their innovations on proprietary technologies that lock developers into a specific platform. In contrast, Oracle continues to champion open industry standards by architecting Oracle JDeveloper 10g to use 100 percent open J2EE and Web services interfaces and supporting deployment to any J2EE-compatible application server. Oracle JDeveloper 10g is immediately available for free download and evaluation from the Oracle developer community Web site, Oracle Technology Network..."

  • [April 13, 2004] "Arbortext Announces DITA Support, Enables Information-Architected Topic-Based Authoring." - "Arbortext, the leading global provider of automated publishing software, today announced the next release of Arbortext 5 will include support for Darwin Information Typing Architecture (DITA), an IBM-created, OASIS-sponsored initiative that is an XML-based, end-to-end architecture for authoring, producing, and delivering technical information. This architecture consists of a set of design principles for creating 'information-typed' modules at a topic level and using that content in delivery modes such as online help and product support portals. DITA is an innovative open standards initiative to develop specialized data models for XML publishing applications that can readily adapt to the requirements of diverse applications while retaining both information and application compatibility. Starting with the DITA 'topic' data model, different groups can modify it to support their unique requirements without fear of breaking enterprise publishing software applications or creating incompatibilities with other groups or divisions that would prevent information sharing. DITA specializations can be 'snapped on' as deltas to the base support, preventing the need to create or update massive DTDs. The core of DITA provides rich set of semantics for creating architected information. 'We are excited to be among the first to include support for DITA in our software,' said PG Bartlett, Vice President of Product Marketing at Arbortext. 'We believe this is a very important initiative because it addresses the 'brittleness' of traditional data models, thereby alleviating much of the expense of creating and updating them. Arbortext is the first to include provisions for DITA specialization in our core product. This allows DITA customizations to be programmed once and then used in all specialized DITA documents.' 'Arbortext continues to be a leader in the industry with its support for standards,' said David Schell, Corporate Lead for Technical Publications and User Assistance for IBM. 'Because they are building support for DITA into the core of their software, organizations that use Arbortext software will be able to build highly customized applications while taking full advantage of the benefits that DITA has to offer'... Arbortext's software is installed at over 1,400 organizations worldwide. Current customers include American Express Financial Services, Audi, Boeing, Bombardier, British Aerospace, Caterpillar, DaimlerChrysler, Ericsson Telecom, Ford, General Electric, GM, IBM, International Thomson Publishing, Lucent, Nokia, Nortel Networks, PeopleSoft, Pfizer, Ricoh, Sun Microsystems, Toyota, United Airlines, Volkswagen and Volvo. Arbortext is a founding member and active participant in the XML Activity of the World Wide Web Consortium (W3C). Headquartered in Ann Arbor, Michigan, USA, Arbortext has offices around the world..." See: (1) the news story "OASIS Members Form New TC for the Darwin Information Typing Architecture (DITA)"; (2) general references in "Darwin Information Typing Architecture (DITA XML)."

  • [April 12, 2004] "OASIS DITA Technical Committee Forms to Advance XML Standard for Authoring Reusable Content in Documents." - "International standards consortium, OASIS, announced plans to advance the Darwin Information Typing Architecture (DITA), a document creation and management specification that builds content reuse into the authoring process. The XML architecture defined by the new OASIS DITA Technical Committee will be used to design, write, manage, and publish technical documentation in print and on the Web... Focusing on the 'topic' as a conceptual unit of authoring, DITA will extend existing content markup to represent domains of specialized markup common across sets of topics, e.g., hardware vs. software. Larger documents can be created by aggregating topic units. Content referencing combines several topics into a single document or allows content to be shared among topics. 'With DITA, the distinction between reusable content and reusing content disappears,' said Dave Schell, convener of the OASIS DITA Techncial Committee. 'That's because DITA's strength lies in a unified content reuse mechanism that enables an element to replace itself with the content of a like element elsewhere, either in the current topic or in a separate topic that shares the same content models.' Don Day of IBM, proposed chair of the OASIS DITA Technical Committee, added, 'DITA goes beyond standard entity reuse to allow reused content to exist in a valid XML file with a DTD. The net result is that reused content gets validated at authoring time, rather than at reuse time, catching problems at their source.' By enabling definitive semantics, DITA will allow more automatable processes, consistent authoring and better retrievability and applicability to specific industries. Through the use of a common specification, DITA content owners will benefit from industry support, interoperability, and reuse of community contributions. At the same time, through specialization, content owners will be able to address the specific requirements of their business or industry. OASIS DITA Technical Committee members include representatives of Arbortext, Innodata Isogen, IBM, and others. The group brings together XML tools vendors, consultants on Information Architectures and Content Management Systems (CMS), and users of the DITA Document Type Definitions (DTD) and Schemas. Participation remains open to all organizations and individuals; OASIS will host a mail list for public comment..." See other details in the news story.

  • [April 12, 2004] "Microsoft and InterTrust Settle Outstanding Litigation and License Intellectual Property." - "Microsoft Corp. and InterTrust Technologies Corp. today announced that Microsoft has taken a comprehensive license to InterTrust's patent portfolio for a one-time payment of $440 million. The agreement resolves all outstanding litigation between the two companies. InterTrust receives rights under Microsoft patents to design and publish InterTrust reference technology specifications related to digital rights management (DRM) and security. Microsoft and InterTrust believe this agreement will accelerate adoption and development of DRM technologies... The settlement agreement ensures that Microsoft's end-user customers can use Microsoft products and services as they are intended to be used without requiring a license from InterTrust. In addition, software developers who build products that use Microsoft platform technology will not require an InterTrust license for normal and expected uses of the Microsoft technologies... 'DRM solutions are essential to secure valuable personal, business and commercial content in a massively connected world,' said Will Poole, senior vice president of the Windows client business at Microsoft. 'With our existing technology and IP portfolio combined with our new agreement with InterTrust, Microsoft is committed to working with the broader industry to accelerate the promotion of DRM standards and solutions. Microsoft and our partners are delivering the most powerful and flexible rights management solutions in the industry, while assuring customers that we have the IP necessary in striving to secure our products'..." General references in "XML and Digital Rights Management (DRM)."

  • [April 12, 2004] "WS-I Re-Elects webMethods to Board of Directors. Adobe Systems, America Online, Ford and Toshiba Join Web Services Interoperability Effort." - "The Web Services Interoperability Organization ('WS-I') today announced that Andy Astor, vice president, strategic solutions at webMethods, Inc., has been re-elected to the Board of Directors by the WS-I member community. Astor will serve a two-year term alongside representatives from Accenture, BEA Systems, Inc., Fujitsu Ltd., HP, IBM, Intel Corp., Microsoft Corp., Oracle, SAP AG and Sun Microsystems. WS-I also announced today that Adobe Systems, Inc., America Online, Inc., Ford Motor Co. and Toshiba have joined as contributing members. 'That webMethods has been elected for a second-term to WS-I is a tremendous vote of confidence in our leadership from the Web services community,' said Andy Astor, vice president, strategic solutions at webMethods. 'We are grateful for the opportunity to continue to leverage our integration and interoperability experience to bring a platform-independent, pragmatic perspective to the WS-I Board of Directors. As a leader in Web services-related standards effort for the past seven years, webMethods has demonstrated its commitment to WS-I principles and will continue to promote the adoption of specifications that enable Web services interoperability across all platforms, applications and programming languages.' Interest in WS-I has remained high since its founding in February, 2002, and end-user company involvement continues to grow. Today, WS-I welcomed Adobe Systems, America Online, Ford Motor Co. and Toshiba as contributing members. More than 30 percent of WS-I's membership is now comprised of end-user companies from industries including automotive, financial services, healthcare, insurance, telecommunications, and travel and hospitality..." General references in "Web Services Interoperability Organization (WS-I)."

