The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Last modified: May 04, 2004
XML Articles and Papers March 2004

XML General Articles and Papers: Surveys, Overviews, Presentations, Introductions, Announcements

Other collections with references to general and technical publications on XML:

March 2004

[Compilation in process]

  • [March 25, 2004] "Action Plan Developed for PKI Adoption." By Ryan B. Patrick. In ComputerWorld (March 25, 2004). "An e-business standards watchdog last month unveiled a comprehensive action plan aimed at kickstarting the adoption of Public Key Infrastructure (PKI) technology. The OASIS PKI Action Plan builds on the results of a series of surveys conducted by the OASIS PKI Technical Committee with IT staff who have deployed or attempted to deploy it. Security vendors have long touted PKI technology (which uses digital certificates to authenticate e-mail, individual and enterprise transactions) as the answer to most network computer problems. But it has been hampered by cumbersome imple-mentation, differing and incompatible standards along with issues of legacy system integration. PKI has evolved and so too should the industry's understanding of the technology and its ability to drive Web services and e-business, according to John Sabo of Computer Associates and co-chair of the OASIS PKI Technical Committee. PKI adoption is probably further along in Canada than in the U.S. In Canada, PKI has made some inroads, particularly in public sector and the financial services industry, said Steve Hanna of Sun Microsystems Inc. and committee co-chair. The PKI Action Plan addresses some of the primary obstacles to widespread PKI adoption; these adoption barriers include: poor or missing support in software applications, high costs, poor understanding of PKI among senior managers and end users, interoperability problems and lack of focus on business needs..." See: (1) the PKI Action Plan; (2) OASIS PKI TC web site.

  • [March 25, 2004] "DOD to Vendors: Join PKI System or Take a Hike." By Dawn S. Onley. In Government Computer News (March 22, 2004). "If vendors don't register by April 1, 2004 for encryption certificates to do business with the Defense Department, DOD intends to severely limit their ability to work on contracts. DOD plans to enforce a requirement that DOD contractors participate in the Interim External Certification Authority program. IECA requires DOD contractors to have one-year encrypted digital certificates to ensure the security of vendor communications with the department. Roughly 350,000 contractors that are doing business with the department need certificates, said Barry Leffew, vice president for the public-sector group of VeriSign Inc. The IECA program has been in place for about three years, but adoption picked up only recently because of the looming deadline. VeriSign is one of three that DOD has approved to provide the certificates. Defense Directive 8500 mandated the program and set the April 1 deadline. The directive requires the 'exchange of unclassified information with vendors and contractors' be conducted using public-key infrastructure certificates obtained from approved certificate authorities..." See general references in (1) "XML and Encryption"; (2) "XML Digital Signature (Signed XML - IETF/W3C)."

  • [March 25, 2004] "A Retreat From Process Quality." By Andrew Updegrove. In Consortium Standards Bulletin Volume III, Number 3 (March 2004). "Coteries of companies develop specifications and shop them to consortia; Microsoft wants the industry to adopt (and license) its Caller ID anti-spam specifications; open source projects are everywhere, and variously structured; and Bloggers are flaming each other over competing flavors of content syndication. Is this any way to develop standards? The pace of change in standard setting is continuing to accelerate, in response to the ever-quickening rate of technological evolution. As in any other real-world situation, this creates tension between expediency and quality. Over the past year, we have seen a number of developments that lead us to believe that the balance between expediency and quality may be tipping in the wrong direction. This article will examine a few of these examples, and suggest that the time has come to reexamine process in order to rebalance the equation. It's time for the standard setting world to begin using a bit more self discipline in how it goes about the business of setting standards..."

