[February 26, 2004] "Whitepaper on Liberty Protocol and Identity Theft." Edited by William Duserick (Fidelity Investments). From the Liberty Alliance Project. February 20, 2004. 11 pages. Contributors: Paul Madsen (Entrust), Sandra Silk (Fidelity Investments), Luc Mathan (France Telecom), Margareta Bjorksten (Nokia), Niina Karhuluoma (Nokia), Shin Adachi (NTT), Eric Norlin (Ping Identity Corporation), Linda Elliott (Ping Identity Corporation), Karyn Murphy (RSA Security), Tanya Candia (Sigaba), Piper Cole (Sun Microsystems), Susan Landau (Sun Microsystems), and Stephen Deadman (Vodafone). "Identity theft, a modern crime of this modern age, has become a significant threat to the growth of electronic commerce. Cases of misuse of online accounts by imposters as well as creation of new accounts using stolen identity and attribute information are prevalent. The resulting press accounts have served to dampen citizen, corporate, and government enthusiasm for electronic interactions which are sensitive or have monetary value. Federated identity management provides the ability to leverage authentication and use personal or business information stored with one online entity to conduct business with another. The Liberty Alliance Project is developing standards for federated identity management which emphasize security and support the privacy of users in a networked world. This paper discusses how the Liberty Alliance Project addresses the current issue of identity theft through specifications, best practice documentation and implementation guidelines. Identity federation as specified by the Liberty Alliance Project is a controlled method by which partnering companies can provide more integrated and complete customer service to a qualified group of individuals within certain sets of business transactions. The mechanisms inherent in the concepts of identity federation, and the Liberty Alliance Project specifications in particular, should help protect the user from theft and abuse. There are several considerations which lead to this conclusion: (a) Superior security and privacy inherent in interactions; (b) No single point of failure, i.e., limited information in any one repository; (c) Permission-based access to attributes; (d) Upgrades to the specifications to deal with breach experience..." See: (1) the announcement, "Liberty Alliance White Paper Outlines Federated Identity's Ability to Reduce Identity Theft." (2) general references in "Liberty Alliance Specifications for Federated Network Identification and Authorization." [cache]

[February 26, 2004] "Getting Reacquainted with dbXML 2.0." By Tom Bradford. From XML.com (February 25, 2004). "The goal of the dbXML project has been to produce a high quality, small footprint XML database that just works. dbXML is a native XML database written in Java. Native XML databases (NXDs) are databases that store XML using an internalized format for faster overall processing and representational flexibility. NXDs also provide support for indexing XML for improved query performance. Because it utilizes Java's memory mapped I/O and overlapping socket I/O, dbXML requires Java 1.4 or higher... In version 2.0 dbXML supports basic journaling transactions under the hood. At present, all transactions are implicit unless you're accessing dbXML using the database's lowest level APIs. Explicit transaction APIs will be exposed via the client/server APIs in a future release... The database now has a pluggable security model. There are currently three security managers to choose from. (1) NoSecurityManager provides no security whatsoever and is used when authentication is not needed to access the database. (2) SimpleSecurityManager provides simple security, where a single user name and password is used for the entire database. The user name and password are defined in the database's system.xml configuration file. (3) DefaultSecurityManager is so named because it is the default security manager. It provides access control based on users and roles stored in the database's system collections. dbXML 1.0 leveraged CORBA to provide client/server communications. While CORBA made dbXML accessible to many platforms and languages, it also came with its share of headaches. For version 2.0, it was decided that CORBA would no longer be used. dbXML 2.0 utilizes a web services hub called Project Labrador to provide client/server communications. Currently, Labrador only supports REST and the XML-RPC protocol. As a result, dbXML only supports these modes of access. A future version of Labrador will support SOAP; when it does, dbXML will automatically inherit this capability. This project has evolved quite a bit since version 1.0 and is very likely to evolve considerably in the coming year. It is already a mature product, with some rather high profile users, and is in a very good position to become the dominant open source XML database, if not one of the more popular XML databases in general..." See references in "XML and Databases."

[February 26, 2004] "VoIP Gets SIMPLE for Avaya." By Christopher Saunders. In Instant Messaging Planet (February 23, 2004). "Communications networking giant Avaya on Monday became the latest major enterprise technology player to launch a business instant messaging solution, debuting the offering in connection with its new Voice Over IP suite. At the heart of the new VoIP offering is the Avaya Converged Communications Server, representing the Basking Ridge, N.J.-based company's foray into solutions based on Session Initiation Protocol (SIP), a leading standard in the Internet telephony industry. That technology also forms the basis for SIP for Instant Messaging and Presence Leveraging Extensions (SIMPLE), a protocol supported by several of the largest competitors in the enterprise IM space, such as IBM Lotus and Microsoft. Thanks to its new SIP/SIMPLE support, Avaya's converged communications solution now incorporates user availability awareness and controls — or 'presence,' in industry parlance — into its core VoIP offerings. A new edition of its IP telephony software, Avaya Communication Manager, integrates with Converged Communications Server to support the technology, as does the Avaya IP Softphone R5, an on-screen call manager client. As a result, users of the Softphone client can view colleagues' availability using a presence-enabled contact list, much like the Buddy Lists found in AOL Instant Messenger and similar programs. When integrated with the new Converged Communications Server, the Avaya IP Softphone shows friends' and colleagues' real-time statuses, such as 'Away,' 'On the Phone,' or 'Busy.' Users can then click their contacts to launch IM, voice, or conference calling sessions with others..." See: "IETF SIMPLE Specifications Support Presence-Based IM, Video, and Voice."

[February 26, 2004] "IETF Closes in on Linking Geographic Info, Presence." By Christopher Saunders. In Instant Messaging Planet (January 28, 2004). "Instant messaging brought 'presence' — the ability to tell when others are available for chat — to the desktop. Now, the concept could be on the cusp of another, quiet evolution: incorporating location information... Groupware, Web conferencing and telephony applications have also begun incorporating presence information, broadening its impact. Now, figures in the Internet communications community are working to take presence to the next level by creating a framework for merging users' location data into their presence information. That's long been viewed as a logical add-on to the basic availability data now available in most implementations of presence. But there are important considerations to take into account before simply merging the data. Access to users' geographic information needs to be subject to user control, much like presence is handled in most consumer instant messaging clients — which generally enable users to hide their availability status from certain classes of fellow users, such as unknown contacts. Otherwise, everyone on a network could have unrestricted knowledge of others' whereabouts without any form of authorization. Within the Internet Engineering Task Force, the Geographic Location/Privacy Working Group (also known as GEOPRIV) has taken up the task of walking the line between establishing a means of disseminating geographic data that is subject to the same sorts of privacy controls as presence is today. GEOPRIV is close to finalizing on a recommendation for just such a system. That draft recommendation, authored by Neustar's Jon Peterson and known officially as 'A Presence-based GEOPRIV Location Object Format,' is actually based on earlier work done in formulating the basic requirements for presence data: the Presence Information Data Format (PIDF)... The latest effort doesn't aim to hammer out a standard for geographic information itself. Rather, it's based on current geographic data standards, and focuses instead on encapsulating location information within presence data, and applying the same sorts of user preferences. Geography Markup Language (GML) is the expected location format over which the GEOPRIV draft's specifications will be applied. 'There is related work out there, tons of it in the GEOPRIV working group for providing more specific policy tools and language ... and OpenGIS (Geographic Information Systems) and the GML 3.0 spec seem adequate for expressing simple and extremely complex coordinate space,' Peterson said... Peterson, an early figure in Session Initiation Protocol (SIP) and SIP for Instant Messaging and Presence Leveraging Extensions (SIMPLE) has his own anticipated scenarios. For one thing, VOIP applications based on SIP could see a major boost with the introduction of location-based data, which would provide necessary infrastructure for 911 emergency calling...' See: (1) "Geography Markup Language (GML)"; (2) "Presence Information Data Format (PIDF)"; (3) "Six New Internet Drafts from the IETF Geographic Location/Privacy Working Group."

[February 26, 2004] "Grid Forum Backs Utility Computing Standards." By Paul Shread. From GridComputingPlanet.com (February 25, 2004). "The Distributed Management Task Force's effort to draft standards for utility computing has received the backing of the Global Grid Forum (GGF), the Grid computing standards-setting body. 'This is an important activity and we are excited to see the DMTF bring this group together, while simultaneously tapping related efforts, such as GGF's Open Grid Services Architecture (OGSA) and several new GGF research groups focused on commercial enterprise Grid application use cases and requirements,' Charlie Catlett, senior fellow at Argonne National Laboratory and chair of GGF, said in a statement... 'We have been working very closely with both DMTF for the past year, and in the past six months, also with OASIS, because these things are converging,' Catlett said. 'The efforts are indeed complementary, and where we have found intersection of activities we have created high-bandwidth liaison activities. For instance, we have a Common Management Model working group within GGF that was created by some folks who also participate in DMTF, and one of the objectives is cross-fertilization between Grid/utility computing and the distributed systems management world.' Catlett said 'the best sign of convergence' is the WS-Resource Framework (WSRF) effort to recast several key components of GGF's Open Grid Services Infrastructure (OGSI) specification into a set of Web services specs. The work is a joint effort between Grid services proponents from the GGF community and Web services proponents, Catlett said. 'The path forward for this is that WSRF specifications are most likely to be standardized via OASIS, where most Web services work is happening these days,' Catlett said. The GGF OGSI working group will serve a liaison function, and Catlett said he expects the WSRF-related OASIS technical committees to hold meetings at the thrice-yearly Grid forums. 'These are only a few of the ways we are discussing to work together with OASIS and DMTF,' Catlett said. Catlett also said he is 'personally very intrigued by DCML,' the Data Center Markup Language effort, and is 'trying to figure out how it might fit into Grid projects that I am doing without my GGF hat on. I definitely think DCML is quite interesting, but I have not followed what they're doing. We had extended an offer to them to do the work within GGF, but we haven't followed up. Regardless of where the work is done, I am hoping that we can form a liaison activity with them to make sure there is good exchange of ideas with the Grid community'..." See: (1) the announcement "DMTF Announces New Working Group for Utility Computing. OASIS, GGF and Industry Leaders Join Forces with DMTF to Further Management Standards for Utility Computing."; (2) WSRF specs news item in "Web Services Notification and Web Services Resource Framework."