Earlier Announcements 2004 Q1

  • [March 31, 2004] "OASIS WSRP Interop Demo Showcases New Portal Standard for Aggregating Content. BEA, Citrix, Gluecode, IBM, Oracle, Plumtree, and Others Demonstrate Web Services for Remote Portlets OASIS Standard at Delphi Enterprise On-Demand Summit." - "Seven vendors collaborated to showcase interoperability of the recently approved OASIS Standard, Web Services for Remote Portlets (WSRP), at today's Delphi Group Enterprise On-Demand Summit. Members of the OASIS WSRP Technical Committee demonstrated the use of WSRP to enable user-driven integration, by aggregating content from various sources and across multiple platforms. Together, they showed how portlets can be reused on portals via WSRP rather than requiring each portal to separately install a complete set of portlets. WSRP maximizes both control and availability for the portlet hosting site while minimizing costs for the remote portal sites. 'With WSRP, users browse through libraries of content and information resources, bringing them into portals and other applications through 'plug-and-play' integration,' explained Nathaniel Palmer, analyst for the Delphi Group. 'The WSRP OASIS Standard offers the opportunity to greatly reduce the cost of integration, without jeopardizing the integrity of information and content repositories.' In the OASIS WSRP Interop Demo, content from portlets running on five different platforms, including .NET, was aggregated and interacted with in a manner equal to that of locally hosted portlets. BEA, IBM, Oracle, and Plumtree provided test implementations of a WSRP Consumer within their portal servers. 'Without WSRP, this would require manual coding of integration points between portal vendors,' noted Rich Thompson of IBM, chair of the OASIS WSRP Technical Committee. 'With WSRP, portlet repositories continue to be maintained by the appropriate administrators, but the resources they provide are accessible to non-technical business users'..." General references: "Web Services for Remote Portals (WSRP)."

  • [March 29, 2004] "ISO Approves ebXML OASIS Standards. ebXML Suite of Technical Specifications Promises to Cut Costs and Simplify Processes for e-Business." - "The International Standards Organization (IS0) has approved a suite of four ebXML OASIS Standards that enable enterprises in any industry, of any size, anywhere in the world to conduct business over the Internet. The submissions from OASIS will be published as ISO technical specifications, ISO/TS 15000. The new ISO 15000 designation, under the general title, Electronic business eXtensible mark-up language, includes four parts, each corresponding to one of ebXML's modular suite of standards: [1] ISO 15000-1: ebXML Collaborative Partner Profile Agreement; [2] ISO 15000-2: ebXML Messaging Service Specification; [3] ISO 15000-3: ebXML Registry Information Model; [4] ISO 15000-4: ebXML Registry Services Specification. Until now, the technology available for most businesses to exchange data was electronic data interchange (EDI), which made significant contributions to productivity and inventory control. Many companies, however, find EDI expensive and difficult to implement. The ebXML initiative, using the economies of scale presented by the Internet, breaks through these obstacles. ebXML provides companies with a standard method to exchange business messages, conduct trading relationships, communicate data in common terms and define and register business processes. It aims to make it easier for organizations to interface with others within and outside their industry, open up new markets with less effort than before and, at the same time, cut costs and simplify process associated with traditional document exchange. 'ISO/TS 15000 underscores the importance of partnership between ISO and standards-developing organizations as OASIS to craft a common set of standards and reflects the international community's recognition of the importance of ebXML in enabling electronic business,' said Alan Bryden, ISO Secretary-General. 'We applaud the developers of ebXML within OASIS and the United Nations Centre for Trade Facilitation and Electronic Business (UN/CEFACT) for their contributions to open trade data interchange and harmonization.' 'ISO approval is a gratifying endorsement of both ebXML and the OASIS open standards process,' noted Patrick Gannon, president and CEO of OASIS. 'ISO designation makes the already widely adopted ebXML standards even more accessible to adopters —particularly those implementing business solutions for governments — who look to ISO for assurance of long term viability.' John Borras, Director Technology Policy, U.K. Office of the e-Envoy, characterized the ISO approval as 'a milestone for domestic and international electronic trade. Government agencies, users, and trade organizations can specify ebXML compliance with even greater confidence.' ISO/TS 15000 was approved by ISO technical committee ISO/TC 154, Processes, data elements and documents in commerce, industry and administration..." General references in "Electronic Business XML Initiative (ebXML)."

  • [March 23, 2004] "XyEnterprise Announces Support for XSL-FO and a Web-Based Style Editor for XML Professional Publisher. New Offerings, Enhancements Create Significant Advantages for Standards-Based Publishing." - "XyEnterprise, the leading developer of XML content management and enterprise publishing software, announced today a new style creation tool and support for XSL-FO in its leading XML publishing software — XML Professional Publisher (XPP). XPP is used for automated and interactive publishing in XML publishing environments, providing unmatched support for XML content, automated rendering, and Web Services integration. The new features will enable customers to enjoy further productivity gains and standards support from the world's leading automated publishing engine. XSL-FO, a recommendation from the World Wide Web Consortium (W3C), is a standard way to describe rules for formatting XML content. XPP will apply an XSL stylesheet to an XML instance, and use this information to render XML content to Postscript or PDF output. Users will have access to the robust and unmatched publishing capabilities of XPP that supplement the XSL-FO standard, including the ability to interactively edit the formatted file, control the placement of graphics, and apply sophisticated controls for page and column balancing, hyphenation and justification, and complex tabular formatting... The new style creation and management interface, based on XPP's Web Services layer, presents a browser-based look and feel for creating and managing style information. The interface simplifies the selection of style choices and enhances the ability to use, modify, and apply styles. The Style Editor enables users to access style information in an intuitive point-and-click fashion, use existing styles as a basis for new styles, and re-use style settings across many XML documents. Because this is a Web Services interface, customers can configure or customize which features and functionality related to style management and publishing can be accessed by end users. This will reduce learning curves and enable more users to access the power and productivity offered by XPP. Mark Walter, Senior Analyst for the Seybold Consulting Group, stated: 'This new functionality advances the state of the art in standards-based publishing in two ways. First, it combines the capability to handle XML documents — from simple statements through complex typeset materials — with the proven publishing capabilities of XPP. Second, it embraces the services-oriented architecture that both corporate and commercial publishers are adopting. The XyEnterprise Style Editor exposes the rich functionality of the XPP composition engine to a broader base of users in the enterprise without compromising a graphic services department's ability to configure and control the implementation'..." See: (1) "XSL/XSLT Software Support"; (2) "Extensible Stylesheet Language (XSL/XSLT)."