Earlier Articles February 2004

  • [February 26, 2004] "Whitepaper on Liberty Protocol and Identity Theft." Edited by William Duserick (Fidelity Investments). From the Liberty Alliance Project. February 20, 2004. 11 pages. Contributors: Paul Madsen (Entrust), Sandra Silk (Fidelity Investments), Luc Mathan (France Telecom), Margareta Bjorksten (Nokia), Niina Karhuluoma (Nokia), Shin Adachi (NTT), Eric Norlin (Ping Identity Corporation), Linda Elliott (Ping Identity Corporation), Karyn Murphy (RSA Security), Tanya Candia (Sigaba), Piper Cole (Sun Microsystems), Susan Landau (Sun Microsystems), and Stephen Deadman (Vodafone). "Identity theft, a modern crime of this modern age, has become a significant threat to the growth of electronic commerce. Cases of misuse of online accounts by imposters as well as creation of new accounts using stolen identity and attribute information are prevalent. The resulting press accounts have served to dampen citizen, corporate, and government enthusiasm for electronic interactions which are sensitive or have monetary value. Federated identity management provides the ability to leverage authentication and use personal or business information stored with one online entity to conduct business with another. The Liberty Alliance Project is developing standards for federated identity management which emphasize security and support the privacy of users in a networked world. This paper discusses how the Liberty Alliance Project addresses the current issue of identity theft through specifications, best practice documentation and implementation guidelines. Identity federation as specified by the Liberty Alliance Project is a controlled method by which partnering companies can provide more integrated and complete customer service to a qualified group of individuals within certain sets of business transactions. The mechanisms inherent in the concepts of identity federation, and the Liberty Alliance Project specifications in particular, should help protect the user from theft and abuse. There are several considerations which lead to this conclusion: (a) Superior security and privacy inherent in interactions; (b) No single point of failure, i.e., limited information in any one repository; (c) Permission-based access to attributes; (d) Upgrades to the specifications to deal with breach experience..." See: (1) the announcement, "Liberty Alliance White Paper Outlines Federated Identity's Ability to Reduce Identity Theft." (2) general references in "Liberty Alliance Specifications for Federated Network Identification and Authorization." [cache]

  • [February 26, 2004] "Getting Reacquainted with dbXML 2.0." By Tom Bradford. From (February 25, 2004). "The goal of the dbXML project has been to produce a high quality, small footprint XML database that just works. dbXML is a native XML database written in Java. Native XML databases (NXDs) are databases that store XML using an internalized format for faster overall processing and representational flexibility. NXDs also provide support for indexing XML for improved query performance. Because it utilizes Java's memory mapped I/O and overlapping socket I/O, dbXML requires Java 1.4 or higher... In version 2.0 dbXML supports basic journaling transactions under the hood. At present, all transactions are implicit unless you're accessing dbXML using the database's lowest level APIs. Explicit transaction APIs will be exposed via the client/server APIs in a future release... The database now has a pluggable security model. There are currently three security managers to choose from. (1) NoSecurityManager provides no security whatsoever and is used when authentication is not needed to access the database. (2) SimpleSecurityManager provides simple security, where a single user name and password is used for the entire database. The user name and password are defined in the database's system.xml configuration file. (3) DefaultSecurityManager is so named because it is the default security manager. It provides access control based on users and roles stored in the database's system collections. dbXML 1.0 leveraged CORBA to provide client/server communications. While CORBA made dbXML accessible to many platforms and languages, it also came with its share of headaches. For version 2.0, it was decided that CORBA would no longer be used. dbXML 2.0 utilizes a web services hub called Project Labrador to provide client/server communications. Currently, Labrador only supports REST and the XML-RPC protocol. As a result, dbXML only supports these modes of access. A future version of Labrador will support SOAP; when it does, dbXML will automatically inherit this capability. This project has evolved quite a bit since version 1.0 and is very likely to evolve considerably in the coming year. It is already a mature product, with some rather high profile users, and is in a very good position to become the dominant open source XML database, if not one of the more popular XML databases in general..." See references in "XML and Databases."

  • [February 26, 2004] "VoIP Gets SIMPLE for Avaya." By Christopher Saunders. In Instant Messaging Planet (February 23, 2004). "Communications networking giant Avaya on Monday became the latest major enterprise technology player to launch a business instant messaging solution, debuting the offering in connection with its new Voice Over IP suite. At the heart of the new VoIP offering is the Avaya Converged Communications Server, representing the Basking Ridge, N.J.-based company's foray into solutions based on Session Initiation Protocol (SIP), a leading standard in the Internet telephony industry. That technology also forms the basis for SIP for Instant Messaging and Presence Leveraging Extensions (SIMPLE), a protocol supported by several of the largest competitors in the enterprise IM space, such as IBM Lotus and Microsoft. Thanks to its new SIP/SIMPLE support, Avaya's converged communications solution now incorporates user availability awareness and controls — or 'presence,' in industry parlance — into its core VoIP offerings. A new edition of its IP telephony software, Avaya Communication Manager, integrates with Converged Communications Server to support the technology, as does the Avaya IP Softphone R5, an on-screen call manager client. As a result, users of the Softphone client can view colleagues' availability using a presence-enabled contact list, much like the Buddy Lists found in AOL Instant Messenger and similar programs. When integrated with the new Converged Communications Server, the Avaya IP Softphone shows friends' and colleagues' real-time statuses, such as 'Away,' 'On the Phone,' or 'Busy.' Users can then click their contacts to launch IM, voice, or conference calling sessions with others..." See: "IETF SIMPLE Specifications Support Presence-Based IM, Video, and Voice."

