The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
SEARCH | ABOUT | INDEX | NEWS | CORE STANDARDS | TECHNOLOGY REPORTS | EVENTS | LIBRARY
SEARCH
Advanced Search
ABOUT
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors
NEWS
Cover Stories
Articles & Papers
Press Releases
CORE STANDARDS
XML
SGML
Schemas
XSL/XSLT/XPath
XLink
XML Query
CSS
SVG
TECHNOLOGY REPORTS
XML Applications
General Apps
Government Apps
Academic Apps
EVENTS
LIBRARY
Introductions
FAQs
Bibliography
Technology and Society
Semantics
Tech Topics
Software
Related Standards
Historic
Last modified: June 30, 2003
XML Articles and Papers June 2003

XML General Articles and Papers: Surveys, Overviews, Presentations, Introductions, Announcements

Other collections with references to general and technical publications on XML:

June 2003

  • [June 30, 2003] "Gaining Perspective On Digital Identities." By Paul Desmond. In Network World (June 30, 2003). "You can build it, you can buy it, but you can't escape the need for identity management... Identity management involves dealing with individuals in an online world. Ideally, it provides a single view of every individual across IT systems throughout the organization. Experts agree that the problem is the same whether those individuals are employees, customers or business partners. The goal is to 'understand who you're working with and what they need,' says Joe Duffy, global leader of PricewaterhouseCooper's (PWC) Security and Privacy Practice... Most identity management strategies start with some form of directory services integration, says Kevin Kampman, senior consultant with Burton Group. The idea is to have a single 'authoritative source' for each piece of data. Multiple authoritative sources might be associated with the same individual, depending on the data in question. For example, the human resources application would be the authoritative source for fiduciary employee records, while Active Directory holds e-mail addresses. One option is a metadirectory, which brings a consolidated view of data in various directories in the corporation. Largely homogeneous organizations might implement an all-encompassing enterprise directory, but it's unlikely you'll ever get down to just one... With the directory in order, integrating applications can begin. Centralized access management can be implemented in a number of ways, but generally, when a user attempts to log on to a Web application, the logon request is routed to the access management engine. There the user is properly authenticated, with at least a username and password. Often some form of software-based security token that denotes the user's credentials is then passed to the application. Should the user later want to access other applications, the token can be shuttled around as necessary behind the scenes, so the user doesn't have to log on to each new application. A number of vendors, including IBM, Netegrity and Oblix, sell Web access management products that provide authorization. T. Rowe Price uses IBM Tivoli Access Manager, and CUNA Mutual uses Oblix's NetPoint. While such systems easily can hook into Web-based applications, integration with client/server applications likely will require more time-consuming and costly custom integration work..." See also the sidebar "Identity Management Tips: Eight Suggestions On How to Implement Identity Management Smoothly."

  • [June 30, 2003] "Sun Drives New Security Offering." By Dennis Fisher. In eWEEK (June 30, 2003). "Sun Microsystems Inc. and PeopleSoft Inc. are set to announce a new identity management solution that will tie human resources and other back-office systems into the IT security infrastructure. The goal: to help enterprises cut costs and maintain tighter control over who accesses their networks. The joint offering will be a standards-based solution built on Sun ONE Identity Server and use PeopleSoft's broad portfolio of products in the HR and human capital management categories. The goal is to automate and streamline the process of establishing accounts for new employees and deleting them for people leaving the company -- all the while ensuring that each person has access only to the resources to which he or she is entitled. Sun and PeopleSoft are not alone in spotting this opportunity. A smaller security vendor, M-Tech Information Technologies Inc., this week will introduce a new version of its ID-Synch software, which performs many of the same functions and includes support for a broad range of platforms and authentication methods. Version 2.0 of ID-Synch has many new features, which should enable it to compete head-on with the Sun-PeopleSoft offering, which will be announced July 9, 2003. Sun and PeopleSoft are also bringing Waveset Technologies Inc. into the fold as part of their solution. Waveset, based in Austin, Texas, will provide the core provisioning and identity management technologies that will be under the covers of the solution... M-Tech, based in Calgary, Alberta, has added a number of new capabilities to ID-Synch. The biggest addition is the automated access management feature. This enables the software to monitor a system of record, such as PeopleSoft, and look for changes in the database. For example, if an employee in the accounts payable department transfers to accounts receivable, ID-Synch will see that change in the system and automatically revoke or grant access to various applications and systems based on the user's new role. These changes are handled by an authorization workflow that then passes the requests to the system's proprietary fulfillment engine. The engine supports both SOAP (Simple Object Access Protocol) and XML and is set up as a Web service to execute the changes and adjustments that have been authorized. ID-Synch 2.0 also includes a delegated management mode -- in addition to support for centralized management -- that enables departmental or regional administrators to manage local users..." See also the M-Tech announcement: "M-Tech Announces Availability of ID-Synch v2.0. Industry's Most Flexible Access Management Solution Delivers Broadest Functionality."

  • [June 30, 2003] "Using the Jakarta Commons, Part 1." By Vikram Goyal. From O'Reilly ONJava.com (June 25, 2003). ['Ever find yourself thinking "Someone's surely solved this problem before?" That's the beauty of open source. In this first of three articles, Vikram Goyal explores the Jakarta Commons, mature and well-defined reusable Java components.'] "The Jakarta Commons is a Jakarta subproject that creates and maintains independent packages unrelated to any other framework or product. The packages are a collection of components that serve small, useful purposes in their own right, and are usually server-centric. The Commons project is divided into two parts: the Sandbox and the Commons repository. The Sandbox is a test bed for trying out ideas by the Jakarta committers. This article explains the components that make up the repository. It will show you when to use a component in each repository, where to get it, and how to use it with a basic example... Reusability is the name of the game for the Jakarta Commons project. Packages that form part of this project are conceived with the aim of making them reusable... To be really reusable, each package needs to be independent of any other bigger framework or project. Thus, each package in the Commons project is largely independent, not only from other projects, but mostly of other packages as well. Deviations exist, but mostly to the extent of using well-set APIs. For example, the Betwixt package depends on the use of XML APIs. The primary aim though, is for these packages to work straight out of the box using a set of well-defined interfaces. The brevity of most packages, however, has led to a brevity of documentation, poor maintenance, and lack of support. Some suffer from incorrect links and very sparse documentation. With most packages, you are left to figure out for yourself how to use them or, in some cases, why to use them. Hopefully this article will answer some of those questions... XML-related components include (e.g.,) Betwixt, Digester, Jelly, and JXPath. In this article, I will cover the Web-related and the Trivial categories; my next article will cover the XML-related and Packages categories. The final article will describe the components in the Utilities category... The reason the CLI, Discovery, Lang, and Collections packages are categorized [here] as Trivial is because they each serve a very small, yet very useful purpose... In the next installment of this article, I will cover the XML and Packages categories. The final installment will cover the Utilities package. Note: Jakarta Commons is different from Apache Commons; the latter is a top-level project of the Apache Software Foundation..."

  • [June 30, 2003] "FTP Transport for Secure Peer-to-Peer Business Data Interchange over the Internet." By Terry Harding and Richard Scott (Cyclone Commerce). IETF EDIINT Working Group, Internet Draft. Reference: 'draft-ietf-ediint-as3-00.txt'. March 2003, expires October 2003. "This document describes how to exchange structured business data securely using FTP transfer for XML, Binary, Electronic Data Interchange, (EDI - either the American Standards Committee X12 or UN/EDIFACT, Electronic Data Interchange for Administration, Commerce and Transport) or other data describable in MIME used for business to business data interchange. The data is packaged using standard MIME content-types. Authentication and privacy are obtained by using Cryptographic Message Syntax (S/MIME) security body parts. Authenticated acknowledgements make use of multipart/signed replies to the original HTTP message. An FTP upload operation is used to send appropriately packaged EDI, XML, or other business data. The receiving application will poll the FTP server for inbound messages, unpackage and handle the message data and to generate a reply for the originator that contains a message disposition acknowledgement within a multipart/report that is signed or unsigned. This request/reply transactional interchange provides secure, reliable, and authenticated transport for EDI or other business data using FTP. The security protocols and structures used also support auditable records of these transmissions, acknowledgements, and authentication... The purpose of these specifications is to ensure interoperability between B2B Electronic Commerce user agents, invoking some or all of the commonly expected security features. This document is also NOT limited to strict EDI use, but applies to any electronic commerce application where business data needs to be exchanged over the Internet in a secure manner..." [IETF source]

  • [June 30, 2003] "Management Standards: Keeping an Open Mind." By Denise Dubie. In Network World (June 30, 2003). "Customer demand for open software is driving countless vendors, such as HP, IBM and Microsoft, to work more closely with industry organizations to develop common protocols, languages and industry standards for network and systems management. Management standards, such as SNMP and Common Information Model (CIM) -- now in Version 3 and 2.7, respectively -- came into being years ago. Yet widespread excitement over standards work has remained lackluster - until recently. In the past two years, the poor high-tech economy and demand for new Web-based technologies caused the Distributed Management Task Force (DMTF) and its peer standards groups to stir the pot a bit and start working on multipurpose standards that could help network executives get control of today's distributed applications. Several industry organizations work with corporate end users as well as their member vendor companies and developers to create a means to an end - the end being open, interoperable and manageable information systems. 'Many technologies can make up a standard, and there are a lot of variables we need to consider,' says Patrick Gannon, president and CEO of the Organization for the Advancement of Structured Information Standards (OASIS). 'But ever since the dot-com bust, end users have been more particular about where they spend their money, and using standards-based products can increase the value of their current and future IT investments'... Microsoft, IBM and VeriSign last year published a proprietary specification for Web services specifically, while OASIS continues to work on an open standard for Web services security. The Global XML Web Services Architecture is a framework that Microsoft and IBM are developing (along with BEA Systems, RSA Security, SAP and VeriSign), to give Web services higher-level abilities for security and reliability. Last summer some 17 vendors submitted the code-named Bluefin specification to the Storage Network Industry Association (SNIA), which is expected to announce Version 1.0 of the newly named Storage Manage Initiative Specification (SMI-S) next month. SMI-S proposed to give storage customers a way to manage multiple storage appliances from different vendors. Before the proposed specification, enterprise storage managers would have had to manage each storage appliance with vendor-specific tools and work to integrate the disparate information manually. 'Customers want interoperability, and vendors on their own can't deliver that,' says Ray Dunn, marketing manager for SNIA's Storage Management Forum. 'Today, vendors are willing to work together to create a baseline for interoperability and then add their differentiation on top for a competitive advantage.' But unlike one of the oldest -- and probably most ubiquitous -- management standards, SNMP, the specifications under development today can't be called simple by any means..." See related references in: (1) "DMTF Common Information Model (CIM)"; (2) "XML-Based Provisioning Services"; (3) "Management Protocol Specification."