  • [March 18, 2004] "Intel Joins the Liberty Alliance Project. Membership Underscores Intel's Commitment to Advance Open Standards Development." - "The Liberty Alliance Project today announced that Intel Corporation has joined the global consortium developing an open federated identity standard and business tools for implementing identity-based services, as both a sponsor member and participating company on the Alliance's Management Board. As a Liberty Alliance member, Intel will continue its efforts towards the evolution of additional devices that can take advantage of Liberty Alliance compliant infrastructure and services. Liberty's federated approach to identity management provides a standards-based foundation for identity networks and services. By identity-enabling systems and services, companies can increase security, create new efficiencies to cut internal IT costs, enable new business opportunities and make Web services more privacy friendly. Identities play a large role in the convergence between computing and communications, which is an evolution Intel has been driving for many years. Intel has worked hard to advance basic building blocks both at the silicon level as well as at the platform hardware/software level. Joining Liberty Alliance will help Intel continue to advance the development of identity standards that will become one of the basic building blocks for emerging computing and communications usage models. 'Authentication and identity management are critical to the success of new computer and communications usages,' said Colin Evans, Director System Software, Corporate Technology Group, Intel. 'Liberty Alliance brings together an exciting array of companies from many industries to define these standards and we are looking forward to working with our customers and member companies to make implementation a reality across all the hardware platforms we provide.' In addition, as the newest member on the Management Board, Intel is one of 15 companies responsible for overall governance and operations of the Liberty Alliance. This new membership status will allow Intel the opportunity to work with the Liberty Alliance membership to assist in the creation and recommendation of future specifications and business tools in the area of federated identity..." General references in "Liberty Alliance Specifications for Federated Network Identification and Authorization."

  • [March 17, 2004] "WS-I Completes Basic Profile 1.0 Deliverables with Availability of Testing Tools. Basic Profile 1.0 Testing Tools Assess Compliance. WS-I Now Sets Sights on Interoperability for Web Services Security." - "The Web Services Interoperability Organization ('WS-I') today announced the general availability of its testing tools for the assessment of Web services' interoperability with the WS-I Basic Profile. Final versions of the Web Service Communication Monitor and the Web Service Profile Analyzer are now available on the WS-I website... With C# and Java tools implementations available there is a version for every Web services platform. The news was announced at the WS-I Spring Community Meeting taking place this week in Vancouver... The Web Service Communication Monitor ('Monitor') captures messages exchanged with Web services, and stores these messages for analysis by the second tool, the Web Service Profile Analyzer ('Analyzer'). The Analyzer evaluates messages captured by the Monitor, and also validates the description and registration artifacts of the Web service. These artifacts include the WSDL document(s) that describes the Web service, the XML schema files that describe the data types used in the WSDL service definition, and the UDDI registration entries. More than 300 test cases have been written and automated for the Analyzer tool. Each test case exercises between 50 and 90 test procedures. The output from the Analyzer is a report that indicates whether or not a Web service meets the interoperability guidelines of the WS-I Basic Profile. The report provides details on the specific deviations and failures, so that users know which requirements of the WS-I Basic Profile were not met... Having completed the WS-I Basic Profile 1.0 deliverables, WS-I is currently working to develop interoperability guidelines to address attachments and Web services security. In December, WS-I published drafts of the Basic Profile 1.1, Simple SOAP Binding Profile 1.0 and the Attachments Profile 1.0 for public review. In addition, the Basic Security Profile Working Group expects to publish a draft of the Basic Security Profile early next quarter. The Basic Security Profile will profile the OASIS WS-Security specification and its associated normatively referenced specifications. Last month, WS-I announced the availability of the first Security Scenarios Working Group Draft for public review. This document outlines security risks in building interoperable Web services and countermeasures for these risks..." See details in the news story: "WS-I Releases Final Testing Tools Package for Basic Profile 1.0 Compliance." General references in "Web Services Interoperability Organization (WS-I)."

  • [March 16, 2004] "World Wide Web Consortium Issues VoiceXML 2.0 and Speech Recognition Grammar as W3C Recommendations. Critical Components of the W3C Speech Interface Framework Now Complete." - "Giving voice to the Web, the World Wide Web Consortium (W3C) has published VoiceXML 2.0 and Speech Recognition Grammar Specification (SRGS) as W3C Recommendations. The goal of VoiceXML 2.0 is to bring the advantages of Web-based development and content delivery to interactive voice response applications. SRGS is key to VoiceXML's support for speech recognition, and is used by developers to describe end-users responses to spoken prompts. Today's announcement marks the advancement to Recommendation status of the first two specifications in W3C's Speech Interface Framework. Aimed at the world's estimated two billion fixed line and mobile phones, W3C's Speech Interface Framework will allow an unprecedented number of people to use any telephone to interact with appropriately designed Web-based services via key pads, spoken commands, listening to pre-recorded speech, synthetic speech and music... In the W3C Speech Interface Framework, VoiceXML controls how the application interacts with the user, while the Speech Synthesis Markup Language (SSML) is used for spoken prompts and the Speech Recognition Grammar Specification (SRGS) for guiding the speech recognizers via grammars that describe the expected user responses. Other specifications in the Framework include Voice Browser Call Control (CCXML), which provides telephony call control support for VoiceXML and other dialog systems, and Semantic Interpretation for Speech Recognition, which defines how speech grammars bind to application semantics... The Speech Recognition Grammar Specification — SRGS — allows applications to specify the words and phrases that users are prompted to speak. This enables robust speaker independent recognition. SRGS covers both speech and DTMF input. DTMF input is valuable in noisy conditions or when the social context makes it awkward to speak. Speech recognizers are generally able to report the degree of confidence — that is, the likelihood of having correctly recognized the word or phrase — and may provide the most likely alternatives when the recognizer is uncertain as to which of them the user actually said..." See details in the news story: "VoiceXML 2.0 and Speech Recognition Grammar Published as W3C Recommendations." General references in "VoiceXML Forum."

  • [March 16, 2004] "Bowstreet Introduces Portlet Factory. Provides Compatibility with All JSR 168 Compliant Portals. Launches JSR 168 Validation Program with Industry Leaders." - "Bowstreet, a leading provider of development tools for adaptive Java 2, Enterprise Edition (J2EE) platform applications, announced the release of Bowstreet Portlet Factory version 5.8, compatible with all portal platforms that adhere to the JSR 168 standard. Bowstreet Portlet Factory version 5.8, introduced at DCI's Portals, Collaboration & Content Management Conference underway this week in San Francisco, enables the rapid creation of JSR 168 compliant portlets. JSR 168 was developed through the Java Community Process (JCP), the community-based process that designs and revises Java technology specifications, reference implementations, and technology compatibility kits. It is a standard that ensures a single way to design, build, test, package, and maintain portlets and thereby make those portlets available across a wide range of portals. In addition to launching Bowstreet Portlet Factory, the company also formed the Bowstreet JSR 168 validation program. Through this program, Bowstreet Portlet Factory will undergo validation with all program members' portals. To date, program members include Sun, Plumtree, and IBM. 'Sun's customers are starting to stretch their portal boundaries, looking for new ways to access and process information from their many back-end systems, and present it in a relevant, user-friendly way,' said Stuart Wells, vice president of market development, Sun Microsystems. 'Bowstreet Portlet Factory will help customers transform their portals, giving them a rich, user-adaptive portal experience in a fraction of the development time. Also, by supporting the JSR 168 and J2EE standards, Bowstreet is helping its customers broaden the reach and usefulness of the portlets they build.' 'Our Radical Openness product strategy is a long-term commitment to ensure that our solution is interoperable with customers' existing technologies,' said Glenn Kelman, vice president of product management and marketing, Plumtree. 'Supporting Bowstreet in its JSR 168 portlet validation initiative, together with other activities such as launching the Portlet Open Source Trading Site with Documentum and BEA last November, is part of our effort to ensure our software works with the widest range of platforms and tools in the industry.' Bowstreet simultaneously released version 5.8 of Portlet Factory for WebSphere, which provides direct, deep integration with IBM's WebSphere Portal APIs, in addition to integration through JSR 168. 'IBM continues to take a leadership role in defining and adopting standards, like JSR 168,' said Bill Swatling, product manager, WebSphere Portal, IBM. 'Bowstreet Portlet Factory's support of JSR 168 will give our customers an additional, standards-compliant tool they can use to develop and deploy portlets on WebSphere Portal.' 'Bowstreet's customers have realized significant benefits with our portlet development tools in terms of time and cost savings. We are now able to offer the same powerful development tools and solid value proposition to all standards-compliant portal users,' said Michael George, president and CEO, Bowstreet. 'In the next few weeks, we will be announcing new customers that have already selected Portlet Factory to develop and deploy portlets on a variety of portal platforms'..." See also references in See also "Portlet Open Source Trading (POST) Site for JSR 168 and WSRP Portlets."