  • [February 26, 2004] "IETF Closes in on Linking Geographic Info, Presence." By Christopher Saunders. In Instant Messaging Planet (January 28, 2004). "Instant messaging brought 'presence' — the ability to tell when others are available for chat — to the desktop. Now, the concept could be on the cusp of another, quiet evolution: incorporating location information... Groupware, Web conferencing and telephony applications have also begun incorporating presence information, broadening its impact. Now, figures in the Internet communications community are working to take presence to the next level by creating a framework for merging users' location data into their presence information. That's long been viewed as a logical add-on to the basic availability data now available in most implementations of presence. But there are important considerations to take into account before simply merging the data. Access to users' geographic information needs to be subject to user control, much like presence is handled in most consumer instant messaging clients — which generally enable users to hide their availability status from certain classes of fellow users, such as unknown contacts. Otherwise, everyone on a network could have unrestricted knowledge of others' whereabouts without any form of authorization. Within the Internet Engineering Task Force, the Geographic Location/Privacy Working Group (also known as GEOPRIV) has taken up the task of walking the line between establishing a means of disseminating geographic data that is subject to the same sorts of privacy controls as presence is today. GEOPRIV is close to finalizing on a recommendation for just such a system. That draft recommendation, authored by Neustar's Jon Peterson and known officially as 'A Presence-based GEOPRIV Location Object Format,' is actually based on earlier work done in formulating the basic requirements for presence data: the Presence Information Data Format (PIDF)... The latest effort doesn't aim to hammer out a standard for geographic information itself. Rather, it's based on current geographic data standards, and focuses instead on encapsulating location information within presence data, and applying the same sorts of user preferences. Geography Markup Language (GML) is the expected location format over which the GEOPRIV draft's specifications will be applied. 'There is related work out there, tons of it in the GEOPRIV working group for providing more specific policy tools and language ... and OpenGIS (Geographic Information Systems) and the GML 3.0 spec seem adequate for expressing simple and extremely complex coordinate space,' Peterson said... Peterson, an early figure in Session Initiation Protocol (SIP) and SIP for Instant Messaging and Presence Leveraging Extensions (SIMPLE) has his own anticipated scenarios. For one thing, VOIP applications based on SIP could see a major boost with the introduction of location-based data, which would provide necessary infrastructure for 911 emergency calling...' See: (1) "Geography Markup Language (GML)"; (2) "Presence Information Data Format (PIDF)"; (3) "Six New Internet Drafts from the IETF Geographic Location/Privacy Working Group."

  • [February 26, 2004] "Grid Forum Backs Utility Computing Standards." By Paul Shread. From (February 25, 2004). "The Distributed Management Task Force's effort to draft standards for utility computing has received the backing of the Global Grid Forum (GGF), the Grid computing standards-setting body. 'This is an important activity and we are excited to see the DMTF bring this group together, while simultaneously tapping related efforts, such as GGF's Open Grid Services Architecture (OGSA) and several new GGF research groups focused on commercial enterprise Grid application use cases and requirements,' Charlie Catlett, senior fellow at Argonne National Laboratory and chair of GGF, said in a statement... 'We have been working very closely with both DMTF for the past year, and in the past six months, also with OASIS, because these things are converging,' Catlett said. 'The efforts are indeed complementary, and where we have found intersection of activities we have created high-bandwidth liaison activities. For instance, we have a Common Management Model working group within GGF that was created by some folks who also participate in DMTF, and one of the objectives is cross-fertilization between Grid/utility computing and the distributed systems management world.' Catlett said 'the best sign of convergence' is the WS-Resource Framework (WSRF) effort to recast several key components of GGF's Open Grid Services Infrastructure (OGSI) specification into a set of Web services specs. The work is a joint effort between Grid services proponents from the GGF community and Web services proponents, Catlett said. 'The path forward for this is that WSRF specifications are most likely to be standardized via OASIS, where most Web services work is happening these days,' Catlett said. The GGF OGSI working group will serve a liaison function, and Catlett said he expects the WSRF-related OASIS technical committees to hold meetings at the thrice-yearly Grid forums. 'These are only a few of the ways we are discussing to work together with OASIS and DMTF,' Catlett said. Catlett also said he is 'personally very intrigued by DCML,' the Data Center Markup Language effort, and is 'trying to figure out how it might fit into Grid projects that I am doing without my GGF hat on. I definitely think DCML is quite interesting, but I have not followed what they're doing. We had extended an offer to them to do the work within GGF, but we haven't followed up. Regardless of where the work is done, I am hoping that we can form a liaison activity with them to make sure there is good exchange of ideas with the Grid community'..." See: (1) the announcement "DMTF Announces New Working Group for Utility Computing. OASIS, GGF and Industry Leaders Join Forces with DMTF to Further Management Standards for Utility Computing."; (2) WSRF specs news item in "Web Services Notification and Web Services Resource Framework."

