The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
SEARCH | ABOUT | INDEX | NEWS | CORE STANDARDS | TECHNOLOGY REPORTS | EVENTS | LIBRARY
SEARCH
Advanced Search
ABOUT
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors
NEWS
Cover Stories
Articles & Papers
Press Releases
CORE STANDARDS
XML
SGML
Schemas
XSL/XSLT/XPath
XLink
XML Query
CSS
SVG
TECHNOLOGY REPORTS
XML Applications
General Apps
Government Apps
Academic Apps
EVENTS
LIBRARY
Introductions
FAQs
Bibliography
Technology and Society
Semantics
Tech Topics
Software
Related Standards
Historic
Last modified: February 28, 2003
XML Articles and Papers February 2003

XML General Articles and Papers: Surveys, Overviews, Presentations, Introductions, Announcements

Other collections with references to general and technical publications on XML:

February 2003

  • [February 28, 2003] "Requirements for Format for Incident Report Exchange (FINE)." By Yuri Demchenko (NLnet Labs), Hiroyuki Ohno (WIDE Project, Japan), and Glenn Mansfield Keeni (Cyber Solutions Inc.). IETF Network Working Group, Internet Draft. Reference: 'draft-ietf-inch-requirements-00.txt.' Category: Informational. February 2003, expires August 2003. "The purpose of the Format for INcident report Exchange (FINE) is to facilitate the exchange of incident information and statistics among responsible Computer Security Incident Response Teams (CSIRTs) and involved parties for reactionary analysis of current intruder activity and proactive identification of trends that can lead to incident prevention. A common and well-defined format will help in exchanging, retrieving and archiving Incident Reports across organizations, regions and countries... Computer security incidents occur across administrative domains often spanning different organizations and national borders. Therefore, the exchange of incident information and statistics among involved parties and the responsible Computer Security Incident Response Teams (CSIRTs) is crucial for both reactionary analysis of current intruder activity and proactive identification of trends that can lead to incident prevention. In the following we refer to the information pertaining to an incident as an Incident Report. Actually Incident Report created and handled by CSIRT may have internal proprietary format that is adopted to local Incident handling procedure and used Incident Handling System (IHS). It is intended that exchange of Incident information will be conducted in a common format referred in this document as Format for INcident report Exchange (FINE). This document defines the high-level functional requirements to the FINE intended to facilitate collaboration between CSIRTs and parties involved when handling computer security incidents." Related references: (1) IETF Incident Object Description and Exchange Format (IODEF); (2) "Incident Object Description and Exchange Format Data Model and Extensible Markup Language (XML) Document Type Definition"; (3) IETF Extended Incident Handling Working Group.

  • [February 28, 2003] "Web Services Security, Part 1. Securing Web Services." By Gopalakrishnan U and Rajesh Kumar Ravi (IBM India Software Labs). From IBM DeveloperWorks, Web Services. ['This article introduces various aspects of the Web Services Security Framework and provides step-by-step guidelines on how to write and deploy secure Web services applications using HTTP as the transport vehicle. This article explains three methods to secure Web services applications, namely, HTTP basic authorization, secure socket layer (SSL) over HTTP (HTTPS), and a hybrid of HTTP basic authorization with HTTPS. The second article in this series will provide an introduction to the WS-Security model and how you can use it to secure your Web services applications.'] "e-business relies on the exchange of information between business partners over a network. In such a setup, as the information/data travels from the source to the destination, there is always the risk of the data being stolen or modified. The same security risks are applicable to Web services transactions. In Web services transactions using SOAP, the data are passed between the service invoker and service provider as plain XML, so anyone who intercepts the messages can read the data that are exchanged. In the Web services scenario the security aspect is more complicated because: Soap messages can be sent using different transport applications or protocols like HTTP, SMTP, etc., which might have a very high security model to no security model at all. Hence, there is a need for a comprehensive security framework for Web services applications, which is common to all types of transport protocols. There could be legitimate intermediaries that might need to access a part or whole of the SOAP message, and even modify the message. Thus the security model must be comprehensive enough to allow such intermediaries. This article will introduce the various aspects of Web services security and will provide step-by-step guidelines on how to write and deploy secure Web services applications with existing technologies... The security methods discussed provide simple, but effective, solutions to secure your Web services transactions over HTTP. However, a word of caution. As the complexity of Web services transactions increases, these methods may become unsuitable. Consider, for example, that the methods discussed above would be unsuitable if the same SOAP messages were exchanged using SMTP (Simple Mail Transfer Protocol). Similarly, the solutions presented above might not be applicable if there were legitimate intermediaries present. In order to address these issues, a comprehensive WS-Security specification is being developed and standardized. The second article in this series will introduce the WS-Security specification and provide a detailed account of how it can be used to take the security of your Web services applications to the next level..." Related references at "Security, Privacy, and Personalization."

  • [February 28, 2003] "WS-I Announces Board Nominations." By Darryl K. Taft. In eWEEK (February 26, 2003). "The Web Services Interoperability Organization (WS-I) Wednesday announced the nominations for two openings on the organization's board of directors. WS-I officials said representatives from Cape Clear Software Inc., Nokia Corp., SeeBeyond Technology Corp., Sun Microsystems Inc., VeriSign Inc. and webMethods Inc. have been nominated for election to the organization's board of directors. The limited number of nominees means a better possibility for Sun to join the board, where many -- including company insiders -- have, since the inception of WS-I a year ago, said Sun rightfully belongs. Sun cleared the way for joining WS-I in October after much wrangling, finger pointing and murmuring regarding Sun's role as an innovator in the world of Web services. WS-I officials said elections will be held in mid-March, with the results being announced March 28 and the new directors beginning their one- to two-year terms on April 1, 2003. A WS-I spokeswoman explained that the newly elected board members would have tenure of one or two years. The usual term for an elected board member is two years, and founding members such as IBM Corp. and Microsoft Corp. are permanently in position. 'The basic story is that there will be two directors elected,' a WS-I spokeswoman said. 'The one with the fewer votes during the March election receives a 12-month term. The one with the most votes receives the standard 24-month term. The usual term for an elected director is 24 months. This start up aberration is in place so that we can establish a staggered election schedule were one director position is filled each year.' The nominated companies and individuals are: Jorgen Thelin, chief scientist at Cape Clear; Juhani Murto, senior manager of Web services architecture at Nokia; Ugo Corda, principal standards analyst at SeeBeyond; Mark Hapner, distinguished engineer and chief Web services strategist at Sun; Sundar Krishnamurthy, a product manager at VeriSign; and Andy Astor, vice president of Enterprise Web Services at webMethods..." "Web Services Interoperability Organization (WS-I)."

  • [February 27, 2003] "Topic Map Constraint Language Requirements." By Graham Moore and Mary Nishikawa. 2003-02-23. ISO/IEC JTC 1/SC34 N0xxx. Work product from ISO/IEC JTC 1/SC34 Information Technology -- Document Description and Processing Languages. Reference posted to the 'sc34wg3@isotopicmaps.org' mailing list on 2003-02-28 by Mary Nishikawa with Subject "TMCL Requirements Draft for Review." Supersedes the earlier document "Draft requirements, examples, and a 'low bar' proposal for Topic Map Constraint Language (TMCL)" ISO/IEC JTC 1/SC34 N226, 2001-05-24. This is the first public working draft for TMCL Requirements. "The Topic Map Constraint Language (TMCL) will provide a means to express constraints over and above the constraints currently defined by the Standard Application Model (Data Model for Topic Maps). Its goal will be to provide a language such that a topic map can be said to be conforming within a topic map or within a class of topic maps. It may help optimization both of topic map storage and of TMQL queries based on schema information. It may provide more intuitive user interfaces for creating and maintaining topic maps. This document will define the requirements that we expect the language will provide. TMCL is to be developed by ISO/JTC SC34 WG3 and this requirements document is for members of the committee and implementers who have expressed an interest in the development of a Topic Map Constraint Language... TMCL must define a standard way to explicitly indicate how topic map constructs are to be constrained. It should specify the topic characteristics a topic will have and the kinds of structures an association will have. TMCL shall be specified in terms of SAM (Standard Application Model for Topic Maps), a data model, and will not be specified on any serialization format for topic maps. This will automatically allow it to support both XTM & HyTM s well as LTM and AsTMa=, since these all have mappings to SAM..." Related references: (1) The Topic Map Constraint Language website; (2) Topic Map Constraint Language mailing list 'tmcl-wg'; (3) "Guide to the Topic Map Standardization; (4) "ISO SC34 Publishes Draft Reference Model for Topic Maps (RM4TM)"; (5) general references in "(XML) Topic Maps."

  • [February 27, 2003] "XML Puts Content In Play. Merrill Lynch, Aliant Telecommunications and the U.S. Navy are Among the Innovators Moving Extensible Markup Language from Concept to Reality." By Bill Trippe. In Transform Magazine (March 2003). "XML emerged in the late 1990s as the all-purpose solution to your technology woes. Have a content management problem? XML will solve it. Have an application integration problem? XML to the rescue! Have a legacy system you need to get to the Web? Three guesses as to what will solve your problem, and the first two don't count. In other words, XML has been overhyped. At the same time, it seems to be everywhere. Developers love it, and many now see it as an essential tool in their programming toolkits. Vendors are all over it, and it is core to strategies from the likes of Microsoft, Sun, Oracle and IBM. Moreover, the standards community is replete with XML-based initiatives. Clearly, there is some reality to XML that lies between information nirvana and nothing. Many organizations have actually put XML to work, and have learned valuable lessons on effective approaches and pitfalls to avoid. This article profiles four organizations that are successfully using XML in core business areas. These organizations represent both industry and government, and they're tackling applications ranging from content management to government compliance to billing and reporting. Some of the applications are departmental while others are enterprisewide. While the details of the customer's requirements and solutions differ, they share some characteristics: (1) All of the applications involved customer-facing Web sites or integration with Web-based content and applications; (2) Legacy systems needed to be preserved -- sometimes for the long run and sometimes just so the project could proceed quickly... The reality for these organizations was that business problems needed to be solved quickly against a backdrop of heterogeneous platforms, legacy systems and a growing audience of users only a browser away. While XML never solved the whole problem, it always emerged as a key element in the solution -- sometimes as source format, sometimes as a format for interchange. In every case, XML helped solve a practical business problem and wasn't used just because it was the fashionable choice. All the hype around XML is clouding the real success of the technology, which is often practical and powerful, yet, frankly, mundane. As one technologist interviewed for these stories remarked, XML is a means to an end, not the end itself..."