[February 26, 2004] "IBM's Sutor: SOA Is So Necessary." By Darryl K. Taft. In eWEEK (February 25, 2004). ['Bob Sutor, IBM's director of WebSphere infrastructure software, will be keynoting at this week's Edge 2004 conference on software development in Boston. Sutor, who will be speaking on the concept of service-oriented architecture, took time last week to explain IBM's SOA strategy to eWEEK Senior Writer Darryl K. Taft.'] Sutor: "In brief, an SOA is distributed computing where you identify the different units of work or units of activity as services. So a service is some piece of software that you can issue queries to, issue commands to in some way, basically tell it to do something, and it responds back to you. It's critical that there is a large degree of standardization in how you actually define these services. That is, we can't have one language for talking about this service and another language for talking about that service. The key is to try to make what is essentially an extremely heterogeneous implementation to look as homogeneous as possible — that is, your service or another service can be described in exactly the same terms and therefore processed by exactly the same tools. Given this notion that I can describe services, I can get those descriptions, I then need to connect to them. And I have certain requirements about that connectivity. So I have requirements about reliability, that is I know if I invoke a service I'd like to know that something actually happened. That it got the message and responded back to me. So it basically boils down to distributed computing with standards that tell us how to invoke different applications as services in a secure and reliable way and then how we can link the different services together using choreography to create business processes. And then finally so that we can manage these services so that ultimately we can manage and monitor our business performance..."

[February 25, 2004] "WS-I Releases Web Services Security Scenarios." By Elizabeth Montalbano. In CRN (February 25, 2004). "The Web Services Interoperability Organization (WS-I) Wednesday released a document aimed at helping solution providers and customers take the first steps toward implementing Web services-based security. [Hal] Lockhart said there are an infinite number of ways for companies to use standards such as WS-Security and SOAP Message Security 1.0 to secure Web services messages. The WS-I is providing only a sample of those ways in its work, and encourages commentary from the industry on other possible scenarios. 'This activity will form the basis for what we consider to be the basic security profile,' Lockhart said. 'We really want feedback from people about whether this is the right set of scenarios, the right set of choices to make. We hope people will look at this document and feed back to us their reactions in terms of whether we are working on the right problems.' The WS-I plans to release a draft of its Basic Security Profile, which will deal with how to use WS-Security and SOAP Message Security — among other standards — in Web services-based transactions, by the end of March, said Eve Maler, XML architect at Sun and another member of the Security Profile Working Group. The Basic Security Profile builds on the WS-I Basic Profile to propose how to provide security mechanisms around existing Web-services standards. The WS-I's Basic Profile 1.0, released in August, provides guidelines for using several established standards for building Web services — SOAP, WSDL, UDDI and XML Schema. In the future, the Security Profile Working Group will address how to utilize other security standards, such as security assertion markup language (SAML) and Kerberos, with Web services, Maler said..." See details in the news story "WS-I Releases Public Working Draft Document on Security Scenarios."

[February 24, 2004] "Microsoft Previews InfoPath Update. Update Inlcudes Fixes, New Features." By Joris Evers. In InfoWorld (February 23, 2004). "Microsoft Corp. is giving users a chance to test enhancements to its InfoPath XML forms manager. Microsoft plans to deliver those enhancements as part of Service Pack 1 (SP1) for its Office 2003 products in late June. Called InfoPath 2003 Service Pack 1 Preview, the update not only bundles software fixes, but also adds a host of new features. InfoPath is Microsoft's new XML forms manager. It joined the Office family last October part of the Office 2003 release. SP1 updates to InfoPath fall into four main areas: security, reliability, user experience and programming environment. On the security side, Microsoft has improved support for digital signatures, adding the ability to sign different parts of the form as well as cosigning, among other features. Perhaps the most important element to driving adoption of InfoPath are improvements and additions in the InfoPath programming environment. Developers using Microsoft's Visual Studio .Net can now create InfoPath applications using managed code. Previously InfoPath developers were limited to using scripting. Additionally, the update adds tools for working with ActiveX controls and complex XML schemas as well as layout controls for working with printed forms and promises easier integration into existing business process and workflows..." See: (1) the announcement, "Newest Enhancements to Microsoft Office InfoPath 2003 Now Available for Preview. Microsoft to Add Enhanced Programming Tools, Richer Page Layout Controls, and Improved Schema and Digital Signature Support to Its Popular Information-Gathering Program."; (2) "Microsoft Office 11 and InfoPath [XDocs]."

[February 24, 2004] "AVDL Integrates Application Security." By Jan Bialkowski and Kevin Heineman. In Network World (February 23, 2004). "Because traditional security tools such as firewalls, VPNs and intrusion-detection systems inadequately protect against application-layer attacks, security managers are turning to next-generation application security products such as vulnerability scanners, application security gateways and patch management systems. However, these best-of-breed stand-alone systems still require individual and separate user interactions, leaving the overall security management process too manual, time-consuming and error-prone. Application Vulnerability Description Language (AVDL) is a new security interoperability standard in development by OASIS. Proposed by leading application security vendors and users, AVDL creates a rich and effective set of consistent XML schema definitions to describe application security properties and vulnerabilities. Using AVDL, security tools and products from different vendors will be able to communicate to coordinate their security operations and automate security management. The basic concept embodied in the AVDL schema is an application-level transaction, called a probe, which describes HTTP exchanges between browsers and Web application servers. Defined mark-ups allow specification of the HTTP messages in full detail at various levels of abstraction (raw byte stream, or parsed to HTTP header constructs). Such probes might specify valid and expected request-response exchanges between browsers and servers, or might specify application vulnerability exploits. In the former case, traversal-step probes supply a host of information, including target URLs, links, cookies and other headers, as well as query or form parameters, their attributes and ranges of legitimate values. The traversal probes can be used to automate enforcement of safe usage policies. In the latter case, vulnerability probes further highlight questionable constructs and supply detailed specifications of vulnerabilities, including human-readable description and machine-readable assessment information such as vulnerability severity, applicability and its historical records. The vulnerability probes supply information necessary to configure protective 'deny' rules and information about hot fixes if any are available, workarounds and so forth that can be used to automate management of remediation processes. In a typical usage scenario, a security scanner maps out the application and detects its flaws and vulnerabilities. The scanner then sends its assessment in the form of a set of AVDL probes to other security devices. The recipients, such as patch management systems or security gateways, use the AVDL input to automatically generate configuration recommendations..." See the recent announcement.

[February 24, 2004] "Application Security Standard Edges Forward." By George V. Hulme. In InformationWeek (February 23, 2004). "An application security standard known as Application Vulnerability Description Language, which was proposed last year, is moving closer to reality. AVDL, which was submitted to the standards group OASIS, is based on XML and is designed to provide a standard way for application vulnerabilities to be defined and classified so all security applications from different vendors that companies use to secure their apps will understand the same language when it comes to security threats. For example, when a new software vulnerability surfaces, a company's vulnerability scanner could scan systems to spot the new flaw. The scanner then could send information to firewalls and patch-management systems, which those applications could then use to automatically adjust to better protect against any potential attacks, such as a worm or a hacker attack. At this week's RSA Security Conference in San Francisco, security vendors will demonstrate how the draft AVDL specifications have been implemented in their applications..." See: (1) the announcement, "Application Security Leaders Announce Support for AVDL OASIS Committee Draft. Cenzic, Citadel, Department of Energy CIAC, GuardedNet, NetContinuum, Qualys, SPI Dynamics, Teros and WhiteHat Among Growing Number of Organizations to Support AVDL."; (2) "OASIS Committee Draft for the Application Vulnerability Description Language (AVDL)"; (3) "Application Security Standards."

[February 24, 2004] "Ink Markup Language." W3C Working Draft 23-February-2004. By Gregory Russell (IBM), Yi-Min Chee (editor, IBM), Giovanni Seni, Larry Yaeger (Apple), Christopher Tremblay (Corel), Katrin Franke (Fraunhofer Gesellschaft), Sriganesh Madhvanath (HP), Max Froumentin (W3C). Produced by the W3C Multimodal Interaction WG as part of the W3C Multimodal Interaction Activity. Latest version URL: http://www.w3.org/TR/InkML. "The Ink Markup Language serves as the data format for representing ink entered with an electronic pen or stylus. The markup allows for the input and processing of handwriting, gestures, sketches, music and other notational languages in Web-based (and non Web-based) applications. It provides a common format for the exchange of ink data between components such as handwriting and gesture recognizers, signature verifiers, and other ink-aware modules. This second version of the Working Draft adds facilities for detailed recording of time information for the captured ink. The attribute for associating the format of trace data with the device used to capture it has also been defined. The draft introduces a new, generic mapping syntax which allows for MathML formulas, and the mechanism for referring to ink traces (for semantic labelling or other purposes) has also been simplified. Finally, each element has been given its own section, which includes a definition of its attributes and contents..." See the news story for the previous WD version, "W3C Releases Public Working Draft for the Ink Markup Language (InkML)."

[February 24, 2004] "IBM, Veritas Lead New Utility Computing Standard." By Clint Boulton. In InternetNews.com (February 11, 2004). With followon article 2004-02-17. "A new standards body has been formed to create a method for ensuring the interoperability of utility computing environments using products from different companies... According to a Distributed Management Task Force document obtained by internetnews.com, the new Utility Computing Working Group is co-chaired by one representative from IBM and VERITAS Software and has a goal of unifying data center management, an integral part of on-demand computing. The work, which will be carried out with the help of standards bodies such as the World Wide Web Consortium (W3C) and OASIS, could be seen as IBM's and VERITAS' competitive answer to the Data Center Markup Language (DCML) launched by EDS, Computer Associates, and others last year... Analysts following the space noted that neither IBM nor HP, widely acknowledged as the two biggest on-demand computing players, were involved with DCML. Now, the latest interoperability group appears to be an answer to DCML, as well as another reminder that standards-creation often spurs rivals to line up on opposing sides in the process. 'It sure looks like IBM is pushing its agenda on autonomic computing,' said a source familiar with the utility computing space and the standards process. 'The big difference between this and DCML is that it has big guy sponsorship — is this how IBM expects to drive forward the Web Services Notification and Resource Framework standards that it introduced in January at Global Grid Forum? If so then HP will also be on board with this.' The source said the alignment of the grid standards with the Web services standards is vital to IBM's view of autonomic computing and 'it seems like the GGF can't do it on their own.' The DMTF, which created the Common Information Model (CIM) to describe how management programs will be able to control devices and applications from different vendors in the same way, did not respond to calls seeking comment as of press time..." Other details in the WG charter. See: (1) the 2004-02-17 announcement: "DMTF Announces New Working Group for Utility Computing. OASIS, GGF and Industry Leaders Join Forces with DMTF to Further Management Standards for Utility Computing." (2) "Opsware and EDS Launch Data Center Markup Language (DCML) for Utility Computing"; (3) "DMTF Common Information Model (CIM)."