  • [February 26, 2004] "IBM's Sutor: SOA Is So Necessary." By Darryl K. Taft. In eWEEK (February 25, 2004). ['Bob Sutor, IBM's director of WebSphere infrastructure software, will be keynoting at this week's Edge 2004 conference on software development in Boston. Sutor, who will be speaking on the concept of service-oriented architecture, took time last week to explain IBM's SOA strategy to eWEEK Senior Writer Darryl K. Taft.'] Sutor: "In brief, an SOA is distributed computing where you identify the different units of work or units of activity as services. So a service is some piece of software that you can issue queries to, issue commands to in some way, basically tell it to do something, and it responds back to you. It's critical that there is a large degree of standardization in how you actually define these services. That is, we can't have one language for talking about this service and another language for talking about that service. The key is to try to make what is essentially an extremely heterogeneous implementation to look as homogeneous as possible — that is, your service or another service can be described in exactly the same terms and therefore processed by exactly the same tools. Given this notion that I can describe services, I can get those descriptions, I then need to connect to them. And I have certain requirements about that connectivity. So I have requirements about reliability, that is I know if I invoke a service I'd like to know that something actually happened. That it got the message and responded back to me. So it basically boils down to distributed computing with standards that tell us how to invoke different applications as services in a secure and reliable way and then how we can link the different services together using choreography to create business processes. And then finally so that we can manage these services so that ultimately we can manage and monitor our business performance..."

  • [February 25, 2004] "WS-I Releases Web Services Security Scenarios." By Elizabeth Montalbano. In CRN (February 25, 2004). "The Web Services Interoperability Organization (WS-I) Wednesday released a document aimed at helping solution providers and customers take the first steps toward implementing Web services-based security. [Hal] Lockhart said there are an infinite number of ways for companies to use standards such as WS-Security and SOAP Message Security 1.0 to secure Web services messages. The WS-I is providing only a sample of those ways in its work, and encourages commentary from the industry on other possible scenarios. 'This activity will form the basis for what we consider to be the basic security profile,' Lockhart said. 'We really want feedback from people about whether this is the right set of scenarios, the right set of choices to make. We hope people will look at this document and feed back to us their reactions in terms of whether we are working on the right problems.' The WS-I plans to release a draft of its Basic Security Profile, which will deal with how to use WS-Security and SOAP Message Security — among other standards — in Web services-based transactions, by the end of March, said Eve Maler, XML architect at Sun and another member of the Security Profile Working Group. The Basic Security Profile builds on the WS-I Basic Profile to propose how to provide security mechanisms around existing Web-services standards. The WS-I's Basic Profile 1.0, released in August, provides guidelines for using several established standards for building Web services — SOAP, WSDL, UDDI and XML Schema. In the future, the Security Profile Working Group will address how to utilize other security standards, such as security assertion markup language (SAML) and Kerberos, with Web services, Maler said..." See details in the news story "WS-I Releases Public Working Draft Document on Security Scenarios."