  • [February 27, 2003] "Oracle Adds Standard to Server Software." By Sandeep Junnarkar. In CNET News.com (February 27, 2003). "Oracle on Thursday said its application server software now supports a popular e-business standard, making it easier for companies to conduct business over the Web. The business software company said its Oracle9i Application Server adopts standards defined by RosettaNet, an electronic business standards consortium. The consortium, which has more than 450 members, including Intel, Cisco Systems, Hewlett-Packard, Oracle, Microsoft and IBM, specializes in Web standards for exchanging data over the Internet using Extensible Markup Language (XML). RosettaNet, which was founded in 1998, recently became a subsidiary of the Uniform Code Council, which develops standards for the retail industry. RosettaNet is one of several organizations defining XML and Web-based standards for electronic commerce applications. Others include the Organization for the Advancement of Structured Information Standards, or OASIS, along with the World Wide Web Consortium and the Web Services Interoperability Organization..." See the news story of 2003-02-26: "RosettaNet Software Interoperability Trials Test RNIF Connectivity Software." General references: "RosettaNet."

  • [February 26, 2003] "XML Matters: Kicking back with RELAX NG, Part 1. Doing Better Than the W3C XML Schema." By David Mertz, Ph.D. (Idempotentate, Gnosis Software, Inc). From IBM developerWorks, XML zone. February 2003. ['RELAX NG schemas provide a more powerful, more concise, and semantically more straightforward means of describing classes of valid XML instances than do W3C XML Schemas. The virtue of RELAX NG is that it extends the well-proven semantics of DTDs while allowing orthogonally extensible datatypes and easy composition of related instance models. David Mertz takes a first look at RELAX NG in this, the first installment of a three-part series.'] "I have long been wary of W3C XML Schemas, and to some extent of XML itself. A jumble of companies and groups with divergent interests and backgrounds cobbled together the W3C XML Schema specification by throwing in a little bit of everything each party wanted, creating a typical committee-designed, difficult-to-understand standard. In fact, I have so many reservations that I generally recommend sticking with DTDs for validation needs, and filling any gaps strictly at an application level. About a month ago, however, I started taking a serious look at RELAX NG. Like many readers, I had heard of this alternative schema language previously, but I had assumed that RELAX NG would be pretty much more of the same, with slightly different spellings. How wrong I was. RELAX NG is simply better than either W3C XML Schemas or DTDs in nearly every way! In fact, RELAX NG's ability to support unordered (or semi-ordered) content models answers most of my prior concerns about the mismatch between the semantic models of OOP datatypes and the linearity of XML elements. This article is the first of three XML Matters installments that discuss RELAX NG. This installment will look at the general semantics of RELAX NG, and touch on datatyping. The second installment will look at tools and libraries for working with RELAX NG. The final installment will discuss the RELAX NG compact syntax in more detail... The semantics of RELAX NG are enormously straightforward -- in this respect, they are a natural extension of DTD semantics. What a RELAX NG schema describes is patterns that consist of quantifications, orderings, and alternations. In addition, RELAX NG introduces a pattern for unordered collection, which neither DTDs nor W3C XML Schemas support (SGML does, but less flexibly than RELAX NG). Moreover, RELAX NG treats elements and attributes in an almost uniform manner. Element/attribute uniformity corresponds much better with the conceptual space of XML than does the rigid separation in both DTDs and W3C XML Schemas. In actual design, the choice between use of an attribute and an element body is frequently underdetermined by design considerations and/or is contextually sensitive..." Also in PDF format. General references in "RELAX NG."

  • [February 26, 2003] "Relax NG." By Eric van der Vlist. Website for the online book. 2002-2003. Work in progress, with substantial content as of 2003-02-26. "Relax NG is a book in progress written by Eric van der Vlist for O'Reilly and submitted to an open review process. The result of this work will be freely available on the World Wide Web under a Free Documentation Licence (FDL). The subject of this book, Relax NG (http://relaxng.org), is a XML schema language developped by the OASIS RELAX NG Technical Committee and recently accepted as Draft International Standard 19757-2 by the Document Description and Processing Languages subcommittee (DSDL) of the ISO/IEC Joint Technical Committee 1 (ISO/IEC JTC 1/SC 34/WG 1)..." See also: (1) "Document Schema Definition Languages (DSDL)"; (2) general references in "XML Schemas." General references in "RELAX NG."

  • [February 26, 2003] "Oracle App Server Certified for RosettaNet. Software Meets Standards for Electronic Sharing of Data." By Joris Evers. In InfoWorld (February 26, 2003). "Oracle's 9i Application Server is the first to meet compatibility standards for electronic sharing of business data as set by the RosettaNet consortium, Oracle said Wednesday. Version 9.0.4 of the 9i Application Server Release 2, scheduled to be out in the second quarter of this year, will offer integrated support for RosettaNet, Oracle said in a statement, confirming what it said at the Oracle World event late last year. Besides Oracle, another ten integration software vendors are testing their products in an interoperability testing program set up by Oracle in cooperation with RosettaNet, Oracle said. The RosettaNet protocol is based on XML (Extensible Markup Language) and is intended to allow companies to electronically link with suppliers and customers without the need to set up EDI (electronic data interchange) links, thereby reducing costs, resources and implementation time..." See the news story of 2003-02-26: "RosettaNet Software Interoperability Trials Test RNIF Connectivity Software." General references: "RosettaNet."

  • [February 26, 2003] "RosettaNet Members Trumpet Interoperability." By Clint Boulton. In InternetNews.com (February 26, 2003). "Led by Oracle, members of the RosettaNet consortium have announced the successful completion of software interoperability tests. RosettaNet is a non-profit organization whose goal is to implement standards for supply-chain transactions on the Internet. Supported along with Oracle by such members as Microsoft, IBM and Intel, it hashes out business-to-business (B2B) compatibility standards that many high technology outfits are keen on adopting... Creating interoperability among RosettaNet members helps connect RosettaNet trading partners to reduce costs and deployment time. The news is indicative of the importance software infrastructure concerns are placing on established and emerging standards, which many in the industry believe will help companies get on the same page in terms of interoperability. Oracle scored an industry first Wednesday when its flagship Oracle9i Application Server was certified for implementations... webMethods said it is among the first RosettaNet solution providers and partners to successfully complete the RosettaNet Interoperability and RosettaNet Compliance Badge Programs, the latter of which gives customers an additional layer of confidence that the solution providers are fully compliant according to published RosettaNet Implementation Framework (RNIF) 2.0 and or specific Partner Interface Processes. Sterling Commerce has proven its ability to transmit business data and communicate with other companies using the RosettaNet Implementation Framework (RNIF) version 2.0. Tibco completed the RosettaNet Software Interoperability Trials and Vitria's Vitria's BusinessWare for RosettaNet 3.2 was found to support interoperability requirements as identified in the test plan..." See the news story of 2003-02-26: "RosettaNet Software Interoperability Trials Test RNIF Connectivity Software."

  • [February 26, 2003] "OASIS Takes On Reliability Spec for Web Services." By John Fontana. In Network World (February 26, 2003). "The Organization for the Advancement of Structured Information Standards (OASIS) on Wednesday said it is forming a Web Services Reliable Messaging (WS-RM) technical committee that will develop a specification to guarantee the delivery of messages between applications, especially those executing business transactions. WS-RM will include three types of delivery: guaranteed delivery, which means the message is delivered at least once; duplication elimination, which ensures the message is delivered at most once; and message delivery sequencing, which determines the order in which messages are delivered. Eventually, the specification will be integrated with Web Services Description Language (WSDL), which is used to describe how a Web service operates and would signal that an application has a reliable delivery capability. Besides the original companies that drafted the foundation specification in January, the WS-RM technical committee also includes Commerce One, Cyclone Commerce, IONA, SAP, See Beyond, webMethods and WRQ. Not part of the group, however, is BEA Systems, which is preparing to release a proprietary reliable messaging technology for Web services as part of an upgrade to its WebLogic Platform. Also missing initially are powerhouses IBM and Microsoft, which have been major players in crafting Web services standards. IBM has created a similar reliable messaging specification called HTTP-Reliable. HTTP is the transport mechanism for SOAP, and the IBM specification enhances HTTP to ensure that a sender is returned a response of 'undeliverable' if their message did not reach its destination. While the IBM specification is bound to HTTP, the WS-RM proposal allows for the use of any transport mechanism that can be bound to SOAP... The WS-RM work will dovetail with other Web services standard work, including OASIS groups working on Web Services-Security and Security Assertion Markup Language, which was recently approved as a standard. The WS-RM committee plans to take input from the World Wide Web Consortium's Web Services Architecture Working Group..." See details in "OASIS Members Form Technical Committee for Web Services Reliable Messaging." General references in "Reliable Messaging."

  • [February 26, 2003] "OASIS Eyes Web Services Messaging. IBM, Microsoft Not Behind Spec Yet." By Paul Krill. In InfoWorld (February 26, 2003). "OASIS will develop a generic model for ensuring reliable message delivery for Web services, but the initiative lacks the support thus far of industry stalwarts IBM and Microsoft... The newly formed OASIS Web Services Reliable Messaging (WS-RM) Technical Committee plans to establish a standard, interoperable way of achieving reliability at the SOAP messaging level and potentially with other messaging protocols. OASIS announced the effort on Wednesday. The WS-Reliability specification, from Sun Microsystems, Oracle, Fujitsu and others, will be submitted as input for the WS-RM Technical Committee and other contributions are welcome, OASIS said. Microsoft and IBM, however, are declining to participate in the OASIS effort for the time being, which raises questions on how successful an industry standards effort can be without their participation. Microsoft and IBM Wednesday released prepared statements about OASIS's announcement. 'Microsoft continues to view the ongoing community work in the area of Web services as important, but has decided not to join this OASIS technical committee,' the company said, declining to elaborate on its reasons. IBM released a prepared statement attributed to Steve Holbrook, program director, IBM emerging e-business standards: 'While IBM is not joining the effort at the beginning, we are confident that the industry will unite around a common standard, and we will be active participants. IBM was influential in many of the constructs of WS-Reliability based on our early work on ebXML. 'History shows that many companies provide input to important standards, resulting in a functionally-rich specification that satisfies the industry. We think that the final standard for message reliability will be based partially on WS-Reliability, and we expect that this standard will evolve to correlate with several other Web services specifications underway.' Sun officials last week challenged IBM and Microsoft to adopt a royalty-free stance on emerging Web services standards. Sun intends to promote this stance as it seeks a seat on the Web Services Interoperability Organization (WS-I) Board of Directors. Sun's Mark Hapner, distinguished engineer and chief Web services strategist, would hold that seat... Interoperability, ease of implementation and ease of use are fundamental goals of the OASIS messaging effort, according to WS-RM Technical Committee chairman Tom Rutt, of Fujitsu, in a prepared statement... The OASIS Reliable Messaging specification will address message persistence, acknowledgement and resending, elimination of duplicate messages, ordered delivery and delivery status awareness for sender and receiver applications. WSDL definitions will be provided for reliable messaging. Message formats will be specified as SOAP headers and/or body content..." See details in "OASIS Members Form Technical Committee for Web Services Reliable Messaging." General references in "Reliable Messaging."