[February 23, 2004] "Enterprise Instant Messengers Make the Grade." By Curtis Franklin Jr., Brian Chee, and Mike Heck. In InfoWorld (February 11, 2004). "Instant messaging is alive and well in the workplace. We tested four solutions in this roundup -- Lotus Instant Messaging and Web Conferencing 3.1, Microsoft Live Communications Server 2003, Novell GroupWise Messenger 1.0, and Jabber XCP (Extensible Communications Platform) 2.7 -- and found that enterprise IM solutions provide the security, manageability, and auditing capabilities that companies need. And they also include features, ranging from transaction logging to document collaboration, that will support business processes in the enterprise. All four of these products enhance security through full encryption of traffic streams, providing the ultimate protection for traffic that traverses public data links. Each integrates with directory services such as Active Directory, LDAP, and RADIUS, giving administrators the ability to control user population and privileges, and allowing users to share a central contact list across the organization... The solutions also allow administrators to create and manage a central archive of messages and conversations, providing the auditing capabilities necessary, for example, to ensure accountability or comply with Securities and Exchange Commission (SEC) requirements or Health Insurance Portability and Accountability Act (HIPPA) responsibilities. The IM products from IBM Lotus, Microsoft, and Novell also integrate with their respective collaboration platforms. If you've committed to a particular vendor's groupware, very likely you'll be best served by their enterprise IM solution. On the other hand, there are other options to consider depending on whether you want application sharing or whiteboarding with IM, and what flavor of directory services runs in your infrastructure. .." See also the news story on IETF SIMPLE WG IM and presence specifications.

[February 23, 2004] "Handling Privacy in WSDL 2.0." Edited by Hugo Haas (W3C). W3C Team Submission. 13-February-2004. ['This document discusses how to handly privacy in WSDL 2.0 and shows a possible solution using the P3P generic attribute and a WSDL 2.0 feature in order to express a Web service provider entity's privacy policy.'] "In the same way Web sites have privacy policies, Web services may raise privacy concerns, as shown in section 2 and 4 of J. Reagle, et al., "P3P: Beyond HTTP." Users of Web services may want to know how and for what purpose their personal data will be used before deciding to use a service. The Platform for Privacy Preferences Project (P3P) enables Web sites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents. P3P user agents will allow users to be informed of site practices (in both machine- and human-readable formats) and to automate decision-making based on these practices when appropriate. Thus users need not read the privacy policies at every site they visit. The Web Services Description Language (WSDL) 2.0 is an XML language for describing Web services. When used in combination with P3P, one can express the privacy policy of a Web service. This document proposes two ways to express and process privacy policies in WSDL 2.0. One way is to use the generic P3P attribute of the Platform for Privacy Preferences 1.1 (P3P1.1) Specification to extend a WSDL 2.0 description to attach provider entities' privacy policies. The other way is to use a WSDL 2.0 feature..." General references in "Platform for Privacy Preferences (P3P) Project."

[February 23, 2004] "Television Listings and XMLTV." By Kyle Downey. From XML.com (February 18, 2004). "With a mini PC with a TV capture card, a WiFi card, a monster hard drive, and a Linux package like MythTV, can not only do almost everything a TiVO can do, but can also serve up MP3 files, act as a Windows file server with Samba, run a web server, and more. One critical element of a DIY TiVO is TV listings. Without these all the fancy hardware in the world won't do much good. But there's an open source, Perl XML-based solution by Edward Avis called XMLTV that many of the TV-on-your-PC packages like Freevo and MythTV support. With support for screen-scraping data for many country's cable systems, XMLTV can take various sources and create a consistent stream of XML. Good software can be used as a building block to make other software, and by this measure XMLTV -- both the de facto standard and the software -- is very useful. Although dreams of combining computers with televisions have yet to pan out, now there are solid mechanisms that let you combine Internet data with live video, and insert your own software in between. The exciting element is not what has been done, but the convergence of interesting information, ease of access and processing with XML-based formats like XMLTV, with freely-available, powerful software..." General references in "XMLTV."

[February 23, 2004] "Microsoft Creates a Stir in Its Work With the U.N." By John Markoff and Jennifer L. Schenker. In New York Times (February 23, 2004). [With caption: 'Klaus-Dieter Naujok, who works with the United Nations, says it is difficult to avoid Microsoft's influence.'] "The chairman of the Microsoft Corporation, Bill Gates, won widespread applause in January when he trumpeted an agreement to give $1 billion in software and cash to the United Nations as part of a job-training program for the developing world. But Microsoft did not seek any attention for a much smaller amount that it contributed earlier to pay some travel expenses for a United Nations business standards group. That payment, critics say, had a much more opportunistic motive than the big donation. Several software industry executives and technologists contend that Microsoft has been moving behind the scenes to undercut support for a set of business-to-business electronic transaction standards jointly developed by the United Nations and an industry-sponsored international standards group. Microsoft and senior United Nations officials said that the accusation was false and that the company's contributions were relatively modest, complied with United Nations guidelines, and did not unduly influence decision making. Microsoft and I.B.M. have been trying to gain backing for a competing approach to writing Internet software, which the two companies argue would be a better, more general solution for business-to-business computer communications than the original United Nations-developed standard, known as 'electronic business using extensible markup language,' or ebXML in the trade. The previously hidden dispute may seem arcane, but it revolves around computing standards that are likely to help determine control over an emerging generation of Web services software that is designed to automate buying and selling through networks of computer connections. Many industry executives predict that the new software will ultimately supplant computer operating systems as the linchpin of the industry. This new fight is occurring as Microsoft, the world's largest software company, moves to the final stages of its legal dispute with antitrust regulators in Europe over its right to integrate features of its competitors' products into its Windows operating system. On another front, Microsoft is being challenged by an array of open-source programs -- starting with Linux but expanding to other arenas -- that are being developed by a loosely organized group of software programmers and distributed at little or no cost..." See general references in "Electronic Business XML Initiative (ebXML)."

[February 23, 2004] "Remember ebXML? Doing Business in Real Time." By David S. Linthicum. In XML Journal Volume 5, Issue 2 (February 2004). "While there are many standards that look like ebXML, ebXML is the first horizontal standard designed to address the exchange of information and adherence to inter-enterprise processes. However, in attempting to reach this lofty goal, ebXML is also a complex standard and takes some understanding before we can comprehend its value to the world of application integration and electronic business. In recent years, it's been clear that ebXML (as well as many other modern Internet standards) has to take on a coexistence strategy rather than a replacement strategy. This is because most enterprises are reluctant to shut down their existing B2B systems, such as EDI, until new standards have proven their operational value. Thus, we have another evolution not revolution, which seems to be a common theme as we migrate to newer but more complex and invasive standards. There are several components to ebXML, including: Collaboration Protocol Profile (CPP); Collaboration Protocol Agreement (CPA); Business Process and Information Modeling; Core Components; Messaging; Registry/Repository..." General references in "Electronic Business XML Initiative (ebXML)."

[February 23, 2004] "Web Services Alphabet Soup: Is the Glut of Web Services Protocols a Morass or a Precursor to Unprecedented Harmony?" By Jon Udell. In InfoWorld (February 20, 2004). Strategic Developer. The original title of this column was 'WS-WorldPeace.' "Here's one popular definition of insanity: 'Do the same thing, expecting a different result.' Now consider the following partial list of proposed standards for Web services: WS-Addressing, WS-AtomicTransaction, WS-Attachments, WS-Context, WS-Coordination, WS-Eventing, WS-Federation, WS-Reliability, WS-ReliableMessaging, WS-Routing, WS-SecureConversation, WS-Security, WS-SecurityPolicy, WS-Transaction, and WS-Trust. That's just the WS series; there's also XML 1.0, XML Schema, SOAP, WSDL, UDDI, XML-DSig, XML-Encryption, XKMS, SAML, XACML, ebXML, BPEL4WS, WSRP, and a partridge in a pear tree. Is this nuts? Some people think so. The watchwords of XML Web services were the watchwords of the Web: simplicity and universality. But as the specs multiply like weeds, it's fair to ask if we're now just reinventing CORBA and DCOM, doing the same old thing and crazily hoping for a different result... [We have] a zoo of protocols that, for most developers, create severe cognitive overload. It's one thing to say that a secure transacted session can be composed out of these modular parts, but quite another to actually achieve that effect. [Microsoft's] Shewchuk agrees. The solution, he suggests, is tooling that enables a declarative style of programming. This idea dates back to MTS (Microsoft Transaction Server). Before COM+ and J2EE, MTS pioneered the notion that you need not write lines of code to invoke services such as transactions or object pooling. Instead, a programmer could invoke these services with simple attribute declarations. Or an administrator could achieve the same effect by setting attributes in a management console... 'In Indigo, it boils down to attributes,' Shewchuk says. 'You tell the run time you want confidentiality, longevity, and reliability, and it uses the composable architecture to translate that into a configuration on an execution pipeline.' You've got to love the vision. Is it a recipe for WS-WorldPeace? That will depend on Microsoft's commitment to base standards, which so far looks more solid in Indigo than in Avalan or WinFS. It will also depend on everybody else figuring out what Microsoft has always known: packaging technology, in ways that make sense to average developers, matters a lot..."

[February 12, 2004] "Microsoft Locks Up XML Patent." By Alexander Wolfe. From InternetNews.com (February 12, 2004). "The speculation as to whether Microsoft intends to patent XML technology is over. Microsoft has been granted United States patent 6,687,897 for 'XML script automation.' The patent, awarded by the U.S. Patent and Trademark Office on February 3, appears to deal with basic XML functionality. Specifically, it describes a method for unpacking multiple scripts contained within a single XML file. According to the application filed by Microsoft, the patent involves 'systems, methods and data structures for encompassing scripts written in one or more scripting languages in a single file.' 'The scripts of a computer system are organized into a single file using Extensible Language Markup (XML),' Microsoft's patent document continues. The document explained that each script is delimited by a file element and the script's instructions are delimited by a code element within each file element. When a script is executed, the file is analyzed to create a list of script names or functional descriptions of the scripts..." Summary in the following bibliographic entry. See the thread on XML-DEV, with comments by Michael Champion (bis), Bob Wyman, David Megginson, Michael Kay, W. E. Perry, James Anderson, Rick Jelliffe, and others. See also: (1) "Microsoft Files for Patents Related to XML Parsing and Word Processing"; (2) general references in "Patents and Open Standards."