  • [June 30, 2003] "New Java Aims to Simplify." By Stephen Shankland. In CNET News.com (June 30, 2003). "Sun Microsystems released a new version of its Java for desktop computers on Friday that aims to make the software faster, more familiar in appearance, and less daunting for nonprogrammers. Among other changes, the new version 1.4.2 of Java 2 Standard Edition will include buttons, menu bars, and other graphical elements that match the feel of Windows XP or the Gnome interface to Linux. Version 1.4.2 also offers a new control panel, an automatic update feature, and a swifter response when taking actions such as displaying a list of files stored on a hard disk. The friendlier interface is part of an effort by Java inventor Sun to make Java software that average consumers will recognize and demand. Earlier this month at its JavaOne trade show, Sun announced a multimillion-dollar branding campaign to try to etch the Java logo and value into consumers' minds... At JavaOne, Sun said version 1.4.2 was imminent. Its importance has increased with the announcement that the top two PC makers, Dell Computer and Hewlett-Packard, will bundle Java on their laptops and desktops. Those deals have taken on added significance for Sun since a court decision last week that overturned a previous requirement that Microsoft include Java with Windows. Java lets a program run on many types of computers, such as those running Mac OS, Windows or Linux, without having to be changed for each one. That universality could undermine the power of Microsoft, whose Windows operating system is the foundation for most desktop computer software. Though Java initially was released as a desktop computing software product, its successes to date have been in areas where Microsoft isn't as strong: servers and cell phones. To tout Java's advantages, Sun established a new Java.com Web site..."

  • [June 30, 2003] "Web-based XML Editing with W3C XML Schema and XSLT, Part 2." By Ali Mesbah and Arjan Vermeij. From XML.com (June 25, 2003). ['Generating instance document-editing GUIs from schemas is a commonly requested feature; this week we have a follow-up to Ali Mesbah's first article about using XSLT and W3C XML schema to create HTML GUIs for editing. This latest installment covers what was missed from the first part: how to create a new document from scratch, and how to add elements into a document.'] "In an earlier article we talked about an approach to automatic, form-based GUI generation based on XML Schema -- an approach which uses a single XSLT stylesheet, through which editing XML instance documents is made possible. Open issues remained as how to add new elements to an instance document and how to create an initial instance of our schema. One of the most common uses for schemas is to verify that an XML document is valid according to a set of rules. A schema can be used to give the order in which elements must appear or their type. We are also able to define the cardinality of the elements in the schema. This information can be used to insert (or delete) elements to (or from) an instance document while keeping the instance document valid... This current article describes a methodology by which elements can be inserted into an XML instance document through an auto-generated, form-based GUI, based on the XML Schema of the instance document and XSLT. The capability of editing and inserting or removing elements using the corresponding XML Schema makes it a complete and functional approach for the implementation of an XML web-based editor..."

  • [June 30, 2003] "Finding IDs." By John E. Simpson. From XML.com (June 25, 2003). ['In this installment of his monthly XML Q&A column John explains how to use XPath with XML IDs.'] "Q: 'Is there a syntax for [addressing ID attribute values] in XPath 1 or one being considered for XPath 2.0?' A: "Instead of a simple 'named anchor'-style selection, use the id() function to locate the element in question. It takes one argument, the ID value(s) you're looking for... if the ID attributes are undeclared you can still locate the right element, assuming no two elements share the same ID value... if the argument is a node-set, the id() function behaves quite differently. Rather than returning a single node, it returns a node-set containing all element nodes whose ID-type attributes match any of the string-values of nodes in the passed node-set. Thus the id() function can actually locate more than one node, which seems to be a contradiction... There's more than one way to obtain these results. Instead of using the id() function, for instance, you could use keys to locate the desired nodes. This is absolutely the way to go if the attributes in question aren't ID-type attributes in the first place. See Bob DuCharme's 'Declaring Keys and Performing Lookups' for more details.) Still, if you've got ID-type attributes you might as well take advantage of their uniqueness..."

  • [June 30, 2003] "How (Not) to Grow a Technology." By Kendall Grant Clark. From XML.com (June 25, 2003). ['Kendall Clark ponders how to grow a technology, especially an XML one. Do you opt for death-by-committee, or obscurity via community chaos? Into this discussion, Kendall covers the new community initiative afoot to throw away the troubled RSS specifications and reinvent one which has true consensus.'] "RSS -- in its endless variations and versions, both preceding and following version 1.0 -- has been the subject of interminable and painfully annoying debates and shouting matches, during which various rhetorical combatants have (or have not, depending on who you believe) muttered death threats. In other words, 'the market' can be a very hostile, ugly, and cruel way to do anything, much less to evolve a technology or grow a technology standard. [Roger] Costello's choice of RSS 1.0 has been made even more interesting by what appears to be yet another attempt by 'the market' to throw out RSS, and its bathwater, and to start over afresh and anew. Though the new effort doesn't yet, as of this writing, have an official name, I'm putting my money on 'Echo'. 'The market' has a curious habit of starting over from scratch from time to time, and the only consolation that it offers to people who've built various kinds of cottage industry around the 'old way of doing things' -- industries which are toppled by the sudden urge to create de novo -- is that maybe the new way will be better. But probably it will just be different. Echo seems likely to be a mixture of both the 'just different' and the 'better', with a few dashes of vendor-imposed but politically necessary perversity thrown in for good measure... Whatever else can be said about RSS, in which ever version you care about or hate most, it's been for the most part a very grassroots effort. And that's been one of the things about RSS which I liked the most. I'm not alone in being attracted to RSS because of its grassroots character... Except for the earliest Netscape versions, RSS hasn't been something that the Really Big tech companies cared about or even noticed -- and, let's face it, despite apperances to the contrary, in the early days of the Web, most of us didn't even think of Netscape as a corporation at all. Userland Software has been involved in RSS from early days, but Userland is a tiny speck compared to corporate behemoths like Microsoft, IBM, Sun. But with the 'rise of weblogs' (please, don't get me started), together with the relatively sudden appearance and then flourishing of RSS newsreaders as HTML browser semi-competitors (or competing supplements, if you prefer), suddenly there are all sorts of noises and rumblings from the Really Bigs that RSS has been noticed. And that can't be a very good thing in the long term for most of the toolmakers and cottage builders who cluster around RSS. It certainly isn't a good thing for lookers-on and users, like me, who like RSS because it is a grassroots affair..." On the RSS/Echo topic, see references in Tim Bray's ongoing blog entry "I Like Pie." General references in "RDF Site Summary (RSS)."

  • [June 30, 2003] "Software Patent Vote Delayed." By Matthew Broersma. In CNET News.com (June 30, 2003). "The European Parliament, facing mounting controversy over U.S.-style software-patenting legislation, has delayed a key vote until September. A Monday vote on a controversial software patents proposal in the European Parliament has been put back until September, amid criticism that the legislation would institute a U.S.-style patent regime that would be detrimental to European small businesses and open-source software developers. The proposed software-patenting legislation is the result of a European Commission effort to clarify patenting rules as they apply to 'computer-implemented inventions,' a term that includes software. The patent offices of various EU member states currently have different criteria for accepting the validity of software-related patents, a situation that the commission's proposal aims to remedy. However, opponents of the suggested legislation charge that its ambiguity would effectively allow most software to be patented, a situation that currently exists in the United States. Critics have compared that situation to allowing a monopoly on the ideas in novels... The Foundation for a Free Information Infrastructure, a software developer lobbying group, hailed the delay as a victory for the democratic process..." General references in "Patents and Open Standards."

  • [June 30, 2003] "Interview: Java Apps Revolve Around Sun. Sun's Rich Green, Jeff Anders Discuss Project Relator, JavaFirst." By Mark Jones and Jeff Anders. In InfoWorld (June 29, 2003). "From Project Relator to an internal program called JavaFirst, Sun believes it's time developers started treating mobile devices like real computers. Mark Jones, InfoWorld's executive news editor, spoke with Sun's Rich Green, vice president of developer tools, and Jeff Anders, group marketing manager, at June's JavaOne show." [Green:] "I think massive steps are being taken between the Java community, WSI, and others. All the JAX-RPC (Java API for XML-Based Remote Procedure Calls) stuff, all the J2EE 1.4 functionality, [and] Web services are probably the single most powerful bit of glue and protocol capability to build services-based systems. The WSI components, the WSI basic profile -- which is also going to be part of 1.4 -- add a lot more in terms of XML standardization and protocols for that. What we're going to do is keep evolving the Java platform and the interface model to deal with that. And in some respects, Java is further ahead because Java knows about transactions. Java really knows about security. Now it's possible through the EJB container model to build highly available applications just by enabling that at the container model. The question is, are there standards to express those between services? They're not all there yet. That's a Web services thing and not a Java thing. So you can build services-based architectures extremely effectively now with pure Java, not even using SOAP and XML, because of the fundamental capabilities of the platform and the protocols that it supports. But as the world converges on Web services, Web services has to be evolved to be able to express all of these notions that are there in the Java platform between Web services, regardless of the implementation technique... The whole point of JavaFirst is taking all these Web services systems and if you want to sort of squint and look into the future, it's about full services-based architectures. We want to make them available to mobile devices... So you have a big Web services system, you run the tool against it, and what you get is essentially a port that supports all these services. And you get a client that you download onto your mobile device that can talk to it. And then you just attach the interface to it and you're done..." [Anders:] "We have what we call the Sun ONE Studio Mobile Edition, which is a development environment for developers who want to build MID-P midlets, and that's really just a collection of plug-ins or modules that go into our Sun ONE Studio product... [In] Project Relator there's the ability to take something like a rich client and pick any of your favorite design tools to create sort of a graphic: Adobe, Macromedia, Illustrator. It allows you to take that tool and essentially create hot spots... What Relator allows you to do is create the hot spots and then tie that to pieces of Java code on the back end that, when you mouse over it or you click on it, then invokes an EJB or does whatever action you've specified on the back end. So that's one thing that we're doing to bring together the front-end client to something on the back end... In Javon the goal is to tie together the front-end client with the back end, to a J2EE type of server..."