  • [February 26, 2003] "Providing a Value Set For Use in UDDI Version 3." Edited by Claus von Riegen (SAP). With contributions from Tom Bellwood (IBM). TC Technical Note produced by the UDDI Specification Technical Committee. Document identifier: uddi-spec-tc-tn-valuesetprovider-20030212. Abstract: "Through the use of value sets in UDDI registries, businesses are able to find each other and the services that meet their needs. This document provides guidelines for providers of value sets on how to model, register, and validate their value sets for use in UDDI Version 3." Topic: "In UDDI, a value set represents a set of values that can be used to provide meaning or context to a UDDI entity. Category, identifier, and relationship type systems are all value sets. Value sets play an important role within UDDI, because it is through their use that businesses are able to find each other and the services that meet their needs.... This paper guides the providers of value sets in the creation of value set services and in the registration of the value sets and these external value set services, following the recommended policies outlined in Chapter 9 of the UDDI Version 3 Specification..." Note: A 2003-02-24 posting from Tom Bellwood and Luc Clément (Co-chairs, OASIS UDDI Specification TC) reported that this document had been approved as a UDDI Spec TC Technical Note. General references in "Universal Description, Discovery, and Integration (UDDI)."

  • [February 26, 2003] "Rights Management? Or Restriction? Don't Be Fooled. Windows Rights Management Isn't About Safeguarding Your Rights." By Mary Jo Foley. In Ziff Davis Microsoft Watch (February 25, 2003). "If you were to go by the majority of headlines last week, you might be fooled. Press reports crowed: 'Microsoft Boosts Rights Management' - 'Microsoft Adds Rights Management Protection for the Enterprise' - 'Microsoft to Release Document Protection Software.' Windows Rights Management: It's a good thing. Isn't it? If you are a big company or organization with lots of correspondence and documents you want to keep secret, Windows RM is, indeed, a blessing. If you are a whistleblower, a journalist, a lawyer, a cop -- or anyone who has the audacity to want to use software other than Microsoft Windows or Office -- you should be very afraid... To me, RM, first and foremost, is an attempt by Microsoft to further lock customers in by requiring them to use Windows clients, Windows servers, Microsoft Office and Internet Explorer in order to create and consume documents. RM has another benefit, which I am not the first to note: It will eliminate the e-mail and document trails that hurt Microsoft in antitrust court..." See details in the 2003-02-25 news story "Microsoft Announces Windows Rights Management Services (RMS)."

  • [February 25, 2003] "Design XML Schemas Using UML. Translating Business Concepts Into XML Vocabularies." By Ayesha Malik (Senior Consultant, Object Machines). From IBM developerWorks, XML zone. February 2003. '[Unified Modeling Language (UML) is an industry standard that is used in modeling business concepts when building software systems in an object-oriented manner. Recently, XML has gained ground in becoming a key enabler of these systems in terms of transport of information and commands. XML schemas, which are used to define and constrain the nature of XML exchanged, have consequently come into the limelight. This article discusses the use of UML in designing XML schemas and gives a hands-on approach for using the UML framework to create your XML vocabularies.'] "When using the UML framework for constructing XML schemas, you must consider three issues: (1) The complementarities between UML and XML schemas; (2) How to extend UML to capture all the functionalities provided by schemas; (3) The ability to engineer XML schemas from UML diagrams... Many large conglomerates -- such as SWIFT, which provides the electronic infrastructure for trading and settlement for 7,000 financial institutions around the world -- are using UML-to-XML schema conversion to design their XML documents. UML represents the easiest way of modeling business concepts, especially when they are domain-specific. It is natural to want to extrapolate and automate the process so that the transformation is clean and complete. For this purpose, I have discussed the use of XMI and the ability of products such as hyperModel to generate the XML schema from the XMI describing the UML meta model. However, the reader is cautioned to always refine and double-check the validity of the model. Even though the ability to completely map UML to XML schemas has not yet been perfected, UML is a good way to start the modeling of XML schemas in an object-oriented manner. If the trend towards creating tools -- both open source and vendor managed -- for automatic generation of XML schemas continues, UML class diagrams might become a standard way of incorporating business concepts into XML vocabulary. As XML becomes intrinsic to all parts of a software system -- from data exchange to Web services messages to description of build scripts -- a clean, concise way of modeling XML schemas becomes imperative. UML is a tried and tested modeling tool for object-oriented systems, and it is attractive for developers, business analysts, and vendors as a medium for designing XML schemas. I believe we will see increasing use of UML as industries and consumers begin to develop their ontologies and services using XML..." Related references: (1) "UML 2.0 Vote Highlights Upcoming OMG Standards Meeting. Orlando, FL, USA, March 24-28, 2003."; (2) "Mapping Between UML and XSD"; (3) "Conceptual Modeling and Markup Languages."

  • [February 25, 2003] "UDDI Finds a Role After All." By Keith Rodgers. From LooselyCoupled.com. (February 20, 2003). "Two years after the fanfare of its introduction, UDDI adoption levels remain low. But users are beginning to see UDDI directories filling a practical role: adoption of UDDI is growing among web services pioneers; directory capabilities become more critical as the volume of services increases; but UDDI's origins have left design challenges; most users will acquire UDDI as a component of their web services platform... The latest specification of UDDI, version 3, has moved on from its B2B origins, adding features designed to meet users' needs for private registries. These include, for example, procedures for putting security keys into requests, or for enabling information transfer from one private registry to another. That said, the twists and turns in UDDI's evolution have also influenced its design and left some technical oddities. UDDI defines three registry components, which in layman's terms are akin to the Yellow Pages phone book -- or more precisely, to the trio of white, yellow and green pages. The white pages list companies' contact details and the key services they provide; the yellow pages categorize businesses using agreed taxonomies, including where they operate; and the green pages provide the technical data other companies need in order to take advantage of the services on offer. These three components will become useful to various individuals when organizations start to run between 20 to 50 services, suggests Mukund Balasubramanian, founder and chief technology officer of Infravio. Developers, for example, will require information about services as they're built -- what resources went in, what configurations were used and so forth. System administrators will want to look at the services from the perspective of how they were deployed -- which servers they're running on, for example, and what the loads are. The business user taxonomy, meanwhile, will help end users find the services they need... Increasingly, the question of how and when to adopt UDDI will be taken by the vendors rather than their customers. A private UDDI registry is already built into the latest release of IBM's WebSphere web service platform, and other vendors are not far behind. This may save organizations the trouble of getting their heads round what UDDI is or why it's important, but it will leave questions such as managing service quality and the degree of interoperability with other platforms unresolved. Ironically, those were the very same problems that stopped enterprises from eagerly adopting the B2B hubs of the dot-com boom. UDDI may have secured its place in the web services firmament by sidestepping such issues, but customers won't find it so easy to avoid facing up to them..." See "Universal Description, Discovery, and Integration (UDDI)."

  • [February 25, 2003] "XACML -- A No-Nonsense Developer's Guide." By Vance McCarthy. In Enterprise Developer News (February 24, 2003). "Earlier this month, OASIS adopted XACML 1.0 as its first cut at an open standard to help developers build interoperable access controls security for XML documents and end-to-end transactions. In general, XACML (the Extensible Access Control Markup Language) describes two key areas for security -- an access control policy language and a request/response language for two-way communications. At the root of XACML is a concern with access policies -- what XACML refers to as a Policy or a PolicySet. When XACML refers to 'policy,' it specifically means Authorization (AuthN) Policy. Each XACML policy document contains exactly one Policy or PolicySet root XML tag. A PolicySet is a container that can hold other Policies or PolicySets, as well as references to policies found in remote locations. A Policy represents a single access-control policy, expressed through a set of Rules. [Said OASIS XACML committee co-chair Hal Lockhart:] XACML defines and describes 'layering' between XML entities to clearly distinguish between security technologies that: (1) Create policy; (2) Collect the data required for policy evaluation; (3) Evaluate policy; and (4) Enforce policy. Why be so granular? One key answer is to enable interoperability for access control approaches, Lockhart said. 'While deployed systems may combine two or more of these into a single entity, the architecture maximizes flexibility. For example, a management tool from one vendor could generate policies that are evaluated by a product from another vendor,' he said. One early reaction from a web services software firm was also bullish on the opportunities for simplicity that XACML might provide. 'The XACML standard specifies how policies for information access can be communicated between systems in an XML format. Such a description can allow an application built by a developer to automatically discover the security policies in force to access the resource,' said Mukund Balasubramanian, CTO at Infravio, a provider of web services management and security software in Redwood City, California..." General references in "Extensible Access Control Markup Language (XACML)."

  • [February 25, 2003] "Let the Mobile Games Begin, Part 1. A Comparison of the Philosophies, Approaches, and Features of J2ME and the Upcoming .Net CF. [Wireless Java.]" By Michael Juntao Yuan. In JavaWorld (February 21, 2003). "Java 2 Platform, Micro Edition (J2ME) is by far the most advanced and successful mobile application platform available today. However, with mobile commerce growing into a multibillion-dollar industry, serious competition is on the horizon from Microsoft. Microsoft's latest mobile commerce offering is the .Net Compact Framework (.Net CF). What exactly is .Net CF? How does it measure up to J2ME? As Java developers, what can we learn from it to better compete? In this two-part series, Michael Juntao Yuan presents an objective and comprehensive comparison between the two platforms. If you work in a predominantly Microsoft shop, the .Net CF and Visual Studio .Net tools will definitely help you port enterprise applications to mobile devices. .Net CF leverages the large community of existing Windows developers and helps companies lower development costs. However, if you are in a heterogeneous environment or need a real pervasive solution that works on low-end devices, J2ME is the hands-down winner. In the enterprise world, important J2ME vendors opt for service gateway-based application paradigms, while .Net CF is still too young for any significant third-party mobile middleware to emerge..."