[February 12, 2004] "Microsoft Acquires United States Patent 6,687,897: XML Based Script Automation." 'Inventor': Olivier Guinart (Redmond, WA). Assignee: Microsoft Corporation. Application number: 727598. Filed: December 1, 2000. Granted: February 3, 2004. Abstract for patent #6,687,897: "Systems, methods and data structures for encompassing scripts written in one or more scripting languages in a single file. The scripts of a computer system are organized into a single file using Extensible Language Markup (XML). Each script is delimited by a file element and the script's instructions are delimited by a code element within each file element. Other information, such as a name of the script and a functional description of the script may also be included in the file using other XML elements to delimit that information. The language in which a particular script is written is also included within the XML format. When a particular script is executed, the file is parsed to create a list of the script names or of the functional descriptions of the scripts. One or more scripts are selected and the code for those scripts is extracted from the file and executed by the appropriate scripting process. The scripting process that executes a particular script is identified from the scripting extension attribute that is included in the XML format of the file..." See: (1) "Microsoft Files for Patents Related to XML Parsing and Word Processing"; (2) general references in "Patents and Open Standards."

[February 12, 2004] "Google Spurns RSS for Rising Blog Format [Atom]." By Paul Festa. In CNET News.com (February 11, 2004). "Google's Blogger service is bypassing Really Simple Syndication in favor of an alternative technology, a move that has sparked more discord in a bitter dispute over Web log syndication formats. The search giant, which acquired Blogger.com last year, began allowing the service's million-plus members to syndicate their online diaries to other Web sites last month. To implement the feature, it chose the new Atom format instead of the widely used, older RSS. The battle between RSS and Atom has divided the blogging world since the summer, when critics of RSS came together to create an alternative format. Since then, a raft of blog sites and individuals have lined up behind Atom, while Yahoo has thrown its considerable weight behind RSS. The Blogger decision to offer only Atom has angered supporters of RSS, who accuse Google of helping to splinter a wide network of RSS-using bloggers... 'They're breaking users, including people who aren't using their software,' wrote Dave Winer, a Harvard fellow who is commonly considered the arbiter of the RSS format, on his long-running Scripting.com blog. 'There is a lot of implicit trust in the RSS network, an assumption that vendors will behave rationally and will care for users. Any participant can break us, as Google is proving... RSS supporters argued that Google could have given members a choice between RSS or Atom, since Blogger already offers the older format. But Atom partisans lauded Google's move, saying it made sense in the context of the company's support for open-source software and open standards. 'RSS has long been controlled by a single vendor or entity,' said Mark Pilgrim, an early contributor to Atom. 'Atom's an open standard, so people can point at the spec and say they're conforming to it, and it's not controlled by one of their competitors. And RSS is.'... Atom backers are proceeding with plans to bring their technology under the auspices of the Internet Engineering Task Force (IETF). IBM engineer Sam Ruby, who has spearheaded the Atom effort, was scheduled to address O'Reilly's Emerging Technologies conference on a proposal for IETF to assume responsibility for Atom. Ruby could not immediately be reached for comment. But Pilgrim estimated that Atom, which dates back only to June of last year, would work its way through the IETF and be ratified as a 'request for comment' draft no later than August [2004]..." From Sam Ruby's slides, presented at the O'Reilly Emerging Technologies Conference, "!Echo wiki: Lessons Learned": "A draft [IETF] charter [for Atom work] will be prepared in time to be informally discussed at the IETF meeting is Seoul, Korea on the week of 29-February-2004 to 5-March-2004; Hopefully, the Working Group itself will be approved in March 2004; Most of the work will be done on mailing lists; Ideally, a face to face meeting of the Working Group will be scheduled to coincide with the August 1-6, 2004 meeting of the IETF in San Diego, CA..." See: (1) "RDF Site Summary" | "Really Simple Syndication" (RSS)"; (2) "Atom as the New XML-Based Web Publishing and Syndication Format."

[February 12, 2004] "How Will Office 2003 DRM Impact Interoperability?" By Paul Cesarini (Assistant Professor, Advanced Technological Education Program, Bowling Green State University, Bowling Green, Ohio). In IT Manager's Journal (February 12, 2004). "Last October, OpenOffice.org released the 1.1 version of its office productivity suite. This update included native PDF and Flash conversion, complex text layout language support, and increased compatibility with Microsoft Office file formats. Roughly a month later, Microsoft released Office 2003. This product was freshly-infused with digital rights management (DRM) technologies, dubbed 'information rights management' by Microsoft, designed to secure and restrict access to documents as needed. Documents employing DRM created in Office 2003 may well only be accessible via Office 2003. More recently, Microsoft filed for numerous patent applications in New Zealand and Europe, covering the interoperability of XML-based word processing documents... What do these tactics mean for interoperability between current and pending versions of Microsoft Office and competing products such as OpenOffice.org and StarOffice? Are the goals espoused by Microsoft, namely increased document security, the driving concern behind these moves, or is this a careful strategy designed to lock out competition? [...] Louis Suarez-Potts, OpenOffice.org's community manager argues that the point of files using [Microsoft] DRM is not to simply to make them more secure, but rather to enable an end-run around interoperability. 'On a superficial level, the point of DRM is to limit free access to only those applications able to read DRM-delimited documents', Suarez-Potts said. 'Put another way, MS Office will generate a class of files which only people with the same kind of MS Office will be able to open, let alone edit.' Additionally, Suarez-Potts added that '[OpenOffice.org] will doubtless have better equivalents, ones that are just as secure and conceivably also as limiting.' Suarez-Potts also believes that Microsoft's strategy is unlikely to succeed, due to the required software investment in both server and client sides -- particularly since both the sender and receiver of IRM-enabled Office files would have to buy in to these upgrades..." See: (1) "Microsoft Files for Patents Related to XML Parsing and Word Processing"; (2) "Microsoft Announces Licenses for Use of Office 2003 XML Reference Schemas"; (3) "Microsoft Announces Windows Rights Management Services (RMS)." General references in "XML and Digital Rights Management (DRM)."

[February 11, 2004] "Compuware Boosts Web Services Security in Modeling Tool." By Paul Krill. In ComputerWorld Australia (February 09, 2004). "Compuware this week unveiled OptimalJ 3.1, a model-driven Java development tool featuring support for the Web Services-Security specification as well as integration with application servers, modeling tools, and messaging middleware. The product, which supports UML, uses a model-driven, pattern-based (MDPB) approach, the company said. MDPB uses patterns to automatically translate business models into working applications, according to Compuware. A highlight of Version 3.1 is support for Web Services-Security (WS-Security), a specification expected to be finalized by OASIS by mid-March. The specification will help enterprises extend Web services to interact with other organizations, according to Compuware, which believes it is the first company to offer WS-Security support in a model-driven tool. 'Organizations are implementing Web services, but mostly behind the firewall. Really, it's a limitation to organizations,' said Michael Sawicki, OptimalJ product manager. Analyst Rikki Kirzner, research director for application development and deployment at International Data Corp., said that with security such a major issue these days, particularly in regards to Web services, tools vendors need to start incorporating it into their products... Version 3.1 also adds application server deployment support. New application server platforms supported include BEA WebLogic Server and IBM WebSphere. Previously, OptimalJ would perform unit tests in the JBoss application server and then generate deployment descriptors for IBM Corp. and BEA Systems Inc. application servers. With the new support, OptimalJ can test in the BEA or IBM production environment. The product also adds integration with the Borland Together Control Center and SparxSystems Enterprise Architect Modeling tools. Previous tools supported have included IBM Rational Rose. Integration with other modeling tools enables information exchange with OptimalJ and leveraging of existing models..." See: (1) the announcement: "Compuware Takes Model-Driven Development Mainstream, Releases Compuware OptimalJ 3.1 and Announces Vision for New Paradigm of Enterprise Application Development. Model-Driven Pattern-Based (MDPB) Approach Bridges J2EE Skills Gap. Enables Companies to Increase Productivity of Enterprise Application Development."; (2) "OMG Model Driven Architecture (MDA)"; (3) "OASIS Web Services Security TC (WSS) Approves Committee Draft Specifications."

[February 11, 2004] "XML How-To: First of All, Never Cross Your Authors." By Patricia Daukantas. In Government Computer News (February 09, 2004). ['The Fish and Wildlife Service's Owen Ambur says he's glad the XML industry recognizes that users want open standards.'] "Agencies that don't already have an Extensible Markup Language evangelist should get one, advises Brand L. Niemann. Why? Because the person tapped for the job can act as a guide to the burgeoning technology, said Niemann, an Environmental Protection Agency computer scientist and member of the CIO Council's Emerging Technology Subcommittee. Niemann also has headed the CIO Council's XML Web Services Working Group through its existence. The effort has morphed into a series of quarterly government conferences on software component technology. 'The quicker we can define XML schemas and make them available to vendors to put into applications, the better we'll all be,' said Owen Ambur, a Fish and Wildlife Service systems analyst and co-chairman of the CIO Council's XML Working Group. Agencies need three levels of applications for XML documents, Niemann said. The first type lets users create documents without any kind of tagging. The second requires minimal tagging. The third includes advanced features for application developers and programmers..." See also "US Federal CIO Council XML Working Group."