  • [March 15, 2004] "Global eXchange Services Provides Philippines Bureau of Customs With Automated Customs Clearance Solution. RosettaNet Solution to Reduce Clearance Cycle Times and Transaction Costs." - "Global eXchange Services, Inc. today announced its selection to provide a RosettaNet-based automated customs clearance solution to the Philippines Bureau of Customs in Manila. The pilot implementation and connectivity testing are already underway, with the production system planned to go live in early 2004. The RosettaNet eCustoms Declaration Milestone Program initiative is focused on improving cycle time associated with customs clearance, including the generation and processing of shipping information required to move products through the customs process. RosettaNet's Partner Interface Process (PIP) Shipping Documentation 3B18 enables high-tech industry manufacturers, along with their freight forwarders and customs brokers, to send secure, RosettaNet Internet-based customs transactions directly to the Bureau of Customs' Automated Customs Operating System (ACOS), reducing both clearance cycle times and transaction costs. 'We are pleased to provide our customers with logistics solutions that reduce costs and improve the efficiency of global value chains. The Philippines eCustoms implementation is another example of RosettaNet solutions from Global eXchange Services that enable lower cost trading community integration for partners participating in the high-tech value chain,' said Ben Wong, Global eXchange Services' vice president of Asia-Pacific. Following a successful Malaysia implementation, the RosettaNet Philippines pilot involves movement of goods between Intel and Amkor Anam, with Exel Logistics providing freight forwarder and customs brokerage services. RosettaNet Philippines managing director Lito Zulaybar cited the progress in the RosettaNet eCustoms Program implementation as a major industry breakthrough with significant results being achieved in less than 12 months. 'The ability to facilitate trade, while reducing cycle times and costs, on both local and global levels, is a true indicator of RosettaNet's benefit to the industry,' said SY Foong, RosettaNet vice president of Asia. 'By further automating and standardizing the customs declaration process, companies will have the ability to conduct business through countless ports of entry and exit, in any country, with a single customs declaration form'..." See also: (1) "RosettaNet"; (2) RosettaNet PIPs; (3) "Uniform Code Council (UCC) XML Program."

  • [March 10, 2004] "AT&T WebService Connect Simplifies Integration Across the Networked Enterprise. Thomson Financial Sets New Standard in Financial Services Industry With Adoption of Innovative Service." - "AT&T today introduced an Internet-based business services network that dramatically reduces the cost, risk and complexity of integrating the networked enterprise across suppliers, partners and customers, enabling true interoperability and collaboration. AT&T WebService Connect leverages the ubiquity of the Web to help companies and government agencies easily and securely connect, create, share and manage business processes and applications with their suppliers and customers. The service creates an environment or platform, called a service-oriented architecture, where applications can be developed by enterprises or third parties, incorporated into a business process, and then shared on demand across the extended enterprise... AT&T WebService Connect is a comprehensive solution that delivers a fully secure, managed platform for businesses to share their critical services and information with partners and customers to drive additional revenue and efficiencies in their businesses. Because the service is based on open standards, companies can easily and securely share information, regardless of the diverse systems and applications used by their suppliers and customers... Thomson Financial, an operating unit of The Thomson Corporation and leading provider of information and technology solutions to the worldwide financial community, is one of the first customers of the new AT&T service... Point-to-Point connections only work for a small set of isolated relationships. Once the number of relationships and interconnections increases, this approach quickly becomes exponentially more complex, and ongoing changes become inflexible. Industry-specific communities sometimes provide limited ability to reach outside the boundaries of a specific industry. In some cases, a large percentage of customers are not part of the pre-defined industry. AT&T WebService Connect delivers an end-to-end, integration solution based on the award-winning business services network from San Francisco-based Grand Central Communications. By subscribing to the AT&T service, businesses benefit from a solution based on open standards, which lowers the total cost of ownership and allows them to communicate with all their partners and customers, regardless of their technical infrastructure. The Web-based business services network provides a framework for companies to rapidly and flexibly establish trusted connections with their diverse business units, partners and customers, without adding infrastructure. Connectivity to the network can be established with any application supporting Internet communications via the Simple Object Access Protocol (SOAP), version 1.1, the File Transfer Protocol (FTP), and the Electronic Data Interchange-Internet Integration (EDIINT) AS2 protocol. In addition, the service provides Web service gateways for exchanging data via additional Internet protocols, including Hypertext Transfer Protocol (HTTP) and Simple Mail Transfer Protocol (SMTP). No particular brand of software is required to connect an application with the network as long as the application employs one of the supported open communication standards..."

  • [March 08, 2004] "Adobe Launches Public Beta of New XML/PDF Form Design Software. Adobe Designer Delivers Powerful Capabilities for Easy Creation and Deployment of Intelligent Documents in PDF." - "Adobe Systems Incorporated today announced the public beta availability of Adobe Designer, a new point-and-click graphical XML form design tool for designing and deploying intelligent forms in Adobe PDF or HTML. The software enables organizations to build solutions using Adobe document services for automating form-based workflows and accelerating access to business-critical information. 'Adobe Designer supports organizations as they migrate to Web services and XML,' said Robert Glushko, Ph.D., with the School of Information Management and Systems, University of California, Berkeley. 'Creating new data connections with XML is straightforward and intuitive because the software lets you drag and drop form elements based on an XML schema. With Designer, even relatively novice users can create interactive, professional quality forms and connect them to backend systems.' Adobe Designer is part of Adobe's Intelligent Document Platform for generating, collaborating, processing and securing intelligent documents in the enterprise. The software provides all the capabilities needed to design forms with precision, including the ability to import information from existing formats, and define business logic on the form template. Developers can easily integrate form data with core enterprise systems via XML, OLEDB and web services. Additionally, Adobe Designer allows users to design forms that can be used with digital signature technologies for facilitating secure electronic transactions. The software is a desktop design tool that creates XML form templates for publishing to multiple formats, or users can import and add intelligence to existing form templates from PDF or Microsoft Word. Adobe Designer forms dynamically resize according to data input and only present the relevant form fields to the end user based on that input. For example, a single person applying for a mortgage will only be presented with form fields relevant to his or her status. These intelligent forms are accessed via a web browser, Adobe Acrobat or the ubiquitous Adobe Reader. 'To fully realize their investment in enterprise applications, organizations must extend the reach of these applications with processes that enable the secure capture, exchange and track information,' said Ivan Koon, senior vice president of the Intelligent Document Business Unit at Adobe. 'To meet these challenges, Adobe Designer offers a dynamic interface to end users that utilizes XML to create flexible, intelligent documents, while enabling interactive data capture and business collaboration via PDF for efficient, reliable, secure information exchange.' When combined with other document services from Adobe, the Adobe Designer enables organizations to extend core systems and automate business processes easily with internal and external users. From internal forms such as expense reports and purchase requisitions, to external forms such as applications and claims, Adobe's solutions enable enterprises to harness the power of PDF and XML for integrating intelligent documents into the IT environment..."