  • [June 30, 2003] "The Future of Mozilla Application Development." By David Boswell and Brian King. From O'Reilly Mozilla DevCenter (June 27, 2003). ['Recently, mozilla.org announced a major update to its development roadmap. Some of the changes in the new document represent a fundamental shift in the direction and goals of the Mozilla community. In this article, David Boswell and Brian King analyze the new roadmap, and demonstrate how to convert an existing XPFE-based application into an application that uses the new XUL toolkit. David and Brian are the authors of O'Reilly's Creating Applications with Mozilla.'] "The biggest news in the roadmap update is that mozilla.org intends to stop development of the application suite it currently produces in favor of stand-alone applications. When Netscape created the Mozilla open source community, it released the code for its Communicator browser suite, which included a web browser, a mail and news client, an HTML editor, and an address book. Over the past five years the community has rewritten the code base and has added many new features and other applications to the suite. The community itself has changed over this time and producing a single monolithic set of applications is no longer its main goal. In place of the browser suite, development will focus on a stand-alone Mozilla Browser (based on the Mozilla Firebird project, formerly called 'Project Phoenix') and a Mozilla Mail application (based on the Thunderbird project, formerly called 'Project Minotaur'). Both of these applications represent a second generation of Mozilla application development... Developers who have been using Mozilla as a platform for creating their own XUL-based applications or add-ons will also have some changes to get used to. Although there will most likely be some pain in the transition, the changes in the roadmap represent positive steps that mozilla.org is taking to encourage Mozilla application development. The new roadmap is a strong endorsement of the concept of XUL and of Mozilla application development in general. There is a possibility for confusion when you take a closer look at what exactly the roadmap is talking about changing. In the transition from Mozilla as an application suite to Mozilla as a platform for application development, the specific XUL-based toolkit that has been in use to date is being replaced with a new XUL-based toolkit taken from the Phoenix project. XUL itself is not being replaced though, just upgraded... [This article] provides details about how the xFly application has been converted from the old toolkit to the new one. There is good news and there is bad news about the work involved in the transition from a Mozilla package to a Firebird extension. The good news is that the basic architecture of the application does not change -- XUL is still used in conjunction with other technologies such as JavaScript, CSS and XBL. The bad news is that there are some changes to be aware of -- there are minimal changes in XUL and XBL, but the biggest changes involve how things are packaged, registered and launched..." See also "Extensible User Interface Language (XUL)."

  • [June 30, 2003] "Architecting Security for Web Services." By Mark O'Neill (CTO, Vordel Limited). In JavaPro Magazine [Fawcette Technical Publications] Volume 7, Number 8 (August 2003). ['Take a look at the security challenges of Web services and how to address them with security architecture, including what it can offer going forward when XML traverses firewalls.'] "... There are three broad architectural options for Web services security: XML Gateway, Interceptor, and custom coded. XML Gateways (sometimes called XML firewalls or XML proxies) are software packages or appliances that filter XML traffic upstream of a Web service and block unauthorized traffic before it can reach a protected Web service. An XML Gateway enforces access control rules by processing security tokens contained within incoming SOAP messages, and by ensuring that the XML format and content is appropriate for the target. It may use SAML to establish the authentication status of an end user or to request attribute information, which is used to make an access-control decision. It is important that XML Gateways contain security adapters to existing security technology such as LDAP directories, traditional firewalls, and PKI. Otherwise, the overhead of rekeying rules and user profiles into an XML Gateway would be prohibitive. As much as possible, an XML Gateway should reuse security infrastructure that has preconfigured users, groups, and roles. A single XML Gateway can protect many Web services platforms. An XML Gateway does not have to share an operating system with the target Web service, because they are on separate host machines. This separation means that a Linux-based XML Gateway appliance can protect a mixture of .Net-based and Java 2 Platform, Enterprise Edition (J2EE)-based Web services. XML Gateways often perform transformation functionality as well as security. In the XML world, this feature amounts to implementing XSLT. An alternative architectural option is to deploy Interceptors on Web services platforms. These lightweight Interceptors make use of platform-specific hooks such as ISAPI Filters, JAX-RPC handlers, or Apache Axis handlers. The Interceptor (sometimes called an 'agent') then communicates with a centralized XML security server, which performs the processing of security rules. This architecture puts the security enforcement closer to the Web services application, when compared with the XML Gateway option. It also centralizes security processing just like in the XML Gateway scenario, meaning that the Web services application does not get bogged down with processor-intensive functionality such as cryptography. Also, like the XML Gateway architecture, the Interceptor architecture provides a central point of management and reporting for SOAP traffic. The Interceptor architecture differs from the Gateway architecture security in that security is enforced at the Web service end point itself, rather than requiring XML traffic to travel through an infrastructural device to be secured... Whatever solution is chosen, it's important that it is not limited to first-generation, inside-the-enterprise Web services and can also be applied to B2B Web services when the appropriate time comes. Inside-the-enterprise deployments may be useful for learning about Web services, but if a different security solution is to be used for B2B Web services, then the learning is in vain. Web services present novel security issues, but new industry standards and new XML security products are addressing these issues. There are architectural choices to be made when rolling out XML security, and making these decisions sooner rather than later is important..." [alt URL]

  • [June 30, 2003] "Producing Multiple Outputs from an XSL Transformation." By Oleg Tkachenko (Software Engineer, MultiConn International Ltd). In [Microsoft] Extreme XML (June 23, 2003). 17 pages. ['Oleg Tkachenko explains how you can postprocess XSL transformation results into multiple documents using the XslTransform and XmlTextWriter classes in the .NET Framework. Accompanying source requires that the Microsoft .NET Framework 1.0 be installed.'] "The W3C XSL Working group has created a requirement that the next version of XSLT language would support multiple output documents and accordingly the W3C XSLT 1.1 Working Draft (officially frozen) has introduced a notion of a subsidiary result document in order to meet this requirement. W3C XSLT 2.0 Working Draft has gone even further -- the concept of a principal and subsidiary result documents has been removed and all possible result documents have been given equal status. So although the story sounds promising for future versions of XSLT, current users of XSLT 1.0, such as users of the System.Xml.Xsl.XslTransform class or MSXML, do not have access to this functionality. To workaround this lack of functionality, a number of alternate solutions are usually recommended in XSLT-related MSDN Newsgroups including: (1) Preprocessing of the transformation input by breaking it into chunks and performing the transformation on each chunk in turnl (2) Creating result-tree fragments and writing them aside using extension functions or extension objects; (3) Postprocessing of the transformation result by splitting it into chunks and writing each chunk as a separate document... In this article, I'll show how the latter solution can be easily and effectively implemented in the .NET Framework using the XslTransform class and a customized XmlTextWriter class. Postprocessing the Result of XSL Transformation: The idea behind implementing multiple outputs by postprocessing is to introduce an additional custom layer, where further transformation occurs between the XSLT processor and consumer of the XSL Transformation results. This additional layer is where the multiple output logic is implemented. Let's name that layer the redirecting layer. This way the XSLT processor still produces a single result document, which contains both main result document and optional subsidiary result documents marked as such by some redirecting instructions. The redirecting instructions are elements that indicate the subsidiary result documents, as well as define where and how to redirect them. The redirecting layer passes the main result document further untouched, but redirects subsidiary result documents to the specified destination according to redirecting instructions... the demonstrated approach also has some additional virtues. First of all, it shares multiple output semantics with XSLT 1.1 and XSLT 2.0 Working Drafts, as well as with other XSLT processors, which supports multiple output through an extension element. This effectively means a solution based on such implementation can be easily ported to another XSLT processor and that it will be compatible with future XSLT 2.0 models. Moreover, even now such a solution may benefit from using the exsl:document element as defined by the EXSLT initiative , being compatible with all XSLT processors, supporting exsl:document extension element..."

  • [June 30, 2003] "Unlocking Information in Microsoft Office 2003 Using XML." By Chris Kunicki and Charles Maxson (OfficeZealot.com), and Frank C. Rice (Microsoft Corporation). Posted June 30, 2003; created May 30, 2003. 17 pages. ['Learn about a sample Web application built using ASP.NET that demonstrates how Microsoft Office documents can be processed and used external to the application that created them. The article provides a technical review of the Unlocking Information sample solution which comes with the Microsoft Office 2003 Beta 2 Content Development Kit (CDK). The sample is a Web-based application built using ASP.NET to show how Microsoft Office 2003 documents can be processed externally of their respective applications. Additionally, the sample demonstrates how Office documents can be accessed or repurposed for uses that range beyond Microsoft Office.'] "... Since many companies share Word and Excel documents with their client-base, Office is the common tool of choice to produce the documents. Additionally, many people need to generate and collaborate using these documents, so centralizing the application on a Web server makes the most sense. In the past, that meant manipulating Word and Excel on the server which was possible but less than optimal for many reasons. Now, with the XML capabilities and native file formats offered by Office 2003, developers can unlock Office data through a variety of methods. In the case of the Unlocking Information sample application, documents that have been created with Office 2003 are saved in an XML file format and loaded onto a Web-server where they await processing. When a user makes a request for the documents, the application loads the files as XML, prepares them on the server by inserting line-of-business and user driven data and saves them out as XML files adhering to the XSD Schema requirements that Word and Excel have defined. Upon completion, the user can request to view and work with those files in Word or Excel directly from the server, just as you would expect, even though they are still XML based. Whats more, since the Office documents simply reside in open standard XML files on the server, the user doesnt even require Office to view or edit the content Behind the scenes, the application begins a procedure where it loads each of the Office-created XML files as an in-memory XML Document object. In turn, each of the XML Documents are individually processed to insert the user provided data by using XPath to query to the appropriate nodes within the XML Document. The application contains several different routines designed with specific XPath queries that target individual elements within Office XML documents. These routines include logic to populate items such as the Document Properties, Defined Ranges, Bookmarks and Mapped XML Ranges found inside the XML Documents..."

  • [June 30, 2003] "BizTalk Server 2004 Stakes New Territory." By Jim Rapoza. In eWEEK (June 30, 2003). "The core piece of Microsoft's forthcoming Jupiter e-business suite, BizTalk Server 2004, looks like it will also be one of the premier business process management platforms available. Microsoft's upgrade offers many significant improvements, including finally supporting the XML Schema standard, which should expedite business process integration. eWEEK reviews foundf very good support for XML and Web services standards, with excellent design and mapping tools. The BizTalk Server developer tools now require Visual Studio .Net, which can be confusing at first... Probably the biggest, most positive change is that BizTalk Server 2004 will be based completely on the World Wide Web Consortium's XSD (XML Schema Definition). This means that companies using BizTalk Server for business integration should find it much easier to integrate with partners, Web services and other business process management systems. Microsoft has also made major changes in the BizTalk Server tools -- the biggest being that almost all the tools are now integrated into Visual Studio .Net. While this might be a little confusing for some users at first, it makes sense because the developers most likely to use these tools are probably already using Visual Studio .Net. Also, while these tools have been placed inside Visual Studio, they are still mainly the same, so developers shouldn't have to do a lot of retraining. One new tool that is integrated into Visual Studio .Net is the Pipeline Designer. This tool provided us with a drag-and-drop interface for building business process assemblies of how applications and components would react within an integration process. Also, a new Business Rules application made it possible to define rules for how processes would react to dynamically changing conditions. It is now easier for nondevelopers to use tools such as Visio for initial orchestration design and then have a developer build the orchestration using the integrated tools in Visual Studio .Net. Also, some business forms and processes can be built using InfoPath and then imported into BizTalk Server. InfoPath can also be used to deliver content to business workers. Other new features include good monitoring and reporting capabilities, which made it possible for us to track how our business process transactions were running and to test and debug our processes... In addition to its support for XSD, BizTalk Server 2004 also has good support for several other XML and Web services standards, including XSLT (Extensible Stylesheet Language Transformations), WS-I (Web Services-Interoperability) and BPEL (Business Process Execution Language). Of course, Web services is still a big part of what BizTalk Server does, both in managing and consuming them, and the new Visual Studio integration made it simple to add Web services to our business processes..." See the BizTalk Server 2004 Beta website.