[February 11, 2004] "XML Schema Definition for IDMEF Message." By Kohei OHTA (Cyber Solutions Inc). IETF Network Working Group, Internet Draft. Reference: 'draft-kohei-idmef-schema-00.txt'. February 09, 2004; expires August 9, 2004. 33 pages. Prepared for consideration by the IETF Intrusion Detection Exchange Format Working Group. "The purpose of this document is to define a message format of IDMEF in XML Schema. The Intrusion Detection Message Exchange Format is formally defined in an XML DTD. The data model and basic definitions are specified according to the original definition in the DTD format. In the original definition in the DTD, urn:iana:xml:ns:idmef is used as the namespace and defined as attribute. In this definition in XML Schema, we use urn:ietf:params:xml:ns:idmef as the namespace according to the document The IETF XML Registry..." From the main IDMEF spec: "The purpose of the Intrusion Detection Message Exchange Format (IDMEF) is to define data formats and exchange procedures for sharing information of interest to intrusion detection and response systems, and to the management systems which may need to interact with them. This Internet-Draft describes a data model to represent information exported by intrusion detection systems, and explains the rationale for using this model. An implementation of the data model in the Extensible Markup Language (XML) is presented, an XML Document Type Definition is developed, and examples are provided." See: (1) See: "Intrusion Detection Message Exchange Format"; (2) general references in "Application Security Standards." [IETF source URL]

[February 11, 2004] "W3C Approves Pair of Semantic Web Specs." By Darryl K. Taft. In eWEEK (February 11, 2004). "The World Wide Web Consortium has announced the approval of two Semantic Web technologies as standards. Janet Daly, a spokeswoman for the W3C, of Cambridge, Mass., said the approval of the Resource Description Framework (RDF) and the Web Ontology Language (OWL) as W3C recommendations is likely to be one of the W3C's most important announcements this year. RDF and OWL set a framework for sharing and reuse of data on the Web, as well as for asset management and enterprise integration... Using RDF and OWL content developers can connect metadata with documents to enable better search capabilities. Other enhanced capabilities include the ability to integrate enterprise applications and better manage Web sites. W3C officials said XML, RDF and OWL set the foundation for the Semantic Web. XML sets rules for syntax for structured documents, RDF adds a way to provide descriptive information, and OWL represents a language for creating domain-specific vocabularies for various subjects. Although the news of the W3C approval of RDF and OWL is important, the bigger issue is the flurry of industry support around the specifications, according to Daly. The W3C issued testimonials from 24 companies, universities and organizations supporting the standards..." See details in the news story: "W3C Recommendations: Resource Description Framework (RDF) and Web Ontology Language (OWL)."

[February 11, 2004] "Index Grid Services Using Globus Toolkit 3.0. Learn How to Use the Index Service of Globus Toolkit 3.0." By Cai Jun Jie (Software engineer, Globalization Certification Laboratory, IBM). From IBM developerWorks, Grid computing. February 03, 2004. ['The Index Service of Globus Toolkit 3.0 is a helpful component for building grid applications. It can be used to index Service Data carrying state information from multiple grid service instances for use in resource discovery, selection and optimization. In this article the author explains how to set up the Index Service for static and dynamic indexing, and how to improve the reliability of the indexing. The primary way of writing a grid service with custom Service Data and how these data can be queried from the Index Service after aggregation are also covered.'] "Information management is a key issue in the construction of grid applications. This usually involves the generation, aggregation and synchronization of information about grid resources for use in resource discovery, selection, and optimization. In the Open Grid Service Architecture (OGSA), everything is represented as a grid service and expresses its state in a standardized way as Service Data Elements (SDEs). As the reference implementation of Open Grid Service Infrastructure (OGSI), which forms the foundation of OGSA, Globus Toolkit Version 3.0 (GT3) provides three additional components referred as GT3 Base Services. Information service, implemented as the Index Service, is one of the GT3 Base Services. It provides the functionality within which Service Data can be collected, aggregated, and queried; data feeds can be monitored; and Service Data can be created dynamically on demand. This article focuses on how the Index Service can be used to index grid services, for example, to index Service Data from multiple grid service instances through the subscription and notification interfaces that OGSI has defined. This can be accomplished either statically using the configuration file of the Index Service, or dynamically by calling the interface of the Index Service programmatically, both of which will be covered in this article. However, since subscriptions are transient in current GT3 implementation, indexing is not reliable. Data loss or inconsistency can occur when the Index Service or any of the aggregated grid service instances are restarted. Fortunately, there are still ways to implement more reliable indexing if it is really desired... The Index Service aggregates Service Data from multiple grid service instances using the subscription-notification mechanism defined by the OGSI specification -- that is, it subscribes to the Service Data it wants to index so that it will be notified and get the most up-to-date value whenever there is an update. As a result, the grid service providing this Service Data must implement the NotificationSource portType..."

[February 06, 200] "Plumtree Reins in Diverse Web Applications. Portal Package Oversees Security, Content, Collaboration, and Search." By Mike Heck (InfoWorld Test Center). In InfoWorld (February 06, 200). "Does your organization often turn to portals in an attempt to manage the sprawl of Web-based applications? If so, you may be all too aware that these projects can fail to deliver their anticipated ROI. That's because IT managers overlook the need to extend core functions — content management, search, and security — to the applications that appear within a portal. As a result, companies often settle for a portal that provides a decent user experience for a few locally hosted functions. However, the portal doesn't provide an overarching administration framework, nor does it help you lower development and maintenance expenses... Plumtree Enterprise Web Suite includes major updates to every Plumtree product. Plumtree Corporate Portal 5.0 offers new community, knowledge management, and administrative functions, most notably the ability to index content and broker security from many systems. Complementing the portal are the Plumtree Search, Collaboration, Content, and Studio (portlet development) Servers that better integrate with the portal. Equally important, you get an architecture based entirely on Web services (either Java or .Net), which simplifies creating portal applications and customizing the user interface. Plumtree's implementation of WSRP (Web Services for Remote Portlets) and JSR (Java Specification Requests) 168 is strong. Plumtree Corporate Portal communicates with a container that holds the JSR 168 portlet so the portlet can run on any J2EE or Windows application server. The other advantage with this approach is that Plumtree Corporate Portal can handle a larger number of portlets than if the portlets were running on the Plumtree portal server..." General references: "Web Services for Remote Portals (WSRP)."

[February 05, 2004] "OASIS, AMD Push Open Identity Management Standard." By David Worthington. In BetaNews (February 05, 2004). "Trusted identity management just got a new complement: trusted asset management. While commonly viewed as two distinct but overlapping disciplines, new technology promises usher in an alternative to proprietary identity and data management systems by lassoing both together into a single solution. This breakthrough enables rich software and hardware scenarios -- specifically in the realms of rights management and trusted computing. By being an open standard, these solutions are delivered to the masses all while skirting corporate patent portfolios... The XRI and XDI framework is designed such that companies and organizations no longer need to represent individuals through identity management solutions such as America Online's Screen Name or Microsoft's Passport. Instead, XRI permits recognition of identity in both a personal and generic context, without requiring a user to be federated with an organization. An upcoming release of Passport focusing on satisfying many of these same issues is code-named TrustBridge. Cordance's Drummond Reed, co-chair of the OASIS XRI and XDI Technical Committees, told BetaNews that the XRI and XDI standards were not trying to compete with or circumvent other open identity solutions such as Liberty Alliance, saying the two have different goals... XDI builds upon existing and emerging XML standards to solve the problems long associated with data sharing. Many of these problems are, in fact, fundamental. [According to] Jamie Lewis, CEO and Research Chair of the Burton Group: 'Today, we use a wide variety of different mechanisms for identification, including e-mail addresses, IP addresses, phone numbers, and object identifiers. But most of these are specific to one specific means of interaction. None of them is persistent across the many different ways that people, applications, and devices can communicate, and so they don't function well as identifiers in the long run. In the future, for example, a variety of factors may determine where you would like to receive in-bound communications; you may want to receive e-mail when using your laptop, a phone call when all you have is your mobile device, and a text message when in a meeting. But how do people (or applications or devices) know when and how to communicate with you if they identify you by one of the addressing schemes used by these different communication services? In such a case, it would be better to have a persistent, unique identifier, and then use a current email address, phone number, and IM screen name as attributes of that identifier. Thus, a simple change in a preference setting could effectively route incoming communications to the appropriate service, or tell people who want to communicate with you how best to do so at a given time. Also, if your e-mail address or phone number changes, the persistence of the underlying identifier makes maintaining consistency through such changes much easier... In the telecommunications space, for example, major mobile carriers could, in theory, adopt XDI/XRI as a means of managing presence and communication preference information per my earlier example. Likewise, the Trusted Computing Group could, in theory, use XRI/XDI as a basis for their specifications. AMD is involved in the creation of the spec, which is somewhat encouraging. But neither Microsoft nor IBM, two major players in the trusted computing arena, have even hinted that they will adopt the specification in their trusted computing work'..." See the news story "OASIS Members Form XRI Data Interchange (XDI) Technical Committee."

[February 03, 2004] "Coordinating Web Services Activities with WS-Coordination, WS-AtomicTransaction, and WS-BusinessActivity." By Luis Felipe Cabrera, George Copeland, Jim Johnson, and David Langworthy (Microsoft Corporation). Microsoft White Paper. With contributions from Omri Gazitt, Johannes Klein, Rodney Limprecht, Matt Powell, Rebecca Dias, and Brad Lovering. January 28, 2004. 22 pages. This document is intended to show "how the new WS-BusinessActivity Framework specification relates to the WS-AtomicTransaction and WS-Coordination specifications. The Web Service architecture provides a set of modular protocol building blocks that can be composed in varying ways to create protocols specific to particular applications. The protocols present in WS-Coordination, WS-AtomicTransaction, and WS-BusinessActivity are mechanisms to create activities, join into them, and reach common agreement on the outcome of joint operations. These specifications provide a basis on which to build interoperable, distributed applications that desire to coordinate joint work. The operations of Web service activities that are common to explicit coordination are defined in the WS-Coordination specification. The WS-AtomicTransaction and WS-BusinessActivity specifications each define a type of agreement coordination that addresses the needs of complementary classes of activities. Both of them leverage WS-Coordination and jointly provide agreement coordination infrastructure for tightly and loosely coupled activities, whether short- or long-lived. In particular, activities that require the traditional atomic, consistent, isolated, and durable (ACID) properties of transactions are natural users of WS-AtomicTransaction. Those activities that require tentative operations that are visible to third parties before the final outcome of an activity are natural users of WS-BusinessActivity. As Web services may belong to different enterprises, there is need to support arm's-length relationships. Each pair-wise relationship between services should be defined to include everything needed for the two parties to interoperate and reach an agreed outcome, but nothing else. These specifications achieve this goal by assuming: (1) Asynchronous operation among participants; (2) Explicit registration in activities with pre-defined behaviors; (3) All communication between participants is based on a collection of mandatory messages and mandatory message exchange patterns for coordination operations; (4) Composition with other WS-* specifications so that additional functionality, such as reliable messaging and end-to-end secure message exchanges, can be achieved. The coordination specifications describe on-the-wire protocols, including XML schema, WSDL, state transition diagrams, and state tables. This paper supplements these specifications with our perspective on why these mechanisms are what they are, what to use them for, and when it is appropriate to use them..." See details in "WS-BusinessActivity Specification Completes the Web Services Transaction Framework."