  • [March 08, 2004] "New Teros Gateway Provides Production-Ready Protection for Safe Deployment of Web Services Teros Secure Application Gateway Unifies XML and HTML Security to Protect Against Application Attack and Misuse." - "Teros, the company that secures web infrastructures from application-level attacks, today announced a new version of its award-winning Teros Secure Application Gateway that delivers learning-based XML attack protection for safely deploying web services today. The Teros Gateway is the only appliance that simultaneously protects XML and HTML applications, while preventing the disclosure of private data that can lead to identity theft. This integrated protection eliminates the need to deploy and manage a separate security infrastructure to protect new or existing web services applications. These new XML security capabilities are available at no additional cost on all Teros Gateways. 'Traditional security infrastructures were not designed, and as such are unable, to adequately protect web services from attack,' said Ray Wagner, research director, information security strategies at research firm Gartner. 'Many enterprises are deploying web services alongside traditional web applications. Integrated products that enforce security policies across both types of applications hold the potential to reduce capital expenditures and deliver more consistent security.' Web services are vulnerable to many of the same threats as HTML applications, including buffer overflows, SQL injection, and denial of service attacks, and are even more attractive targets for hackers since they often connect directly to mission-critical databases and back office applications. To secure web services and the data they access, the Teros Gateway combines advanced application learning, identity theft protection and application-layer attack defenses... Teros' adaptive learning engine learns the XML messages and data types received by applications with WSDL (Web Services Description Language) interfaces. Once correct behavior is learned, the Teros Gateway recommends constraints on application inputs to prevent attackers from inserting unexpected or malicious data that could compromise the web service. For example, the Teros Gateway will block the submission of a script to a web services port if that interface port is only expecting accounts numbers. By learning correct application behavior and controlling application inputs, the Teros Gateway protects against both known and unknown attacks... For web services applications that handle sensitive data such as credit card numbers, social security numbers and account numbers, the Teros Gateway ensures these data objects are never compromised by an application attack. Teros' family of SAFE modules detects the presence of protected data types in application responses and can remove or mask the information before it is disclosed. This capability is critical for organizations that are planning to broadly expose legacy mainframe or client/server applications to the Internet via web services interfaces..."

  • [March 01, 2004] "Successful SAML V1.1 Interop Lab at RSA2004 Conference." - [Rob Philpott, RSA Security Inc.]: "... some news regarding the SAML interoperability lab we held during the RSA2004 conference. The lab was hosted by RSA and sponsored by the General Services Administration (GSA) of the US government and by Sun Microsystems, who provided 19' LCD monitors for everyone to use... We had eleven vendors participating in the interop. We also had Enspier Technologies participating under contract to GSA. The vendors that participated in the event were Computer Associates, DataPower Technology, Entegrity Solutions, Entrust, Hewlett-Packard, Oblix, OpenNetwork, Ping Identity, RSA Security, Sun Microsystems, and Trustgenix. There were two key goals for the interop. First, we wanted to demonstrate SAML 1.1 interoperability for both Web SSO profiles and for general queries. The other main goal was to show an interoperable implementation of the GSA eGov program's eAuthentication architecture that builds on top of SAML. Also, given that the major change for SAML 1.1 dealt with improving XML DSIG interoperability, we certainly wanted to demonstrate this in the process... All vendors except DataPower implemented the Web SSO use cases, providing both the SAML 1.1 Web SSO Profile and eAuthentication demo scenarios. All of these vendors supported the Browser/Artifact Profile and all but two supported the Browser/POST Profile. Enspier provided a portal that implemented the additional exchanges defined by the eGov program's eAuthentication architecture. Each vendor implemented the AP and RP sides of these exchanges during the lab. The portal was also enhanced to support the generic SAML demo as well. The SAML query use case was demonstrated by DataPower who implemented a simple web services-based demo utilizing SAML 1.1 Attribute Queries to the RSA Attribute Authority... The interop testing proved that the SSTC's goal of producing a quality SAML V1.1 specification that improved interoperability was convincingly achieved. We found no defects in the V1.1 standard..." See: (1) "OASIS SAML Interoperability Event Demonstrates Single Sign-On at RSA Conference"; (2) general references in "Security Assertion Markup Language (SAML)."

  • [February 27, 2004] "Liberty Alliance Delivers Mobile Business Guidelines for Federated Identity Deployments. Liberty's Open Standard Paves the Way for Identity-Based Mobile Services." - "The Liberty Alliance has released its second business guideline document, outlining near-term market opportunities and business requirements for federated identity in the mobile market. The document examines how mobile operators, equipment providers, content and service providers as well as vendors and users can take advantage of the growth and demand for mobile services, and in turn, how Liberty's open standard can enable secure delivery of Web services. 'Federated identity has the potential to bring mobile networks and personalized services to the next level,' said Paola Tonelli, member of the Liberty Alliance management board and senior director of industry advocacy at Vodafone. 'However, federated identity is about more than just technology. The best practices and business guidelines that Liberty is delivering can help companies overcome some of the more complex challenges associated with federated identity deployments, such as privacy and security issues.' The mobile business guidelines, a Tier 2 document in Liberty's evolving library of business guidelines for federated identity deployment, expands on Liberty's Tier 1 overview delivered July 2003. Additional Tier 2 guidelines are in development with expected delivery later this year... Federated identity, which securely links and manages identity information among different systems, offers a number of benefits to the mobile industry: (1) For service providers, it helps authenticate who the user is, what he or she can access, and at the user's request, quickly gather preferences to deliver personalized services. (2) For operators, it provides an open framework for identity data roaming within and across global networks, allowing them to easily deliver revenue-generating services to more customers. (3) For consumers and businesses, it means they have access to valuable low-cost services from any operator while still retaining control of their information. Liberty Alliance enables these and other benefits, and is the only complete federated identity framework being implemented across the mobile ecosystem today. Liberty's global member base collectively represents more than 200 million mobile subscribers, more than half the world's mobile devices, 80% of all SIMs and 55% of the mobile network infrastructure..."

  • [February 25, 2004] "WS-I Publishes Web Services Security Interoperability Guidelines. Security Scenarios Outline Challenges, Threats and Countermeasures." - "Today at the thirteenth annual RSA Conference, the world's leading e-security event, the Web Services Interoperability Organization (WS-I) announced the availability of the first Security Scenarios Working Group Draft for public review. Developed by the WS-I Basic Security Profile Working Group, the Security Scenarios document identifies security challenges and threats in building interoperable Web services and countermeasures for these risks. The news was announced today during a media event at RSA featuring Web services security experts from the WS-I Basic Security Profile Working Group. The Security Scenarios document describes several security challenges, threats and countermeasures in building interoperable Web services, as well as usage scenarios and solutions, including: (1) Challenges: describes several security challenges, including ensuring data integrity, data confidentiality and message uniqueness; (2) Threats: outlines 10 threats on these challenges, such as message alteration, falsified messages, message replay and denial of service attacks; (3) Countermeasures: recommends how technologies like HTTPS and OASIS Web Services Security: SOAP Message Security 1.0 can be used to counter some of these threats; (4) Usage Scenarios and Solutions: describes how these technologies can be used with the Message Exchange Patterns (MEPs) that have been used in WS-I deliverables such as the Basic Profile 1.0 Sample Applications..." See details in the news story: "WS-I Releases Public Working Draft Document on Security Scenarios." General references in "Web Services Interoperability Organization (WS-I)."