  • [February 25, 2003] "Ixiasoft Boosting XML Content Searching. Link with Microsoft Content Management Server Offered." By Paul Krill. In InfoWorld (February 25, 2003). "Ixiaosoft is integrating its XML searching capabilities into Microsoft Content Management Server 2002, Ixiasoft officials are announcing this month. The company also is announcing an upgraded version of its Textml Server content server, featuring WebDAV support. A beta version of the Ixiasoft Integration Kit for Microsoft Content Management Server is available now, with general release anticipated later this month. The integration enables Content Manager Server developers and integrators to deploy sites that take advantage of the IxiasoftTextml Server XML search technology. Textml Server is an XML content server designed to store, index, and retrieve XML content. It is an embeddable XML server for original equipment manufacturers and developers of document-centric XML applications, such as documentation management systems, wireless content publishing, and enterprise portals. The integration kit consists of .Net Composite Controls that can be dragged and dropped from the Visual Studio .Net toolbox into a Content Management Server 2002 site under development. Developers can provide search and sort capabilities on postings based on the content of placeholders, properties, and custom properties, according to Ixiasoft. Ixiasoft this Thursday will ship Version 2.3 of Textml Server, which features XML Name Space support. This functionality provides for a simple method for qualifying element and attribute names used in XML documents by associating them with namespaces identified by URI references, according to Ixiasoft. Also featured in Version 2.3 are a WebDAV (Web-based Distributed Authoring and Versioning) client and server. WebDAV provides extensions to HTTP to boost the exchange of documents over the Web... XMP (Adobe's eXtensible Metadata Platform) also is supported, designed to enable XML metadata to be embedded within application files, such as a PDF file..." See also: (1) "WEBDAV (Extensions for Distributed Authoring and Versioning on the World Wide Web"; (2) "Extensible Metadata Platform (XMP)."

  • [February 24, 2003] "A Conversation with Adam Bosworth." By Marshall Kirk McKusick (Queue) and Adam Bosworth (Chief Architect and Senior Vice President of Advanced Development, BEA Systems). In ACM Queue Volume 1, Number 1 (March 2003), pages 12-21. ['Bosworth is directly involved in shaping the future of Web Services... to press Bosworth for insights into the possibilities and hazards he sees ahead, Queue asked Marshall Kirk McKusick -- former head of the UC Berkeley Computer Systems Research Group (CSRG) -- to fire off a few questions regarding his greatest Web Services concerns. Besides overseeing the development and release of 4.3BSD and 4.4BSD, McKusick is also renowned for his work on virtual memory systems and fast file system performance.'] Excerpts: "XML gives you a coarse-grain solution that allows for communication efficiency. SOAP and WSDL, meanwhile, give you the loose coupling you need. But that's only true if when you change your implementation, you make sure none of your XML messages are changed, because that's where your public contract is established. Imagine, for example, that I changed my Web site such that it no longer used the HTML format. Let's say it did WML instead. My browser wouldn't end up being such a happy camper if I did that, would it? And in the same way, if I were to change an application such that it didn't do a particular grammar of XML anymore, the other applications I have to communicate with would suddenly get very unhappy. So it's critical that the thing in charge here is the WSDL and not the code... I bring that up simply because a lot of people building so-called Web Service solutions do it just exactly the other way around. They have you build your code and then they auto-generate the XML messages from a description of that code. But, sooner or later, the code is going to change. And when it does, all those auto-generated XML descriptions are going to start breaking things... Another challenge has to do with language. We don't have a good language today for dealing with XML and that's a real problem. We have more and more systems that use XML extensively -- either as metadata that either describes what to do or simply transmits data from one application to another. The first step in any of these exchanges is called 'binding,' which involves some tricky processing to turn the XML back into data structures the programming languages themselves can understand. So if you send me a purchase order in XML, the first thing I'll have to do is tell you how to turn it into a purchase order object. Now, we've already invested a lot of work into ways of handling that here at BEA and we think we've done a pretty good job. But ideally, you shouldn't have to do any of that at all. What you'd really like is for the language to be able to understand the XML document and extract the necessary information itself. In fact, ideally, the language would do even more than that. Because these messages are self-describing, you should also be able to query your own data structures. If someone sends you an XML document, you may want to query it to find out what things you want. And we don't support that today because languages aren't used to thinking about their own data structures as query-able objects. So I think the changes that are going to be driven by Web Services will result in a major language extension. And that will give us a language that not only understands the idea of self-describing documents but also actually is capable of querying them and treating them as data structures... ideally, from our point of view, we'd like to see this come about as an extension to Java... The biggest change I see is that we're moving away from a data-centric world to a message-centric world. Throughout the 90s, we witnessed the triumph of client/server computing. We also saw a vast number of changes in programming that made it easier to talk to databases. So a lot of that was about writing data-centric applications. And that's the classic two-tier model. But now we're moving to an n-tier model. And with an n-tier model, the real problems have to do with exposing too many specifics to systems outside your immediate family. Because when you do that, you break. Over the next 10 years, we're going to move toward communications that are message-oriented, with systems talking to each other through public contracts in asynchronous ways. After that, I think a lot of the changes we'll see will have to do with optimizing that communications scheme. Even today, we have customers asking us to move as many as 500,000 messages a second..."

  • [February 24, 2003] "An Open Web Services Architecture." By Stans Kleijnen (Vice President of Market Development Engineering, Sun Microsystems) and Srikanth Raju (Staff Engineer/Technology Evangelist, Sun/Microsystems). In ACM Queue Volume 1, Number 1 (March 2003), pages 38-46. Article subsections: Sun ONE: An Open, Standards-based Web Services Framework; Building Web Services with Sun ONE; Phases in Web Service Adoption; ebXML; Different Approaches to Web Services; Wireless Web Services. "The name of the game is web services -- sophisticated network software designed to bring us what we need, when we need it, through any device we choose. We are getting closer to this ideal, as in recent years the client/server model has evolved into web-based computing, which is now evolving into the web services model... we discuss Sun Microsystems' take on web services, specifically Sun ONE: an open, standards-based web services framework; we share with you Sun's decision-making rationales regarding web services, and discuss directions we are moving in... In phase three, the ultimate phase, customers and business partners will find and conduct business dynamically. To reach this phase, two key pieces of technology are required: federated identity services, such as from the Liberty Alliance, and public service registries designed with standards for real-world B2B, such as ebXML. In this phase, expect the completion of a public version of the UDDI registry server, the specification and availability of federated services, and an ebXML roadmap. The goal of the ebXML standardization effort -- which is driven by two UN organizations: The Organization for Advancement of Structured Information Standards (OASIS) and The United Nations Center for Trade Facilitation and Electronic Business (UN/CEFACT), as well as over 2,000 members -- is to build an open marketplace framework in which any business regardless of size can participate in a global electronic marketplace. Some ask why we need yet more standards when we already have SOAP, WSDL, and UDDI. But these standards do not provide all that's necessary for ad-hoc electronic business transactions. The closest to ebXML from the functionality standpoint is the old Electronic Data Interface (EDI), which is too heavy for many smaller business organizations. ebXML standardizes business processes such as purchasing, ordering, shipping, and payment, so they can be performed by machines without manual pre-configuration. It also allows business partners to choose quality of service in their message delivery. Secure and highly reliable message delivery is vital in many business transactions, for example in ordering $500 million worth of Korean merchandise, or executing a buy order of 10,000 Sun Microsystems shares. Basic SOAP does not address these security and reliability requirements. The Sun ONE Platform will soon include an ebXML appliance geared toward small businesses..."

  • [February 24, 2003] "Web Services: Promises and Compromises." By Ali Arsanjani, Brent Hailpern, Joanne Martin, and Peri Tarr (IBM). In ACM Queue Volume 1, Number 1 (March 2003), pages 48-58. ['What organizational structures will enterprises need to support web services integration with legacy applications or new business processes that span organizational silos?'] "Web services are the latest software craze: the promise of full-fledged application software that needn't be installed on your local computer, but that allow systems running in different environments to interoperate via XML and other web standards. Much of the hoopla surrounding web services revolves around the nirvana of inter-organizational distributed computing, where supply chains can be integrated across continents with applications built from small parts supplied on demand by various vendors. To get to this place, we need to chisel down current methods and build a component-based architecture of large-grained, message aware, enterprise scale, and highly re-configurable enterprise components exposed as web services. The time to start adoption is now, but start within the firewall, inside the enterprise, and work yourself outwards. This wisdom will insulate you from the as yet unresolved security, intellectual property exposure, and performance issues associated with exposing web services outside the enterprise. It also gives you ample time to establish standards and best-practices. Over the past two years, we have contributed to several component-based development and integration (CBDi) projects in the telecommunications, mortgage, financial services, government, and banking sectors. A key success factor in these projects, one of which we will discuss in this article, involved applying CBDi best-practices across the following five web service domains: (1) Organizational, including project management implications and education programs; (2) Methodology, including extending methods to provide full life cycle support for component-based development; (3) Architectural, including best-practices and issues in creating scalable architectures; (4) Technology implementation, which involves mapping a given design onto a technology standard such as Enterprise JavaBeans or .NET. (5) Infrastructure, including development tools, gateway servers, APIs, middleware, and browsers... The current generation of web service infrastructures and tools has the typical problems of early software. Both XML tagging and text representation cause a data size explosion compared with binary representations. XML data must be parsed when it is read into an application, to create the internal data representations. Further complicating performance is the need to read in and parse the tag definition set. Encryption and de-encryption also increase overhead. These performance issues will be addressed as the technology matures, but developers today can expect factors of 10 to 100 slowdown compared to conventional distributed computing operations... Enterprise architectures that capitalize on web service capabilities are evolving rapidly to assimilate assets into a dynamic structure of services on demand. New technologies and methods are maturing to achieve acceptable service level characteristics. One of the best ways to implement web services is to start with a component-based architecture of large-grained enterprise components that expose business process level services as web services. Start within the organization rather than exposing them externally. As you gain project experience and uncover best practices, get ready to migrate to a full service-oriented architecture that externalizes useful business services..."

  • [February 24, 2003] "The Deliberate Revolution: Transforming Integration With XML Web Services." By Mike Burner (Microsoft). In ACM Queue Volume 1, Number 1 (March 2003), pages 28-37. "The vast investment in Internet infrastructure and telecommunications over the past decade is making the unthinkable eminently achievable. Organizations can now retrieve up-to-the-minute data at run-time from from its canonical source, partners and customers. And where applications have traditionally bound functionality together, it now is practical to access application logic at run-time, from hosted services updated dynamically to keep current with evolving business processes. Parties must now agree on how to represent information, on protocols for retrieving and updating data, and on means of demonstrating the privilege to do so. Such are the necessities that gave birth to XML web services. The architecture of these services attempts to bridge myriad Internet systems, to let organizations ranging from small businesses to multinational enterprises to world governments communicate more effectively using programmatic interfaces to data and processes. Web services have generated much excitement, and vendors are scrambling to depict their platforms as the most compliant, mature, secure, or simply the most likely to crank out swell T-shirts. This article attempts to dive beneath the hype, examining how XML web services differ from existing architectures, and how they might help build customer solutions... Over the next few years, we will experience a groundswell of innovation in two key areas of web services technology. The first will be the definition and publication of XML schemas as the lingua franca of inter-component communications across the Internet. XML is the universal grammar upon which this language is being developed. The second innovation will be the definition of SOAP header elements that extend the power of web service messaging... As the Internet becomes the backbone for data and application integration, common schema for describing our world and our interactions will unblock the flow of information between organizations, and allowing us to communicate with a precision we have never known before. But this shift requires organizations, from small businesses to world governments, to reconsider how data and processes are managed. The software industry, meanwhile, must deliver on technology that allows people to express and manipulate the information that drives our businesses, our societies, and our social interactions. Web services promise to be central to every facet of the transformation..."