[February 03, 2004] "Microsoft Balances Patents, Standards." By David Becker. In CNET News.com (February 3, 2004). ['In the past month, Microsoft has applied for patents in Europe and elsewhere to cover how XML-based documents are created in the company's dominant Word software. The applications are indicative of a struggle faced by Microsoft and other companies: They want to profit from their research and innovations, yet standards-based technology has to be freely available on some level to encourage broad adoption and ensure interoperability.'] "To patent or not to patent, that is the question for Microsoft. The software giant has been a prolific intellectual property mill over the past two decades, securing more than 3,000 U.S. patents. But as Microsoft and other large companies actively embrace open standards as a way to expand the market for Web services and other technology, they walk a fine line between promoting the adoption of standards and protecting valuable proprietary software... Analysts and rivals claim the company is attempting to use patented technology to lock out competitors. Microsoft contends it is simply protecting its intellectual property... The balancing act is particularly tricky as Microsoft embarks on a new mission to generate more revenue from its intellectual property. The company last year hired Marshall Phelps, the lawyer who made intellectual property licensing a major revenue source for IBM, and recently began licensing several commonly used technologies as part of a broad campaign to boost its intellectual-property-licensing business... One of the toughest issues is deciding what level of innovation is worthy of protection. The XML standard itself obviously isn't patentable, but what about a minor and somewhat obvious way of manipulating data based on the standard? What about a fairly radical idea, such as embedding a different customized user interface within every XML document? [...] David Kaefer, director of business development for Microsoft, said royalty-free licensing made sense for Office XML schemas, but that approach may not apply to other XML-based innovations. "With the XML schemas, we saw a lot of partner and customer requests to make those schemas available," he said. "By making those available, there's a real benefit to encouraging the market to standardize and adopt XML. It's hard to say what beyond that we will do...It comes down to what offers the best benefits for customers and partners." Kaefer added that free and for-profit intellectual property licensing can serve the goals of interoperability and open standards..." See: (1) "Microsoft Files for Patents Related to XML Parsing and Word Processing"; (2) "Patents and Open Standards."

[January 31, 2004] "No Free Lunch: Microsoft Fumbles the Patent Ball." By Steve Gillmor. In eWEEK (January 30, 2004). "Microsoft has coupled royalty-free licensing with its Office XML schema patent filings, but the move may turn out to be very expensive indeed. Microsoft's decision to drop the other shoe on Office 2003's XML schemas may come back to haunt it. News reports of patent filings with New Zealand and the European Union triggered fears that third-party vendors would be prevented from accessing Office documents without licensing the new formats... It's no coincidence that Microsoft announced the 'opening' of the Office Schema licenses at a time when the software giant is under pressure to settle the six-year antitrust probe by the European Union. And just as with its DRM licensing, just because it's free now doesn't mean it will continue to be down the road once market share reaches a dominant position. But getting to 90 percent share or greater -- as Microsoft did with Windows, Office and Internet Explorer -- will not be as easy this time. Oddly, Redmond seems blinded to the reality of the new Web operating system, where technologies such as RSS are pushing the marketplace toward small XML fragments called micro-content and away from bulky Word documents. Part of the problem is of Microsoft's own making. The company's reluctance to cannibalize the Office file formats has slowed down Outlook's move to an XML underpinning. For years now, Outlook's XML object model has trailed other Office apps. Luckily for Redmond, office suite competitors such as Lotus and Novell imploded at the same time. Even now, Sun's OpenOffice has cloned the Microsoft hairball rather than producing micro-content objects that could be stitched together to create the same kind of rich compound documents... In a micro-content world, business documents are broken down into their constituent elements: notification, transaction, context, priority and lifetime. IM traffic, Weblog posts, breaking news, appointments, alerts and good old e-mail comprise a dominant percentage of micro-content traffic. Managing the real-time flow of information becomes Job One, followed closely by archiving and publishing snapshots of the data as 'documents'... To be sure, Microsoft can take comfort in its strategy of waiting for the competition to do the R&D and then swooping in when the market is primed. Micro-content authoring tools are in their infancy, held back by the lack of resources in mom-and-pop RSS aggregator shops. But the patent filings are giving companies such as Apple and Sun time to seed their platforms with common services that can be bootstrapped by small ISVs..." See the news story: "Microsoft Files for Patents Related to XML Parsing and Word Processing."

[January 31, 2004] "Microsoft on Patenting XML Formats." By Dan Gillmor. From SiliconValley.com (January 27, 2004). "I recently asked whether Microsoft's moves to patent the XML formats it's using in new versions of Office were, once again, a customer lock-in ploy. Here's a (slightely edited) reply from Mark Martin, who's employed by the Microsoft's PR company: [...] 'While the XML standard itself is royalty free, nothing precludes a company from seeking patent protection for a specific software implementation that incorporates elements of XML. This is an industry-standard means of differentiation followed by other major companies. This does not, in any way, change the royalty-free nature of the XML standard itself. The presence of this patent application in New Zealand does nothing to change the commitment Microsoft made this past November when it announced the available of a royalty-free licensing program for our Office 2003 XML Reference Schemas...' Dan Gillmor: "I don't think anyone is alleging that Microsoft is trying to block XML development. The worries are that Microsoft is trying to enforce rights that would block some people from freely using this supposedly open technology. There's a difference. It also sounds to me like Microsoft wants it both ways, but maybe these patents truly are defensive and nothing else. We'll find out soon enough, I suspect, when OpenOffice developers and others from the open-source community try to use the Microsoft XML schemas in a serious way. Of course, as I noted before, Microsoft could demonstrate good intentions, not just state them, by putting the schemas into a Creative Commons conservancy. No hint of that, however..." See: (1) "Creative Commons Project"; (2) "Microsoft Files for Patents Related to XML Parsing and Word Processing."

[January 31, 2004] "The SPIRITS (Services in PSTN requesting Internet services) Protocol." Edited by Vijay K. Gurbani. Contributors: Alec Brusilovsky, Igor Faynberg, Jorge Gato, Musa Unmehopa, and Kumar Vemuri. IETF Internet Draft. Reference: 'draft-ietf-spirits-protocol-07.txt'. Category: IETF Standards Track. January 2004, expires July 2004. 43 pages. Section 9 provides the XML schema definition. ['The IESG has received a request from the Service in the PSTN/IN Requesting Internet Service WG to consider this document as a Proposed Standard. The IESG plans to make a decision in the next few weeks, and solicits final comments on this action by 2004-02-12.'] "SPIRITS (Services in the PSTN Requesting InTernet Services) is an IETF architecture and associated protocol that enables call processing elements in the telephone network to make service requests that are then processed on Internet hosted servers. The term Public Switched Telephone Network (PSTN) is used here to include all manner of access; i.e., wireline circuit-switched network as well as the wireless circuit-switched network. This document defines a base XML schema for subscriptions to events. The list of events that can be subscribed to is defined in the SPIRITS protocol requirements document and this document provides an XML schema for it. All SPIRITS subscribers (any SPIRITS entity capable of issuing a SUBSCRIBE, REGISTER, or INVITE request) must support this schema. All SPIRITS notifiers (any SPIRITS entity capable of receiving and processing a SUBSCRIBE, REGISTER, or INVITE request) must support this schema... The document also defines a base XML schema for notifications of events. All SPIRITS notifiers must generate XML documents that correspond to the base notification schema. All SPIRITS subscribers must support XML documents that correspond to this schema. The amount of information that can be available in a notification depends on the information elements available to the PSTN entity generating the notification for the event subscribed to. It is entirely conceivable that some PSTN entities may have richer information elements, while others simply support the most primitive information elements. Thus, the SPIRITS protocol includes provisions for extending the notification schema... The namespace URI for elements defined in this document is a Uniform Resource Name (URN), using the namespace identifier 'ietf' - urn:ietf:params:xml:ns:spirits. SPIRITS XML documents may have a default namespace, or they may be associated with a namespace prefix following the convention established in XML namespaces. Regardless, the elements and attributes of SPIRITS XML documents must conform to the SPIRITS XML schema..."

[January 31, 2004] "What's New in Tomcat 5." By Jason Brittain (Friendster Inc). From O'Reilly ONJava.com (January 28, 2004). "The Apache Tomcat developers have released their latest version of the popular open source Java servlet and JSP container, version 5.0.16, as the first stable release of Tomcat 5. In this article, we'll take a look at the latest features in Tomcat 5. The release of Tomcat 5 corresponds with the final release of the Servlet 2.4 and JSP 2.0 specifications. The Servlet 2.4 Specification is only a slight evolution of the Servlet 2.3 Specification, so the API and semantics are almost completely backwards-compatible. With very few exceptions, Servlet 2.3 web applications should work fine in a Servlet 2.4 container. This is great news for those currently using Tomcat 4 who wish to upgrade to Tomcat 5 -- you probably don't need to modify your web applications... The deepest impact that the Servlet 2.4 specification has on Tomcat 5 is the integration of XML Schema. In previous versions of the servlet specification, the deployment descriptors for servlet web applications were defined and validated using an XML DTD. This worked fine, but as it turned out, DTDs aren't quite modular or flexible enough for other technologies to be able to leverage servlet web apps as a framework. To achieve this level of flexibility and modularity, those involved in revising the Servlet 2.4 Specification and other J2EE 1.4 specifications decided to base the deployment descriptor definition and validation on the newer XML Schema, while maintaining backwards-compatibility with the older servlet 2.3 (and lower) DTDs. The JavaServer Pages 2.0 Specification is a new version of JSP, and quite a bit larger due to its many new features, but aims to be backward-compatible with JSP 1.2. The most important addition to JSP 2.0 is the inclusion of the JavaServer Pages Expression Language (EL). Since EL is now part of the JSP container, EL became more useful because it can be used even in the middle of template text as opposed to just within certain custom tags. For Tomcat developers, the main thing to keep in mind with this new addition is that EL is now also part of Tomcat 5, which makes version 5 more featureful and easier to use than Tomcat 4 for developing detailed web applications. Also included in JSP 2.0 are improvements to the handling of XML content, which allow developers to write their dynamic XML content as JSP content... Tomcat 5.0 contains many substantial updates and improvements over Tomcat 4.1. Many of the underlying technologies that Tomcat builds upon have been updated, enabling Tomcat 5 to offer a wider range of solutions and features to the administrator and developer. This, combined with many performance enhancements and a smaller memory footprint during heavy loads means that Tomcat 5 does a better job with the same web apps than does Tomcat 4. Tomcat 5 is also more manageable, more easily monitored, and is easier to build. Tomcat 5.0 is production-ready now. The Tomcat community tested many releases of Tomcat 5 before it was voted stable late last year..." See also Tomcat: The Definitive Guide, by Jason Brittain and Ian F. Darwin (O'Reilly).

