Cover Pages: XML Daily Newslink: Friday, 28 September 2007

A Cover Pages Publication http://xml.coverpages.org/
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
BEA Systems, Inc. http://www.bea.com

Headlines

W3C Last Call for Web Services Policy Primer and Guidelines for Authors
Serve SQL Data in XML Format
ACID Transaction Policy in SCA (Service Component Architecture)
Digital Repository and Authorization Middleware Architecture
XML Squisher Targets .NET CF-enabled Devices
A Close Look at BPEL 2.0: Drilling Down
AJAX and the Mobile Web
XML Descriptor Based Approach for Real Time Data Messaging
Service Provisioning via SPML in SOA

W3C Last Call for Web Services Policy Primer and Guidelines for Authors
A. Vedamuthu, D. Orchard, F. Hirsch, (et al. eds); W3C Technical Report

W3C's Web Services Policy Working Group has released two Last Call Working Drafts for Web Services Policy 1.5. These Working Drafts complement the WS-Policy Recommendation: in September 2007, W3C published two Web Services Policy 1.5 specifications (Framework, Attachment) as W3C Recommendations, representing a "critical Web standard for extending the features of Web services and Service Oriented Architecture (SOA) applications. Building on the fundamental open Web services standards from W3C, Web Services Policy enables developers to meet requirements for secure transactions, reliable messaging, addressing metadata, and other scenarios, in modular fashion. With Web Services Policy 1.5, SOA developers can enable extensions to a service without disruption or requiring changes to lower level service descriptions. The extensions themselves (consisting of what are called "policy assertions") are defined by other specifications." WS-Policy Assertions communicate the requirements and capabilities of a web service by adhering to the specification, WS-Policy Framework. To enable interoperability of web services different sets of WS-Policy Assertions need to be defined by different communities based upon domain-specific requirements of the web service. The Last Call Working Drafts include a Primer and Guidelines. "Web Services Policy 1.5 - Primer" provides an introductory description of the Web Services Policy language, written: (1) for policy expression authors who need to understand the syntax of the language and understand how to build consistent policy expressions; (2) for policy implementers whose software modules read and write policy expressions; (3) for policy assertion authors who need to know the features of the language and understand the requirements for describing policy assertions. The document has three primary sections: "Basic Concepts" describes how to declare and combine capabilities and requirements of a Web service as policy expressions, attach policy expressions to WSDL constructs such as endpoint and message, and re-use policy expressions. "Advanced Concepts" explains the basics of normalizing policy expressions, merging policies, determining the compatibility (intersection) of policies, the policy data model, the policy expression and the extensibility points built into the Web Services Policy language. "Versioning Policy Language" provides examples and best practices on versioning of the policy language itself. The "Web Services Policy 1.5 - Guidelines for Policy Assertion Authors" working draft captures best practices and usage patterns for practitioners. It is a complementary guide to the Framework and Attachments specifications and the Primer. It is intended to provide non-normative guidelines for WS-Policy Assertion Authors who need to know the features of the language and understand the requirements for describing policy assertions.

Serve SQL Data in XML Format
Ivan Pepelnjak, InformIT

Quite often, the data you have to serve to the client will reside in SQL databases on the server, so you need an adapter between the tabular binary SQL data and text-oriented hierarchical XML data. This article, describes a few ways to extract data from SQL databases and serve it to an AJAX application running in a web browser, depending on the SQL database you use and the implementation flexibility you need. A large number of AJAX applications expect that the data exchange between the web server and the browser will be formatted as XML. If the server-side data is stored in an SQL database, you can use a server-side script to transform the tabular SQL format returned by an SQL query into an XML document, or use the XML functionality embedded in your database server to reduce server resource utilization. The server-side script might be your only option if your database server lacks the required XML functionality (for example, MySQL cannot return query results in XML format), or if you have to perform extensive additional data processing on the SQL results. In any case, you shouldn't generate the XML output by writing individual tags and attributes to the output data stream, because you might eventually forget one (or more) of the XML encoding rules and therefore produce invalid XML documents; for example, you might forget to encode the ampersand ('&') character in the attribute values. It's much safer to use the DOM functions available in most server-side scripting languages, build a DOM tree with the script, and output the XML representation of the DOM tree as provided by the DOM library. If your database server supports XML output of query results, but you have to perform specialized data processing to get the XML structure you need to return to the AJAX client, consider server-side XSLT transformations. This technique might be faster than using server-side scripts, even with the added overhead of additional XML parsing.