  • [February 24, 2003] "Documentum Adds Collaboration Tools." By David Becker. In CNET News.com (February 23, 2003). "Software maker Documentum, a specialist in content management products [announces] the first products to integrate collaboration software the company recently acquired. The new eRoom Enterprise product will combine Documentum's content management tools -- which catalog, manage and reformat business content ranging from text documents to XML (Extensible Markup Language) data -- with the browser-based collaboration tools made by eRoom, a privately held software maker Documentum acquired late last year. The goal is to allow companies to use content management software as more than just a file clerk, keeping track of various types of content and repurposing them for different formats, said Whitney Tidmarch, vice president of product marketing. By providing a browser-based environment to view and manipulate that content, the eRoom component of the new package allows workers inside and outside the company to make better use of the content being managed. 'Our strategy as a whole has been to continue to broaden the types of content we allow companies to store in a universally accessible place,' Tidmarch said. 'Having an online meeting place or online virtual workplace where this kind of casual interaction can take place is something we haven't had, though. The eRoom software really fills in that part of the picture.' Documentum expects the combination of content management and collaboration tools will especially appeal to workers who have to deal with new corporate rules that govern how documents such as print reports and e-mail messages must be preserved, said Naomi Miller, director of product marketing for Documentum. Combining content management and collaboration tools is a growing trend in the industry, said Nick Wilkoff, an analyst with Forrester Research. But the combination is most valuable to Documentum as a way to introduce existing eRoom customers to the benefits of content management..." See the announcement: "Documentum Delivers eRoom Enterprise. Best-in-Class Collaboration Technology Fully Integrated with Leading Enterprise Content Management Platform."

  • [February 24, 2003] "Microsoft's Unified App Goals Comes Into View. XML Drives Development of Tools, InfoPath." By Ed Scannell, Mark Jones, and Paul Krill. In InfoWorld (February 24, 2003). "Through its fervent adoption of XML, Microsoft is edging closer to crystallizing its long-held dream of building bridges that foster seamless transport of data between its suite of desktop applications and back-end applications. With the delivery by mid-2003 of its much anticipated and newly named Office 2003 desktop suit, the second beta of which is due in March, the company will have established a vital piece of software that could significantly increase XML adoption across the industry. 'Most vendors are becoming much more XML-friendly and consequently it [XML] is changing the nature of applications vendors business,' said John Jerome, an analyst with The Yankee Group in Boston . 'If Microsoft continues to lace its Office applications with XML, most users will have a more seamless flow of information between the heavy-duty, back-office financial applications and desktop applications like Word and Excel.' Jerome and other industry observers believe that XML is starting to have a game-changing impact on application development and integration. Many think it will positively influence the fundamental economics of implementing enterprise solutions..."

  • [February 24, 2003] "Standards Emerge From Alphabet Soup." By Renee Boucher Ferguson. In eWEEK (February 24, 2003). Sidebar for Cover Story "Models Link Processes." "An important consideration when deploying BPM software is which standards to follow... There is a growing selection of languages and interfaces out there -- Web Services Choreography Interface, BPML (Business Process Modeling Language), BPEL (Business Process Execution Language), WSFL (Web Services Flow Language) and Xlang -- some of which are backed by competing forces. Once the standards get sorted out, however, these technologies should provide business analysts and software engineers with a view of how business processes perform in business-to-business scenarios. One standard with a lot of momentum is BPEL for Web Services. IBM, Microsoft Corp. and BEA Systems Inc. published BPEL last summer to provide a way to define a process and to define a way a Web service is ordered. IBM, in Armonk, N.Y., has offered two additional standards proposals -- Web Services Transactions and Web Services Coordination. BPEL appears to be the front-runner. The language amounts to the merger of the WSFL and Xlang specifications. Xlang, put forth by Microsoft, reflects the way the Redmond, Wash., company's BizTalk software works, while WSFL focuses on how IBM's MQSeries middleware works. At the same time, two other organizations are putting their combined muscle behind BPML, a metalanguage for the modeling of business processes. They are the Workflow Management Coalition, which counts as members IBM, BEA and Microsoft, as well as Sun Microsystems Inc. and Oracle Corp., and the Business Process Management Initiative..." From "Models Link Processes": "IT managers and line-of-business professionals alike have come to understand that implementing business process management software requires a process modeling step and a process optimization and management step. The former consists of breaking down the tasks of a particular business operation -- both conceptually and graphically -- and creating a model that details where processes touch systems, applications and, increasingly, people. BPM is the technical execution of that model. IT organizations have found that you can't have one without the other. While there's been a lot of process modeling going on for years, process management tools that can execute those models have come to light only over the past 18 to 24 months. These new tools are fundamentally different from previous software offerings in that they combine modeling capabilities with real-time management capabilities. This extends the concept of BPM across, and even outside, an enterprise. The latest wrinkle in BPM technology links the execution layer to a process control layer, which gives companies the ability to monitor and measure processes on the fly... According to Gartner, 55 percent of clients polled said using a BPM engine helped them to automate administrative tasks and reduce costs of transactions or a business event. In the same study, 70 percent said BPM improved coordination across departments or geographies, 70 percent said fewer people were needed to perform business tasks, and 85 percent said they reduced the steps in certain processes. Some 85 percent said they experienced quality improvement, fewer errors, higher productivity per person and a reduction in time to market. In setting up a BPM strategy, organizations can choose software from three constituencies -- pure-play BPM vendors, EAI (enterprise application integration) vendors and ERP developers. Although their software runs at the core of many businesses, enterprise software vendors such as Siebel Systems Inc., SAP AG and Oracle Corp. are the last ones to address BPM. Siebel and SAP have each announced integration infrastructures for defining, implementing, managing and monitoring business processes -- and initiating Web services... Siebel, of San Mateo, Calif., last fall announced its Universal Application Network initiative, which promises to provide prepackaged, industry-specific business processes. SAP, of Waldorf, Germany, is adding a BPM component to its recently unveiled Enterprise Services Architecture for Web services. Later this year, SAP will ship a product that combines an integration broker for XML-based message exchange and its BPM engine that enables the design, execution and monitoring of business processes..."

  • [February 22, 2003] "Some Rights Reserved: Cyber-Law Activists Devise a Set of Licenses for Sharing Creative Works. [Staking Claims.]" By Gary Stix. In Scientific American Volume 288, Number 3 (March 2003). "On December 16, 2002, the nonprofit Creative Commons opened its digital doors to provide, without charge, a series of licenses that enable a copyrighted work to be shared more easily. The licenses attempt to overcome the inherently restrictive nature of copyright law. Under existing rules, a doodle of a lunchtime companion's face on a paper napkin is copyrighted as soon as the budding artist lifts up the pen. No '©' is needed at the bottom of the napkin. All rights are reserved. The licenses issued through Creative Commons have changed that. They allow the creator of a work to retain the copyright while stipulating merely 'some rights reserved'... A copyright owner can fill out a simple questionnaire posted on the Creative Commons Web site (www.creativecommons.org) and get an electronic copy of a license. Because a copyright notice (or any modification to one) is optional, no standard method exists for tracking down works to which others can gain access. The Creative Commons license is affixed with electronic tags so that a browser equipped to read a tag -- specified in XML, or Extensible Markup Language -- can find copyrighted items that fall into the various licensing categories. An aspiring photographer who wants her images noticed could permit shots she took of Ground Zero in Manhattan to be used if she is given credit. A graphic artist assembling a digital collage of September 11 pictures could then do a search on both 'Ground Zero' and the Creative Commons tag for an 'attribution only' license, which would let the photographer's images be copied and put up on the Web, as long as her name is mentioned. Lessig and the other cyber-activists who started Creative Commons, which operates out of an office on the Stanford campus, found inspiration in the free-software movement and in previous licensing endeavors such as the Electronic Frontier Foundation's open audio license. The organization is receiving $850,000 from the Center for the Public Domain and $1.2 million over three years from the John D. and Catherine T. MacArthur Foundation... Some legal pundits will question whether an idea that downplays the profit motive will ever be widely embraced. Creative Commons, however, could help ensure that the Internet remains more than a shopping mall..." General references in "Creative Commons Project."

  • [February 22, 2003] "Common Alerting Protocol - Alert Message Data Dictionary." Produced by the Common Alerting Protocol (CAP) Technical Working Group. Version 0.7. Draft 2/22/2003. Version 0.7 represents a minor update from version 0.6, incorporating experience from several prototype implementations and field trials, and insights obtained in discussions among the Working Group. "The Common Alerting Protocol is a draft specification of open, nonproprietary, standards-based data formats for the exchange of emergency alerts and related information among emergency agencies and public systems. The CAP will be designed to facilitate the collection and relay of all types of hazard warnings and reports. Development and deployment of a standard such as CAP will yield important benefits for public safety: (1) Warnings to the public will be better coordinated across the wide range of available warning and notification systems (2) Workload on warning issuers will be reduced, since a single warning message will be compatible with all kinds of warning delivery systems. (3) Overall 'situational awareness' will be enhanced, since CAP will permit the aggregation of all kinds of warning messages from all sources for comparison and pattern recognition. The Common Alerting Protocol has been under development since 2001 through the efforts of an international ad-hoc Working Group of technical and public safety experts." A posting of February 22, 2003 from From: Art Botterell to the CAP mailing list: "I'm hoping this version will offer a point of departure for the OASIS Emergency Management Technical Committee standards process in the near future..." See also the (CAP) Working Group Working Documents Related references: (1) "Common Alerting Protocol (CAP) Provides XML Interchange Format for Public Safety Reports"; (2) "XML and Emergency Management." [cache]