[January 31, 2004] "DCML Brings Clarity to Data Center Chaos. By Capturing Properties and Relations, DCML Bids to Break the Management Barrier." By Doug Allen. From Network Magazine (January 05, 2004). "For just about any IT manager, the data center is chaos: a sea of multivendor servers, arrays, cabling, and so on-all of which must play nicely together amidst a torrent of ever-shifting user demands, new software and capacity upgrades, and dynamic user policies. The thought of capturing this complexity, whether to improve management capabilities or to replicate the design for sister distributed data centers, is truly frightening... A [proposed] DCML standard is in the works that will use Extensible Markup Language (XML) to describe any data center environment. Much like an architect's blueprint, the resulting template will document both the necessary network elements (servers, software infrastructure and applications, network and storage components, plus various OS platforms) and their interdependencies -- that is, the way each element or subelement works with and affects every other element in the data center. In short, this means an open, cross-platform dynamic database of configurations, user policies, and real-time management and monitoring data. A DCML template replaces or complements previous approaches to describing the data center, such as manual documentation, ad hoc or platform-specific standards, and configuration imaging... A DCML file contains nine profiles: server configurations (hardware specifications, I/O settings, OS loads, and patch levels), software configurations (installed packages or images, installation sequences and patch levels, and so on), applications (descriptions of complete n-tier business applications across disparate servers or code), environmental lifecycle (classifying servers and code into groups such as development, build, test, staging/stress testing, and production and/or disaster recovery), networking (firmware versions, protocols, and configurations for switches, routers, bridges, access devices, and so on), security (firmware versions, flash configurations, and administrative and configuration settings for firewalls, IDS/IPSs, anti-virus solutions, and so on), storage (disk space allocation and configuration for storage arrays, NAS, and SANs), the data center itself (complete hierarchical combinations of all elements), and environmentals (enterprise requirements of the center itself, including power, cooling, floor space, and physical configurations)... It's important to note that the DCML Organization hasn't been able to enlist Microsoft, which will likely push its own Systems Definition Model (SDM). HP, IBM, and Sun Microsystems are also no-shows so far. DCML may have a fight on its hands, or else must position itself as complementary to the big boys. In any case, the organization plans to develop the specification and then merge with a larger standards group, such as OASIS, the IETF, or the DMTF. Formal ratification is expected by the end of 2004..." See the news story "Opsware and EDS Launch Data Center Markup Language (DCML) for Utility Computing."

[January 31, 2004] "Tech Giants Lock Down Wireless Content." By Ben Charny, Richard Shim, and John Borland. In CNET News.com (January 30, 2004). ['A group of technology heavyweights is expected to announce new technology for securing music and video on wireless devices. Bottom line: Development of a wireless content security specification could help spur new mobile media services -- and pose a fresh challenge to Microsoft and others developing similar technology.'] Formerly known as "Project Hudson," the DRM effort "will kick off publicly Monday [2004-02-02], with the announcement of new digital rights management (DRM) specification from industry group the Open Mobile Alliance (OMA), as well as the formation of a new licensing body led by Intel, Nokia, Panasonic and Samsung that will promote the technology, according to sources. Toshiba was originally a member of the licensing group but has since backed out. The licensing entity will be known as the Content Management License Administrator (CMLA) and will promote an implementation of the latest version of OMA's digital rights management standard... CMLA aims to ease piracy concerns among movie studios and record labels over a growing number of devices, including cell phones, capable of connecting to wireless networks. According to one source familiar with the plan, the DRM scheme will be built into mobile handsets, allowing encrypted files to be streamed onto compliant devices. Known as OMA DRM 2.0 Enabler Release, the specification could also potentially support devices connected in wireless networks based on the 802.11 standards, or Wi-Fi. Despite being a relative newcomer in the crowded DRM space, the CMLA plan has already won some early support from major content owners... Software makers hope to cash in on the media industry's demand for DRM by supplying security standards that could ultimately give them a slice of the profits every time a song or movie is bought or played online. They also stand to reap substantial fees from hardware companies that would be required to license their technology in order to legally play back most copyrighted music and videos. A wave of competing and incompatible DRM products has hit the market from Microsoft, Apple Computer, Sony, IBM, RealNetworks and others, creating interoperability headaches for consumers. For example, Apple's best-selling iPod digital-music player supports only the company's own flavor of DRM, which is used on songs purchased from its iTunes Music Store. DRM-protected songs purchased from other music download stores can't be played back on the iPod, nor will iTunes songs play on any MP3 player other than the iPod. Nokia, Motorola, Sony Ericsson Mobile Communications and Siemens make a total of 46 handsets that use an early version of OMA's DRM, while Ericsson and Openwave Systems make servers that use the technology, according to OMA's Web site..." General references in: (1) "Open Mobile Alliance: Digital Rights Management" [December 2003]; (2) "Proposed Open Mobile Alliance (OMA) Rights Expression Language Based Upon ODRL"; (3) "XML and Digital Rights Management (DRM)."

[January 30, 2004] "XML Security: The XML Key Management Specification. XKMS Helps Make Security Manageable." By Manish Verma (Second Foundation). From IBM developerWorks (January 27, 2004). "With an ever-increasing number of people and businesses relying on the Internet to exchange confidential and sensitive information, security has become a hot issue. Two security-related topics have gained significant importance: Ease of management: Making the security infrastructure's usage and integration with applications easy so that its adoption becomes widespread. Portable trust: After a trust relationship has been established with an entity, having a standard mechanism to transfer that trust to another cooperating entity. Single SignOn is a typical example of portable trust. After a user has been authenticated with a particular Web site, a standard mechanism passes that information to other cooperating sites that require the user's authentication information. This allows those sites to transparently share information about an entity without the need to request the same information from the entity again and again. For single sign-on to work, the entities must recognize each other's credentials. The XML Key Management Specification (XKMS) allows for easy management of the security infrastructure, while the Security Assertion Markup Language (SAML) makes trust portable. SAML provides a mechanism for transferring assertions about authentication of entities between various cooperating entities without forcing them to lose ownership of the information. This article discusses the role that XKMS plays in managing the security infrastructure, and provides a step-by-step guide to using XKMS... Often, good technologies fall by the wayside because they are cumbersome to use; in such cases, only a small devoted set of developers continue using the technology without it ever being adopted by average IT departments. PKI has been around for many years, but has not yet made it into typical IT departments. Now, XKMS provides an easy mechanism for using and integrating PKI with applications. In this article, I have explained the objectives of having an XKMS abstraction layer on various PKI solutions, and demonstrated how easy it is to use the XKMS service for registering and locating your key. In my next article, I will focus on explaining how to make this trust portable using SAML..." See general references in: (1) "XML Key Management Specification (XKMS)"; (2) "Security Assertion Markup Language (SAML)."

[January 30, 2004] "Systinet Broadens XML Schema for Verticals." By Rich Seeley. In Application Development Trends (January 26, 2004). "As XML Schema definitions proliferate in e-business Web services applications, developers face the almost overwhelming task of finding ways to process them, according to Peter Lacey, director of field engineering at Systinet Corp., Cambridge, Mass. Some definitions, such as Parlay X in the telecommunications industry, don't even fully adhere to the XML Schema standard, Lacey said, but developers and tools and platform vendors still need to support it. Seeking to provide broad support for emerging vertical industry standards such as Parlay X for telcos and the Financial products Markup Language (FpML) for banks, Systinet has released an enhanced version of its WASP Server for Java. WASP Server for Java 4.7 supports not only vertical industry XML Schema definitions, but can be customized as individual companies create company specific standards, Lacey said. He pointed to a banking customer of Systinet as an example. 'The bank in this case uses FpML' he said. 'But then they extended it to encompass the needs that are particular to them that are not generic to the entire financial products industry'..." From the WASP Version 4.7 announcement: "Systinet, the leading independent Web services software company, today announced the availability of Systinet WASP Server for Java, 4.7, the award-winning Web services infrastructure platform that provides a complete solution for developing and deploying enterprise Web services applications. WASP Server for Java, 4.7 makes it possible, for the first time, to deploy Web services in critical business projects that demand proven reliability and security and that require seamless integration at both the application and data levels. WASP Server for Java, 4.7 provides unique functionality for data integration with the industry's broadest support for XML Schema definitions, including FpML, OFX, ACORD, Parlay and HL7. For developers, this means they can deploy Web services applications and can confidently rely on WASP to validate XML data formats and values according to the rules encapsulated in the XML Schema. This makes the developer more productive and eliminates errors and inconsistencies..." See also: (1) the WASP Version 4.7 Overview; (2) company announcement 2004-01-29: "Systinet Closes Highly Successful 2003 with Strong Momentum and Growth. Leading Independent Web Services Software Provider Grows its Revenue 5X in 2003, Signs Over 70 Customer Deals and is Poised for Continued Growth in 2004." (3) general references in "Financial Products Markup Language (FpML)."

[January 30, 2004] "Microsoft Scraps IE Changes in Eolas Patent Dispute." By Matt Hicks. In eWEEK (January 05, 2004). "Microsoft Corp. gave Web developers a reprieve on Thursday, announcing that it had scrapped its plans to modify Internet Explorer this year in response to a patent infringement verdict against it. Microsoft in October said it would change the way the Web browser and Windows XP handle Web pages that use its ActiveX Controls, its version of an applet. The modified version of IE was expected to be out early this year to overcome the patent dispute at the heart of the $521 million verdict that Eolas Technologies Inc. won in August against Microsoft. Despite holding off on the browser modifications for now, Microsoft's decision is temporary. Whether it moves forward with IE changes in the future largely depends on the outcome of its appeal and on the results of a U.S. Patent and Trademark Office reexamination of Eolas' patent..." See also the Microsoft announcement and the W3C Summary in "Summary of 23 January 2004 HTML PAG teleconference." Background in: (1) "US Federal Trade Commission Report Calls for Patent Law and Policy Reform"; (2) "W3C Presents Prior Art Filing to USPTO and Urges Removal of Eolas Patent"; (3) "Patents and Open Standards."