  • [February 24, 2004] "Microsoft Previews InfoPath Update. Update Inlcudes Fixes, New Features." By Joris Evers. In InfoWorld (February 23, 2004). "Microsoft Corp. is giving users a chance to test enhancements to its InfoPath XML forms manager. Microsoft plans to deliver those enhancements as part of Service Pack 1 (SP1) for its Office 2003 products in late June. Called InfoPath 2003 Service Pack 1 Preview, the update not only bundles software fixes, but also adds a host of new features. InfoPath is Microsoft's new XML forms manager. It joined the Office family last October part of the Office 2003 release. SP1 updates to InfoPath fall into four main areas: security, reliability, user experience and programming environment. On the security side, Microsoft has improved support for digital signatures, adding the ability to sign different parts of the form as well as cosigning, among other features. Perhaps the most important element to driving adoption of InfoPath are improvements and additions in the InfoPath programming environment. Developers using Microsoft's Visual Studio .Net can now create InfoPath applications using managed code. Previously InfoPath developers were limited to using scripting. Additionally, the update adds tools for working with ActiveX controls and complex XML schemas as well as layout controls for working with printed forms and promises easier integration into existing business process and workflows..." See: (1) the announcement, "Newest Enhancements to Microsoft Office InfoPath 2003 Now Available for Preview. Microsoft to Add Enhanced Programming Tools, Richer Page Layout Controls, and Improved Schema and Digital Signature Support to Its Popular Information-Gathering Program."; (2) "Microsoft Office 11 and InfoPath [XDocs]."

  • [February 24, 2004] "AVDL Integrates Application Security." By Jan Bialkowski and Kevin Heineman. In Network World (February 23, 2004). "Because traditional security tools such as firewalls, VPNs and intrusion-detection systems inadequately protect against application-layer attacks, security managers are turning to next-generation application security products such as vulnerability scanners, application security gateways and patch management systems. However, these best-of-breed stand-alone systems still require individual and separate user interactions, leaving the overall security management process too manual, time-consuming and error-prone. Application Vulnerability Description Language (AVDL) is a new security interoperability standard in development by OASIS. Proposed by leading application security vendors and users, AVDL creates a rich and effective set of consistent XML schema definitions to describe application security properties and vulnerabilities. Using AVDL, security tools and products from different vendors will be able to communicate to coordinate their security operations and automate security management. The basic concept embodied in the AVDL schema is an application-level transaction, called a probe, which describes HTTP exchanges between browsers and Web application servers. Defined mark-ups allow specification of the HTTP messages in full detail at various levels of abstraction (raw byte stream, or parsed to HTTP header constructs). Such probes might specify valid and expected request-response exchanges between browsers and servers, or might specify application vulnerability exploits. In the former case, traversal-step probes supply a host of information, including target URLs, links, cookies and other headers, as well as query or form parameters, their attributes and ranges of legitimate values. The traversal probes can be used to automate enforcement of safe usage policies. In the latter case, vulnerability probes further highlight questionable constructs and supply detailed specifications of vulnerabilities, including human-readable description and machine-readable assessment information such as vulnerability severity, applicability and its historical records. The vulnerability probes supply information necessary to configure protective 'deny' rules and information about hot fixes if any are available, workarounds and so forth that can be used to automate management of remediation processes. In a typical usage scenario, a security scanner maps out the application and detects its flaws and vulnerabilities. The scanner then sends its assessment in the form of a set of AVDL probes to other security devices. The recipients, such as patch management systems or security gateways, use the AVDL input to automatically generate configuration recommendations..." See the recent announcement.

  • [February 24, 2004] "Application Security Standard Edges Forward." By George V. Hulme. In InformationWeek (February 23, 2004). "An application security standard known as Application Vulnerability Description Language, which was proposed last year, is moving closer to reality. AVDL, which was submitted to the standards group OASIS, is based on XML and is designed to provide a standard way for application vulnerabilities to be defined and classified so all security applications from different vendors that companies use to secure their apps will understand the same language when it comes to security threats. For example, when a new software vulnerability surfaces, a company's vulnerability scanner could scan systems to spot the new flaw. The scanner then could send information to firewalls and patch-management systems, which those applications could then use to automatically adjust to better protect against any potential attacks, such as a worm or a hacker attack. At this week's RSA Security Conference in San Francisco, security vendors will demonstrate how the draft AVDL specifications have been implemented in their applications..." See: (1) the announcement, "Application Security Leaders Announce Support for AVDL OASIS Committee Draft. Cenzic, Citadel, Department of Energy CIAC, GuardedNet, NetContinuum, Qualys, SPI Dynamics, Teros and WhiteHat Among Growing Number of Organizations to Support AVDL."; (2) "OASIS Committee Draft for the Application Vulnerability Description Language (AVDL)"; (3) "Application Security Standards."