ACID Transaction Policy in SCA (Service Component Architecture)
Mike Edwards, OSOA Announcement

A first public draft (Version 0.51) for "ACID Transaction Policy in SCA" has been released. It is edited by Ian Robinson (IBM); the technica contacts include Dave Booz, Mike Edwards, Mike Kanaley, Ashok Malhotra, Eric Newcomer, Sanjay Patil, Ian Robinson, Michael Rowley, and Mark Little. From the Overview: "SCA recognizes that the presence or absence of infrastructure for ACID transaction coordination has a direct effect on how business logic is coded. In the absence of ACID transactions, developers must provide logic that coordinates the outcome, compensates for failures, etc. In the presence of ACID transactions, the underlying infrastructure is responsible for ensuring the ACID nature of all interactions. SCA provides declarative mechanisms for describing the transactional environment required by the business logic. Components that use a synchronous interaction style can be part of a single, distributed ACID transaction within which all transaction resources are coordinated to either atomically commit or rollback. The transmission or receipt of oneway messages can, depending on the transport binding, be coordinated as part of an ACID transaction as illustrated in the OneWay Invocations section below. Well-known, higher-level patterns such as store-and-forward queuing can be accomplished by composing transacted one-way messages with reliable-messaging qualities of service. This document describes the set of abstract policy intents—both implementation intents and interaction intents—that can be used to describe the requirements on a concrete service component and binding respectively... The specification defines implementation and interaction policies that relate to transactional QoS in components and their interactions. The SCA transaction policies are specified as intents which represent the transaction quality of service behavior offered by specific component implementations or bindings. SCA transaction policy can be specified either in the SCDL or annotatively in the implementation code. Language-specific annotations are described in the respective language binding specifications. Implementation transaction policies include (1) 'managedTransaction', which describes the service component's transactional environment; (2) 'transactedOneWay' and 'immediateOneWay', being two mutually exclusive intents that describe whether the SCA runtime will process OneWay messages immediately or will enqueue (from a client perspective) and dequeue (from a service perspective) a OneWay message as part of a global transaction. Interaction transaction policies: 'propagatesTransaction' and 'suspendsTransaction', being two mutually exclusive intents that describe whether the SCA runtime propagates any transaction context to a service or reference on a synchronous invocation. Note that transaction context MUST NOT be propagated on OneWay messages.

See also: the OASIS SCA-Policy TC

Digital Repository and Authorization Middleware Architecture
Chi Nguyen, Conference Presentation

This presentation by Chi Nguyen by (Mura Digital Repository Project Manager) discusses the Fedora authentication/authorization/XACML work being done in Australia. Mura is a new web-based GUI for the popular Fedora repository. Its aim is to show-case new support for federated identity and flexible authorization for framework. Both Mura and the new framework are being developed by the RAMP project which started in September 2006. The Research Activityflow and Middleware Priorities (RAMP) project "seeks to improve national research effectiveness by addressing two of the most challenging components of the DEST/JISC E-Framework for Education and Research and the DEST Accessibility Framework—the areas of people-oriented workflows for research processes, and open standards authorisation for protected repositories. A key focus of the RAMP project is capturing E-Research activityflows so that they can be analysed, shared, re-used and adapted. This will lead to a national website providing a library of 'actionable' best practice activityflows for common research processes. This approach draws on the success of capturing and sharing Learning Designs within e-learning, and applies it to the challenges of people-based workflow in E-Research. The second challenging component of the E-Framework that RAMP addresses is open standards authorisation using XACML (Extensible Access Control Markup Language). There is an increasing need for flexible management of protected content as part of repositories such as Institutional Repositories, E-Reserves, etc, but most approaches to protected content rely on hardwired or proprietary authorisation mechanisms that are inefficient, costly, inflexible and promote system lock-in. The RAMP project will address the need for open standards authorisation through the creation of a generalised XACML authorisation module that could potentially be adopted by any repository system. This module will be implemented and tested initially using the Fedora repository, based on existing work on Fedora and XACML from MAMS and ARROW. The final stage of RAMP will unify the workflow and authorisation components through a 'fusion' project to explore interaction and integration between these two areas, and their overall combined impact on the E-Framework. This fusion project will lay the groundwork for potential future work in unified workflow and authorisation services, and their interaction with other E-Framework services.