  • [June 30, 2003] "Smooth Talkers: Speech Integration Technology Gives Customers and Employees Convenient Access to Back-End Data." By John Edwards. In CIO Magazine (July 2003). Emerging Technology. "Enterprises looking into speech integration face two basic speech technology choices. The oldest and simplest type of speech integration ('directed dialogue' products) prompts callers with a series of questions and recognizes only a limited number of responses, such as 'yes' and 'no,' specific names and numbers. A new and more sophisticated approach -- 'natural language' -- to speech integration handles complete sentences and aims to engage callers in lifelike banter with a virtual call center agent. The technology is also more forgiving of word usage. Directed dialogue tools, while less expensive than natural language systems, suffer from their limited recognition capabilities. As a result, they are mostly used for simple applications, such as automated switchboard attendants or credit card activators... A pair of emerging technologies -- VoiceXML and Speech Application Language Tags (SALT) -- are also helping to advance voice integration. Both specifications rely on Web technology to make it easier to develop and deploy speech integration applications. VoiceXML is an XML extension for creating telephone-based, speech-user interfaces. The specification lets developers create directed dialogue speech systems that recognize specific words and phrases, such as names and numbers. That style of interface is well suited to callers who have no screen from which to select options. SALT, on the other hand, provides extensions to commonly used Web-based markup languages, principally HTML and XHTML. It makes such applications accessible from GUI-based devices, including PCs and PDAs. A user, for example, might click on an icon and say, 'Show me the flights from San Francisco to Boston after 7 p.m. on Saturday,' and the browser will display the flights. Both specifications aim to help developers create speech interfaces using familiar techniques. 'You don't have to reinvent the wheel and program a new interface to get speech recognition access to your data,' says Brian Strachman, a speech recognition analyst at technology research company In-Stat/MDR..."

  • [June 30, 2003] "Memorandum for Multi-Domain PKI Interoperability." By Masaki Shimaoka (ECOM Trust.net Co., Ltd; Japan PKI Forum). IETF Network Working Group. Request for Comments, Draft. Reference: 'draft-shimaoka-multidomain-pki-00.txt'. June 2003. 14 pages. "This memo is used to share the awareness necessary to deployment of multi-domain PKI. Scope of this memo is to establish trust relationship and interoperability between plural PKI domains. Both single-domain PKI and multi-domain PKI are established by the trust relationships between CAs. Typical and primitive PKI models are specified as single-domain PKI. Multi-domain PKI established by plural single-domsin PKI is categorized as multi-trust point model and single-trust point model. Multi-trust point model is based on trust list model, and single-trust point model is based on cross-certification..." See general resources refereced from OASIS PKI Member Section website. [IETF source]

  • [June 30, 2003] "SPML Eases Information Exchange." By Darran Rolls (Waveset Technologies, Inc). In Network World (June 30, 2003). "Provisioning is the process of managing the allocation of system resources to employees, partners and contractors as part of identity management... Service Provisioning Markup Language (SPML) is an XML-based framework for exchanging user, resource and service provisioning information between organizations. The framework is expected to establish an open, standard protocol for the integration and interoperability of service provisioning requests. Developed by the OASIS Provisioning Technical Service Committee (PTSC), SPML 1.0 is slated for ratification in summer [2003]. PTSC interprets provisioning to mean the upfront preparation of IT system materials or supplies required to carry out pre-defined business activities. The committee goes beyond the initial contingency of providing resources to encompass the entire life-cycle management of these resources. This includes provisioning of digital services such as user accounts and access privileges on systems, networks and applications, as well as the provisioning of non-digital or physical resources such as cell phones and credit cards. The sole purpose of a provisioning service in a network is to execute and manage provisioning requests. A given requesting authority, or client, sends the provisioning service a set of requests via a well-formed SPML document (an XML document that conforms to the SPML standard). Based on a pre-defined service execution model, the provisioning service takes the operations specified within the SPML document and executes provisioning actions on a pre-defined set of service targets or resources. The general model for SPML is one in which clients perform protocol operations on servers. In this model, a client issues an SPML request describing the operation to be performed at a given service point or endpoint. The service point is then responsible for performing the necessary operations to implement the request. Once the operation is complete, the service point sends the client an SPML response detailing results or errors... As more infrastructure becomes identity-centric and companies start to build and deploy Web services, SPML will be a critical element of an end-to-end standards-based identity management strategy..." See: (1) "OASIS Member Companies Host SPML Identity Management Interoperability Event"; (2) general references in "XML-Based Provisioning Services."

  • [June 30, 2003] "The Open Applications Group Integration Specification. OAGIS is a Practical Use of XML to Enable Integration." By Michael Rowell (Chief Architect, Open Applications Group). From IBM developerWorks, XML zone. June 30, 2003. ['The Open Applications Group Integration Specification (OAGIS) is an effort to provide a canonical business language for information integration. It uses XML as the common alphabet for defining business messages, and for identifying business processes (scenarios) that allow businesses and business applications to communicate. Not only is OAGIS the most complete set of XML business messages currently available, but it also accommodates the additional requirements of specific industries by partnering with various vertical industry groups.'] "OAGIS provides the definition of business messages in the form of Business Object Documents (BODs) and example business scenarios that provide example usages of the BODs. The business scenarios identify the business applications and components being integrated and the BODs that are used. The current release, OAGIS 8.0, includes 200 business messages and 61 business scenarios that can be used to integrate business applications... First and foremost, everything in OAGIS begins with the business process. OAGIS currently includes 61 business processes, which provide examples that show what is possible using the standard. Likewise, when you need to integrate businesses or applications using OAGIS the first place to start is with the business scenarios which can help you find the solution that most closely matches your needs. These business scenarios provided by OAGIS were used to define OAGIS and are provided as examples to help the user understand how to work with OAGIS. They identify the business applications and components that are being integrated along with the BODs used to pass information. The business scenarios also capture the sequence in which the messages are intended to occur, the dependencies, the scope, and the error handling that has been addressed. OAGi provides these example scenarios as a starting point for any new implementation... OAGIS 8.1 will be released this summer [2003], and will include: 70 business scenarios for integration, More than 400 BODs, 70 nouns, support for ebXML's CoreComponent Type 1.90, and OAGIS's submission to the UN/CEFACT CoreComponent Harmonization committee. In addition, OAGi will provide direction on how to enable OAGIS through Web services by providing guidelines and WSDL that can be used to develop your own Web services. OAGi has already publicly announced that it will support harmonized components that result from the UN/CEFACT CoreComponent Harmonization work group. OAGi has been enabling integration for a long time. OAGIS currently includes 61 integration scenarios and more are coming. OAGIS provides a standard canonical business language that enables streamlined communication between businesses and/or business applications..." Article also in PDF format. General references in "Open Applications Group."

  • [June 30, 2003] "Microsoft to Discuss ID Management Plans." By Paul Roberts. In InfoWorld (June 30, 2003). "Microsoft will be making announcements about its strategy for managing user identities this week that could well end speculation about its plans for implementing federated identity technology into its products... A spokeswoman for Oblix said that the company would be 'part of [the] plan' Microsoft announces on Wednesday. Microsoft has long-standing relationships with independent software vendors (ISVs) like Oblix and OpenNetworks Technologies Inc. The company calls on Oblix's NetPoint and OpenNetworks DirectorySmart to tie Windows networks using Microsoft's Active Directory service to other non-Windows directory systems that rely on user authentication technology such as Kerberos, according to John Pescatore, an analyst at Gartner. At stake may be the future of Microsoft's 'TrustBridge' federated identity technology. Microsoft announced TrustBridge just over a year ago, saying that the new technology would enable businesses using Windows to share user identity information and interoperate across heterogenous environments using Web services protocols such as Kerberos and SOAP (Simple Object Access Protocol). The technology was supposed to be released in 2003, but was left out of Windows Server 2003 and Microsoft has had little to say about its status... Among other things, Microsoft needs to clarify its intentions regarding the adoption of SAML (Security Assertion Markup Language), the XML-based authentication framework. The company backed XRML (Extensible Rights Markup Language) for access control, but will need to support SAML as well to be fully interoperable with non-Windows environments, Pescatore said. Pescatore anticipates that Microsoft will probably offer new guidance on the TrustBridge initiative, perhaps fleshing the technology out or providing clearer benchmarks for its identity management strategy. Few companies are clamoring for the cross-enterprise, federated identity systems that TrustBridge, .Net Passport or the Liberty Alliance are promising, according to Pescatore... Despite the lack of demand, however, Microsoft and its adversaries in the Liberty Alliance are still jockeying for control of the identity management space, Pescatore said..."

  • [June 30, 2003] "Web Services Taking Root in the Enterprise." By Peter Coffee. In eWEEK (June 30, 2003). "eWEEK Labs recently conducted a roundtable discussion on Web services. Moderated by Technology Editor Peter Coffee, the roundtable comprised key players in several areas of the Web services space. The discussion centered on where Web services are as a technology, where the industry is in achieving effective consensus on standards, and how the business models are developing for using those standards and technologies." Roundtable participants included: Gregg Bjork (Systinet Corp.), Neil Charney (Microsoft Corp.), Ted Farrell (Oracle Corp.), Tyson Hartman, Karla Norsworthy (IBM), Benjamin Renaud (BEA Systems Inc.), and Gordon Van Huizen (Sonic Software Corp). What's the wrong way to think about web services? [1] It's not the platform: Neither Java nor .Net makes it easy. [2] It's not the tools and technologies: Services must be aligned with business models. [3] It's not rip and replace: Services should extend and assist in integrating current applications. [4] It's not a future scenario: Specifications, tools and opportunities are available now..."