  • [February 22, 2003] "Web Services Orchestration: A Review Of Emerging Technologies, Tools, and Standards." By Chris Peltz (Hewlett Packard, Developer Resource Organization). Technical Paper from HP Dev Resource Central (January 2003). 20 ages. "Web services technologies are beginning to emerge as a defacto standard for integrating disparate applications and systems using open, XML-based standards. In addition to building web services interfaces to existing applications, there must also be a standard approach to connecting these web services together to form more meaningful business processes. In 2002, a number of new standards were introduced to address this problem, including BPEL4WS and WSCI. The purpose of this paper is to provide a review of these emerging standards, to help the reader better understand how web services orchestration can be accomplished today. BPEL4WS primarily focuses on the creation of executable business processes, while WSCI is concerned with the public message exchanges between web services. WSCI takes more of a collaborative and choreographed approach, requiring each participant in the message exchange to define a WSCI interface. BPEL takes more of an 'inside-out' perspective, describing an executable process from the perspective of one of the partners. BPML has some complimentary components to BPEL4WS, both providing capabilities to define a business process. WSCI is now considered a part of BPML, with WSCI defining the interactions between the services and BPML defining the business processes behind each service. Orchestration, choreography, business process management, and workflow -- these are all terms related to connecting web services together in a collaborative fashion. The capabilities offered by web services orchestration will be vital for building dynamic, flexible processes. The goal is to provide a set of open, standards-based protocols for designing and executing these interactions involving multiple web services. To accomplish this, there are some basic requirements that have to be met. There is a need for asynchronous support in order to build reliability into the process. Strong transactional semantics and exception handling are required to manage both internal and external errors. There is also a need for a set of programming constructs to describe workflow. Finally, there has to be a way to link or correlate requests together to build higher-level conversations... It is unclear where the industry is going with the various standards. There is a fair amount of traction behind BPEL4WS from major players in the industry, and WSCI and BPML have already converged with each other... The ability to support a conversational model between web services is an important area that must be addressed by the web services standards. A conversational model for web services provides a more loosely coupled, peer-to-peer interaction model. These conversations involve multiple steps between parties, often involving negotiation between the parties. A peer-to-peer conversational model takes more of a third-person perspective, quite different from the standards presented in this paper. Even WSCI, which offers a somewhat collaborative model between web services, still takes a first-person perspective for any given WSCI document. [Hanson, Nandi, and Levine: 'Conversation-enabled Web Services for Agents and e-Business'] offers a good analogy to illustrate the difference between the business process standards and the conversational model for web services. The current web services model is analogous to a vending machine. There are a set number of buttons that can be pressed in a pre-defined order. A conversational model is more analogous to a telephone call, involving a series of exchanges between the parties at each end in a more flexible, dynamic fashion. At this time, IBM's Conversation Support for Web Services (CS-WS) is the only standard that claims to support this capability...

  • [February 22, 2003] "Exploring XML in Office 11. XML Capabilities in Store for Word and Excel Pack a Learning Curve." By Jon Udell. In InfoWorld (February 21, 2003). "Most business information lives in documents, not in databases. With the new XML features in Office 11, IT can start to bring database-like discipline to the creation and querying of those documents. For developers, schematization of business documents, such as resumes and expense reports, will be a long and gradual process. But Excel's new ability to read in and analyze XML data -- from XML-aware databases, Web services, and other sources -- will be immediately useful... This year's upcoming debut of Microsoft Office 11 will mark the start of a long process of education and adaptation... Here we explore how existing Office documents can benefit from the new features, how developers will prepare XML-aware Office templates, and how users will apply them to create and analyze XML data... After Office 11 ships, we face a classic chicken-and-egg scenario. Developers can't really learn the art of modeling data in business documents without user feedback. But users can't provide that feedback until they start actually working with XML-enriched documents. Office 11's XML support isn't a final solution. Rather, it allows for a long, difficult, and absolutely vital bootstrapping process. ... Nothing else in the Office suite will have anything like Excel's analytic prowess. Excel 11's newfound ability to absorb arbitrary schema-governed XML data, coupled with the explosion of XML data coming from everywhere -- Web services, XML-aware databases, the rest of the Office suite, and other emerging XML applications -- makes it more valuable. If you start with a raw XML file -- just data, no schema -- Excel will read the data and make a best-effort map to the grid. In the resulting worksheet, that data is immediately available for editing, sorting, charting, pivot-table analysis, and more. Of course when the data comes from a Web service, as it increasingly will, it is likely to be schematized. In that case, your options multiply. Once you associate a schema with the XML data, you can select elements shown in the XML Structure task pane. Under the covers, Excel creates the XPath queries that address those elements within the nested structure of the document. By dragging a set of selected elements to the worksheet, you create an XML data range that can absorb data from one or more XML files conforming to the schema..."

  • [February 22, 2003] "The .NET Classes StringInfo and TextElementEnumerator. These Two Members of the System.Globalization Namespace Handle Details of Unicode String Traversal." By Bill Hall. In MultiLingual Computing and Technology #54, Volume 14, Issue 2 (March 2003), pages 52-56. Programmers tend to become nervous when dealing with character encodings where a grapheme does not correspond exactly to a fixed width data element of storage... Fortunately, in today's object-oriented programming languages, it is possible to encapsulate methods and internal information into an object that handles Unicode string traversal. The programmer simply sets the starting position. From there, methods are available to move to the next character boundary and collect the one or more Unicode elements into an object representing the grapheme. No a priori knowledge about the nature of the elements and their relationship to other elements is required by the programmer. The class takes care of such details. In Microsoft.NET, the intricacies of string traversal are handled by the StringInfo and TextElementEnumerator classes. Both are members of the System.Globalization namespace. Although not yet implemented in Java, work is ongoing to develop comparable support since both .NET and Java have to support Unicode 3.2 for aesthetic as well as practical reasons. For example, the People's Republic of China now requires that software be able to manage all characters found in GB 18030-2000, of which some 40,000+ have Unicode equivalents that are surrogate pairs and thus require two Unicode elements per grapheme to encode... So, what are the issues involved in encoding graphemes in Unicode? The main ones are composite representations and surrogate pairs... .NET programmers should note that processing a Unicode string by moving from one Char element to the next may not be a suitable way of examining text if grapheme boundaries must be respected. For this purpose, use a combination of methods from the StringInfo and TextElementEnumerator classes..."

  • [February 22, 2003] "XACML Standard Controls Web Services Access." By Patricia Daukantas. In Government Computer News (February 21, 2003). "The Organization for the Advancement of Structured Information Standards this week approved the Extensible Access Control Markup Language (XACML) specification for Web services and documents. All previous policy languages were in proprietary formats, said Carlisle Adams, co-chairman of the OASIS XACML technical committee. XACML will be transportable between systems. Adams, principal security architect for Entrust Inc. of Addison, Texas, said the committee started working on the new language specification nearly two years ago. 'XACML cooperates with another recently approved OASIS standard, Security Assertion Markup Language, to create an authentication architecture for Web services. SAML defines a syntax for expressing assertions, such as a computer user's job title or security clearance, Adams said. A rules engine with policy statements written in XAML could compare the SAML assertions with its policies to determine whether the user should see confidential information'... See the announcement and related news item "Sun Microsystems Releases Open Source XACML Implementation for Access Control and Security."

  • [February 22, 2003] "Altio Makes Front-End Integration Smarter." By James R. Borck (Infoworld Test Center). In InfoWorld (February 21, 2003). ['AltioLive 3.0 hits new heights for Web-based applications built on Web services and data-centric resources.'] "EAI has a reputation as a necessary evil for the costly task of integrating years of legacy applications and valuable data. As enterprises seek to expose these old resources via new technology, including Web services, the rift between functionality and the limitations imposed by current browser-based technologies is ever more obvious. Facing the challenge head-on is Altio with its release of the AltioLive 3.0 platform... AltioLive delivers a means of integrating enterprise resources into a single interface that can be flexibly customized and extended. The solution's cost is well below that of traditional EAI, and it's more interactive than straight portal solutions. Easily implemented, the platform and IDE reduces the technical expertise required to extend Web services and backend resources and reduces deployment concerns... This release of AltioLive includes an overhauled IDE, adds offline resynchronization, real-time services management, and shores up better compatibility with Web services and XML standards. Although we would prefer to see client availability for mobile devices and better integration for XML-based transactional security, Altio hits the mark, scoring our highest rating of Deploy. The AltioLive production environment comprises the Presentation Server, which is a middleware servlet platform that manages XML-based communication streams, and a fat client applet running in a Web browser on the end-user's system. The fat client is an interface-rendering engine. It uses XSL to format raw XML data from the Presentation Server for use in the browser application. Altio provides an in-memory database, using a customized DOM and XPath interpreter, that allows data to be shared and reused locally among applications without constantly repolling the server... Altio received a profile boost in January thanks to an alliance formed with Sun Microsystems. The Sun ONE Portlet Server will begin bundling the AltioLivePortlet Edition development environment, boosting Sun's platform with added real-time, cross-application functionality and adding the benefit of bandwidth conservation. In the end, we found AltioLive 3.0 to represent the strongest overall offering available in the rich Internet application space today. It offers great opportunity for bridging user interfaces with the worlds of EAI and Web services that should not be overlooked..."

  • [February 21, 2003] "XML Advanced Electronic Signatures (XAdES)." Edited by Juan Carlos Cruellas (UPC), Gregor Karlinger (IAIK) Krishna Sankar Cisco). W3C Note 20-February-2003. Version URL: http://www.w3.org/TR/2003/NOTE-XAdES-20030220/. Latest version URL: http://www.w3.org/TR/XAdES/. "XAdES extends the IETF/W3CXML-Signature Syntax and Processing specification into the domain of non-repudiation by defining XML formats for advanced electronic signatures that remain valid over long periods and are compliant with the European 'Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures' [EU-DIR-ESIG] (also denoted as 'the Directive' or the 'European Directive' in the rest of the present document) and incorporate additional useful information in common uses cases. This includes evidence as to its validity even if the signer or verifying party later attempts to deny (repudiates) the validity of the signature. An advanced electronic signature aligned with the present document can, in consequence, be used for arbitration in case of a dispute between the signer and verifier, which may occur at some later time, even years later. This note adds six additional forms to XMLDSIG: (1) XML Advanced Electronic Signature (XAdES): Provides basic authentication and integrity protection and satisfies the legal requirements for advanced electronic signatures as defined in the European Directive but does not provide non-repudiation of its existence; (2) XML Advanced Electronic Signature with Time-Stamp (XAdES-T): Includes time-stamp to provide protection against repudiation; (3) XML Advanced Electronic Signature with complete validation data (XAdES-C): Includes references to the set of data supporting the validation of the electronic signature (i.e., the references to the certification path and its associated revocation status information). This form is useful for those situations where such information is archived by an external source, like a trusted service provider. (4) XML Advanced Electronic Signature with eXtended validation data (XAdES-X): Includes time-stamp on the references to the validation data or on the ds:Signature element and the aforementioned validation data. This time-stamp counters the risk that any keys used in the certificate chain or in the revocation status information may be compromised. (5) XML Advanced Electronic Signature with eXtended validation data incorporated for the long term (XAdES-X-L): Includes the validation data for those situations where the validation data are not stored elsewhere for the long term. (6) XML Advanced Electronic Signature with archiving validation data (XAdES-A): It includes additional time-stamps for archiving signatures in a way that they are protected if the cryptographic data become weak..." See "XML Digital Signature (Signed XML - IETF/W3C)."