  • [February 24, 2004] "DMTF Announces New Working Group for Utility Computing. OASIS, GGF and Industry Leaders Join Forces with DMTF to Further Management Standards for Utility Computing." - "Distributed Management Task Force, Inc. today [2004-02-17] announced the formation of the new Utility Computing Working Group, which will create interoperable and common object models for utility computing services within the DMTF's Common Information Model (CIM). Active participants in the working group include Cisco Systems, EMC, HP, IBM, Oracle Corp., Sun Microsystems Inc. and VERITAS Corporation, with the full support of the DMTF's more than 110 member companies. The DMTF Utility Computing Working Group will operate in close collaboration with other organizations, like the Global Grid Forum (GGF) and the Organization for the Advancement of Structured Information Standards (OASIS) Web Services Distributed Management (WSDM) Technical Committee, to develop standards related to utility computing. The result of this collaboration is to unify the industry on a set of highly functional and extensible management interfaces, enabling multiple vendors to interoperate and fulfill customer requirements for greater management automation. Improved multi-vendor integration will ultimately reduce the costs related to the management of IT resources. 'Management plays a central role in utility computing, and DMTF's CIM is already being used to address this space,' said Todd Guay of Oracle Corp., vice president of technology for the DMTF. 'The new DMTF Utility Computing Working Group will bring together the leaders of the industry to develop further improvements to CIM, meeting IT needs in this important and evolving area.' 'This is an important activity and we are excited to see the DMTF bring this group together, while simultaneously tapping related efforts, such as GGF's Open Grid Services Architecture (OGSA) and several new GGF research groups focused on commercial enterprise Grid application use cases and requirements,' said Charlie Catlett, Senior Fellow at Argonne National Laboratory and Chair of GGF. 'The collaboration will deliver the usability the industry requires, and provide standards that capitalize on existing efforts to deliver the management capabilities that will be essential to creating the tools and frameworks necessary for utility computing.' 'The DMTF is responding to a critical need for usable models and common, interoperable standards for the management industry and now for utility computing,' said Heather Kreger of IBM, co-chair of the OASIS Web Services Distributed Management (WSDM) Technical Committee. 'Collaborating with the OASIS WSDM Technical Committee and other groups on standards development will result in standards that converge to address end-to-end management needs. The OASIS WSDM Technical Committee will be appointing liaisons to the DMTF's Utility Computing Working Group, and we look forward to helping meet the needs of the industry through this effort'..." See: (1) the Working Group charter; (2) general references in "DMTF Common Information Model (CIM)."

  • [February 23, 2004] "Liberty Alliance White Paper Outlines Federated Identity's Ability to Reduce Identity Theft." - "The Liberty Alliance today announced the availability of a white paper calling out the growing problem of identity theft and detailing ways in which federated identity and Liberty's open standard can reduce online identity theft, its frequency and its potential impact on consumers. The white paper, The Liberty Alliance Protocol and Identity Theft White Paper, also presents deployment recommendations for federated identity as a means to further mitigate risks. Identity theft is a widespread and costly problem. Research analyst firm IDC reports that worldwide economic losses due to identity theft could reach $2 trillion by 2005 (April 2003). It's not only costly, it's time-consuming and a productivity drain on the economy. A U.S. Federal Trade Commission survey reports that in 2003 individuals spent an average of 30 hours to deal with their identity theft experience. 'Identity theft is extremely painful to consumers and very costly for businesses,' said Piper Cole, chair of Liberty's public policy expert group and vice president for global public policy at Sun Microsystems. 'It is costing merchants billions a year in charge-back fees and litigation and they are in need of an immediate solution to alleviate the bleed. Liberty's federated identity framework is a part of that solution.' Liberty's federated identity model, which distributes identity information across various trusted parties, is inherently more secure than a centralized model where all information is accessible in one location. If a centralized database is breached, the entire content of that database can be a goldmine for hackers and thieves. In addition to the federation safeguards, Liberty's framework also incorporates unique privacy controls and state-of-the-art security mechanisms to protect users and businesses..." General references in "Liberty Alliance Specifications for Federated Network Identification and Authorization."

  • [February 23, 2004] "Application Security Leaders Announce Support for AVDL OASIS Committee Draft. Cenzic, Citadel, Department of Energy CIAC, GuardedNet, NetContinuum, Qualys, SPI Dynamics, Teros and WhiteHat Among Growing Number of Organizations to Support AVDL." - "Leading application security vendors and organizations Cenzic, Citadel, Department of Energy Computer Incident Advisory Capability (CIAC), GuardedNet, NetContinuum, Qualys, SPI Dynamics, Teros and WhiteHat Security, today announced support for the new Application Vulnerability Description Language (AVDL) developed by the OASIS international standards consortium. Growing vendor adoption of AVDL gives security professionals far more freedom and flexibility in managing application security risk and securing critical resources. AVDL enables application security products from different vendors to easily and rapidly share data about security vulnerabilities. As originally promised, less than one year after its initial proposal, the OASIS AVDL Technical Committee (TC) has completed the 1.0 specification. 'Application vulnerabilities propagate so rapidly today that the old methods of dealing with them no longer suffice,' said John Pescatore, vice president at Gartner. 'New standards like AVDL offer one of the best hopes of breaking this cycle by dramatically reducing the time between the discovery of a new vulnerability and the effective response at enterprise sites.' AVDL addresses the business problem of how companies manage ongoing application security risk on a day-to-day basis. With application vulnerabilities now accounting for 75 percent of all attacks, companies have begun deploying a host of next-generation security tools to find application vulnerabilities, block application-layer attacks, patch systems and manage application security events. AVDL enables end users to take this protection one step further by enabling seamless communication between application security products at all stages of the application lifecycle. Several vendors will be demonstrating AVDL interoperability of their products at the 2004 RSA Conference to highlight the growing maturity and commercial viability of AVDL automation..." See also the news story "OASIS Committee Draft for the Application Vulnerability Description Language (AVDL)."