[January 30, 2004] "Sun Urges Eclipse to Unify Java World." By Martin LaMonica. In CNET News.com (January 30, 2004). "Java steward Sun Microsystems has sent a letter to members of Eclipse, urging the increasingly influential open-source project to unify rather than fragment the Java-based development tool market. Sun sent the letter Thursday afternoon, only a few days before Eclipse is set to break from founder IBM as an independent open-source project. Sun also reiterated its previous decision not to join Eclipse because that would mean abandoning its NetBeans open-source Java tools initiative, which forms the basis for Sun's commercial products. Eclipse maintains a Java development tool platform -- also known as Eclipse -- that allows developers to mix and match different types of tools in a single programming application. NetBeans serves largely the same function, but has not garnered as much industry support as Eclipse. Before such software became prevalent, it was difficult, if not impossible, for many Java tools to work together... On Thursday, Sun warned that despite the change of status, a number of issues could still concentrate power in IBM's hands or serve to advance the business interests of some companies, rather than the Java industry -- Sun included -- as a whole. IBM is heavily invested in Eclipse software, which it's using across its entire software product line. Although staunch rivals, Java software companies such as IBM, Sun and Oracle have also cooperated to ensure that Java software and tools can work together. The ability to share Java products and applications from different companies, which run on different operating systems, is an important selling point against Microsoft's Windows-centric software. In particular, Sun warned that the new bylaws of Eclipse give the position of executive director, now held by an IBM employee, an "unusual amount of power" to dictate the work of the open-source group. Sun also questioned whether IBM employees will continue to make up the majority of project staffers. Finally, Sun urged Eclipse to explore and accept intellectual property from outside the membership of the open source group..." See also Eclipse.Org: "Eclipse is an open platform for tool integration built by an open community of tool providers. Operating under a open source paradigm, with a common public license that provides royalty free source code and world wide redistribution rights, the eclipse platform provides tool developers with ultimate flexibility and control over their software technology... In the Eclipse Platform, code access and use is controlled through the Common Public License, which allows individuals to create derivative works with worldwide re-distribution rights that are royalty free..." See also "Industry Reacts to Sun Eclipse Letter," by Darryl K. Taft.

[January 30, 2004] "Tip: Use Language-Specific Tools for XML Processing. Alternatives to SAX and DOM." By Uche Ogbuji (Principal Consultant, Fourthought, Inc). From IBM developerWorks.January 30, 2004. "DOM and SAX are the two best known systems for XML processing, but they are really compromises across programming languages. As such, they do not take advantage of any language's particular strengths. Often it is better to duck conventional wisdom and use special APIs that take advantage of particular strengths. SAX and DOM are the ruling pair of XML processing APIs. The choice developers generally know best are between the standard model of SAX (push events from the parser to a detached handler) and DOM (parse the document into a tree of readily-accessible objects). SAX generally offers better performance on sizeable documents and DOM generally offers more straightforward code. SAX was designed for the Java language, although bindings to other languages have been developed. In these other languages, however, the Java heritage of SAX generally shows through and many of the strengths of the language being used are forfeit. DOM was designed to be as language-neutral as possible, specified in ISO Interface Definition Language (IDL); standard bindings exist for the Java language and ECMAScript (JavaScript), but these still reflect the language-neutral constructs of the IDL, and all the language bindings, official or unofficial, again forfeit some strengths of the host language. To better take advantage of core language strengths, various developers have developed XML processing APIs that are native to particular languages. Almost all well-known languages have one or more toolkits offering such an API. For some time, the conventional wisdom has been that it's best to stick to SAX and DOM for maximum portability, but experience has convinced me that this is more often than not an overstated consideration. For one thing, because the language bindings for SAX and DOM have some deviations, code is rarely truly portable across languages; the work needed to adapt the code from one language to another is still considerable... So regardless of which language you prefer, you have many options for processing XML. Don't be afraid to put aside conventional wisdom and look for options besides the ruling pair..."

[January 28, 2004] "Managing Data Centers Through XML." By Patrick Thibodeau and Tim Howes. In Computerworld Australia (January 28, 2004). "Last year, some 40 management tool vendors formed the DCML Organization, a consortium committed to developing an open standard to facilitate interoperability and better integration between tools. Vendors say the the evolving Data Center Markup Language will be critical to the development of utility computing and simplify life for data center managers. The first release of DCML is scheduled this quarter, with products adapted to the specification expected by midyear. One of the leaders of the effort is Tim Howes, chief technology officer at Opsware Inc., a data center software automation vendor in Sunnyvale, Calif. He discussed the motivations for developing DCML and its technical challenges and potential user benefits with reporter Patrick Thibodeau." [Howes:] "There's a need to have all these management products communicate with one another, and that's what DCML is about -- providing a common data format for exchanging information about the environment being managed between all of these different management systems... When you provision a new machine, you want to make sure that machine is monitored, so you need to communicate to your monitoring system that there's a new machine to be monitored. Today that happens, if you are lucky, by somebody leaving a Post-it note on the monitor of the guy who runs the monitoring system. But DCML allows that to happen in a more automated fashion. Similarly, that happens with security systems, backup systems -- there are all kinds of different systems. DCML provides the vocabulary, the language if you will, for those systems to communicate with each other... We're trying to create a standard data format that can be used to exchange information between automation and utility computing systems and traditional management systems. The use cases that we have in mind are: making sure provisioning systems can communicate with the systems that manage the machines that they provision; making sure those systems can communicate with the asset-tracking, inventory and billing systems that are responsible for keeping track of what's going on in the environment; and translating that into billing for customers or cost accounting for internal purposes. We want all these things to be able to communicate with one another..." See the news story "Opsware and EDS Launch Data Center Markup Language (DCML) for Utility Computing."

[January 27, 2004] "Web Services Security Spec Moves Toward Approval. OASIS Braces for Membership Vote." By Paul Krill. In InfoWorld (January 27, 2004). "WS-Security, a widely supported proposal for securing Web services, could become an official OASIS standard by March. OASIS in mid-February anticipates a full-membership vote on the WS-Security specification, which is intended to provide critical security for Web services. If approved during a 30-day voting period, WS-Security becomes an OASIS standard. The OASIS Web Services Security Technical Committee earlier this month approved a set of documents pertaining to the specification, which is officially referred to as Web Services Security: SOAP Message Security 1.0. The specification, which was subjected to a public review as well, describes enhancements to SOAP messaging to provide for message integrity and confidentiality, according to OASIS. Related documents also approved included Username Token Profile, for using WS-Security for user names and passwords, and X.509 Certificate Token Profile, for using WS-Security to sign and encrypt messages via X.509 digital certificates, said Kelvin Lawrence, co-chairman of the OASIS committee and an IBM Distinguished Engineer. Also approved were documents pertaining to XML Schema and XML extensions pertinent to WS-Security..." See details in the news story "OASIS Web Services Security TC (WSS) Approves Committee Draft Specifications."

[January 27, 2004] "XML in Yukon: New Version Showcases Native XML Type and Advanced Data Handling." By Bob Beauchemin. In Microsoft MSDN Magazine (February 2004). "The next version of Microsoft SQL Server, code-named 'Yukon,' takes the groundbreaking XML support that was introduced in SQL Server 2000 and enhances it to include even more innovative functionality and ease of use. Yukon adds native XML data storage to the database management system (DBMS) through a new native XML data type. The introduction of this native XML data type, coupled with the emerging industry standard XQuery language, should spark a revolution in database application development. Support for the native XML data type is extensive. It includes XML Schema-based validation and additional XML-based constraints, special XML Infoset-based indexes, and queries over XML content objects using XQuery. In addition to this radical new functionality, the existing SQL Server 2000 XML functionality has been fine-tuned for better performance and ease of use. This article discusses Yukon's built-in ability to expose its data through Web services, and other XML features of Yukon... In Yukon, support is enhanced to include composition, decomposition, and distributed relational queries. It also includes native XML queries and native XML storage. The new XML data type differs from the conventional storage of an XML document in a text data type. The new data type is a first-class type; you can use it in most of the ways any other SQL Server data type can be used, including as a column in a table, a variable in T-SQL, a stored procedure or user-defined function parameter, or a user-defined function return value. The XML type is quite similar to the concept of a distinct type defined by SQL-99 (the latest version of the ANSI SQL standard) and to the character-based large object (CLOB) types varchar(max) and nvarchar(max). You must convert it to and from a varchar or nvarchar type, although the T-SQL INSERT statement will do automatic conversion from a varchar and nvarchar value used in a VALUES list to an XML data type column value. You cannot CAST or CONVERT the XML type to any type other than varchar or nvarchar. Two instances of an XML data type cannot be compared. Like a SQL-99 distinct type, the XML type has its own methods; these methods enable you to use an alternate query language, XQuery. The data in an XML type does not follow the relational data model, but it does follow the XQuery 1.0 and XPath 2.0 data model. The primary reason for having an XML data type is that when you define an XML data type column, the data in that column is stored in the database itself. The column is not a pointer to an XML document on the file system. This means that XML data is included in the backup and restore process, is subject to ordinary SQL Server security, and participates in transactions and logging. Having XML data inside a relational database may offend some relational purists, but it means that your data lives in a single repository for reasons having to do with administration, reliability, and control..."

[January 27, 2004] "Oracle to Add RFID Support to Warehouse Application." By John Pallatto. In eWEEK (January 05, 2004). "Oracle Corp. said it plans to release a new version of Oracle Warehouse Management in the summer season that will support radio frequency identification (RFID) and electronic product code (EPC) features. Oracle officials discussed the new Warehouse Management features at this week's Oracle AppsWorld conference here. The new Oracle Warehouse Management package will be based Oracle Database 10g and Oracle Application Server 10g to enable customers to automate the process of counting and tracking goods moving in and out of warehouses... The application server will include built-in RFID middleware to provide the connection-control and filtering features required to process RFID data. The warehouse management module will be able to produce and process RFID labels that are required for commodity tracking. The new version of Oracle Warehouse Management will provide compatibility with RFID tags along with the reading and printing devices produced by Alien Technology Corp., Internet Technologies Corp. and Zebra Technologies. The demand for RFID technology has been gaining momentum because major retailers, just as Wal-Mart Stores Inc. and the U.S. Department of Defense are requiring their highest volume suppliers to support RFID technology if they want to do business with them, said Jon Chorley, senior director of Oracle Inventory and Warehouse Management System. Read more here about RFID technology and both Wal-mart and DoD's requirements for it. The new version of Oracle Warehouse Management will support the RFID tagging of entire pallets of goods as well as individual cases. In addition, warehouse operators can track in-bound and outbound shipments, Chorley said. The automated tagging and reading process cuts the time it takes to track inventory, reduces costs and improves the accuracy of inventory reports, he said. The technology will also improve warehouse security because with RFID readers installed at the warehouse doors, the RFID application can watch for any outbound or even inbound shipments are authorized..." General references in "Radio Frequency Identification (RFID) Resources and Readings."

[January 27, 2004] "Inside XAML." By Ian Griffiths. From O'Reilly ONDotnet.com (January 05, 2004). "One of Longhorn's most interesting technologies for developers is