  • [February 21, 2003] "Microsoft Rolls Out Rights Management Software." By Peter Galli and Mary Jo Foley. In eWEEK (February 21, 2003). "Microsoft Corp. on Friday finally unveiled its plans to integrate digital rights management technology across its entire product lines. The Redmond, Wash., company announced Windows Rights Management Services (WRMS), a new technology for Windows Server 2003 that will help secure sensitive internal business information including financial reports and confidential planning documents. An early alpha version of WRMS will be available to select testers next week, with a broad beta of the product, formerly code-named Tungsten, being released in next quarter. The product will work with applications to provide a platform-based approach to providing persistent policy rights for Web content and sensitive corporate documents of all types... DRM technology enables content creators, such as record companies, to encrypt content and define who can decrypt it and how they can use it. Microsoft is counting on increasing adoption of the technology to help drive demand for many of its current and future products... Microsoft currently offers a DRM system, Microsoft Windows Media Rights Manager, which is being used by seven music and video subscription services. There has been much speculation about the future of that technology when the updated DRM server was announced. Mike Nash, who is the corporate vice president of Microsoft's security business unit and is spearheading the DRM strategy for all of its product lines, said Friday that WRMS does not share any code in common with the DRM platform that Microsoft currently includes in its Windows Media Series products. Instead, WRMS will rely on XrML (Extensible Rights Markup Language), an emerging standard for the expression of rights on digital content... When the second beta of Office 2003 ships in early March, Microsoft will also make available to testers new APIs in the Office suite that will turn on the Information Rights Management's DRM features that are being included in that product. Finally, later this spring, Microsoft is planning to make its WRMS software development kit available to third-party software vendors, corporate developers and systems integrators. Nash noted that Microsoft's existing Windows Media DRM and its newly introduced WRMS are just two components of this strategy. Microsoft and third-party software vendors who sign on to use WRMS are likely to add the technology to other enterprise and consumer products in the future..." See details in the 2003-02-25 news story "Microsoft Announces Windows Rights Management Services (RMS)." Related references: (1) "XML and Digital Rights Management (DRM)"; (2) "OASIS Rights Language"' (3) "Extensible Rights Markup Language (XrML)".

  • [February 21, 2003] "Microsoft Details Rights Management Tech. Server Add-On Enforces Protection Policies." By Stacy Cowley and Joris Evers. In InfoWorld (February 21, 2003). "Microsoft said Friday it is developing add-on security technology for its forthcoming Windows Server 2003 operating system software that will allow organizations to implement rights-management protections on corporate documents such as e-mail messages and data files. The Windows Rights Management Services (RMS) will be able to enforce protection policies by controlling which users can access specific content and what access rights they are granted. Companies will, for example, be able to restrict content copying, forwarding and printing in applications such as portal, e-mail and word-processing software. However, only users of Microsoft's most recent products will be able to fully take advantage of the technology. RMS relies on the proposed XrML (Extensible Rights Markup Language) standard, an XML-based (Extensible Markup Language) language that is heavily backed by Microsoft but has yet to attract broad industry support. While Office 11, Microsoft's Office update scheduled for mid-2003, supports XrML and will work with RMS, older versions of Microsoft Office won't work with the technology, including the currently available Office XP..." See references in previous bibliographic entry and in the 2003-02-25 news story "Microsoft Announces Windows Rights Management Services (RMS)."

  • [February 21, 2003] "Mapping Between UML and XSD." By David Carlson (Ontogenics Corp). From XMLmodeling News Volume One, Issue Two (January 28, 2003). "One of the principal advantages of using UML when designing XML vocabularies is that the model can serve as a specification which is independent of a particular schema language implementation. W3C XML Schema is the most common choice right now, but we hope that business vocabularies (and other non-business technical markup languages) have a long life and will be implemented using alternative new schema languages. To achieve this goal, we need to define a complete and flexible mapping between UML and each implementation language. Given that UML was originally intended for object-oriented analysis and design, the mapping is most straightforward for languages that have an object-oriented flavor... A bi-directional mapping between UML and schemas is specified in the form of a UML Profile. The purpose of a UML profile for this or any other use is to extend the UML modeling language with constructs unique to an implementation language, analysis method, or application domain. The profile extension mechanism is part of the UML standard; it was expanded in the recent UML version 1.4 and will be further expanded when UML 2.0 is adopted this year. A UML profile (pre version 2.0) is composed of three constructs: stereotypes, tagged value properties, and constraints. A stereotype defines a specialized kind of UML element; for example, the XSDcomplexType stereotype defines a specialized kind of UML Class, and XSDschema defines a specialized kind of UML package. Tagged values define properties of these stereotyped elements. So the XSDschema stereotype includes a targetNamespace property. By assigning this stereotype to a UML package and setting a value for this property, we have augmented the UML modeling language with information used to generate a complete XML Schema document from an abstract vocabulary model. Similar stereotypes and properties are defined for all XML Schema constructs. A profile constraint specifies rules about how and where stereotypes and their tagged values can be used in a model. These rules should include what are often called co-constraints: how the value of one property constrains the values of other properties..." Related references in: (1) "XML Schemas"; (2) "Conceptual Modeling and Markup Languages."

  • [February 21, 2003] "WS-Security: New Technologies Help You Make Your Web Services More Secure." By David Chappell. In Microsoft MSDN Magazine (April 2003). ['Without good security, Web Services will never reach their potential. WS-Security and its associated technologies, the focus of this article, represent the future of security for Web Services. Provided here is an overview of these emerging security standards that explains what they do, how they work, and how they get along together. Topics discussed include integrity and confidentiality and how these are provided by public key cryptography, WS-Security, and more. Some of the key components of WS-Security, such as the wsu namespace, are also covered.'] "Web Services without effective security aren't very useful. Yet the original creators of SOAP chose to put off defining how this problem should be solved. This was a defensible decision, since getting Web Services off the ground meant keeping them simple -- and providing security is seldom simple. The problem, however, can't be put off forever so Microsoft and IBM, among others, are working together to address this issue. Their efforts have resulted in a group of specs for providing Web Services security, the most important of which is WS-Security. With this article I'll provide a big-picture view of how these technologies work. From one perspective, the task facing the creators of Web Services security looks simple. After all, effective mechanisms already exist for distributed security, including Kerberos, public key technologies, and others, so the task these creators faced wasn't inventing new security mechanisms. Instead, their goal was to define ways to use what already existed in a Web Services world, a world built on XML and SOAP... The fundamental technology for adding security to SOAP is defined by WS-Security. Its ambitious goal is to provide end-to-end message-level security for SOAP messages, and yet the WS-Security spec isn't especially hefty, weighing in at just over 20 pages. This is because WS-Security defines very little new technology but instead defines a way to use existing security technology with SOAP... Effective security for Web Services is essential. Given that most of what's needed is already in place (and the problem is simply a matter of mapping this existing security technology to XML and SOAP), you might think that WS-Security and its associated specs would be very simple (and this article would be very short). Yet accommodating the diverse security mechanisms in use today, along with allowing for those that will appear tomorrow, requires a nontrivial set of technology. Once this technology is in place, the world of secure and interoperable Web Services that we'd all like to see can become a reality. I don't know about you, but I can't wait for this day to arrive..." General references in "Web Services Security Specification (WS-Security)."

  • [February 21, 2003] "Web Map Context Documents." Edited by Jean-Philippe Humblet (IONIC Software sa). Request for Comment, OpenGIS Implementation Specification. From Open GIS Consortium Inc. Version 0.1.7, 2003-01-21. Reference number: OGC 03-036. 25 pages. Submitted to the GIS Consortium Inc. as a Request For Comment (RFC) by: Ionic Software (Belgium); GeoConnections / Natural Resources Canada; US National Aeronautics and Space Administration; DM Solutions; Social Change Online; Syncline. Annex A.1: Web Map Context Document XML Schema; A.2: Web Map Context XML Example. "This specification applies to the creation and use of documents which unambiguously describe the state, or 'Context,' of a WMS Client application in a manner that is independent of a particular client and that might be utilized by different clients to recreate the application state. This specification defines an encoding for the Context using Extensible Markup Language. This specification is relevant to Clients of the OGC Web Map Service (WMS 1.0, WMS 1.1.0, WMS 1.1.1)... This document is a companion specification to the OpenGIS Web Map Service Interface Implementation Specification version 1.1.1, [which] specifies how individual map servers describe and provide their map content. The present Context specification states how a specific grouping of one or more maps from one or more map servers can be described in a portable, platform-independent format for storage in a repository or for transmission between clients. This description is known as a 'Web Map Context Document,' or simply a 'Context.' A Context document includes information about the server(s) providing layer(s) in the overall map, the bounding box and map projection shared by all the maps, sufficient operational metadata for Client software to reproduce the map, and ancillary metadata used to annotate or describe the maps and their provenance for the benefit of human viewers. A Context document is structured using eXtensible Markup Language (XML). Annex A of this specification contains the XMLSchema against which Context XML can be validated. There are several possible uses for Context documents: (1) The Context document can provide default startup views for particular classes of user. Such a document would have a long lifetime and public accessibility. (2) The Context document can save the state of a viewer client as the user navigates and modifies map layers. (3) The Context document can store not only the current settings but also additional information about each layer (e.g., available styles, formats, SRS, etc.) to avoid having to query the map server again once the user has selected a layer. (4) The Context document could be saved from one client session and transferred to a different client application to start up with the same context. Contexts could be cataloged and discovered, thus providing a level of granularity broader than individual layers... This document directly supports only persistence of portrayed maps created by one or moreWeb Map Server bindings, but provides an extensibility mechanism for Web Feature Server and other types of service and persisted interface object states. It is expected that these will be developed and added to the formal schema in a backward compatible fashion. A specified filename extension such as .cml and .ccml has been proposed for Contexts and Context Collections. This may be added to the section dealing with Mime Type..." See the announcement: "OGC Seeks Comment on Proposed Web Map Context Specification." [cache]