  • [June 30, 2003] "XML and Content Management Systems." By James Robertson (Step Two Designs). From Step Two Designs' KM Column (July 2003). "With the rise in popularity of both XML and content management systems (CMS), there are an increasing number of tenders specifying 'CMS must be built using XML'. What does this mean in practice? This article explores the role of XML in the context of content management systems, focusing specifically on the business issues; its goal is to 'demystify' the area, and provide organisations with more information on which to base their CMS selection processes and criteria... There are a number of key areas in a content management system where XML has a role to play, including: authoring, communication, interoperability, storage, and publishing... [Authoring] To realise many of the benefits offered by XML in a CMS, content must be captured in a structured way. This means moving away from unstructured information sources, to an environment where the content is authored in a more controlled way. This is a complex and evolving area, but a few key realisations have become apparent: (1) Organisations must move away from using tools such as word processors to author content, as there is no automated way to convert unstructured sources to XML. (2) There are benefits to be gained by having authors use an XML-aware editor as part of a CMS. (3) The users must not be exposed to the complexity of XML. The fact that the content is stored as XML should be invisible to authors and editors. (4) Capturing content as HTML is not desirable, as this severely limits the potential benefits delivered by XML elsewhere in the CMS. (5) While some systems claim XML-compliance through the use of XHTML (the XML version of HTML), this provides no practical benefits over using plain HTML... A number of vendors have developed solutions around the use of XML-based editing environments, and these show promise. There is, however, no consistent approach, and most XML-based solutions are relatively immature... In general, organisations should determine their specific business requirements, and list these in the CMS tender. If there are specific requirements for XML capabilities, these should be outlined in detail. Without the further development of XML standards specifically relating to content management, the use of XML to support interoperability is currently limited. Overall, it is therefore not meaningful to specify that a CMS should 'support XML'. At present, it is more important to select a product that meets all the organisation's business requirements, than to choose a system that offers XML features..." Paper also in PDF format.

  • [June 24, 2003]Presence Information Data Format (PIDF). By Hiroyasu Sugano (Fujitsu Laboratories Ltd), Shingo Fujimoto (Fujitsu Laboratories Ltd), Graham Klyne (Nine by Nine), Adrian Bateman (VisionTech Limited), Wayne Carr (Intel Corporation), Jon Peterson (NeuStar, Inc). IETF Network Working Group, Internet Draft. Reference: 'draft-ietf-impp-cpim-pidf-08.txt'. May 2003, expires November 2003. 27 pages. Work product of the IETF Instant Messaging and Presence Protocol Working Group (IMPP). "This memo specifies the Common Profile for Presence (CPP) Presence Information Data Format (PIDF) as a common presence data format for CPP-compliant Presence protocols, and also defines a new media type 'application/pidf+xml' to represent the XML MIME entity for PIDF. The Common Profiles for Instant Messaging (CPIM) and Presence (CPP)specifications define a set of operations and parameters to achieve interoperability between different Instant Messaging and Presence protocols which meet RFC 2779. This memo further defines the Presence Information Data Format (PIDF) as a common presence data format for CPP-compliant presence protocols, allowing presence information to be transferred across CPP-compliant protocol boundaries without modification, with attendant benefits for security and performance. The format specified in this memo defines the base presence format and extensibility required by RFC 2779. It defines a minimal set of presence status values defined by the IMPP Model document A Model for Presence and Instant Messaging (RFC 2778). However, a presence application is able to define its own status values using the extensibility framework provided by this memo. Defining such extended status values is beyond the scope of this memo. Note also that this memo defines only the format for a presence data payload and the extensibility framework for it. How the presence data is transferred within a specific protocol frame would be defined separately in a protocol specification." Section 4 'XML-encoded Presence Data Format' "defines an XML-encoded presence information data format (PIDF) for use with CPP compliant systems. A presence payload in this format is expected to be produced by the PRESENTITY (the source of the PRESENCE INFORMATION) and transported to the WATCHERS by the presence servers or gateways without any interpretation or modification. A PIDF object is a well formed XML document. It must have the XML declaration and it should contain an encoding declaration in the XML declaration, e.g., <?xml version='1.0' encoding='UTF-8'?>. If the charset parameter of the MIME content type declaration is present and it is different from the encoding declaration, the charset parameter takes precedence. Every application conformant to this specification MUST accept the UTF-8 character encoding to ensure the minimal interoperability... XML Encoding Decision: "The Presence Information Data Format encodes presence information in XML (eXtensible Markup Language). Regarding the features of PRESENCE INFORMATION discussed above, such that it has a hierarchical structure and it should be fully extensible, XML is considered as the most desirable framework over other candidates such as vCard (vCard MIME Directory Profile, RFC 2426)." See: "Presence Information Data Format (PIDF)." [IETF Source: draft-ietf-impp-cpim-pidf-08.txt]

  • [June 24, 2003] "WS-Trust: Interoperable Security for Web Services." By Paul Madsen. From O'Reilly WebServices.xml.com (June 24, 2003). "Released at the same time as WS-SecurityPolicy, WS-Trust is a proposal that enables security token interoperability by defining a request/response protocol by which SOAP actors can request of some trusted authority that a particular security token be exchanged for another. WS-Trust is motivated by more than enabling interoperability between the multiple formats for security tokens that might be used in a WS-Security protected message. It also addresses the issue of trust interoperability. Even if a given security token's format is acceptable to a recipient of a WS-Security-protected SOAP message, interoperability at the syntax level is no guarantee that the recipient will be able to trust the token. We demonstrate how WS-Trust can enable interoperable WS-Security based message-layer security. The client and service in our scenario were insulated from the fact that they share neither a common security token format nor direct trust through the intervention of the gateway and STS in message processing on their behalf. The benefit of this model is more transparent security to the client and service. The burden of understanding security token formats and managing trust relationships with external entities is removed from their shoulders (actually those of their developers and administrators) and placed on the STS (a service dedicated to this role). This model of dedicated security services accessed through SOAP-based interfaces is also relevant for other security processing (e.g. digital signature creation, data encryption, authorization decisions etc.) With the burden of such functionality removed, the business applications can concentrate even more on the business logic and leave security to the infrastructure. Additionally, because security processing is performed in a centralized manner, the model offers advantages for ensuring these security protections are applied in a consistent and policy-respecting manner..." See: (1) "Web Services Trust Language (WS-Trust)"; (2) the 2002-12 news item "Microsoft and IBM Publish Six New Web Services Security and Policy Specifications."

  • [June 24, 2003] "Rendezvous with Web Services." By Massimiliano Bigatti. From O'Reilly WebServices.xml.com (June 24, 2003). "Zeroconf is a technology, being developed in the IETF, to enable Zero Configuration IP Networking. This means you could network computers together without the usual headache of complex configuration. Zeroconf also allows computers to find services, such as printers, without a directory server. Apple is branding ZeroConf as Rendezvous, and using this emerging technology as a substitute for the old AppleTalk standard, using it in Mac OS 10.2 Jaguar and in some iApps like Safari. This article will introduce Zeroconf and demonstrate how it can be used with web services. Functionality similar to ZeroConf has already been provided, in one form or another, by AppleTalk, Novell IPX, and Microsoft Netbios. The main problem is that these proprietary protocols don't work on IP networks and are suited only to local networks. Zeroconf aims at filling this gap, providing a royalty-free, open standard. Zeroconf defines four areas of functionality: (1) Automatic Interface Configuration; (2) Automatic Multicast Address Allocation; (3) Name-to-Address Translation and vice versa; (4) Service Delivery... Rendezvous is an amazing technology that brings simplicity to networking, making it easy to create local networks and with multiple devices, services and data sharing. Jrendezvous, makes this possible with Java. Although new, ZeroConf already has a fair bit of support; for example in Captain FTP, for instant discovery of Rendezvous enabled FTP Servers, or in Hydra, for cooperative editing of source files in an Extreme Programming way. Rendezvous and web services are natural combination: once services are discovered with Rendezvous, SOAP and XML provides a flexible and standard platform for communication..."

  • [June 24, 2003] "WSDL Tales From The Trenches, Part 2." By Johan Peeters. From O'Reilly WebServices.xml.com (June 24, 2003). "In Part 1 of 'WSDL Tales From the Trenches' I painted a big picture of web services design: Web Services Description Language (WSDL) only defines the syntax of how a web service may be invoked; it says nothing about its semantics. I will observe this distinction in what I say in this article about WSDL. The version of WSDL being most widely used now, 1.1, is published as a W3C Note. It is not an official standard. WSDL 1.1 offers a lot of latitude for invoking web services. Tool support tends to be patchy. WSDL gets a lot of bad press because it got the trade-off wrong between expressivity and flexibility on the one hand and verbosity and complexity on the other. Before we proceed, I will come clean and tell you that I am at a loss to tell you how to write truly clear, crisp WSDL... it helps to use an XML-aware editor when you write WSDL, preferably one with the capability to validate the WSDL document. When retrofitting WSDL to existing web services, I find it very useful to be able to generate, send, and receive messages from the editor... [As to modular web service descriptions:] Using the import keyword, you can separate a WSD into modular documents. An example in the W3C Note uses three documents, which contain, respectively, data type definitions, abstract definitions, and specific service bindings. The specific or concrete service definitions depend on the abstract service definitions, which in turn depend on the data type definitions. Apart from improving readability, this technique also improves opportunities for certain types of extension and reuse: the same data type definitions can be used across many abstract services, and the same abstract services can be offered through many different bindings, at many addresses. Initially, a set of web services may be represented as a set of three documents. As services grow, however, this may evolve into a tree of documents with the data type definitions at its root, branching into several abstract services documents, and further fanning out to concrete services... The draft available at the time of writing says that the 'targetNamespace attribute information item defines the namespace affiliation of top-level components defined in this definitions element information item. Messages, port types, bindings and services are top level components.' Whether WSDL 1.2 will support implementing several interfaces in a single service is hotly debated right now. The WSDL 1.2 draft states explicitly that the same rules against sharing namespaces with imported documents apply as in XML Schema. On the other hand, an alternative mechanism for modularizing descriptions is provided via an include element modeled on XML Schema's include element that does allow sharing of namespaces..." General references in "Web Services Description Language (WSDL)."