  • [February 24, 2004] "Ink Markup Language." W3C Working Draft 23-February-2004. By Gregory Russell (IBM), Yi-Min Chee (editor, IBM), Giovanni Seni, Larry Yaeger (Apple), Christopher Tremblay (Corel), Katrin Franke (Fraunhofer Gesellschaft), Sriganesh Madhvanath (HP), Max Froumentin (W3C). Produced by the W3C Multimodal Interaction WG as part of the W3C Multimodal Interaction Activity. Latest version URL: "The Ink Markup Language serves as the data format for representing ink entered with an electronic pen or stylus. The markup allows for the input and processing of handwriting, gestures, sketches, music and other notational languages in Web-based (and non Web-based) applications. It provides a common format for the exchange of ink data between components such as handwriting and gesture recognizers, signature verifiers, and other ink-aware modules. This second version of the Working Draft adds facilities for detailed recording of time information for the captured ink. The attribute for associating the format of trace data with the device used to capture it has also been defined. The draft introduces a new, generic mapping syntax which allows for MathML formulas, and the mechanism for referring to ink traces (for semantic labelling or other purposes) has also been simplified. Finally, each element has been given its own section, which includes a definition of its attributes and contents..." See the news story for the previous WD version, "W3C Releases Public Working Draft for the Ink Markup Language (InkML)."

  • [February 24, 2004] "IBM, Veritas Lead New Utility Computing Standard." By Clint Boulton. In (February 11, 2004). With followon article 2004-02-17. "A new standards body has been formed to create a method for ensuring the interoperability of utility computing environments using products from different companies... According to a Distributed Management Task Force document obtained by, the new Utility Computing Working Group is co-chaired by one representative from IBM and VERITAS Software and has a goal of unifying data center management, an integral part of on-demand computing. The work, which will be carried out with the help of standards bodies such as the World Wide Web Consortium (W3C) and OASIS, could be seen as IBM's and VERITAS' competitive answer to the Data Center Markup Language (DCML) launched by EDS, Computer Associates, and others last year... Analysts following the space noted that neither IBM nor HP, widely acknowledged as the two biggest on-demand computing players, were involved with DCML. Now, the latest interoperability group appears to be an answer to DCML, as well as another reminder that standards-creation often spurs rivals to line up on opposing sides in the process. 'It sure looks like IBM is pushing its agenda on autonomic computing,' said a source familiar with the utility computing space and the standards process. 'The big difference between this and DCML is that it has big guy sponsorship — is this how IBM expects to drive forward the Web Services Notification and Resource Framework standards that it introduced in January at Global Grid Forum? If so then HP will also be on board with this.' The source said the alignment of the grid standards with the Web services standards is vital to IBM's view of autonomic computing and 'it seems like the GGF can't do it on their own.' The DMTF, which created the Common Information Model (CIM) to describe how management programs will be able to control devices and applications from different vendors in the same way, did not respond to calls seeking comment as of press time..." Other details in the WG charter. See: (1) the 2004-02-17 announcement: "DMTF Announces New Working Group for Utility Computing. OASIS, GGF and Industry Leaders Join Forces with DMTF to Further Management Standards for Utility Computing." (2) "Opsware and EDS Launch Data Center Markup Language (DCML) for Utility Computing"; (3) "DMTF Common Information Model (CIM)."