  • [February 21, 2003] "Sun Trumpets Royalty-Free Web Services Specs. Company Challenges Microsoft, IBM." By Paul Krill. In InfoWorld (February 20, 2003). "Royalty-free industry specifications are needed to enable Web services to fulfill its potential as a mechanism for business process integration on a massive scale, Sun officials stressed during a Sun 'Chalk Talk' session in San Francisco on Thursday. Any requirement that specific vendors be paid royalties for use of their technologies in standardized Web services specifications could stifle the growth of Web services, said Mark Bauhaus, Sun vice president of Java Web services. Sun wants its royalty-free position to be accepted by other members of the Web Services Interoperability Organization (WS-I) and is running for election to a seat on the WS-I governing board in March. Specifically, Microsoft and IBM need to embrace royalty-free Web services, specifications, according to Bauhaus. With the vast increase in devices accessing the Internet, which could eventually number into the billions, and the low cost of Internet access, Web services are poised for dramatic growth as a business process integration mechanism for a variety of applications, Bauhaus said, but Web services must be royalty-free and based on open standards, and specifications must be converged. 'The headlines that we're writing now are about Web services. Is it going to be royalty-free or is someone going to hijack it?' Bauhaus said. He noted that IBM and Microsoft have produced a proposed specification for automating interaction between Web services, called Business Process Execution Language for Web Services (BPEL4WS). This proposal has not yet been submitted to a standards organization. Sun has a competing proposal, Web Services Choreography Interface (WSCI), being examined by the World Wide Web Consortium (W3C)... An IBM representative, in response to an inquiry Thursday about the company's stance on royalty-free Web services specifications, released this statement: 'IBM has already committed to royalty-free licensing on Web services specifications like SOAP, WSDL, and BPEL4WS, and we participate very actively in open-source implementations. We explore everything on a case-by-case basis.' A Microsoft representative released this statement Thursday: 'Microsoft's overarching goal is broad adoption of advanced Web services specifications. [Microsoft officials] can't make a blanket statement about licensing provisions as different specifications have different underlying technologies and different standards bodies have different licensing policies. Microsoft has made major technologies such as SOAP and WS-Security available without royalties and will continue to comply with the intellectual property licensing policies of the various standards bodies with whom we work.' Sun announced intentions to join WS-I last October after initially being shut out of the organization's formation a year ago. Microsoft and IBM were the major founders. WS-I is intended to be an open industry effort to promote Web services interoperability across platforms, applications, and programming languages..." See: (1) "Business Process Execution Language for Web Services (BPEL4WS)"; (2) "Web Services Interoperability Organization (WS-I)"; (3) "Patents and Open Standards."

  • [February 20, 2003] "Ten Things to Know About XDocs. InfoPath a Huge Step in the Right Direction. [Strategic Developer.]" By Jon Udell (InfoWorld Test Center). In InfoWorld (February 19, 2003). ['Jean Paoli, the architect of Microsoft Office's XML capabilities, recently spent several hours showing me Microsoft's newest Office family member, InfoPath (formerly XDocs, originally NetDocs). Here are 10 things you should know about this revolutionary piece of software.'] Excerpts: (1) You use it to gather and view semi-structured information: The most obvious example of such data-gathering is the business form. While acknowledging the marketing need to brand InfoPath as a forms application, Paoli insists -- rightly -- that there is more to the story. To the user, InfoPath is a general-purpose viewer and editor of business information. To the developer, it's a power tool for building applications that view, edit, and transform XML data. (2) Users create and maintain high-quality data: Like Office 11 and Excel 11, InfoPath can bind an XML Schema to a document, can interactively validate the document against the schema, and can prevent the user from saving the document in an invalid state. In addition to schema constraints, you can attach extra validation rules. For this purpose, the InfoPath design mode includes an XPath-aware expression builder. (3) It is aggressively standards-based: Word 11 can save formatted documents in an XML format called WordML, or it can save schematized data without formatting as generic XML. Although these two modes are both standard in their use of XML, they are nevertheless quite distinct from one another. In the latter case you use XSLT to apply the WordML styling to a core of pure structured data, but it's optional. With InfoPath, XSLT isn't an option. The document's core of structured data is always expressed through one or more views, and those views are XSLT transformations. InfoPath's more unified model does not derive from Word, but rather from Paoli's former project, Internet Explorer. In an InfoPath document, formatted text is expressed as XHTML (the schema for which must be bound to the document), and all styling is accomplished by means of standard CSS (Cascading Style Sheets). InfoPath also provides a DOM (Document Object Model) accessible to scripting languages such as VBScript and JavaScript...(8) It breaks the XSLT bottleneck: Even if you've drunk the XSLT Kool-Aid and know how a powerful a language it is, you'll probably admit that XSLT programming is no walk in the park. The InfoPath designer can, crucially, generate the XSLT code needed to map between complex XML data and useful views of that data. Like all visual tools it has limits, which you can escape from by defining regions within the generated code for handwritten extensions. That said, the designer works very hard to make intelligent mappings between XML structures and user-interface controls. Such automation should help prevent XML transformation from becoming the IT bottleneck of the Web services era..." See the full article for context. General references: "Microsoft Office 11 and InfoPath [XDocs]."

  • [February 20, 2003] "XP and XML." By Eric van der Vlist. From XML.com (February 19, 2003). ['Eric van der Vlist on the benefits of combining XML and Extreme Programming.'] "I am convinced that both XP and XML could benefit from working more closely together. And there may even be some hope for remote pair programming. I can't pretend to have real experience with XP but only with some of its practices, which I have been able to follow despite my remoteness. Therefore, most of this article is theoretical, but I hope that these ideas will still be useful... The XP practices rely heavily on communication between team members and a fluidity of the code that is continuously refactored. Communication and fluidity are where XML excels. One might think that implementers of XP tools and even XP users would have been eager to use XML pretty much everywhere. This is not really the case and even though a few XML applications have been developed for some practices, I haven't found any cross practices effort to define a XML framework that could facilitate XP as a whole... Being feebly tooled appears to be a more general characteristic of XP. During my research I was surprised to see that there doesn't seem to be an 'XP IDE' taking care of the twelve practices; on the contrary, XP developers rely on conventional tools: text editors, browsers, CVS repositories, Wiki-wiki webs, instant messengers or IRC. The two practices which are the most advanced in terms of tools are probably testing, with the development of the 'xUnit' test frameworks, and refactoring, traditionally strong in the Smalltalk world, which has greatly influenced XP... XP can be used right now to implement XML applications and it appears that this is a matter of mindset and tool availability more than any real incompatibility between XML and XP. It would definitely be nice if XML developers, designers and architects had more of a 'XP mindset,' and were eager to follow the 'Simple Design' practice... Although the reluctance of the XP community toward XML noted last year by Leigh Dodds is persisting, there is a huge opportunity to make XML a technology of choice for implementing better tools for XP, and the XML community still has lots to learn from the XP community..."

  • [February 20, 2003] "An Introduction to the Relaxer Schema Compiler." By Michael Fitzgerald and Tomoharu ASAMI. From XML.com (February 19, 2003). ['An introduction to using the Relaxer schema compiler.'] "Relaxer is a Java schema compiler for the XML schema languages RELAX NG and Relax Core. Using the Document Object Model, among other APIs, Relaxer generates Java classes based on schemas. It can also create classes based on XML document instances. The classes that Relaxer generates provide methods that allow you to access instances that are valid with regard to the compiled schemas, for use in your own programs that rely on the generated classes... In addition to compiling schemas, Relaxer can also generate DTDs, RELAX NG schemas, Relax Core schemas, W3C XML Schema (WXS) schemas, and XSLT stylesheets. You can also create Java classes that support, among other things, SAX, Java Database Connectivity (JDBC), classic design patterns, such as composite and visitor, factories, and components for Enterprise JavaBeans, Remote Method Invocation (RMI), and the Java API for XML Messaging (JAXM). The generation of schemas, stylesheets, and Java classes will be covered in this article... We will present a series of brief examples. In order to run these, you will need the SDK for Java 2 version 1.4 or higher (the latest SDKs are available for download from Sun's Java web site). Relaxer requires JAXP (Java API for XML Processing), which comes with version 1.4. You can run Relaxer with earlier versions of Java, such as 1.3.1, but it requires a separate download and installation of JAXP. You will also need a copy of the latest version of Relaxer... Relaxer has many other features which we cannot cover here. This article only deals with a few of its fundamental features, including schema, stylesheet, and Java generation. To continue exploring Relaxer, visit the Relaxer site, where you will (soon) find a tutorial and reference manual..."

  • [February 20, 2003] "The Pace of Innovation." By Kendall Grant Clark. From XML.com (February 19, 2003). ['Kendall Clark says that despite XML's success, it still has problems.'] "For all of XML's undeniable success, there remain significant problems. The most conspicuous of these, if we take an historical view, is surely the state of tools meant to aid in the creation of XML by humans. Every programming language has one, if not many ways to create XML programmatically, many of them clever indeed. But the 'XML editor for humans' area remains underdeveloped, particularly if we judge maturity by reference to more than five years of complaints about and claims for more tool support, by both vendors and advocates alike. Have we all simply misjudged how hard it is to build XML tools, including editors, with which ordinary people can create XML content naturally and simply? Rick Jelliffe suggested that the state of tool support has left at least one class of XML users, those in publishing, unsatisfied: 'By making it easy for developers, we have a lot of software which is good for data transmission but still very little that is an advance for data capture'. To which Jonathan Robie responded by offering a rundown of available, relevant tools, including 'XML editors for writing structured documents, XForms for entering data in web browsers, and software for publishing XML...from databases'. Robie also mentioned the XML facilities in the forthcoming major release of Microsoft Office. So why are publishing users unhappy? Is their unhappiness, Robie asked, a 'matter of getting the tools written, as opposed to issues with XML per se?' There may be something wrong with XML per se in this regard. Or, more accurately, there may be something wrong with the way XML developers tend to think about XML and about creating it which doesn't mesh well with the ways in which ordinary people think about content and its creation. Simon St.Laurent expanded on this theme: A lot of developers see XML editing as filling structured containers with appropriate content, and the containers should more or less guide you as to the content. This can mean that a huge amount of detail needs to be dealt with at one pass, and it often has meant that developers create interfaces which are actually more difficult to use than paper forms. Leaving markup for later lets people focus on the information as they see it rather than forcing them from the outset into someone else's preferred boxes'... The economic perspective also implies a rather unsettling fact -- unsettling if you are, like me, a long time critic of Microsoft. It implies that the XML facilities in the next major release of Office are the very best, realistic hope for the future of the documents side of XML, at least in terms of mass market success. No other entity in the industry (in any industry, for that matter) is as able to swing mass numbers of computers users toward or away from specific technological solutions. That Microsoft has gained such an ability by virtue of its position as an adjudicated monopolist is in some very real sense beside the point. If you keep a flame burning for the XML-as-document position, outside of Microsoft and a few other notables like Topologi, it is and will likely remain slim pickings for