  • [June 24, 2003] "A Session Initiation Protocol (SIP) Event Package for Modification Events for the Extensible Markup Language (XML) Configuration Access Protocol (XCAP) Managed Documents." By Jonathan Rosenberg (dynamicsoft). IETF SIMPLE Working Group, Internet Draft. Reference: 'draft-ietf-simple-xcap-package-00'. June 23, 2003; expires December 22, 2003. 17 pages. "This specification defines a Session Initiation Protocol (SIP) event package for finding out about changes to documents managed by the Extensible Markup Language (XML) Configuration Access Protocol (XCAP). XCAP allows a client to manipulate XML documents on a server which contain configuration information for application protocols. Multiple clients can potentially access the same document, in which case the other clients would like to be notified of a change in the document made by another. This event package allows a client to do that..." Section 5 describes the relevant application/xcap-change+xml MIME Type. See: (1) "IETF Publishes Internet Drafts for XML Configuration Access Protocol (XCAP)"; (2) IETF SIP for Instant Messaging and Presence Leveraging Extensions (SIMPLE) Working Group. [IETF source]

  • [June 24, 2003] "Oracle Intros New Collaboration Applications. Offerings Include Project Management, Project Collaboration and Project Intelligence." By Scarlet Pruitt. In InfoWorld (June 24, 2003). "Oracle has introduced three new collaboration applications and an enhanced product lifecycle management tool for its E-Business Suite as part of what the company has called a second wave of e-business offerings that offer companies deeper integration... As part of this strategy, Oracle released three new collaboration applications: Oracle Project Management, Oracle Project Collaboration and Oracle Project Intelligence. The Project Management application allows project managers to plan and schedule projects, create progress reports, staffing plans and other documents which can be accessed through a Web interface. The Project Collaboration application tool is aimed at giving project team members the ability to see each other's information, such as work plans, change orders and status reports, while the Project Intelligence product offers metrics and analytics for projects, as well as the ability to do opportunity bookings and resource utilization, Oracle said. Oracle also expanded its product lifecycle management applications Tuesday, rolling out a new Advanced Product Catalog tool that centralizes all product and component information into a central catalog..."

  • [June 24, 2003] "W3C Issues Key Web Services Standard." By Paul Festa. In CNET News.com (June 25, 2003). "The Web's leading standards group this week put its stamp of approval on a key Web services protocol. The World Wide Web Consortium (W3C) said it has published the Simple Object Access Protocol (SOAP) version 1.2 as a formal standard. SOAP is one of a handful of standards behind the industry move toward building Web services software. The protocol originated several years ago as an informational document within the Internet Engineering Task Force (IETF), another standards group, as a way of executing so-called remote procedure calls. Microsoft then jump-started work on the protocol as a way of letting business software applications communicate over the Web, regardless of what programming language they're written in... With the release of the SOAP recommendation, both commercial software developers and information technology workers within businesses can now use the standard without fear of incompatibilities -- as long as they adhere to the W3C's definition of SOAP. The W3C stressed that, despite its numbering, SOAP 1.2 was in a sense the first of its kind. 'There were significant technical changes between 1.0 and 1.1, but SOAP 1.1 was never ratified by any independent organization,' W3C representative Janet Daly wrote in an e-mail exchange. 'SOAP Version 1.2 is the first SOAP spec to go through any kind of independent development and review -- one could say it's the first SOAP standard.' The W3C also took the opportunity to emphasize its role as an arbiter of Web services standards that will govern the infrastructure required to let commercial applications communicate and interact over the Web. 'Web services make good on the promise of interoperable applications only when the technical foundations are shared, robust, and achieve expected performance,' Web inventor Tim Berners-Lee, the W3C's director, said in a statement. 'Today W3C members have endorsed...the first version of SOAP to have undergone rigorous testing and implementation and to support a full complement of Web standards'..." See details in "SOAP Version 1.2 Published as a W3C Recommendation."

  • [June 24, 2003] "W3C Ratifies SOAP 1.2. Web Services Specification is Finalized." By Paul Krill. In InfoWorld (June 24, 2003). "Version 1.2 of the SOAP specification, a foundational technology for Web services, has been released by the World Wide Web Consortium (W3C), with vendors pledging support in products. The revised specification, used for exchanging structured information in distributed Web services environments, features improvements such as better error handling and internationalization, an upgraded processing model, and alignment with the W3C Web architecture. 'I think we did a better job [with Version 1.2] of defining the underpinnings of what is the SOAP model,' said David Fallside, chairman of the W3C XML Protocol Working Group, which devised SOAP 1.2. Fallside also is a senior technical staff member at IBM, in San Jose, Calif. Version 1.2 consists of a Messaging Framework, featuring a processing model, or rules for processing a SOAP message. The processing model removes ambiguities found in SOAP 1.1. Also featured is Adjuncts, for representing remote procedure calls, for encoding SOAP messages and describing SOAP features and bindings. Adjuncts also provide a standard binding of SOAP to HTTP, enabling SOAP messages to be exchanged using the mechanisms of the Web. Other components of Version 1.2 include Specification Assertions and Test Collection, providing a set of tests drawn from assertions in the Messaging Framework and Adjuncts. The tests show whether the assertions are implemented in a SOAP processor and are designed to foster interoperability between different implementations of the SOAP 1.2 specification, according to W3C..." See details in "SOAP Version 1.2 Published as a W3C Recommendation."

  • [June 24, 2003] "XML Data Binding with JAXB and UBL Source Code. Process XML Documents Without SAX or DOM." By Ed Mooney and Joseph Fialli (Sun Microsystems). In Java Developer's Journal Volume 8, Issue 6 (June 2003), pages 46-50. "XML data binding relieves the pain of any Java programmer who has ever winced at having to work with a document-centric processing model. Unlike SAX and DOM, which force you to think in terms of a document's structure, XML data binding lets you think in terms of the objects the structure represents. It does so by realizing that structure as a collection of Java classes and interfaces... This is especially valuable when lots of applications use the same document schemas. Then the data binding approach yields a set of standard classes and interfaces that are reused across all the applications. This saves work since you don't have to write, debug, and maintain code to extract data from XML. There are even more savings if you're developing an application for one of the many industries that have agreed on standard XML Schemas for business data interchange: finance, travel, auto, and retail, to name just four. This article will look at two new standards: JAXB and UBL... Java Architecture for XML Binding (JAXB) was developed in Java Specification Request (JSR) 31. It was written by an industry expert group under the auspices of the Java Community Process. By standardizing the XML data binding interface and providing a conformance test, JAXB allows you to choose among different XML binding implementations without having to rewrite your application. JAXB also comes with a standard implementation, which we'll use to show you how to bind the UBL schema to Java objects... Universal Business Language (UBL) is an XML-based business language built upon existing EDI and XML business-to-business vocabularies. It's the product of the UBL Technical Committee of oasis. The committee intends to have UBL become an international standard for electronic commerce. If you're a J2EE programmer, there's a good chance UBL will be a part of your future. The latest UBL 0.7 release contains schema, sample XML documents, specifications, and documentation. It's perfect for experimenting with UBL applications. We're going to do just that using Java bindings generated by JAXB from the UBL schema..." With source code. See general references in "Universal Business Language (UBL)." [alt URL]

  • [June 24, 2003] "A Brief History of Tags: Using a Tags-Based Approach." By Rich Rosen (Application Architect, Wall Street Journal). In Java Developer's Journal Volume 8, Issue 6 (June 2003), pages 10-22. With source code. "Custom tags in JavaServer Pages have come a long way since their inception. Now that Sun has provided some standards for these tags in the form of JSTL (and the up-and-coming JavaServer Faces), and has promised additional support for these standards in JSP 2.0, let's look at how we got to this point in tag history, and where we're going in the future. In addition, we'll look at how we can use the JSTL taglibs and the Struts Taglibs that support the JSTL expression language right now... Tag-based approaches to Web application development are nothing new. Their origins can be traced back to HTML (since they mimic HTML's syntax), and are represented by such varied approaches as SSI, Macromedia's ColdFusion, Microsoft's Active Server Pages (ASP), and, of course, JSP... [Consider] JSP: Model 1 vs Model 2: One of the big problems with JSP Model 1 was that it lent itself to bloated 'monolithic JSPs' that combine programming logic and presentation format in one module. Monolithic JSPs violate the principle of 'Separation of Content from Presentation,' to be sure. It's only when you have to maintain such JSPs in production applications that you begin to understand the importance of that principle in practice. JSP Model 2 is an approach to Web application development that adheres to the Model-View-Controller (MVC) paradigm. Sun's vision for Model 2 is that the controller would be a servlet, the model would be represented by JavaBeans (or EJBs in more sophisticated applications), and the view would be comprised of JSPs that contain only presentation formatting constructs (i.e., no code). The presence of Java code in a JSP leads to the previously mentioned 'monolithic JSP' syndrome, where data access and manipulation logic that belongs in the controller or model component of the application finds its way into the view component (the JSP). The intermixing of code with presentation formatting constructs results in a cluttered, unwieldy page that's not only difficult to maintain, it's not clear who is supposed to maintain it. Custom JSP tags, a feature added to the JSP specification in version 1.1, makes it possible to achieve this desired separation of code from formatting. By encapsulating functionality in a single atomic entity that can perform complex processing that would have required a substantial amount of Java code, tags reduce (if not eliminate) the amount of code within a JSP page... Well-designed tags allow a page designer to address and access data from the model that's constructed and manipulated by the controller. The decision about which data goes into the model (and which JSP view to employ for presentation) is in the hands of the controller. Thus, all a JSP developer needs to worry about is the layout of data already accessed and organized for presentation... In an MVC approach to Web application development, separation of content from presentation is critical. The key to this separation is a clear definition of responsibilities, with programmers responsible for model and controller components, and page designers responsible for view components. Code embedded in view components, as found in monolithic Model 1 JSPs, makes it impossible for designers to have true autonomous responsibility for those components. A tag-based approach that eliminates code from JSPs facilitates the separation of responsibilities and enables each group, designers and programmers, to do their job without stepping on each other's toes..." [alt URL]

  • [June 24, 2003] "Geopriv Authorization Policies." By Hannes Tschofenig and Jorge R Cuellar (Siemens AG, Corporate Technology, Munich, Germany). Internet Engineering Task Force Internet Draft. Reference: 'draft-tschofenig-geopriv-authz-policies-00.txt'. June 2003, expires December 2003. 16 pages. Submitted to the IETF Geographic Location/Privacy Working Group. "This document describes authorization policies for usage with Geopriv. It suggests using the eXtensible Access Control Markup Language (XACML). XACML provides functionality required to express policies for access to location information... Geopriv provides Location Information in a secure and private way. A critical role is played by user-controlled Privacy Rules, which describe the restrictions imposed or permissions given by the Rule Maker. The Privacy Rules specify the necessary conditions that allow a Location Server to forward Location Information to a Location Recipient, and the conditions under which and purposes for which the Location Information can be used. One type of Privacy Rules specify in particular how location information should be filtered, depending on who the recipient is. Filtering is the process of reducing the precision or resolution of the data. A typical rule may be of the form: 'my location can only be disclosed to the owner of such credentials in such precision or resolution' (e.g., 'my co-workers can be told the city I am currently in'). The Location Object should be able to carry a limited but core set of Privacy Rules. The access to location information (as XML objects) can be controlled by XACML policies. The same is true for writing and deleting Geopriv rules themselves. The Geopriv working group can benefit from reusing existing work on access control." See details in the news story "Six New Internet Drafts from the IETF Geographic Location/Privacy Working Group." [IETF source URL]