  • [February 23, 2004] "Enterprise Instant Messengers Make the Grade." By Curtis Franklin Jr., Brian Chee, and Mike Heck. In InfoWorld (February 11, 2004). "Instant messaging is alive and well in the workplace. We tested four solutions in this roundup -- Lotus Instant Messaging and Web Conferencing 3.1, Microsoft Live Communications Server 2003, Novell GroupWise Messenger 1.0, and Jabber XCP (Extensible Communications Platform) 2.7 -- and found that enterprise IM solutions provide the security, manageability, and auditing capabilities that companies need. And they also include features, ranging from transaction logging to document collaboration, that will support business processes in the enterprise. All four of these products enhance security through full encryption of traffic streams, providing the ultimate protection for traffic that traverses public data links. Each integrates with directory services such as Active Directory, LDAP, and RADIUS, giving administrators the ability to control user population and privileges, and allowing users to share a central contact list across the organization... The solutions also allow administrators to create and manage a central archive of messages and conversations, providing the auditing capabilities necessary, for example, to ensure accountability or comply with Securities and Exchange Commission (SEC) requirements or Health Insurance Portability and Accountability Act (HIPPA) responsibilities. The IM products from IBM Lotus, Microsoft, and Novell also integrate with their respective collaboration platforms. If you've committed to a particular vendor's groupware, very likely you'll be best served by their enterprise IM solution. On the other hand, there are other options to consider depending on whether you want application sharing or whiteboarding with IM, and what flavor of directory services runs in your infrastructure. .." See also the news story on IETF SIMPLE WG IM and presence specifications.

  • [February 23, 2004] "Handling Privacy in WSDL 2.0." Edited by Hugo Haas (W3C). W3C Team Submission. 13-February-2004. ['This document discusses how to handly privacy in WSDL 2.0 and shows a possible solution using the P3P generic attribute and a WSDL 2.0 feature in order to express a Web service provider entity's privacy policy.'] "In the same way Web sites have privacy policies, Web services may raise privacy concerns, as shown in section 2 and 4 of J. Reagle, et al., "P3P: Beyond HTTP." Users of Web services may want to know how and for what purpose their personal data will be used before deciding to use a service. The Platform for Privacy Preferences Project (P3P) enables Web sites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents. P3P user agents will allow users to be informed of site practices (in both machine- and human-readable formats) and to automate decision-making based on these practices when appropriate. Thus users need not read the privacy policies at every site they visit. The Web Services Description Language (WSDL) 2.0 is an XML language for describing Web services. When used in combination with P3P, one can express the privacy policy of a Web service. This document proposes two ways to express and process privacy policies in WSDL 2.0. One way is to use the generic P3P attribute of the Platform for Privacy Preferences 1.1 (P3P1.1) Specification to extend a WSDL 2.0 description to attach provider entities' privacy policies. The other way is to use a WSDL 2.0 feature..." General references in "Platform for Privacy Preferences (P3P) Project."

  • [February 23, 2004] "Television Listings and XMLTV." By Kyle Downey. From (February 18, 2004). "With a mini PC with a TV capture card, a WiFi card, a monster hard drive, and a Linux package like MythTV, can not only do almost everything a TiVO can do, but can also serve up MP3 files, act as a Windows file server with Samba, run a web server, and more. One critical element of a DIY TiVO is TV listings. Without these all the fancy hardware in the world won't do much good. But there's an open source, Perl XML-based solution by Edward Avis called XMLTV that many of the TV-on-your-PC packages like Freevo and MythTV support. With support for screen-scraping data for many country's cable systems, XMLTV can take various sources and create a consistent stream of XML. Good software can be used as a building block to make other software, and by this measure XMLTV -- both the de facto standard and the software -- is very useful. Although dreams of combining computers with televisions have yet to pan out, now there are solid mechanisms that let you combine Internet data with live video, and insert your own software in between. The exciting element is not what has been done, but the convergence of interesting information, ease of access and processing with XML-based formats like XMLTV, with freely-available, powerful software..." General references in "XMLTV."

  • [February 23, 2004] "Microsoft Creates a Stir in Its Work With the U.N." By John Markoff and Jennifer L. Schenker. In New York Times (February 23, 2004). [With caption: 'Klaus-Dieter Naujok, who works with the United Nations, says it is difficult to avoid Microsoft's influence.'] "The chairman of the Microsoft Corporation, Bill Gates, won widespread applause in January when he trumpeted an agreement to give $1 billion in software and cash to the United Nations as part of a job-training program for the developing world. But Microsoft did not seek any attention for a much smaller amount that it contributed earlier to pay some travel expenses for a United Nations business standards group. That payment, critics say, had a much more opportunistic motive than the big donation. Several software industry executives and technologists contend that Microsoft has been moving behind the scenes to undercut support for a set of business-to-business electronic transaction standards jointly developed by the United Nations and an industry-sponsored international standards group. Microsoft and senior United Nations officials said that the accusation was false and that the company's contributions were relatively modest, complied with United Nations guidelines, and did not unduly influence decision making. Microsoft and I.B.M. have been trying to gain backing for a competing approach to writing Internet software, which the two companies argue would be a better, more general solution for business-to-business computer communications than the original United Nations-developed standard, known as 'electronic business using extensible markup language,' or ebXML in the trade. The previously hidden dispute may seem arcane, but it revolves around computing standards that are likely to help determine control over an emerging generation of Web services software that is designed to automate buying and selling through networks of computer connections. Many industry executives predict that the new software will ultimately supplant computer operating systems as the linchpin of the industry. This new fight is occurring as Microsoft, the world's largest software company, moves to the final stages of its legal dispute with antitrust regulators in Europe over its right to integrate features of its competitors' products into its Windows operating system. On another front, Microsoft is being challenged by an array of open-source programs -- starting with Linux but expanding to other arenas -- that are being developed by a loosely organized group of software programmers and distributed at little or no cost..." See general references in "Electronic Business XML Initiative (ebXML)."