  • [Febuary 20, 2004] "Sun Microsystems and SupplyScape Offer Comprehensive RFID Package to Help Combat Drug Counterfeiting and Diversion. Integrated RFID Offering Safeguards Pharmaceutical Supply Chain." - "Sun Microsystems, Inc. and SupplyScape Corporation announced today a Pharmaceutical Anti-Counterfeit RFID Package, an offering enabling companies in the pharmaceutical supply chain to combat counterfeiting and diversion while gaining efficiencies throughout the supply chain. The offering addresses recommendations announced yesterday by the FDA Counterfeit Drug Task Force, as outlined in its 'Combating Counterfeit Drugs' report... According to the FDA report, 'RFID technology will make the copying of medications either extremely difficult or unprofitable.' Radio Frequency Identification (RFID) technology, coupled with the Electronic Product Code (EPC) and electronic pedigrees are key elements in a multi-layered approach to combat the growing problem of counterfeit drugs affecting patient safety in the United States. The SupplyScape on Sun offering supports the FDA and State government initiatives targeting counterfeit drugs by providing EPC-enabled RFID solutions for the pharmaceutical industry. 'Visionaries articulate a future in which RFID is ubiquitous and nearly everything is traceable,' said Michael Swenson, research manager of Life Science Insights, an IDC subsidiary. 'However, in this post Internet bubble era, broad visions of eventual pay-offs hold little appeal. It is vitally important that early RFID solutions deliver quick relief for pressing industry problems. Solutions must stand on their own merit and not rely on some future day in which RFID becomes pervasive. This Pharmaceutical Anti-Counterfeit solution appears to fit that profile.' The Pharmaceutical Anti-Counterfeit RFID package is based on Sun Java Enterprise System Software, an open and integrated software system, and Sun's RFID infrastructure software that features self-healing and provisioning and works with leading EPC-enabled readers, including Alien, AWID, Feig, Matrics, Tagsys and Tyco. Sun's EPC-compliant RFID software, combined with SupplyScape's electronic pedigree application, runs on low-cost Sun x86-based platform servers with the Solaris Operating System or Linux. Because all components adhere to the EPCglobal standards, pharmaceutical manufacturers, wholesale distributors, and pharmacies can quickly and cost-effectively add the solution to their current supply chain infrastructure and processes, helping streamline operations and secure the prescription drug delivery chain from counterfeits. 'The EPC-based Pharmaceutical Anti-Counterfeit package presented by SupplyScape and Sun highlights a novel and comprehensive way of addressing the issues of counterfeit drugs and product diversion,' said Robin Koh, Director, MIT Auto-ID Labs. 'They have worked with MIT's Auto-ID Labs, EPCglobal, Federal and State regulatory officials and the pharmaceutical industry to develop a complete solution that takes into account both regulatory and business requirements'..." See also: (1) "Radio Frequency Identification (RFID) Resources and Readings"; (2) "Physical Markup Language (PML) for Radio Frequency Identification (RFID)."

  • [Febuary 20, 2004] "Netegrity to Discuss Next Generation of SAML at RSA Conference." - "Netegrity, Inc., a leading provider of identity and access management solutions, today announced that Prateek Mishra, Director of Technology and Architecture at Netegrity and co-chair of the OASIS SAML Committee, will deliver a presentation at the RSA Conference discussing the next version of SAML (Security Assertion Markup Language). Mishra's presentation titled 'SAML 2.0: Unified Foundation for Federated Security' will be presented as part of the RSA Conference Standards Track on Tuesday, February 24th at 4:15 pm PT. Netegrity will also be exhibiting at the RSA Conference (Booth #1421) where the company will showcase its identity and access management solutions, including Netegrity's provisioning solution, Netegrity IdentityMinder eProvision. Mishra's presentation will discuss the new features of SAML 2.0 and how it brings together disparate efforts in order to create a single federated security umbrella. SAML 2.0 will build upon SAML 1.0 deployments and integrate with the enhanced functionality of the Liberty ID-FF (Identity Federation Framework) layers. In addition, Mishra will discuss the relationship between SAML 2.0 and other proposed standards, such as WS-Security, and how they jointly provide organizations with a trusted model to enable secure Web services and federation. Netegrity was one of the original creators of the SAML specification and over the last three years has helped to drive industry adoption of SAML, including support for the SAML standard within both the Netegrity SiteMinder Web access management product and the Netegrity TransactionMinder Web services security product. The company also recently shipped Netegrity SiteMinder 6.0 which provides advanced federated security capabilities through enhanced support for SAML..." See (1) the news story: "OASIS SAML Interoperability Event Demonstrates Single Sign-On at RSA Conference"; (2) "Security Assertion Markup Language (SAML)."

  • [February 13, 2004] "SRW/U and CQL Version 1.1 Specifications Released." - "The SRW Maintenance Agency at the Library of Congress, in conjunction with the SRW Development Group, announces the release of version 1.1 of SRW, the Search/Retrieve Web Service; SRU, Search and Retrieve by URL; and CQL, the Common Query Language. Version 1.1 supercedes Version 1.0, the initial, experimental version, which was released November 2002. Version 1.1 has been in development for more than a year and is the first official version. SRW is an XML-based protocol designed to be a low-barrier-to-entry solution for searching and other information retrieval operations across the internet. It uses existing, well tested, and easily available technologies, such as URI, XML, SOAP, HTTP, and XPath. The design reflects the many years of experience gained developing and using Z39.50; SRW is both robust and easy to understand while retaining many of the important aspects of Z39.50. Web technologies reduce the barriers to new information providers allowing them to make their resources available via a standard search and retrieve service. Building on Z39.50 semantics enables the creation of gateways to existing Z39.50 systems. The protocol may be carried via SOAP or as parameters in a URL. When carried via SOAP, it is referred to as SRW; via URL, as SRU. CQL is a formal language for representing queries to information retrieval systems, including web indexes, bibliographic catalogues, and museum-collections information. Traditionally, query languages are either (on one hand) powerful and expressive but complex and unfriendly — SQL, Xquery — or (on the other hand) simple and intuitive but neither powerful nor expressive, for example, Google. CQL's goal is to combine the simplicity and friendliness of Google searching with the expressive power of Z39.50, supporting queries ranging from very simple to arbitrarily complex expressions..." See details in the news story: "US LOC SRW Maintenance Agency Releases Search/Retrieve Web Service Version 1.1."

  • [February 11, 2004] "Invitation to Public Workshops on WS-Notification and WS-Resource Framework." Announcements were posted by William Vambenepe (Hewlett-Packard) for WS-Notification and WS-Resource Framework Public Review Workshops. February 23-24, 2004. [1] The authors of the recently-published WS-Notification specification are hosting a 1-day workshop on February 24, 2004, starting at 9am and ending at 5pm. This workshop will be hosted by Hewlett-Packard in Cupertino, CA. This is an ad-hoc, open forum for 1) the specification authors to share background information on the design of the specifications and to receive feedback and 2) software vendors and other interested parties to discuss their ideas about the specifications and practicality of implementing these and related Web Services specifications. The agenda for the workshop will include a review of WS-Notification by the authors, relationship to other WS specifications, participant Q&A and feedback, and discussion of next steps and standards plans... We'd like this to be an open meeting and collect a broad range of ideas. If you are interested in participating in the discussions, please reply to this mail by EOD 17 February 2004. Feel free to pass this invitation along to other potential participants, either in your company or elsewhere. The authors of WS -Notification intend to submit an updated version of the Specification to a standards body, in which case they intend to grant a Royalty-Free license to their necessary patent claims. Note that in order to attend, in support of this goal, the attached legal agreement MUST be signed by each attendee..." [2] "The authors of the recently-published WS Resource Framework white papers and specifications (WSRF, Modeling stateful resources with Web services, WS-ResourceProperties, WS-ResourceLifetime) are hosting a 1-day workshop on February 23, 2004, starting at 9am and ending at 5pm. This workshop will be hosted by Hewlett-Packard in Cupertino, CA..." See: (1) Logistics for WS-Resource Framework and WS-Notification Public Review Workshops (HP, Cupertino); (2) the news story "Web Services Notification and Web Services Resource Framework."