  • [June 24, 2003] "Updated Eclipse Toolkit Shines. Eclipse SDK 2.1 Leverages Java's Strengths in IDE Toolkit, But Beware of Too Much Expansion." By Rick Grehan. In InfoWorld (June 20, 2003). "Eclipse is written in Java, and Java suites Eclipse's extensibility well. But such easy extensibility is fertile ground for overgrown features. Eclipse is the umbrella name for three related projects: the Eclipse Project, the Eclipse Tools Project, and the Eclipse Technology Project. The Eclipse Project oversees development of the Eclipse IDE platform and the JDT (Java Development Tooling) -- a Java development environment built on the Eclipse platform. It also sets the code and specifications for the plug-in development environment... The Eclipse Tools Project coordinates many development environment implementations on the Eclipse platform, including CDT (C/C++ Development Tool), which creates a C/C++ IDE out of Eclipse; a GEF (Graphical Editing Framework); and -- hold your breath -- a COBOL IDE. Further along than the GEF and the COBOL IDE, the CDT already ships with an editor, a debugger, and a number of wizards. Finally, the Eclipse Technology Project scouts future directions for the Eclipse platform... Most of the additions to the Eclipse platform and the JDT are associated with editing, but there are also a host of incremental modifications in code generation (specific to the JDT) and enhancements to the PDE. Many of the latter additions provide tools that help developers discover and navigate among plug-in dependencies. These tools will be most helpful to those who want to write Eclipse plug-ins, but not to the larger group who will use Eclipse as an IDE. Individually, each addition or enhancement is reasonable, even downright clever. But each adds its volume to an already densely-packed and increasingly daunting UI, which can become overwhelming if you don't monitor its growth. It gets a solid thumbs-up, but Eclipse will have to extend itself cautiously, lest it begin to stagger under the weight of all its spiffy features..."

  • [June 24, 2003] "Intel, Universities Create World Network." By Michael Kanellos. In CNET News.com (June 23, 2003). "Intel, Princeton University, the University of California at Berkeley, and a host of other academic and industrial heavyweights have banded together to take the lag out of getting data from halfway around the world. PlanetLab is an experimental network that sits on top of the Internet that will allow researchers and others to test and build applications that can essentially span the globe. Work accomplished at PlanetLab is expected eventually to permit sites to broadcast video from computers located around the world in a coordinated fashion to swarms of users simultaneously without bogging down access. Similarly, virus hunters should be able to detect the spread of new viruses or denial-of-service attacks early... When completed, the network will consist of 1,000 servers geographically dispersed around the world. Participating researchers will then be able to use slivers of the network as a test bed for optimizing applications to run on multiple computers or pull data out of multiple storage systems. A substantial portion of the work will revolve around trying to compensate for traffic patterns and delays that crop up on the Internet...Creating a network segregated from the mass of the Net also allows researchers to examine solutions for structural problems with the Web itself. 'The Internet has become more rigid and far more brittle,' Culler said. 'That structure limits how much you can morph or change...Typically, applications are built on a few massive servers.' The network, which was conceived in March 2002, consists of 160 computers dispersed to 65 sites in 16 countries. The machines run a modified version of Red Hat's Linux. The consortium expects to have 300 machines running by the end of the year. The full 1,000-computer network is expected to be complete in a few years..."

  • [June 24, 2003] "FDIC Project Tries Out XBRL." By Diane Frank. In Federal Computer Week (June 18, 2003). "Extensible Business Reporting Language (XBRL) is largely an untested standard for government and industry in the United States, but a new modernization project at the Federal Deposit Insurance Corp. could give XBRL some momentum. The FDIC's Call Report Modernization Project will use XBRL -- a variation on the standard Extensible Markup Language agencies use to enhance electronic transactions and communications. The FDIC is turning to the format to ensure that the agency and the banks it oversees are working with the same forms and processes, said Phil Walenga, assistant director of the FDIC's bank technology group. He was speaking June 17, 2003 at the Making E-Government Count: The New Era of Financial Management and Reporting conference hosted by the Council for Excellence in Government in Washington, D.C. Agencies are familiar with XML's advantages when it comes to interoperability and exchanging data. Some of the cross-agency e-government initiatives, such as Grants.gov, are developing their own community-specific XML schemas. XRBL includes the ability to add extra 'modules' to schemas, such as definitions of business processes in addition to data definitions, so it has the potential to serve many more needs, Walenga said. The federal Joint Financial Management Improvement Program endorsed XBRL in late 2001 for financial reporting, and the Call Report Modernization project already includes the Federal Reserve and the Office of the Comptroller of the Currency. But the standard is intended for any business function, stressed John Turner, vice chairman of the domain working group on the XBRL International Steering Committee. The FDIC also is talking to other agencies, including the Census Bureau, about the benefits of using XBRL, Walenga said..." See: (1) the announcement "Federal Banking Regulators Award Unisys Outsourcing Contract to Transform the Collection of Bank Data. Call Agencies to Employ Web Services and XBRL to Streamline Bank Call Report Processing."; (2) general references in "Extensible Business Reporting Language (XBRL)."

  • [June 24, 2003] "Service-Oriented Architecture Should Guide Migration to Web Services." By Gerrie Swart. From ITWeb (June 24, 2003). "Web services has been the subject of much discussion, hype and promotion by the software industry and analysts, but companies that are adopting these technologies may encounter unexpected complexity if their architecture is not closely controlled. That's the view of Gerrie Swart, product manager at Compuware SA, who says service-oriented architecture (SOA) is necessary for the manageable and accountable roll-out of Web services. He explains that SOA is a set of structural features that go deeper into the corporate IT system than Web services. 'Where Web services address the communications mechanisms to allow functions to be made public, SOA addresses the layering and structure of the software stack. By moving towards SOA through exposing core services in a loosely coupled way, companies can reduce complexity, improve re-use and enable agility,' he says. Key features of SOA include platform-independent interfaces, loose coupling of applications, business level granularity, and discoverability of applications. 'Business processes are comprised of a number of steps. By increasing the granularity of these steps, extra functionality can be realised as each sub-process can be used by different applications through Web services,' says Swart. For example, checking stock levels is a sub-process of order processing, and can also be used for stock replenishment functions and potentially other business processes... Compuware's OptimalJ product is an application development environment that fully implements a model-driven approach to application design and development, while encapsulating SOA and Web services standards. Model-driven tools start with a logical business model and automatically transform this into an application. In doing this, OptimalJ automatically generates applications closely aligned to the business model while conforming to SOA and supporting Web services..."

  • [June 24, 2003] "Trusting ID Management Technology. The Escalating Need for Identity Management Systems is Driving Privacy Concerns to the Forefront." By Jack McCarthy and Brian Fonseca. In InfoWorld (June 20, 2003). "When companies forge partnerships with suppliers, clients, and customers, they expose their systems to security breaches not only by their own employees but their partners' employees as well. How can a chief technologist gain control over access to a company's secure resources? The answer seems to lie in a robust identity management system, which gathers and manages employees' personal data, ensures the approval of those whose data is being used, and offers ironclad security. On the surface, identity management offers many protections, but lurking beneath are the many thorny issues still surrounding privacy and trust... Two groups are driving the push for identity management. The Liberty Alliance, which now includes more than 160 technology vendors and end-user companies, is building open technical specifications that enable information-sharing relationships among employees, customers, and partners. The second 'group' stems from an informal arrangement Microsoft and IBM have with each other to also work out federated network identity security standards based instead on Web services standards such as WS-Security. Although the Liberty Alliance and the Microsoft-IBM joint venture both endorse a federated identity management model of creating trusted groups of partners and clients, the two camps differ in their approach. Microsoft and IBM are building a set of Web services security standards for operating systems and applications servers and platforms. They are also pursuing SSO (single sign-on) security systems such as in Microsoft's .Net Passport and IBM's Tivoli Identity Manager. In contrast, the Liberty Alliance is developing its own set of open specifications and solutions for federated identity management that securely share applications. In the future, the Liberty Alliance hopes to also construct open specifications that will link its efforts to the Web services being developed by IBM and Microsoft..."

  • [June 24, 2003] "J2EE 1.4 Eases Web Service Development. Java's New Web Service Client and Server Programming Models." By Frank Sommers. In Java World (June 20, 2003). "The latest J2EE (Java 2 Platform, Enterprise Edition) specification, version 1.4, makes Web services a core part of the Java enterprise platform. A set of JSRs (Java Specification Requests) in the Java Community Process define how J2EE components can become Web services, how existing enterprise Java applications can invoke Web services, and adds new interoperability requirements for J2EE containers... Perhaps the most significant, and most consequential, additions to J2EE are the new interoperation requirements. The requirements prescribe support for SOAP (Simple Object Access Protocol) 1.1 in the J2EE presentation layer to facilitate XML message exchange. J2EE 1.4-compliant containers must also support the WS-I (Web Services Interoperability Consortium) Basic Profile. Since XML message exchange in J2EE depends on JAX-RPC, the JAX-RPC specifications now mandate WS-I Basic Profile support as well. The result is that a J2EE 1.4-based application can be invoked as a Web service, even from applications not written in the Java programming language. While that is an evolutionary step for J2EE, since the platform has long embraced non-Java based systems, it is possibly the most direct way to facilitate interaction with Windows-based technologies that rely on .Net. A J2EE-based service's client does not have to be aware of how a service is implemented. Rather, that client can use the service by relying entirely on the service's WSDL (Web Services Description Language) definition... While the J2EE specs do not spell out the exact mechanics of such interaction, J2EE 1.4's embrace of the WS-I Basic Profile, which Microsoft also claims to follow, will likely make J2EE-.Net interaction common..."

  • [June 24, 2003] "Slowly Weaving Web Services Together." By Alex Salkever and Olga Kharif. In BusinessWeek (June 24, 2003). As of the "summer of 2003, and Web services remains a buzzword, but hardly of the stature Bill Gates implied when he called .Net possibly a 'bet the company' initiative. According to a report issued in June by consultancy and full-time Colossus of Redmond watcher Directions on Microsoft: 'Three years later, most of the hopes behind the .NET initiative have not been realized.' The intelligent software that was supposed to weave all types of devices into the fabric of human life hasn't taken hold. Fear of Microsoft has scuttled most of the giant's plans to host customers' critical data. True, businesses are starting to adopt the Web-services model for linking their internal systems and talking to customers. Yet even in that respect, this approach is proving to be more evolutionary than revolutionary. In fact, Web services has become mostly about making software integration easier, faster, and cheaper. That alleviates a pain point for many companies, but it's hardly the dawn of a new era... Instead of exploding, the Web Services movement to help disparate computer systems easily communicate is gaining in fits and starts. Still, it'll likely have a powerful impact. The key piece of Web services is XML, a format for transmitting data that any Internet-connected device can read. Web services has its dark sides, of course; it leaves company networks more porous. As larger numbers of outsiders log into key systems, sifting out friends and foes becomes a more difficult task. From inauspicious beginnings, Web services will emerge as one of the Net's most meaningful contributions..."

  • [June 24, 2003] "Xerox Previews DocuShare Add-On. Company Adds Collaboration Features to Document Management Software." By Marc Ferranti. In InfoWorld (June 23, 2003). "Xerox used the CeBIT America show last week to stage a sneak-peek demonstration of a new add-on program designed to give workgroup and collaboration features to the company's DocuShare Web-based document and content management software. The new add-on program, dubbed Sparrow, is intended to let geographically dispersed users share and annotate documents over the Internet, according to Colman Murphy, DocuShare product manager. It will be available when DocuShare 3.1 is released in September, he added... Once users gain access to Sparrow over the Web, they see documents placed within Sparrow-formatted templates. The templates are designed to let users click on documents, annotate and edit them. The changes are immediately reflected in the documents in Sparrow. Like DocuShare, Sparrow is based on the Java programming language, and it has automated features designed to let users convert HTML (Hypertext Markup Language) documents and insert them into program templates, Liang said. Sparrow uses the DocuShare database to store documents, and requires DocuShare to run. As such it is mainly targeted at the current crop of 40,000 DocuShare users. However, some potential users may be attracted to DocuShare specifically because of Sparrow. For example, beta-tester Phyllis Jacobson, a consultant in Sacramento, Calif., who works for the state's Commission on Teacher Credentialing, said the state agency will acquire DocuShare on the basis of its test project with Sparrow..."

  • [June 24, 2003] "Microsoft Readies Kit for Security Initiative. Developers to Get Early Look at NGSCB." By Paul Krill. In InfoWorld (June 19, 2003). "At the October Microsoft Professional Developers Conference, Microsoft plans to release a preliminary software development kit for its Next-Generation Secure Computing Base (NGSCB) security technology, also known as Palladium. The kit will give developers an early opportunity to work with the NGSCB code in preparation for developing applications that take advantage of the technology, according to Microsoft. The company hopes to introduce NGSCB itself in the Longhorn version of the Windows client operating system, which is due in 2005... The kit will be an API set that functions with 'standard' programming languages, Microsoft officials said. NGSCB is intended to provide for trusted operations on a PC and requires changes to the Intel CPU architecture, meaning users would need to buy new PCs to take advantage of the technology. Microsoft is working with Intel on redesign of some CPU, chipset, and I/O components that would be required to accommodate NGSCB, Juarez said. NGSCB focuses on enabling strong process isolation, sealed storage, a secure I/O path to and from the user, and attestation. Attestation, according to Microsoft, is the ability for a piece of code to digitally sign or attest to a piece of data and further ensure the signature recipient that the data was constructed by an unforgeable, cryptographically identified software stack, according to Microsoft... NGSCB provides an environment for building a trusted infrastructure, he said. It is initially eyed for Windows clients, with servers to be a focus afterward, he added. But the technology has been criticized as potentially curtailing user control over their own PCs, potentially eroding fair-use rights for digital music and movie files. Suarez said Microsoft's intention is not to build an overarching digital rights management scheme with NGSCB, but acknowledged that it could be used for that purpose. NGSCB is first intended for enterprise business and government use and will not make its way to home or consumer use for some time after that, said Suarez... An analyst said NGSCB may have a limited market, for applications such as financial and government systems, but it is not about digital rights management. 'I don't think this is a backhanded, sneaky attempt to foist DRM on the market,' said the analyst, Matt Rosoff, of Directions on Market, an independent research firm in Kirkland, WA..."

  • [June 24, 2003] "CSS 3 Selectors." By Russell Dyer. From XML.com (June 18, 2003). "Although the promise of Cascading Style Sheets (CSS) has been wondrous, the progress has been wanting. As with all W3C standards, there is the lengthy discussion process conducted by the related working group, then the problem of implementation by web browser vendors, and finally the unpredictable period of time for people to update to new versions of their browser. These steps can take a year or two each. To expedite the process, the CSS working group has started grouping related features into modules and releasing them separately, without waiting for completion of all modules. This allows browser vendors to proceed with implementation of CSS updates with the confidence that standards won't be changed by the time the full release of CSS is approved. Ideally the result will be to reduce the process by a year or more. One CSS module that has recently been moved to Recommended (or finished) status by the CSS working group is the Selectors module. Although it was completed just a few weeks ago, much of it has already been implemented by some of the browser vendors. The vendors seem very keen to expedite the Selectors module since it can improve HTML and XML document design decidedly and for fairly little effort. As CSS grows, more selectors are adopted, although some can be pruned. This article will review all currently approved selectors. It will address the surviving CSS1 and CSS2 selectors in brief and the new CSS3 selectors in more detail... A cascading style sheet is used to set or change the styles of a markup document like a web page. Style sheets contain rules that web browsers follow when loading a web page, an XML document, or any document written in a compatible markup language. A style sheet rule is composed of two basic components: a selector and a declaration. The selector is an identifier of a markup tag..." See also: (1) Cascading Style Sheets: The Definitive Guide, by Eric Meyer; (2) W3C Cascading Style Sheets (CSS) Home Page; (3) general references in "W3C Cascading Style Sheets."

  • [June 24, 2003] "Transforming XML with PHP." By Bruno Pedro. From XML.com (June 18, 2003). "This article compares two methods of transforming XML in PHP: PEAR's XML_Transformer package and the W3C XML transformation language XSLT. I will first describe the PEAR project and its philosophy, with a focus on its XML transformation techniques. I will then give a brief introduction to XSLT and the way to use it from PHP. Introduction PEAR's main goal is to become a repository for PHP extensions and libraries. Its members try to standardize the way developers write portable and re-usable code. PEAR offers a wide variety of packages ready to use by PHP developers. Most PEAR packages are subclasses of the standard base classes. One of these packages is the XML_Transformer. This package was created to help you transform existing XML files with the help of PHP code. XSLT stands for 'Extensible Stylesheet Language Transformations' and is a W3C Recommendation. As most readers know, it is a powerful implementation of a transformation language for converting XML into either XML, HTML or simple text. While you need PEAR to use XML_Transformer, XSL transformations can be processed internally by PHP. PHP offers XSLT functionality at its core, making it easy to incorporate transformation features into existing code. As you can see, both technologies can transform XML files... While PEAR::XML_Transformer gives you greater flexibility through the use of PHP, XSLT is easier to use by non-programmers. XML_Transformer's approach lets you associate an XML element's opening and closing tags with specific functions. XSLT's transformation is tightly coupled with the XML tree. If you plan to build your own set of namespaces and associated PHP libraries, then I think XML_Transformer is the way to go. If you want to give other people the ability to create custom transformations, then I recommend XSLT...

  • [June 24, 2003] "Archivists Say Computers Have No Sense of History." By Kevin Coughlin. In Star-Ledger News (June 19, 2003). "A scientific journal is warning that electronic record-keeping is no match for paper and ink when it comes to preserving history... The bottom line: Future historians may be clueless about the past without a systematic and reliable way of keeping electronic records. 'The pen may be mightier than the sword, but a single mouse-click can destroy products of inestimable value,' a trio of scientists contends in the current issue of Nature. John Carlin, archivist of the United States, claims the republic hangs in the balance. A 'democracy without open access to its government's records is no longer a democracy,' he told computer scientists in 2001. How to store, retrieve and interpret electronic documents in perpetuity -- regardless of changing technologies -- is an urgent question for the National Archives, the Library of Congress, and a global consortium called InterPARES. That's short for International research on Permanent Authentic Records in Electronic Systems. They are searching for 'electronic amber,' a digital equivalent of the resin that has preserved fossilized insects for millions of years... One way or another, the government is obligated to hold on to certain records for a very long time. Carlin said it may be necessary to keep tabs on radioactive materials from nuclear plants for 100,000 years. Authenticating electronic documents and preserving the appearance of original materials are key challenges. (The Declaration of Independence loses something as a simple text file.) Officials from the National Archives and Records Administration are working with the San Diego Supercomputer Center and the Georgia Tech Research Institute as well as the National Science Foundation, the Department of Defense and the Patent and Trademark Office. They hope to have a prototype system for 'persistent archives' in a year or two. One promising approach involves XML, or Extensible Markup Language. It's a system that encodes digital tags for describing and sorting electronic documents..."

  • [June 21, 2003] "Mobile Subset of XML Schema Part 2." ISO Document for information and review. Produced by SC34 Japan for ISO/IEC JTC 1/SC34/WG1: Information Technology -- Document Description and Processing Languages -- Information Presentation. Project 19757-5 (Project Editor, Martin Bryan). ISO Reference: ISO/IEC JTC 1/SC34 N 0410. April 22, 2003. Excerpts: "We propose to create a compact and reliable subset of W3C XML Schema Part 2 and publish it as an ISO standard. The main target of this subset is mobile devices (such as cellular phones). Mobile devices are expected to use XML in the near future. Small XML parsers have been developed already. Validators for schema languages are expected to follow, and a prototypical validator for RELAX NG on mobile phones has been developed. Such parsers and validators will hopefully be used for implementing XForms and Web Service on mobile devices. Part 2 of W3C XML Schema provides a set of datatypes and facets. Although it might not be perfect, it is likely to be widely used by many XML applications including mobile applications. We just cannot believe that an incompatible set of general-purpose datatype (e.g., int) libraries will be accepted by the market. However, datatypes and facets of W3C XML Schema Part 2 are too complicated for mobile devices. Some specifications such as XForms have already created their own subsets of W3C XML Schema Part 2. However, if different specifications introduce different subsets, incomparability will be significantly spoiled. It would be much nicer if one subset is internationally standardized... [In the] choice of datatypes we omit: (1) datatypes requiring infinite precision; (2) datatypes that do not have obvious mapping to J2ME; (3) archaic datatypes such as IDREFS, ENTITY, ENTITIES, and NOTATION; (4) unsolid datatypes -- dateTime and so forth; (5) datatypes such that validity depends on namespace declarations... [In the] choice of facets we omit: [1] the pattern facet, which requires the property list of Unicode characters; [2] whitespace, which does not affect validity but controls PSVI; [3] totalDigits and fractionDigits. Implementation considerations: We have studied the source code of Jing implementation by James Clark. We believe that if the above restrictions are accepted, an implementation of the remaining datatypes and facets will require less than 20KB as the size of a JAR file." See details for the proposed list of datatypes and factes in 'Table 1: The list of datatypes' and 'Table 2: The list of facets'. See: (1) XML Schema Part 2: Datatypes, W3C Recommendation 02-May-2001; (2) general references in "XML Schemas." [cache]

  • [June 17, 2003]