XML Squisher Targets .NET CF-enabled Devices
Staff, Windows For Devices

AgileDelta has announced that its tool for enhancing the performance of Xtensible Markup Language (XML) now supports Microsoft's .NET Framework and .NET Compact Framework (CF). Efficient XML converts XML into a binary format claimed to accelerate web applications, reduce bandwidth utilization, and extend battery life. According to AgileDelta, the compressed, binary format of XML data generated by Efficient XML can be hundreds of times smaller (by boosting transmission speed) and also slashes network traffic: "Now cell phones, PDAs, media players, GPS receivers, and many other devices that are often constrained by battery power, processing power, or memory can participate in the XML ecosystem." There have been other methods of converting XML into binary, potentially endangering the language's cross-platform compatibility. AgileDelta, however, says its implementation has been selected as the basis for the emerging global standard for binary XML by the Efficient XML Interchange Working Group of the Worldwide Web Consortium (W3C). The Efficient XML software development kit (SDK) includes support for popular XML APIs, including SAX (the Simple API for XML), DOM (Document Object Model), JAXP (Java API for XML Processing), and a pull-model streaming API patterned on StAX (Streaming API for XML). Note: Earlier in 2007 AgileDelta announced the release of its Efficient XML HTTP Proxy Server and Client. "The proxies provide a simple, plug-in solution for adding Efficient XML to existing browser, web services and web-based applications without modifying application code. Now, businesses of any size can use Efficient XML to significantly reduce network bandwidth costs, increase data transfer speeds and give remote workers high-speed access to the information they need. The Efficient XML HTTP Proxy Server and Client support content negotiation, which automatically detects and uses Efficient XML for clients and servers that support it and falls back to text XML for those that do not. This simplifies incremental roll-out of Efficient XML across an enterprise and enables deployment in heterogeneous networks where not all parties have upgraded to Efficient XML."

A Close Look at BPEL 2.0: Drilling Down
Khanderao Kand, Manoj Das, Alex Yiu; SOA World Magazine

Web Services-Business Process Execution Language (WS-BPEL) provides a broadly adopted process orchestration standard supported by many vendors today and used to define business processes that orchestrate services, systems, and people into end-to-end business processes and composite applications. However, in many ways BPEL's adoption has gotten ahead of the formal standardization process. The BPEL4WS 1.1 specification was submitted to OASIS back in 2004 and after three years of work by one of the largest technical committees at OASIS, WS-BPEL 2.0 finally became an OASIS standard on April 12, 2007. While adoption of the BPEL language has not been gated by the 2.0 standard or the OASIS stamp of approval—there are thousands of successful BPEL projects and deployments today—the formal publication of the standard is an important milestone and will further accelerate BPEL's adoption and vendor support. The efforts of the BPEL committee over a three-year period have enhanced BPEL 2.0 with important features and clarified the specification in several areas. In this article we cover some of the most interesting new features in depth; however not every aspect of BPEL 2.0 is covered. First, we will summarize the important features of the BPEL standard, explicitly calling out what is new or changed in BPEL 2.0. At a high level BPEL is an XML language that provides a rich set of activities to describe an executable business process. The processes and activities can be synchronous or asynchronous, short-lived or long-running; BPEL provides a sophisticated language for defining the process flow, system interactions, data manipulation, exception handling, compensation rules, etc. The worked example highlights the following advanced requirements: (1) Dynamic Parallelism: handling of different components (line items) of an Order in parallel; (2) Change handling, or out-of-band events: a delivery schedule may change while an Order is in process; (3) Compensation: reversing credit card charges and releasing reserved inventory when a component is out-of-stock... There have been some significant announcements around human workflow. Another interesting development is the Service Component Architecture (SCA) standard. While most WS-* specifications have been focusing on the protocol and interoperability aspects of Service Oriented Architecture (SOA), SCA standardizes the deployment and assembly of SOA components, including BPEL. This will further help enable the portability of BPEL processes, and the composite applications that leverage them, across different vendor implementations.

See also: BPEL references

AJAX and the Mobile Web
Darryl K. Taft, eWEEK

With smart phones becoming more prevalent among users and delivering greater capability than ever before, where are the applications to take advantage of all this power? That is a key question the OpenAjax Alliance and the World Wide Web Consortium, or the W3C, proposed to answer at a joint workshop, held at Microsoft's campus in Mountain View, California. Jon Ferraiolo, Web architect in the Emerging Technologies division of IBM's Software Group, and Daniel Appelquist, a senior technology strategist at Vodafone, chaired the workshop. Ferraiolo, who is also the director of the OpenAjax Alliance, said the question of the Web on mobile devices is complex. There are whole conferences on the subject of the mobile Web. For example, on October 15, 2007 Vodafone is sponsoring a day of speakers on the subject; at the joint OpenAjax Alliance/W3C event, there were nearly 40 position papers submitted, each reflecting the points of view of companies or individuals in the industry. Ferraiolo: "What I am hoping is that this workshop will provide a broad industry perspective on things having to do with the term 'mobile AJAX' and help inform two industry groups (W3C and OpenAjax Alliance) so that we can start new initiatives or modify existing initiatives to help the industry be successful with HTML and AJAX technologies on mobile devices." Dion Almaer, an engineer at Google and co-founder of Ajazian.com, said that there are "millions of developers that know how to hack out some Web stuff. On the other hand, building mobile apps in Java with MIDP (Mobile Information Device Profile) or the like is insanely difficult. So, if you can let people develop apps for the phone in a simple way—such as AJAX—then you get all of the developers." The W3C has multiple mobile initiatives already in place, including MWI (Mobile Web Initiative).

See also: the Workshop Web Site

XML Descriptor Based Approach for Real Time Data Messaging
Polly Poon, Tharam Dillon, Elizabeth Chang, Ling Feng; IEEE Presentation

This paper was presented at the Ninth IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing. It presents an overview of the Real Time Markup Language (RTML). RTML is a XML profile which provides the syntactic representation for describing the semantics of real time data for exchange over distributed networked real time systems. We demonstrate a method which uses descriptor based approach to describe the real time semantics in distributed real time systems using XML. We have chosen XML Schema for a number of advantages. In order to create a consistent schema that contains the correct semantics offer by conceptual design model, we have used the OO conceptual model transformation approach proposed by L. Feng, et al., "Schemata Transformation of Object-Oriented Conceptual Models to XML." As discussed in this paper, very often the individual real time systems do not have knowledge of the application from each other. So attempting to set up collaboration for data exchange will be a major challenge and especially when it is dealing with multiple heterogeneous sources. We introduce a descriptor based approach for describing the resources using three types of descriptors namely Concept Descriptor for illustrating the details of the features from a real times systems; a Category Descriptor for organizing the logical structure of Concept Descriptors whose share common similarities; and Relationship Descriptor which describe the structure of a collection of Concept Descriptors and Relationship Descriptors which illustrate the semantics, syntax and organization of such a structure. We believe that this work will be one of the first steps towards defining an approach using XML to describe real time resources. By providing such a XML profile, it establishes a knowledge based for organizations to exchange data using XML messaging... RTML is a XML descriptor based profile. Elements in RTML can be classified into three corresponding descriptor types: Descriptor (D), DescriptorMapper (DM) or DescriptorCategory. The use of descriptors allows multi level abstraction. Ds and DMs are further defined into corresponding spectrums Apart from OMG SPT, RTML has also adopted the specification developed by ISO and ITU-T document number X.641 Recommendation (ISO/IEC IS 13236). This specification provides a standard approach to describe QoS for different purposes, and how can QoS be described from different levels or viewpoints and precision. Along with the ISO/IEC specification, we have also adopt QoS Profile. The meta-model in QoS Profile provides a lightweight modeling component for conceptual design customization.The above standards have provided fundamental constructs for conceptual model transformation into RTML constraints. This design time construct can be complemented by realizing additional details to enrich the description to the design elements defined in those specifications. RTML provides a reference model for the realization of abstract details.

Service Provisioning via SPML in SOA
Manivannan Gopalan, SOA World Magazine

The Provisioning Services Technical Committee (PSTC) at OASIS defined an XML-based framework named Service Provisioning Markup Language (SPML) for exchanging user information, resource information, and service provisioning information in systems. In this article, we explore the role of SPML in managing identity and resource information in SOA environments. SPML is an XML-based request response protocol that is used to integrate and interoperate service provisioning requests. The use of SPML is to enable organizations to set up interfaces for Web Services and applications quickly and securely. This is done by letting portals, application servers, and service centers generate provisioning requests in and across organizations. If you take a typical SOA security stack, SPML satisfies a complementary requirement for authentication, authorization and fine-grained access control. SPML is used for service provisioning whereas the authentication and authorization of data is done through SAML. Fine-grained XML access control is done through XACML. Managing user identity is challenging in today's environment given the increasing diversity and complexity of systems. Identity management refers to the management of the entire lifecycle of one or more identities, from creation to destruction, and managing privileges. SPML deals with provisioning identities in enterprise ecosystems. It brings standardization in preparing system infrastructure to accomplish business activities. A typical SPML use case scenario in organizations is the situation of hiring a new employee, which involves lots of procedures that can be included in a provisioning workflow. Provisioning involves both digital as well as physical activities. A physical activity involves procuring a PC or laptop and a digital activity involves creating a user account in various applications.


SEARCH \| ABOUT \| INDEX \| NEWS \| CORE STANDARDS \| TECHNOLOGY REPORTS \| EVENTS \| LIBRARY

Headlines

Sponsors