  • [February 09, 2004] "Compuware Takes Model-Driven Development Mainstream, Releases Compuware OptimalJ 3.1 and Announces Vision for New Paradigm of Enterprise Application Development. Model-Driven Pattern-Based (MDPB) Approach Bridges J2EE Skills Gap. Enables Companies to Increase Productivity of Enterprise Application Development." - "Compuware Corporation today outlined its vision for supporting software developers in successfully building service oriented, enterprise-class applications using the model-driven pattern-based (MDPB) approach. In support of its vision, the Company unveiled version 3.1 of its popular Compuware OptimalJ development platform with industry-leading support for Web Services security, a broader set of options for Compuware OptimalJ's integrated testing environment -- including testing support for BEA WebLogic Server and IBM WebSphere Application Server -- and enhanced features for legacy integration... Compuware OptimalJ 3.1 enables development organizations to do more with less, helping businesses easily migrate to MDPB development through: (1) Pioneering Web Services Security: One of the first development tools to support the new Web Services-Security specification as defined by the Organization for the Advancement of Structured Information Standards (OASIS) to ensure a secure web services implementation, enabling organizations to conduct business securely via web services. (2) Providing Flexible Modeling: Compuware OptimalJ expands its integration with world-class modeling tools, including IBM Rational Rose, Borland Together Control Center, SparxSystems Enterprise Architect and Objecteering, in addition to providing support for UML modeling. (3) Driving Legacy Modernization: Support is extended for IBM's infrastructure software to integrate with WebSphere MQ so that Compuware OptimalJ customers using the IBM platform can fully leverage their existing infrastructure investments. (4) Ensuring Platform Flexibility: Compuware OptimalJ broadens the options for deployment in the integrated test environment to include leading application servers BEA WebLogic Server and IBM WebSphere Application Server. This enables IT organizations to build, test and debug applications faster..." See also: (1) "OMG Model Driven Architecture (MDA)"; (2) "OASIS Web Services Security TC (WSS) Approves Committee Draft Specifications."

  • [February 6, 2004] "Vignette First To Announce Self-Certified JSR 168-Compliant Portal. Vignette Application Portal 7.0 Also Supports Comprehensive Localization and Standards for Universal Access." - "Continuing to deliver on its mission to drive enhanced business efficiency, Vignette Corp. has announced initial availability of Vignette Application Portal 7.0, part of the Vignette V7 family of products. Vignette Application Portal 7.0 has been certified by Vignette on the Sun Microsystem's Test and Compatibility Kit (TCK) for compliance with the recently adopted JSR 168 portlet interoperability standard. With this move, Vignette believes that it has become the first independent software vendor to announce a self-certified JSR 168 portal. The release of Vignette Application Portal 7.0 reaffirms Vignette's leadership in delivering standards-based portal solutions that scale and evolve from department level to enterprisewide deployments. As a founding member of both the Java Community Process's JSR 168 Expert Group and OASIS' WSRP Technical Committee, Vignette has played a pivotal role in helping define JSR 168 and WSRP since their inceptions in January 2002. By driving innovation through the usage of Web services and portal standards, Vignette enables customers to increase efficiency and reduce the complexity and cost of sharing information across organizations by supporting their evolving enterprise portal strategies. 'JSR 168 represents a significant milestone for the industry and will play a key role in advancing an organization's ability to integrate portal deployments and provide a single, consolidated view for end users,' said Craig Roth, vice president, Web and collaboration strategies at Meta Group Inc. 'Organizations should look to vendors that are showing a commitment to industry standards as a means to increase developer productivity and significantly reduce deployment costs.' In conjunction with its support for JSR 168, Vignette will provide plug-ins for the leading integrated development environments (IDE) to provide developers with a seamless experience when deploying IDE-developed JSR 168 portlets within Vignette Application Portal 7.0. In addition, the latest release of Vignette Application Portal provides enhanced localization of portal administrative consoles and multibyte support for compliance with Section 508, enabling disabled administrators to easily manage portal sites, and i18N, allowing diverse administrators in multidialect regions to access a shared portal console that is localized for each individual administrator's dialect..." See also: (1) JSR 168 Portlet API Specification 1.0 Released for Public Review"; (2) "Portlet Open Source Trading (POST) Site for JSR 168 and WSRP Portlets"; (3) "Web Services for Remote Portals (WSRP)."

  • [February 06, 2004] "CECID Completes XML Schema Design and Management Guide." - "The Center for E-Commerce Infrastructure Development (CECID) of the University of Hong Kong (HKU) has completed the XML Schema Design and Management Guide for Information and Technology Services Department (ITSD) of the HKSAR Government (HKSARG). The Guide, which aims to provide a process for designing and defining quality, consistent and reusable XML Schema Definitions (XSDs) in a systematic manner, is now available for download at ITSD website... The Hong Kong Observatory, Department of Health and Commerce, Industry and Technology Bureau are first to use this Guide in their XML projects of weather news, notifiable infectious disease notification and electronic surveillance system and Integrated Criminal Justice System respectively. Based on international best practices such as UN/CEFACT's Modeling Methodology (UMM), ebXML Core Components (CC), and Universal Business Language (UBL), CECID developed the XML Schema Design & Management Guide for HKSARG to assist bureaux and departments, as well as their business partners, in implementing e-government joined-up service projects (G2G and G2B). When a new joined-up service project is implemented, project teams must conduct a data alignment exercise to agree on the definition and representation of each data element of the information to be exchanged. Further, data conversion or data mapping between the exchanged data may need to be performed. To achieve interoperability for information exchange, XML has been identified by HKSARG as the technical standard. This XML Schema Design and Management Guide will facilitate data interoperability by providing (i) a methodology to specify the definitions and representations of information in a consistent and structured way as reusable information models; (ii) an approach to convert the information models of data elements into XML Schema Definition (XSD) code; and (iii) guidelines to adopt, contribute, and manage XML Schemas to maximize reuse..." See details in the news story "CECID Releases XML Schema Guide Based on UN/CEFACT UMM, ebXML Core Components, and UBL."

  • [February 04, 2004] "OASIS Members Collaborate on 'Dataweb' Standard for Exchange of Machine-Readable Information." - "Members of the international standards consortium, OASIS, have organized to create a standard for sharing, linking, and synchronizing data over the Internet and other networks using XML documents and Extensible Resource Identifiers (XRIs). XRI is a URI-compatible abstract identifier scheme also developed within OASIS. The new OASIS XRI Data Interchange (XDI) Technical Committee will enable implementers to automatically interchange XDI documents and to express controls over the authority, security, privacy, and rights of shared data as XDI links. 'The goal of XDI is to do for controlled data sharing what the Web did for open content sharing,' explained Drummond Reed of Cordance, co-convenor of the OASIS XDI Technical Committee. 'XDI does not displace any specialized XML vocabulary designed to support specific applications or Web services. Rather, it augments them by providing a standard, generalized way to identify, describe, exchange, link, and synchronize other XML documents encoded in any XML language or schema--tying them all into one global 'Dataweb.' 'The formation of this technical committee represents an important step toward a shared vision for a more capable Internet,' added Geoffrey Strongin of AMD, co-convenor of the OASIS XDI Technical Committee. 'XDI will help solve fundamental problems associated with data sharing over the Internet by leveraging and building on the entire array of existing and emerging XML standards.' XDI will address interoperable, automated data interchange across distributed applications and trust domains. Examples of potential applications include: (1) Exchange, linking, and lifetime synchronization of electronic business cards, public keys, and other common identity attributes across distributed directories (dynamic address books); (2) Internet calendar sharing; (3) Trusted search (searches that need to cross multiple private websites); (4) Auto-configuration and intelligent data synchronization across multiple user devices (desktop, laptop, PDA, land phone, cell phone, etc.); (5) Automated website registration, form-fill, and e-commerce transactions; (6) Cross-domain security and privacy management. OASIS XDI Technical Committee members include representatives of AMD, AmSoft Systems, Booz Allen Hamilton, Cordance, Epok, Neustar, NRI, and others..." See details in the news story: "OASIS Members Form XRI Data Interchange (XDI) Technical Committee."

  • [January 29, 2004] "Systinet Closes Highly