  • [February 23, 2004] "Remember ebXML? Doing Business in Real Time." By David S. Linthicum. In XML Journal Volume 5, Issue 2 (February 2004). "While there are many standards that look like ebXML, ebXML is the first horizontal standard designed to address the exchange of information and adherence to inter-enterprise processes. However, in attempting to reach this lofty goal, ebXML is also a complex standard and takes some understanding before we can comprehend its value to the world of application integration and electronic business. In recent years, it's been clear that ebXML (as well as many other modern Internet standards) has to take on a coexistence strategy rather than a replacement strategy. This is because most enterprises are reluctant to shut down their existing B2B systems, such as EDI, until new standards have proven their operational value. Thus, we have another evolution not revolution, which seems to be a common theme as we migrate to newer but more complex and invasive standards. There are several components to ebXML, including: Collaboration Protocol Profile (CPP); Collaboration Protocol Agreement (CPA); Business Process and Information Modeling; Core Components; Messaging; Registry/Repository..." General references in "Electronic Business XML Initiative (ebXML)."

  • [February 23, 2004] "Web Services Alphabet Soup: Is the Glut of Web Services Protocols a Morass or a Precursor to Unprecedented Harmony?" By Jon Udell. In InfoWorld (February 20, 2004). Strategic Developer. The original title of this column was 'WS-WorldPeace.' "Here's one popular definition of insanity: 'Do the same thing, expecting a different result.' Now consider the following partial list of proposed standards for Web services: WS-Addressing, WS-AtomicTransaction, WS-Attachments, WS-Context, WS-Coordination, WS-Eventing, WS-Federation, WS-Reliability, WS-ReliableMessaging, WS-Routing, WS-SecureConversation, WS-Security, WS-SecurityPolicy, WS-Transaction, and WS-Trust. That's just the WS series; there's also XML 1.0, XML Schema, SOAP, WSDL, UDDI, XML-DSig, XML-Encryption, XKMS, SAML, XACML, ebXML, BPEL4WS, WSRP, and a partridge in a pear tree. Is this nuts? Some people think so. The watchwords of XML Web services were the watchwords of the Web: simplicity and universality. But as the specs multiply like weeds, it's fair to ask if we're now just reinventing CORBA and DCOM, doing the same old thing and crazily hoping for a different result... [We have] a zoo of protocols that, for most developers, create severe cognitive overload. It's one thing to say that a secure transacted session can be composed out of these modular parts, but quite another to actually achieve that effect. [Microsoft's] Shewchuk agrees. The solution, he suggests, is tooling that enables a declarative style of programming. This idea dates back to MTS (Microsoft Transaction Server). Before COM+ and J2EE, MTS pioneered the notion that you need not write lines of code to invoke services such as transactions or object pooling. Instead, a programmer could invoke these services with simple attribute declarations. Or an administrator could achieve the same effect by setting attributes in a management console... 'In Indigo, it boils down to attributes,' Shewchuk says. 'You tell the run time you want confidentiality, longevity, and reliability, and it uses the composable architecture to translate that into a configuration on an execution pipeline.' You've got to love the vision. Is it a recipe for WS-WorldPeace? That will depend on Microsoft's commitment to base standards, which so far looks more solid in Indigo than in Avalan or WinFS. It will also depend on everybody else figuring out what Microsoft has always known: packaging technology, in ways that make sense to average developers, matters a lot..."

Earlier XML Articles

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: