[December 26, 2003] "Web Services Security Kerberos Binding." By Giovanni Della-Libera (Microsoft), Brendan Dixon (Microsoft), Praerit Garg (Microsoft), Maryann Hondo (IBM), Chris Kaler (Microsoft), Hiroshi Maruyama (IBM), Anthony Nadalin (IBM), and Nataraj Nagaratnam (IBM). December 18, 2003. Copyright (c) 2003 IBM Corporation, Microsoft Corporation. 25 pages. ['This Web Services Security Kerberos Binding Specification is an initial public draft release and is provided for review and evaluation only.'] "This document describes how to use Web Services security specifications with Kerberos... Kerberos is an established authentication and security infrastructure in use in many environments today. Consequently, as applications integrate with and are developed for Web services, there is a need to leverage existing security infrastructure. This specification describes how to integrate Kerberos security environments with the Web service security architecture. Integration with Web services security requires the following aspects: (1) Requesting and issuing security tokens; (2) Attaching security token to messages; (3) Establishing a secure context; (4) Signing and encrypting the message using the security context. This specification describes two models of Web service usage and interoperability: GSS-API and Raw Kerberos... This specification builds on the WS-Security, WS-Trust, and WS-SecureConversation specifications to integrate Kerberos functionality... The security tokens used by both [GSS-API and Raw Kerberos] models are binary and not based on XML. Consequently, the <wsse:BinarySecurityToken> element from WS-Security is used to pass security tokens inside SOAP messages. The wsse:ValueType and wsse:EncodingType attributes describe the security token's type and encoding. Applications integrating Kerberos with WS-Security must include their tokens as instances of <wsse:BinarySecurityToken>. They should encode these in base64... GSS-API presents a common approach and feature set over a number of different and popular security protocols. It is frequently used when two Web services, both existing within Kerberos environments leveraging GSS-API, want to securely interoperate across the Internet... Alternatively instead of using GSS-API, interoperability can be achieved at the Kerberos level. That is, using raw Kerberos security tokens and cryptographic functions. The model is straightforward: tickets are obtained and the keys are extracted for use in signing and encrypting messages. Kerberos is an IETF standard third-party mediated protocol as described in RFC 1510... Conceptually, a Kerberos KDC implements what WS-Trust calls a Security Token Service: It generates security tokens (e.g., Kerberos TGT) in exchange for other tokens..." See also "Web Services Security Specification (WS-Security)." [cache]

[December 26, 2003] "Content Feeds with RSS 2.0. Syndication Goes Mainstream." By James Lewin (President, The Lewin Group). From IBM developerWorks, XML. December 23, 2003. ['A lot has happened in the RSS world since developerWorks last looked at RSS: Two new specifications have come out, RSS has become one of the most popular XML standards, and tools and feeds are popping up everywhere. RSS has contributed to the explosion of weblogs, and it is becoming a standard part of other Web sites, too. This article reviews RSS 2.0, looks at new RSS developments, and jump-starts your understanding of this important format.'] "It's been three years since I wrote my last article on RSS for developerWorks, "An introduction to RSS news feeds." At that time, RSS was one of the more popular uses for XML. Since then, Netscape abandoned the format, five new versions of the RSS specification have come out, and there was an acrimonious fork in the format. In spite of these setbacks, RSS is now more popular than ever... Today you can find tens of thousands of RSS feeds. Weblog users, news publishers, government agencies, and many personal and commercial Web sites support the format. Developer tools deal with RSS in Java technology, PERL, PHP, Python, and other major programming languages. Many viewers and aggregators work on the Web, on the desktop, even within e-mail clients... This article will give you a little background, review how the format is being used, and drop the names of some of the more popular tools for working with it. It will review the nuts and bolts of the format, give you examples, and tell you what you need to know to get started. Finally, it will cover some of the new features of RSS 2.0, such as extending RSS using namespaces. At the end of the article you'll find an annotated list of RSS resources... While headline syndication is the most common use for RSS, it is also used for many other purposes. RSS is a very popular format in the weblog community. It's also used for photo diaries, classified ad listings, recipes, reviews, and for tracking the status of software packages. RSS feeds are used in the world of e-commerce as a way of delivering information. For example, Amazon provides custom news feeds based on its Web services platform. This lets you track top books in your news reader, or include information on your Web site about related books for sale at Amazon. RSS has grown tremendously in popularity in the last few years. Syndic8.com maintains an index of RSS channels, and its list of feeds has grown by about 1400% in two years. Yahoo news, the BBC, Slashdot, LockerGnome, Amazon, CNN, Wired, Rolling Stone, and Apple Computer are among the many popular sources of RSS feeds..." See also: (1) "Atom as the New XML-Based Web Publishing and Syndication Format"; (2) "RDF Site Summary" | "Really Simple Syndication" (RSS)."

[December 24, 2003] "WS- and Liberty Convergence on Table." By Gavin Clarke. In Computer Business Review Online (December 24, 2003) [News Section]. "Convergence between rival web services specifications for secure identity is on next year's agenda, according to IBM Corp which is planning implementations in its software. IBM told ComputerWire it is in talks with members of the Liberty Alliance Project to establish interoperability and convergence with the WS- family of specifications, authored jointly with Microsoft Corp during 2002 and 2003. Meanwhile, two major elements of the WS-Roadmap, WS-ReliableMessaging and WS-Transaction, will next year begin to appear in IBM's WebSphere middleware brand. IBM's director of dynamic ebusiness technology Karla Norsworthy predicted security, interoperability, transaction and reliable messaging would be the focus of IBM and industry activity in 2004. Many in the industry believe next year will finally see many web services standards such as the WS- specifications increasingly implemented in vendors' products. IBM's web services partner Microsoft, for example, is expected to put Business Execution Language (BPEL) in BizTalk Server 2004. Analyst Gartner Group believes from next year onwards, big-brand stack vendors, like IBM and Microsoft, will see their products mature, as web services standards are increasingly adopted. Customers, meanwhile, are expected to finally roll out web services projects, moving beyond the pilot phase, and begin deployment outside of the corporate firewall. Security, it is believed, will top the list of technology priorities in the web services world. The industry, though, has two major security initiatives in the field of federated, single sign-in with the WS- roadmap and Liberty specifications. A basic level of interoperability exists between the two, as they use SAML assertions, a standard ratified by the Organization for the Advancement of Structured Information Standards (OASIS). Two frameworks, though, potentially cause a headache for enterprise developers implementing security for web services. Many today use ad-hoc XML work-arounds... Norsworthy said Liberty provided a high-level system for identity management and was especially suited to vertical markets, while the WS- specifications provides a broad set of horizontal technologies. She said IBM is 'anxious' to extend the functionally of WS- with Liberty's identity management functions'..." See: (1) "Security Assertion Markup Language (SAML)"; (2) "Liberty Alliance Specifications for Federated Network Identification and Authorization"; (3) WS- specifications list. [hash URL]

[December 24, 2003] "Jabber XCP Generates Corporate IM." By Michael Caton. In eWEEK (December 16, 2003). "Jabber Inc.'s Jabber Extensible Communications Platform has a lot under the covers that brings IM beyond user-to-user communications. Unfortunately, Jabber XCP lacks the graphical management tools found in competing products. Jabber XCP 2.7 is available now, priced at $30 per user. In eWEEK Labs' tests, we found a good deal to like in the way Jabber XCP and its included Jabber Messenger work together to deliver instant messaging, but the lack of a management console is a troubling shortcoming of the platform. In terms of base price, Jabber XCP is competitive with Microsoft Corp.'s Live Communications Server 2003. It costs much less than IBM's Lotus Sametime 3.1 but doesn't offer Sametime's Web conferencing features. Jabber Inc. originated out of the Jabber Open Source Project, when Webb Interactive Services Inc. created a software company around the core developers of the original open-source Jabber server. Open-source versions of products that leverage XMPP (Extensible Messaging and Presence Protocol), the XML-based Jabber communications protocol, are available through the Jabber Software Foundation at www.jabber.org. The JSF manages the standardization process for adding extensions to XMPP for backward compatibility. The Jabber XCP product differs from the open-source Jabberd server in that it is a multithreaded and modular application. Jabber offers an interesting wrinkle on IM As a framework application, Jabber XCP offers companies a flexible platform for delivering IM- and presence-aware applications. Overall, we liked the IM experience Jabber XCP provides, including its default options for indicating presence, which are broader than those in competing enterprise IM clients, and its ability to customize the Jabber IM client... Because Jabber XCP relies heavily on XML as the core to communications, seeing how the product works and making modifications can be relatively straightforward. For example, customizing the client's look and feel essentially involves making changes to three XML files..." See: (1) "Jabber XML Protocol"; "Extensible Messaging and Presence Protocol (XMPP)."

[December 23, 2003] "Web Services and C++." By Peter Lacey (Systinet). In Dr. Dobb's Journal #355 Volume 28, Issue 12 (December 2003), pages 54-58. [Database Development: Peter shows how to develop SOAP services and clients in C++ using the WASP Server for C++ from Systinet.] "While there's no shortage of information on how to implement web services using Java, C#, or even Perl, there's little information on how to bring web services to the C++ world -- despite the millions of lines of C/C++ code currently in production. In this article, I close this gap by showing how to develop SOAP services and clients in C++ using the WASP Server for C++ from Systinet... Although a license is required for deployment on multiCPU hardware, WASP is available for a variety of operating systems and compilers as a free download from Systinet. All you need is an operating system and C++ compiler for which WASP binaries are available, and a 1.3 or higher JVM... In SOAP, a 'service' loosely corresponds to a C++ 'class,' and an 'operation' to a 'method.' For instance, a sample service called 'Planet' contains a simple operation, getPlanet(). The service's endpoint (that is, URL) is /PlanetService/. The getPlanet() operation takes a single argument -- an integer between 1 and 9 -- and returns the name of the planet that corresponds to that position in order from the Sun. It returns a SOAP fault if the input parameter is out of bounds. There are two principal components to a web service -- the service itself and the Web Services Description Language (WSDL) document that describes it. It is helpful to have the WSDL document in hand when developing services, since you can use the WASP wsdlc utility to autogenerate the client stub code and service skeleton code. However, since WSDL documents can be complicated, it would be nice not to have to create the WSDL manually. To autogenerate WSDL documents, you have to have a source file that contains enough information to represent a service, and in a format that is simpler than WSDL itself. While WASP for C++ does not have a means of generating a WSDL from a C++ source or object file, you can generate a WSDL from a Java class file. The utility for doing so is Java2WSDL, included in the WASP for C++ Companion Toolkit... The ability to SOAP-enable new or existing C++ applications has important implications both inside and outside the enterprise. It lets you extend existing services to internal users and partners without having to generate and distribute a number of difficult and incompatible APIs. The ease with which this can be done, and the shallow learning curve of doing so, makes adopting web services much smoother than learning and implementing a complete C# or Java environment..."

[December 23, 2003] "XML 2003 Session Report: Namespace Routing Language." By Uche Ogbuji. From XMLHack.com (December 22, 2003). At the XML 2003 Conference in Philadelphia "James Clark followed a block of sessions on ISO Document Schema Definition Languages (DSDL) with a presentation on Namespace Routing Language (NRL), which is a key contribution to DSDL Part 4: 'Selection of validation candidates'... Clark said that NRL tried to redeem some of the cost of namespaces by using them to divide-and-conquer schema problems, using the best independent schema in the next schema language to address each sub-problem. NRL identifies groups of elements and attributes based on namespaces. The developer specifies a schema for validating each group. The data model for the entire XML document to be processed is a tree of trees. The big tree is divided into 'sections', which must be subtrees. This division uses a simple set of rules considering the relative subtree for each element and its namespace compared to that of its parents. Sections can also be applied against attributes according to whether they have the same namespace as its owner element, allowing for processing of what some call 'global attributes'. The NRL schema language defines a set of rules for sectioning documents and instructions for executing validation on each section. Rules can invoke validation against multiple schemata in multiple languages, and they can be constructed to handle otherwise unspecified namespaces, say for extremely lax or extremely strict processing. NRL supports modes similar to those in XSLT (in fact the overall processing model is much like that in XSLT). Actions can specify modes to be used for processing children of the context element. NRL also supports explicit setting of context, which allows for processing patterns that can't be expressed with modes alone. For example, one could specify a rule for processing any RDF/XML only if it was contained within an XHTML head element. NRL is designed for streaming implementation, though a subschema language might enforce building of a subtree in memory. SAX is the basis of the implementation of NRL in the open-source RELAX NG processor Jing..." See the full text from the preentation. General references in "Document Schema Definition Languages (DSDL)."

[December 23, 2003] "XML 2003 Conference Diary." By Eric van der Vlist. From XML.com (December 23, 2003). "Eric van der Vlist, author of O'Reilly's books on RELAX NG and W3C XML Schema, shares his personal view of December's XML 2003 Conference, held in Philadelphia, PA, USA... This year's conference has been dominated by schema languages... The other notable thing I noticed this week is a rise in interest for the Semantic Web at large and an increasing number of presentations showing concrete issues solved by its technologies... There was no formal DSDL tracks at XML 2003, but the next four sessions were nevertheless dedicated to DSDL parts. The first of these was James Clark's 'Incremental XML Parsing and Validation in a Text Editor', a wonderful presentation of how RELAX NG (aka DSDL part 2) can be used to guide XML editing. Although this was describing Clark's 'nXML' mode for Emacs, the principles given there were generic and could apply to other XML editing tools. What I liked the most in this talk is the different perspective on XML parsing and validation. Traditionally, we differentiate parsing from validation and include the check for well-formedness in the parsing. This separation does not work well during the editing of XML documents. Rick Jelliffe had already shown that in an amazing session called ' When Well-Formed is too much and Validity is too little' at XML Europe 2002. James Clark, who had already shown his interest in the concept by adding 'feasible validation' to his RELAX NG processor 'jing', is now following a similar path in nXML. An XML editor needs to be able to rapidly process the structure of the markup to provide syntax highlighting, and document-wide well-formedness is too much for that. Clark's nXML thus includes a parser which is limited to token recognition and does not check that tags are balanced, and a validator that checks well-formedness and validity against RELAX NG schemas when they are available... [one] area which was gave good food for thought in this presentation is that James Clark insisted that during the whole process of parsing and validation, no tree is ever built in memory. This is a new proof that the requirement undertaken by RELAX NG to allow stream processing is met, and another different perspective on XML documents. We tend to see them as trees, while they can also be seen and processed as streams of events. This dual nature of XML is something we should not forget in our applications... Murata Makoto presented 'Combining Multiple Vocabularies Without Tears', a high level introduction to DSDL part 4 and its 'divide and validate' paradigm, complemented by James Clark's 'Namespace Routing Language (NRL)' proposal. These two complementary talks described a new way to validate compound documents: rather than combining individual schemas, which often requires adapting them and requires that they use the same schema language, NRL (which is the main input to DSDL part 4) proposes a language that splits composite documents according to their namespaces, and specifies which schemas must be used for each of these parts. Many examples were given during these two talks, including the validation of SOAP messages with their envelope and payload, and XHTML documents embedding various namespaces going from SVG to RDF through XForms..." General references in "XML Schemas."

[December 23, 2003] "Editing and Authoring: A Structural Adviser for the XML Document Authoring." By Boris Chidlovskii (Xerox Research Centre Europe, France). Pages 203-211 in Proceedings of the 2003 ACM Symposium on Document Engineering. With 14 references. "Since the XML format became a de facto standard for structured documents, the IT research and industry have developed a number of XML editors to help users produce structured documents in XML format. However, the manual generation of structured documents in XML format remains a tedious and time-consuming process because of the excessive verbosity and length of XML code. In this paper, we design a structural adviser for the XML document authoring. The adviser intervenes at any step of the authoring process to suggest one tag or entire tree-like pattern the user is most likely to use next. Adviser suggestions are based on finding analogies between the currently edited fragment and sample data being either previously generated documents in the collection or the history of the current document authoring. The adviser is beneficial in cases when no schema is provided for XML documents, or schema associated with the document is too general and sample data contain specific patterns not captured in the schema. We design the adviser architecture and develop a method for efficient indexing and retrieval of optimal suggestions at any step of the document authoring... Interactive editors for the document preparation have evolved from Rita and Grif edition systems, that used predefined documentgrammars to provide the context information and to guide the authoring process, to the recent editors and validation systems for XML documents, likeMicrosoft XML Notepad, XML-Spy, Corel XMetaL, IBM Xeena, and others. The editors provide an interactive interface for the manual creation, editing and browsing of XML data. The interfaces are often coupled with DTD/XML Schema grammars and content views in order to validate data against DTDs or XML Schema schema definitions and to facilitate the creation of XML documents. Finding patterns in tree-like data is a core problem in various domains, like bioinformatics, Web mining, semi-structured data, etc. In the Web mining, the main interest is in the efficient enumeration of frequent trees in a data forest, where a frequent tree is a tree occurring at least minsup times. Enumerating all frequent patterns combines methods of efficient data mining and the tree pattern matching. Mohammed J. Zaki has recently presented TreeMiner, a novel timeand space-efficient algorithm for discovering all frequent subtrees in a forest In the semi-structured data, methods of the extraction... Our study concerns primarily the data mining aspect of the structural advising for XML documents. The method we proposed here shows that mining available data can considerably increase the 'intelligence' of an XML editor when assisting the authoring process. However, a number of important issues relevant to structural advising in an XML authoring system remained beyond the score of this paper. These issues like the graphical user interface or integration the data mining paradigm in the authoring environment put the user in the center of consideration. Recently, we have built a prototype that integrates the structured adviser in Adobe FrameMaker 6.0 in the form of plug-in. The next step will be developing different scenarios of providing structural suggestions to the user and running a set of evaluations through the case study and behavioral analysis... To our best knowledge, this is the first attempt to propose a method for mining available data and to rank tree patterns of different size accordingly to the efficiency metrics, expressed by the similarity and gain functions. The principle of an adviser and contextual suggestions is close to those implemented in various document editors, like MS Word, Emacs, Amaya, for spell-checking tasks; the knowledge of the language and associated dictionaries are hard-coded in the editor. The difference is that suggestions in these editors cope with the content of document; while the suggestions patterns in our structural adviser try to capture the structure of a document; moreover the patterns can be identified off-line or from scratch in the on-line mode..." See also: ACM Symposium on Document Engineering 2003 (November 20 - 22, 2003).

[December 23, 2003] "XML and Information Integration: Conceptual Modeling of XML Schemas." By Bernadette Farias Lóscio, Ana Carolina Salgado, and Luciano do Rêgo Galvão (Centro de Informática, Universidade Federal de Pernambuco, Brasil). In Proceedings of the Fifth International Workshop on Web Information and Data Management (WIDM 2003) (November 7-8, 2003). "XML has become the standard format for representing structured and semi-structured data on the Web. To describe the structure and content of XML data, several XML schema languages have been proposed. Although being very useful for validating XML documents, an XML schema is not suitable for tasks requiring knowledge about the semantics of the represented data. For such tasks it is better to use a conceptual schema. This paper presents an extension of the Entity Relationship (ER) model, called X-Entity, for conceptual modeling of XML schemas. We also present the process of converting a schema, defined in the XML Schema language, to an X-Entity schema. The conversion process is based on a set of rules that consider element declarations and type definitions and generates the corresponding conceptual elements. Such representation provides a cleaner description for XML schemas by focusing only on semantically relevant concepts. The X-Entity model has been used in the context of a Web data integration system with the goal of providing a concise and semantic description for local schemas defined in XML Schema... The X-Entity representation provides a cleaner description for XML schemas hiding implementation details and focusing on semantically relevant concepts. The X-Entity model extends the ER model so that one can explicitly represent important features of XML schemas, including: element and subelement relationships, occurrence constraints of elements and attributes and choice groups. Due to space limitations, some X-Entity features were not presented in this paper. Other issues were not considered in our approach, including: hierarchy of elements and attributes, cardinality of group of elements, elements with mixed content and order of elements imposed by a sequence compositor. However, our model can be easily extended with additional features and new rules can be developed for the conversion process. We already implemented a prototype to generate XEntity schemas from XML Schemas..." General references in "XML Schemas."

[December 23, 2003] "Security Analysis of the SAML Single Sign-on Browser/Artifact Profile." By Thomas Gross (IBM Zurich Research Laboratory). Paper presented Thursday, December 11, 2003 at the 19th Annual Computer Security Applications Conference (December 8-12, 2003, Las Vegas, Nevada, USA). With 21 references. "Many influential industrial players are currently pursuing the development of new protocols for federated identity management. The Security Assertion Markup Language (SAML) is an important standardized example of this new protocol class and will be widely used in business-to-business scenarios to reduce user-management costs. SAML utilizes a constraint-based specification that is a popular design technique of this protocol class. It does not include a general security analysis, but provides an attack-by-attack list of countermeasures as security consideration. We present a security analysis of the SAML Single Sign-on Browser/Artifact profile, which is the first one for such a protocol standard. Our analysis of the protocol design reveals several flaws in the specification that can lead to vulnerable implementations. To demonstrate their impact, we exploit some of these flaws to mount attacks on the protocol... We have deduced several recommendations for the design of browser-based protocols from our analysis. First of all, we strongly recommend that secure channels such as SSL 3.0 or TLS 1.0 with unilateral authentication for message transfer always be used. They outmatch normal transfer of signed and encrypted messages, as they provide authentication, freshness, and replay prevention. We also recommend including more explicitness measures into the messages. It is important to name protocol type, protocol step, source and destination of a message explicitly in the message. Such measures could for instance prevent attacks where multiple services of a site are involved.We recommend not only considering successful protocol runs, but also analyzing all states the protocol can reach. Especially error states may hide opportunities for attacks such as our referrer attack. We are convinced that the SAML Single Sign-on Browser/Artifact profile is in general a well-written protocol. In fact, it is one of the most carefully designed browser-based protocols in federated identity management. Nevertheless, several changes are required to improve its security and prepare for its broad application in industry..." General references in "Security Assertion Markup Language (SAML)." [cache]

[December 23, 2003] "An Editor for Adaptive XML-Based Policy Management of IPsec." By Raj Mohan (Indian Army, India) with Timothy E. Levin and Cynthia E. Irvine (Naval Postgraduate School, USA). Paper presented at the 19th Annual Computer Security Applications Conference (December 8-12, 2003, Las Vegas, Nevada, USA). With 19 references. "TCP/IP provided the communications foundation for the Internet and the IPsec protocol now promises to enable the desired security strength. IPsec provides users with a mechanism to enforce a range of security services for both confidentiality and integrity, enabling them to securely pass information across networks. Dynamic parameterization of IPsec further enables security mechanisms to adjust the level of security service 'on-the-fly' to respond to changing network and operational conditions. The IPsec implementation in OpenBSD works in conjunction with the Trust Management System, KeyNote, to achieve this. However the KeyNote engine requires that an IPsec policy be defined in the KeyNote specification syntax. Defining such a dynamic security policy in the KeyNote Policy Specification language is, however, complicated and could lead to incorrect specification of the desired policy, thus degrading the security of the network. We present an alternative XML representation of this language and a graphical user interface to create and manage a consistent and correct security policy. The interface has the simplicity of a simple menu-driven editor that not only provides KeyNote with a policy in the specified syntax but also integrates techniques for correctness verification and validation... Security policy management is a critical issue in the management of computer and networking resources. IPsec and KeyNote provide a mechanism to implement a granular security policy. Previous research in the area of 'Quality of Security Service' demonstrates how an adaptive security policy can provide enhanced security with optimal utilization of network resources. A missing link in this process was the difficulty in specifying a well-defined, granular, error free and consistent security policy in the language understood by the KeyNote trust management engine. We have presented a solution to this problem in the form of an easy to use yet powerful security policy editor. The work demonstrates that use of XML technology as a middle layer provides us with a means to combine the security of KeyNote with the simplicity of a policy editor. This novel approach also provides us all the benefits of XML, such as XSL and XML security. While XSL was extensively used, XML security tools could also be used in follow up future work..." [cache]

[December 23, 2003] "An Analysis of XML Database Solutions for the Management of MPEG-7 Media Descriptions." By Utz Westermann and Wolfgang Klas (University of Vienna). In ACM Computing Surveys (CSUR) Volume 35, Issue 4 (December 16, 2003), pages 331 - 373. [ISSN: 0360-0300] "MPEG-7 constitutes a promising standard for the description of multimedia content. It can be expected that a lot of applications based on MPEG-7 media descriptions will be set up in the near future. Therefore, means for the adequate management of large amounts of MPEG-7-compliant media descriptions are certainly desirable. Essentially, MPEG-7 media descriptions are XML documents following media description schemes defined with a variant of XML Schema. Thus, it is reasonable to investigate current database solutions for XML documents regarding their suitability for the management of these descriptions. In this paper, we motivate and present critical requirements for the management of MPEG-7 media descriptions and the resulting consequences for XML database solutions. Along these requirements, we discuss current state-of-the-art database solutions for XML documents. The analysis and comparison unveil the limitations of current database solutions with respect to the management of MPEG-7 media descriptions and point the way to the need for a new generation of XML database solutions... For the management of MPEG-7 media descriptions (and certainly for the management of other data-centric XML documents as well, e.g., in the domain of electronic interchange of business data), we therefore see the need for a new generation of XML database solutions which recognize the central importance of exploiting the type information contained in schema definitions for the adequate management of XML documents. At the same time, these solutions should not neglect other important issues such as sophisticated (multidimensional) value, text, and path index structures, profound extensibility with custom functionality and index structures, and -- not to forget these -- classic DBMS functionality such as transactions, fine-grained concurrency and access control, and reliable means for backup and recovery. It seems that the necessity of using schema definitions to achieve an adequate management of XML documents is to becoming more and more recognized. As a newer XML database solution, Oracle XML DB/Structured Mapping already to some extent makes use of schema defi- nitions written in XML Schema for document validation and for the typing of basic document contents, as well as for query optimization. At least for the management of MPEG-7 media descriptions, however, the system has to be developed further to overcome its limitations with regard to the more complicated constructs of MPEG-7 DDL/XML Schema in order to be considered more than just a harbinger of a new generation of schema-aware XML database solutions." See also: (1) "A Typed Representation and Type Inference for MPEG-7 Media Descriptions"; (2) "An Analysis of XML Database Solutions Concerning the Management of MPEG-7 Media Descriptions" (Technical Report, No. TR-2002302, Dept. of Computer Science and Business Informatics, University of Vienna, September, 2002). General references in "Moving Picture Experts Group: MPEG-7 Standard."

[December 23, 2003] "Butting Heads Over B2B. ebXML Battles Web services Over Which Will Become the E-Business Platform of Choice." By Paul Desmond. In Network World (December 22, 2003). "Companies looking to conduct complex business transactions might expect Web services to enable those efforts. But along the way, they might find some business partners adamant about using another technology for the same purpose, electronic business with XML. Under development since the late 1990s, ebXML is a multifunction e-business framework that includes a secure document-messaging component and a methodology for constructing those documents. Web services, of course, fits a similar description, although the degree to which they help businesses conduct more than the simplest of online transactions is one subject of the Web services vs. ebXML debate. Another topic is whether a debate is needed at all. A number of experts say the two technologies are complementary, because ebXML can, and does, employ Web services underpinnings such as Simple Object Access Protocol (SOAP)... 'People think of ebXML as a holistic framework rather than having multiple aspects that can be adopted independently,' says Joseph Chiusano, senior consultant with Booz Allen Hamilton in McLean, Va., and a member of the OASIS ebXML technical committee. While Web services didn't really exist when ebXML was conceived, OASIS and UN/CEFACT, an international standards body that also plays a role in ebXML development, have since made multiple efforts to incorporate Web services components in ebXML. Those include an interface that enables ebXML messages to be carried via SOAP, and the ability to register and discover Web Services Description Language (WSDL) documents... [John] Radko says he sits in on numerous meetings in which the ebXML vs. Web services debate rages on. Members of the auto industry, for example, are debating whether to use ebXML document formats or those that are more closely aligned with Web services, such as WS-Attachments. This Microsoft-developed specification is at least the third attempt at defining how to send files back and forth in a Web services environment. He says such a specification must have four basic attributes: to, from, message type and a message ID, for tracking. 'EbXML does all that great; it was designed from the ground up to do that,' Radko says. Work is underway in standards bodies including the Internet Engineering Task Force and World Wide Web Consortium to define the same attributes for Web services. So why not simply use ebXML document formats and send them over a Web services-based transport? For one, ebXML uses a component-based approach toward building documents that Radko says is technically sophisticated but difficult to work with... Users must choose a platform for conducting business online -- Web services or the older but more established electronic business with XML (ebXML). Sun is the only large vendor with a certified interoperable ebXML offering, although at least nine smaller e-commerce providers and software vendors offer ebXML certified products. IBM, Microsoft and Oracle favor Web services. Resolution is questionable. The ebXML camp likely will try adding more Web services underpinnings, while Web services standards groups will strive for agreement on document format structure...' See also the following reference..." See also the following reference, and general references in "Electronic Business XML Initiative (ebXML)."

[December 23, 2003] "Comparing WSDL-based and ebXML based Approaches for B2B Protocol Specification." By Martin Bernauer, Gerti Kappel, and Gerhard Kramler (Business Informatics Group Business Informatics Group, Institute of Software Technology and Interactive Systems, Vienna Universiy of Technology. Presented at the First International Conference on Service Oriented Computing (ICSOC 2003), Trento, Italy, 15-18 December 2003. "When automating business processes spanning organizational boundaries, it is required to explicitly specify the interfaces of the cooperating software systems in order to achieve the desired properties of interoperability and loose coupling. So-called B2B protocols provide for the formal specification of relevant aspects of an interface, ranging from document types to transactions. Currently, there are two main approaches proposed for the specification of B2B protocols, the WSDL-based approach supporting Web Service languages, and the ebXML-based approach supporting languages defined along the ebXML project. Unfortunately, these approaches are not compatible, thus an organization wanting to engage in B2B collaboration needs to decide whether to embark on any of these new approaches, and which ones to use. This paper introduces a conceptual framework for B2B protocols, and based on this framework, a methodical comparison of the two approaches is provided, answering the questions of what the differences are and whether there are chances to achieve interoperability..." See also the abstract and the preceding bibliographic reference. Related: (1) comments on the OASIS ebXML Business Process Technical Committee (ebXML BP TC) discussion list; (2) general references in "Electronic Business XML Initiative (ebXML)." [cache]

[December 20, 2003] "Beyond Instant Messaging: Platforms and Standards for These Services Must Anticipate and Accommodate Future Developments." By John C. Tang and James "Bo" Begole (Sun Labs). In ACM Queue Volume 1, Number 8 (November 2003), pages 28-37. ACM Queue Special Issue on Instant Messaging. "The recent rise in popularity of IM (instant messaging) has driven the development of platforms and the emergence of standards to support IM. Especially as the use of IM has migrated from online socializing at home to business settings, there is a need to provide robust platforms with the interfaces that business customers use to integrate with other work applications. Yet, in the rush to develop a mature IM infrastructure, it is also important to recognize that IM features and uses are still evolving... In this discussion, we want to demonstrate how research prototypes that explore future directions can be used to guide and inform current efforts to develop an infrastructure. Our experience in using and studying IM has identified future opportunities in what we will refer to as 'awareness services.' That is, beyond the instant text-chat capability and sense of presence among online colleagues that IM provides, what other cues of activity should collaborators share to help coordinate their work? When a person you want to contact is not present, what information can the system provide to help you coordinate contact in the future? Even when you are physically present, can the system provide cues for when you are mentally receptive, or 'available,' to being interrupted? As examples of potential solutions to these issues, we summarize three research prototypes that demonstrate future directions in awareness services: (1) Awarenex - an IM and awareness prototype that demonstrates additional realtime awareness information useful both for initiating contact and negotiating conversation. (2) Rhythm Awareness - a system that analyzes awareness information over time to predict future times to contact people who are not currently available. (3) Lilsys - a system that integrates awareness information from a number of different sensors to infer when colleagues may not be available for interaction... The research prototypes described here, along with other research in this area, suggest an emergence of promising awareness features that would further help distributed work groups communicate and coordinate their collaboration. Technical platforms and standards need to support the ongoing development of awareness features and be capable of including new awareness information and services as they emerge. The technical infrastructure also needs to address privacy concerns so that users can easily understand and trust their control over who has access to this information. By developing platforms and standards today that anticipate and accommodate future developments in awareness services, we can build communication tools that will gracefully support the emergence of new awareness services as they become available..."

[December 20, 2003] "Nine IM Accounts and Counting." By Joe Hildebrand (Jabber). In ACM Queue Volume 1, Number 8 (November 2003), pages 44-50. ACM Queue Special Issue on Instant Messaging. ['The key word with instant messaging today is interoperability. Various standards are in contention.'] "Instant messaging (IM) has become nearly as ubiquitous as e-mail, in some cases -- on your teenager's computer, for example -- far surpassing e-mail in popularity. But it has gone far beyond teenagers' insular world to business, where it is becoming a useful communication tool. The problem, unlike e-mail, is that no common standard exists for IM, so users feel compelled to maintain multiple accounts -- for example, AOL, Jabber, Yahoo, and MSN. This decision makes no sense from the end-user perspective, but unfortunately it is an artifact of how IM has developed. Even without a common IM standard, interoperability is not much of a technical challenge, however. The open source community has demonstrated that since 1999. To interoperate or not to interoperate is actually a business decision. It comes down to giving corporate customers what they want. In some cases that means interoperability and in some cases it means creating a walled or gated community... Multiple standards are still vying for prominence today. The main contenders are XMPP and SIMPLE, both of which are still under discussion within the IETF. XMPP is an IETF adaptation of the open Jabber protocol for IM and presence. SIMPLE -- SIP for Instant Messaging and Presence Leveraging Extensions -- is based on the IETF signaling protocol known as the Session Initiation Protocol, or SIP. SIMPLE is a set of extensions built on top of SIP that will provide for an IM and presence system. Microsoft has thrown its considerable weight behind SIMPLE... Two features make IM unique: rapid-fire asynchronous messaging, and realtime presence information. We've only just begun exploring what it means to mix these and add them to a wide range of applications and devices. For example, one extension to presence is geographical location information. Once your car is a node on the network, its presence information could be provided (subject to permissions you control) to other nodes on the network, such as your garage door. Why push a button to open your garage door when it can open automatically whenever your car comes within 20 feet? Sure, that seems like a frivolous use of the technology, but don't think it won't happen just because it's frivolous. Adding presence information (from basic on/off status to extended presence about more sophisticated states) to applications and devices will open up a wealth of uses that we've only just begun to think about. The same is true of asynchronous messaging. While some industry pundits have bought into Microsoft's contention that the IM game is over and that the direction of IM technology will be based on SIMPLE, millions are actually building innovative applications and deploying large messaging and presence services using XMPP. Why? Because they can deploy today, knowing that XMPP is natively interoperable, extensible, and being chosen by some of the world's largest companies..." See also: (1) "Extensible Messaging and Presence Protocol (XMPP)"; (2) SIP for Instant Messaging and Presence Leveraging Extensions."

[December 20, 2003] "On Helicopters and Submarines." By Marshall T. Rose (Invisible Worlds). In ACM Queue Volume 1, Number 8 (November 2003), pages 10-13. ACM Queue Special Issue on Instant Messaging. ['You're not going to get any savings through integrating IM with your SIP infrastructure. SIP does a great job as a helicopter, but when you try to make it function as an IM submarine as well, disaster may follow.'] "Helicopters are great, and so are submarines. The problem is that if you try to build one vehicle to perform two fundamentally different jobs, you're going to get a vehicle that does neither job well. What does any of this have to do with instant messaging (IM)? Well, the Session Initiation Protocol (SIP) is an excellent helicopter, but it is also being proposed for use as an instant messaging submarine. The proposal is known by a clever acronym, SIMPLE (SIP for instant messaging and presence leveraging extensions), but the SIP/IM approach doesn't have any of the good features normally associated with simplicity... SIP is a rendezvous protocol used to establish media streams (e.g., voice over IP, conferencing, and so on). The key thing to understand about rendezvous protocols is that they play an important but very limited role in data communications. They negotiate all the parameters necessary for data exchange to occur; but their role is also limited, because once this negotiation completes, the rendezvous protocol goes away and the actual exchange of data occurs. Like all good protocols, SIP's design parameters reflect its operating environment. What this means is that SIP's design isn't optimal for use in other scenarios. For example, because the rendezvous protocol is used for brief exchanges, and comprises such a small part of an overall mix of data traffic (in comparison to the actual data exchange), SIP doesn't need to have a congestion-sensitive transmission algorithm. After all, SIP is trying to do only one or two handshakes, so using something like slow-start is actually counterproductive. The difficulty here is the same thing that afflicts most protocols that achieve cult-like popularity: SIP is being considered for use in all kinds of different applications. In fact, the magnitude of requests for SIP extensions has reached the point where there's actually an evolving review process for SIP modifications... Rendezvous protocols are great, and so are data-exchange protocols. The problem is that if you try to build one protocol to perform two fundamentally different jobs, you're going to get a protocol that does neither job well. In other words, SIP and IM are sufficiently different that trying to do them both in the same protocol is problematic..."

[December 20, 2003] "Broadcast Messaging: Messaging to the Masses." By Frank Jania (IBM). In ACM Queue Volume 1, Number 8 (November 2003), pages 38-43. ACM Queue Special Issue on Instant Messaging. ['This powerful form of communication has social implications as well as technical challenges.'] "We have instantaneous access to petabytes of stored data through Web searches. With respect to messaging, we have an unprecedented number of communication tools that provide both synchronous and asynchronous access to people. E-mail, message boards, newsgroups, IRC (Internet relay chat), and IM (instant messaging) are just a few examples. These tools are all particularly significant because they have become essential productivity entitlements. They have caused a fundamental shift in the way we communicate. Many readers can attest to feeling disconnected when a mail server goes down or when access to IM is unavailable. For some of us, network outages are now as inconvenient as a blackout. These tools are also significant because they represent technologies that provide a means for enhanced interaction. On one end, in the case of e-mail, the technology provides increased delivery speed over that of standard post. At the other extreme, in the case of IM, the ability to advertise awareness information and have a realtime text conversation comprises a new form of communication. Broadcast messaging is a technology that falls somewhere in between, and has several use-cases that highlight its efficacy and indicate that it also will someday enjoy the ubiquity of IM. There are, however, social implications to providing broadcast messaging to a large audience, as well as challenges in building broadcast messaging tools for such an audience... ICT is a suite of applications that incorporates broadcast messaging and IM. The most prolific use-case of ICT is the IBM internal deployment, with an average of 18,000 users per month. There are five applications for broadcast messaging: w3alert, TeamRing, SkillTap, FreeJam, and PollCast. Users broadcast many types of requests to one of many communities, but the most active is the "everyone" community. This is the community that everyone listens to by default. The novel feature of communicating to "everyone" is circumventing the need to categorize your request while getting it out to a large audience of potential responders. The ability to broadcast to everyone can be very powerful, but it also has social implications and technological challenges. I'll first discuss the specifics of ICT's broadcast applications and then their social implications and technological challenges..."

[December 20, 2003] "IM: A Conversation with Peter Ford." By Eric Allman and Peter Ford. In ACM Queue Volume 1, Number 8 (November 2003), pages 18-27. ACM Queue Special Issue on Instant Messaging. "Instant messaging (IM) may represent our brave new world of communications, just as e-mail did a few short years ago. Many IM players are vying to establish the dominant standard in this new world, as well as introducing new applications to take advantage of all IM has to offer. Among them, hardly surprising, is Microsoft, which is moving toward the Session Initiation Protocol (SIP) as its protocol choice for IM. Providing us with the Microsoft perspective on IM is Peter S. Ford, chief architect for MSN Messenger. At Microsoft he has worked on Messenger, TCP/IP, IP security (IPsec), RSVP and QoS, voice over IP (VoIP), and Mobile Data. Previously he worked at MCI on Internet access and virtual private networks (VPNs), on the evolution of the National Science Foundation network to network access points (NAPs) and very-high-speed Backbone Network Service (vBNS), and at Los Alamos National Laboratory on high-performance computer networking and nonlinear systems. In an earlier life he was a systems hacker at the University of Utah and the University of Michigan. In the Internet Engineering Task Force (IETF) he cochaired the team proposing the use of connectionless network service (CLNS) as the candidate for IPv6. Ford has a bachelor of general studies degree from the University of Michigan. Sparring with Ford in a discussion of IM is e-mail pioneer Eric Allman, chief technology officer and founder of Sendmail..." [PF:] "I see tremendous amounts of evolution in what you and I would call user-agents. The current IM clients and the current e-mail clients are just going to evolve like crazy in the next five years. We probably won't recognize them five years from now. The explosion of people trying to communicate with you, using instant messaging and e-mail, is going to grow tremendously. Having systems that can manage that in a human-friendly collaborative manner is going to be critically important as we move ahead. I'm very optimistic about that. At some level, it sounds like, 'Oh my god, we're all going to drown in an e-mail sea,' and I think that filtering technologies have come around very quickly in the last two years. I've been very impressed by how quickly people have addressed spam, and that's because it's so important. I think e-mail was the killer app of the Internet, and messaging still is the killer app. E-mail plus instant messaging are part of that whole messaging milieu. They probably will be for a long time. I'm one of the people who still believe that e-mail is as important if not more important than the Web in the Internet. The Web-heads of course would say, 'No, no, the Web is the most important thing,' but I'm a big believer that person-to-person messaging, whether it be e-mail or IM, is probably still the driver. Clearly, both are important. I give the nod to messaging because people can be closer to the people they care about, and it makes it easier for them to work with the people they need to work with..."

[December 20, 2003] "XML for the Rest of Us. Once Eclipsed by Machine-To-Machine Communications, the Human Factor of XML is Starting to Emerge." By Jon Udell. In InfoWorld (December 19, 2003). "Last week in Philadelphia, I had the honor of delivering the opening keynote address at XML 2003. On the morning of the talk, I watched the cubicles light up in the bank across the street from my hotel. XML is a disruptive technology that is almost certainly replumbing the IT infrastructure of that bank. But to those bankers booting up their PCs and sipping coffee in early morning CRT glow, XML is still probably just plumbing -- if that... At a previous XML conference in 2001, the agenda had been all about plumbing... XML 2003 was a much happier experience. Seven weeks after shipping InfoPath, Microsoft's Jean Paoli was onstage showing how officers of the North Carolina Highway Patrol are using XML documents to report incidents. And Adobe, which had earlier this year revealed the existence of latent XML capabilities in the free Acrobat 6 reader, demonstrated the beta version of a form designer that can turn a piece of digital paper into an XML-aware form. 'The relational database is designed to serve up rows and columns,' said BEA's Adam Bosworth in his keynote talk. 'But our model of the world is documents. It's, 'Tell me everything I want to know about this person or this clinical trial.' And those things are not flat, they're complex. Now we have the way to get not only the hospital records and prescriptions but also the doctor's write-ups.' The doctors and bankers will get that, just as the highway patrolmen already do. XML documents, flowing through XML plumbing, can now deliver very real and tangible benefits. For the publishing geeks who started it all, it's a moment to savor..."

[December 20, 2003] "To Boldly Go." By Martin Sexton (London Market Systems). In Financial IT [IncisiveMedia] (October 2003). "Since 2000, a number of industry and proprietary XML standards have emerged, raising concerns that there were too many XML vocabularies being developed. This has led to a general misconception that the market is full of competing XML standards, causing many participants to adopt a wait-and-see approach.' At the end of 2000 ISO 15022 Second Edition was initiated, its goal being to encourage convergence of industry-wide standards to create a single financial repository. The initial challenge was to merge SWIFT (post-trade and settlement) and FIX (pre-trade and trade) into a single XML standards framework. Discussions are now under way on the integration of MDDL (market data pricing and reference data, including corporate actions), FpML (derivatives trading), and TWIST (FX, money markets and commercial payments). The original delivery date for the ISO 15022 XML standard was December 2003, though to ensure the standards are properly integrated, tested and agreed this date has moved to mid-2004. Given the scope and plans of each standard is publicly available, one should not be concerned about committing to industry standards. Fears of being an early adopter should be balanced against meeting the needs of your organisation. Taking part in defining the standards will ultimately ensure the needs of your organisation are met. Financial standards landscape The working group behind ISO 15022 Second Edition produced an initial roadmap that is summarised in the diagram on the next page. It shows the Trade lifecycle and the scope of the existing 'non-XML' standards that are planned to be reverse engineered to produce the XML variants. Since its inception, ISO 15022 Second Edition has been expanded to include the other XML standards, FpML, MDDL, and TWIST. The principle driving force behind the creation of these standards has been the impending T+1 regulations. The SIA and GarnterG2 conducted a survey (July 2003) on the industry's efforts toward STP, and one of the report's recommendations was that industry leaders should, 'work with the Securities Industry Association and industry bodies to establish a consensus on STP standards'. Deploying global XML standards offers the opportunity for improvement in trade automation, resulting in tangibles benefits such as reduced staffing levels and shortened trade life cycles, as well as savings in hard currency... In April 2003, at the Defining the Reference Data Standard conference in New York, Keith Berry announced the success story of XML integration projects at Barclay Global Investors. By deploying XML, over 60 market data flat file interfaces were replaced with nine XML interfaces and a further 320 application interfaces were replaced by 75 XML equivalent. Other initiatives include the London Stock Exchange Sedol Master File and the FT Interactive Data pricing files projects; both have opted for MDDL as the delivery format. Potential users should not be concerned about possible standards turf wars or whether or not to use standards in a prescriptive manner. If real business benefits can be identified, one needs to ask 'why are we not using XML standards to solve part or all of our data management needs?' Given the benefits of using XML within the enterprise, there seems little point in duplicating the months of effort these standards represent without taking a good look at what they can offer -- why reinvent the wheel?" See also: (1) the London Market Systems XML Standards Guide for Market Data; (2) "FISD XML Messaging Specification for Real Time Streaming XML-Encoded Market Data."

[December 20, 2003] "XML: We Ain't Seen Nothin' Yet." By A. Russell Jones (DevX, Executive Editor). In DevX.com XML Zone (December 16, 2003). ['From interprocess communications to file systems to operating systems, XML is a magic elixir that provides new possibilities and solves a host of ailments. XML is becoming instrumental in areas that you may never have even considered before.'] "XML is a fundamentally simple idea -- take bits of content and give them identifying tags -- but it has far-reaching effects. In just a few short years, XML's evolution has sparked an explosion of innovation that's touched nearly every facet of computing, even the most basic computing building blocks, such as file systems, databases, displays, and communications. And it's not done yet. It won't be long before XML permeates nearly every system, application, and data store within reach. Think I'm exaggerating? Look at what XML has already accomplished... XML is set to fuel both file system (WinFS) and display (XAML, XUL) functionality in Windows. Similar capabilities for other OS's are likely not far behind. If you can capture the application management, data storage, and UI behavior in XML, you've essentially created a layer that can be moved between operating systems much more easily... XML-formatted configuration files increasingly hold directives, settings, preferences, and meta-data for individual applications, which means XML is already being used to perform one portion of application management. Applications also need data, and XML has made significant inroads into data storage, data transfer, and data query capabilities as well. Although relational databases remain the primary repository for enterprise and large-scale application data, modern applications that work with the data are retrieving it as XML. Microsoft's DataSets in .NET are one small example. For more indications, one need look no further than the fact that all major databases can now deliver XML-formatted data, accept XML data for update and insert operations, and are rapidly gaining the ability to store and query (see XQuery) data in native XML format. The essential point is this: Just as XML Web services provide a language-and-platform-independent layer between applications, XML configuration and management, data storage and display provide an equally language-and-platform-independent layer between operating systems. You'll see the fruits of this added layer of indirection in years to come..."

[December 20, 2003] "Q&A: Web Services Security." By Jack Vaughan [and Toufic Boubez]. In Appliccation Development Trends (December 01, 2003). "Toufic Boubez has a stellar record in Web services. At IBM, he co-authored UDDI. Later, he founded Layer 7 Technologies which recently released SecureSpan to promote Web services security and integration policy creation..." Boubez [excerpt]: "'Web services' denotes a set of technologies that is supposed to allow you to attain the ideal of just-in-time integration through loosely coupled systems. But the current model in its current use breaks down when it comes to anything other than the simplest, most straight-forward 'getQuote' type of toy examples. There are many areas of tight coupling in the SOAP message alone... In typical Web services scenarios, security mechanisms such as authentication, authorization, credential presentation, encryption, or digital signature requirements are hard coded into the Web service. The equivalent mechanisms must then be hard coded into the client applications that invoke this Web service. This results in a system where the requesting client application is tightly coupled to the implementation of the service, and breaks down if any of these terms need to be changed. But, to get back to the question, there definitely is a mechanism to make Web services security loosely coupled. This is where the crucial concept of policy enters the picture. In order to provide flexibility to an otherwise brittle system, policy documents have to be created to decouple 'invariants' from 'environment variables'. In this context, what I consider to be an invariant is the actual functionality of the service, tested and deployed, and not to be touched again until the business requirements change... A system cannot be 'half' loosely coupled - it either is or isn't. What's needed to complete the solution is a new concept that we're proposing, the policy application point, at the client side. This is where the requester is also decoupled from the security policy requirements, in the same way that the policy enforcement point decoupled the web service itself. The policy application and enforcement points can exchange policy documents and coordinate at runtime to make the whole security mechanism truly loosely coupled. This in essence is one of the most important features of the SecureSpan Solution..."

[December 20, 2003] "xmltramp and pxdom." By Uche Ogbuji. From XML.com (December 17, 2003). ['In his Python column, Uche Ogbuji covers "xmltramp", a tool for parsing XML documents into a data structure that's very friendly to Python, and "pxdom", a highlight-compliant, DOM Level 3 implementation.'] "In this article I cover two XML processing libraries with very disjoint goals. xmltramp, developed by Aaron Swartz, is a tool for parsing XML documents into a data structure very friendly to Python. Recently many of the tools I've been covering with this primary goal of Python-friendliness have been data binding tools. xmltramp doesn't meet the definition of a data binding tool I've been using; that is, it isn't a system that represents elements and attributes from the XML document as custom objects that use the vocabulary from the XML document for naming and reference. xmltramp is more like ElementTree, which I covered earlier, defining a set of lightweight objects that make information in XML document accessible through familiar Python idioms. The stated goal of xmltramp is simplicity rather than exhaustive coverage of XML features... pxdom, on the other hand, has the goal of strict DOM Level 3 compliance. It is developed by Andrew Clover, who contributed to the XML-SIG the document 'DOM Standards compliance', a very thorough matrix of feature and defect comparisons between Python DOM implementatons. DOM has generally not been the favorite API of Python users -- or, for that matter, of Java users -- but it certainly has an important place because of its cross-language support..." General references in "XML and Python."

[December 18, 2003] "Lack of Windows 98 Support Could Have Wide Impact: Study." By Jack Kapica. In The Globe and Mail (December 11, 2003). "Many companies are going to find themselves more vulnerable to viruses and security attacks on Jan. 16, a Canadian research company says. On that day, Microsoft Corp ceases to offer technical support and security updates for its five-year-old operating system Windows 98. And those operating systems are still very popular among cost-conscious companies. Inventory data collected by Ottawa-based AssetMetrix Research Labs of 370,000 computers -- from 670 companies ranging in size from 10 to 49,000 PCs -- found that more than 80 per cent of the companies were still using Windows 98 or Windows 95. But in mid-January, all those computers will be considered obsolete, and security patches will cease to be made for Windows 98 or its revised successor, Windows 98 SE... AssetMetrix Research Labs, the research division of AssetMetrix, an asset intelligence service, produced the report in support of Win98-Exodus, the company's new tool to help corporations upgrade to Windows 2000 and Windows XP... More than 27 per cent of PCs were running Windows 95 or Windows 98, AssetMetrix reported, compared to only 7 per cent for Windows XP..." See also the following bibliographic entry.

[December 18, 2003] "An Open Letter From Jonathan Schwartz." By Jonathan Schwartz (Executive Vice President, Sun Microsystems). From Sun News, Video, and Resources. December 17, 2003. "Microsoft's recent unilateral decision to discontinue support for Windows 98 and other products as of December 23, 2003 offers users a lesson, and an opportunity. It's a lesson in how a company with legendary market dominance can lose sight of customer priorities, and force an unnecessary transition onto a customer base already paralyzed with viruses and security breaches... Publicly, Microsoft says Sun forced its hand. Yet, they overlooked that this issue was part of a settlement it agreed to and Sun extended until September of next year. So apparently without consulting customers, partners or ISV's, Microsoft has unilaterally elected to pull their products from the market, then blamed it on Sun. We'd like you to know that this isn't accurate. The agreement between Sun and Microsoft gives customers a graceful transition path to a future platform, that extends far beyond December 23. Moreover, Sun has offered, and will continue to offer, a license to Java technology that would spare Microsoft any transition whatsoever so long as Microsoft maintains compatibility, and a commitment to the preservation of the very same standards igniting the world of web services... While Microsoft scapegoats Sun, the world is discovering the wonders of Sun's Java Desktop System -- which delivers all the functionality of a Windows environment, at a tenth the price, and with ten times the security. The Chinese government discovered it. The United Kingdom's National Health Service and Office of Government Commerce discovered it. Just like hospitals, universities, retailers - and soon, some of the worlds largest enterprises -- have discovered. Sun's Java Desktop System delivers an engaging, very low cost alternative to the proprietary Microsoft platform -- which you can deploy without retraining, or fear of incompatibility..." See also the preceding reference.

[December 18, 2003] "OpenOffice Makes Government Inroads." By Matthew Broersma. In CNET News.com (December 18, 2003). "Government bodies in Israel and Texas are starting to shift from Microsoft Office to open-source alternatives, driven by budget pressures. Two significant government bodies, the Israel Department of Commerce and the City of Austin, Texas, are moving toward replacing Microsoft Office installations with the OpenOffice.org productivity suite. This continues a worldwide trend of governments attempting to cut costs with open-source software. The Department of Commerce has made a strategic decision to reduce government dependency on Microsoft, and is to replace most of its Microsoft Office desktops with OpenOffice, according to a report this week in the Israeli business daily Globes. The software is to run on Windows using IBM hardware, the paper said. Also this week, the City of Austin said it would migrate several hundred Microsoft Office installations to OpenOffice beginning in January, as part of an ongoing testing program. OpenOffice is an open-source office suite based on Sun Microsystems' StarOffice. Open-source software is not controlled by any one company, making it attractive for organizations wary of paying steep licensing fees to a single supplier. Many public-sector bodies are also eyeing, or actively migrating to, the open-source Linux operating system for desktop use. Linux is widely used on servers, but has yet to make a serious dent in Microsoft's dominance of the desktop. Austin made the decision to shift 300 desktops in the Communications Technology Management department to OpenOffice after testing the software on 30 desktops for several months, according to Austin's acting chief information officer, Pete Collins. He said that testing would continue, with the possibility of more of the city's 5,200 desktops shifting to OpenOffice..." See also: (1) the news story "Danish Board of Technology Report Recommends Open Source Software for E-Government"; (2) "OpenOffice.org XML File Format."

[December 17, 2003] "New Storage Management Specification Key to Managing Multi-Vendor SANs." By Shankar Subramanian. In CNETAsia (December 09 2003). "Storage management will take a major step forward this year when the Storage Networking Industry Association (SNIA) completes work on the first version of the Storage Management Interface Specification, or SMI-S, a specification for a standardized interface for storage management applications. Managing multi-vendor Storage Area Networks (SANs) is a key concern for end-users and integrators alike. It typically requires the use of a several applications from multiple vendors. The applications are typically uncoordinated and unable to work together to deliver the functionality, distribution, security, and reliability to ensure the delivery of increased business efficiency. SMI-S specifies a protocol stack consisting of CIM-XML (object descriptions and management actions) over HTTP (session), over TCP (transport), over IP (interconnect). The ubiquity of the lower layers of this stack make it possible to manage components using in-band communications, out-of-band communications, or a mix of the two... SMI-S incorporates mechanisms for standards-based management of legacy devices with proprietary interfaces. Devices and subsystems can be integrated into an SMI-S network using software agents (one per device) or CIM object managers (CIMOMs -- one or multiple devices). Agents and object managers bridge to proprietary device management models and protocols and those of the SMIS. As higher-level abstractions than models developed specifically for individual components, SMI-S Object Models are applicable across entire classes of devices. Common abstractions make it feasible for software developers to implement policy -based management for entire storage networks... SMI-S [provides] a common interoperable and extensible management transport. SMI-S is the unifying factor between objects that must be managed in a storage network and the tools used to manage them. SMI-S is based on the Web Based Enterprise Management (WBEM) architecture and the Common Information Model (CIM) as pioneered by the Distributed Management Task Force (DMTF). The use of the CIM-XML over HTTP standard, an object independent management protocol, allows vendors to dynamically extend the features and functions of their products without redesign of the management transport. SMI-S will shift the industry development model relieving vendors of the tedious task of integrating incompatible and 'feature thin' management interfaces, allowing them to focus on building management engines that reduce the cost and extend functionality. Device vendors will be spared the expense of 'pushing' management interface functionality across an industry of management applications developers and empowered to build new features and functions into subsystems..." General references in "SNIA Storage Management Initiative Specification (SMI-S)."

[December 17, 2003] "DoS Flaw in SOAP DTD Parameter." By Ryan Naraine. From InternetNews.com (December 15, 2003). "Technology heavyweights IBM and Microsoft have released fixes for a potentially serious vulnerability in various Web Services products that could be exploited to trigger denial-of-service attacks. In separate alerts, the companies said the vulnerability was caused by an error in the XML parser when parsing the DTD (Document Type Definition) part of XML documents. Independent security researcher Secunia has tagged the flaw with a 'moderately critical' rating. Affected software include the IBM WebSphere 5.0.0 and Microsoft ASP.NET Web Services (.NET framework 1.0, .NET framework 1.1). According to IBM, the security patch fixes a flaw that could be exploited by sending a specially crafted SOAP request. 'This can cause the WebSphere XML Parser to consume an excessive amount of CPU resources,' Big Blue warned. An advisory from Microsoft confirmed the DTD error parsing vulnerability in its Web Services products, included with the .NET Framework 1.1..."

[December 17, 2003] "OASIS Members Demo Interoperability." By Dave Kearns. In Network World (December 17, 2003). ['The author references the Liberty Alliance's recent conformance testing results and looks at a more all-encompassing group of interoperability tests. These tests were done under the auspices of Organization for the Advancement of Structured Information Standards, the foremost proponent of XML as the lingua franca of business data exchanges, including those in the identity management arena.'] "At last week's XML 2003 conference in Philadelphia, OASIS and its members collaborated on separate interoperability demonstrations of five different OASIS Standards and specifications: Electronic Business XML (ebXML), Security Assertions Markup Language (SAML), Universal Business Language (UBL), Web Services Reliability (WS-Reliability), and Extensible Access Control Markup Language (XACML). All five specs involve identity management to a greater or lesser extent. SAML, of course, is the underlying mechanism used by the various federated identity schemes, one of which -- WS-Federation -- also encompasses WS-Reliability. XACML is a language that describes a namespace for the expression of authorization policies in XML. UBL and ebXML are more generalized business-to-business languages (ebXML is actually a family of protocols) which could be seen to be an outgrowth of and an extension to the older Electronic Data Interchange (EDI) formats x11 and EDIFACT. Identity, authentication and authorization have parts to play in all of these... There were actually four demos presented, and one covered multiple protocols: (1) Interoperability Using Test Frameworks - ebXML in a Supply-Chain environment; (2) WS-Reliability - A demonstration of guaranteed message delivery involving Fujitsu, Hitachi, NEC, Oracle and Sun; (3) Epidemic Management Using OASIS ebXML, UBL and XACML - A real-world test of disseminating information about a health problem; (4) Web Services for Remote Portlets - Reuse of 'mini-portals' and gadgets (so-called 'portlets') for multiple sites... The WS-Reliability demo should be of interest as it is part of the infrastructure necessary for WS-Federation. The presentation demonstrated the ability of the companies involved to deliver a message, guarantee no duplicate messages and order messages as part of a transaction while all sorts of nasty things (outages, re-routings, etc.) were occurring on the network. The Epidemic Management demo is also of interest since authentication and authorization are extremely important to medical information, which must be gathered, analyzed and disseminated quickly, yet authoritatively, while still protecting patients' privacy..." See the announcement: "OASIS Interoperability Demos Showcase ebXML, SAML, UBL, WS-Reliability, and XACML at XML 2003. Adobe, BEA, Citrix, Cyclone Commerce, Drake Certivo, Fujitsu, Hitachi, IBM, Korean National Computerization Agency (NCA), NEC, US National Institute of Standards and Technology (NIST), Oracle, Sun Microsystems, Vignette, and Others Demonstrate Interoperability of Standards."

[December 17, 2003] "Incremental XML Parsing and Validation in a Text Editor." By Uche Ogbuji. From XMLhack.com (December 15, 2003). "At XML 2003 in Philadelphia, James Clark presented the ideas and implementation behind his nXML XML editing mode for GNU Emacs. He pointed out that text editors could be classified as text editors and structure editors. Many well-known XML editors are actually the latter, in which the docuemnt is always well-formed (and maybe even schema-valid) by virtue of restrictions on user interaction. In developing nXML, Clark wanted people to truly be able to do all the things a plain text editor, and in particular Emacs, allows. This means that the document will proceed through varying levels of well-formedness and validity as the user works. The goal is to provide the user with as many cues as possible to the user as to well-formedness and validity, without interfering with the basic text editing. This is much like the argument that Rick Jelliffe has been making for a while, and which has informed the development of Rick's commercial venture, the Topologi XML editor. Clark has now provided for effective text-driven editing of XML in an open source tool..." See the download site and the following reference.

[December 17, 2003] "Incremental XML Parsing and Validation in a Text Editor." By James Clark. Presentation given at XML 2003. "XML editors can be divided into text editors and structure editors. In a structure editor, the user interacts with the document as an abstract tree of elements. In a text editor, the user interacts with a document as a sequence of characters or lines of text. In a normal text editor, a user is not constrained in how they can modify the content of the document: any text can be inserted at any point and any range of text can be deleted. Preserving this characteristic in an XML editor, while providing useful support for XML editing and acceptable performance, presents some challenges. A normal XML parser or validator starts at the beginning of the document, and processes the entire document until it reaches the end or possibly until it encounters an error. This kind of implementation is not useful for an XML editor. Completely reprocessing the document on every edit cannot scale to large documents. To solve this problem, XML processing must work incrementally: as the document is processed, additional information is recorded, so that when the document is subsequently modified, the necessary reprocessing is minimized. Three kinds of XML processing will be addressed: XML 1.0 parsing, XML Namespaces processing and RELAX NG validation. This session will describe two algorithms that allow all these three kinds of processing to be performed incrementally. These algorithms have been implemented for GNU Emacs completely in Emacs Lisp. This is a particularly challenging environment, since the implementation of Emacs Lisp in GNU Emacs is much slower than the typical implementation of a language such as C++, Java or C# in which a text editor would usually be written. Moreover, GNU Emacs lacks any support for multithreading. Note that this work is also relevant W3C XML Schemas, since, for the purposes of validation, W3C XML Schemas (minus integrity constraints) can be translated into RELAX NG schemas..." See also RELAX NG.

[December 17, 2003] "Atom Authentication." By Mark Pilgrim. From XML.com (December 17, 2003). "Atom, in case you missed it, is a new standard that uses XML over HTTP to publish and syndicate web-based content. It is initially targeted at weblogs, and most of the early adopters so far have been weblog vendors and users. It consists of the Atom API, which I discussed last month, and the Atom syndication format, which I will discuss next month. This month I want to talk about authentication... life would be much simpler if Atom could just use existing HTTP authentication, as-is. But it can't; I'm going to tell you why and then I'm going to tell you what we're doing instead... all previous weblog publishing APIs send passwords over the wire in clear text. Clearly none of these APIs will work: (1) Use HTTP basic authentication - this does not technically send passwords over the wire in clear text, but it encodes them in a way that is easily reversible. So this doesn't actually help Bob since it's not an improvement over clear text. (2) MD5-hash the password and only send the hash - this would solve the password sniffing problem, since you couldn't reverse engineer the hash to recover the original password, but it doesn't help because it's susceptible to replay attacks. (3) Use HTTP basic authentication over SSL - this would solve the password sniffing problem, but it doesn't help because we can't use SSL... (4) Use HTTP digest authentication - this would also solve the password sniffing problem, and it would solve the replay problem, but most web hosting providers don't turn on digest authentication... A little-known fact about RFC 2617 is that HTTP authentication is extensible. The RFC defines and Apache has modules for Basic and Digest authentication, but developers are free to define different algorithms for use within the HTTP authentication framework, and servers are free to insist that clients support those algorithms if they want access to the server's resources... After much haggling, the algorithm we chose [for Atom] was WSSE Username Token. WSSE is a family of open security specifications for web services, specifically SOAP web services. However, the Username Token algorithm is not SOAP-specific; it can be easily adapted to work within the HTTP authentication framework, and it solves all of the problems..." Note: the Atom authentication solution was still being discussed as of 2003-12-18. Other references in the news story: "Atom as the New XML-Based Web Publishing and Syndication Format."

[December 17, 2003] "Roll Your Own Secret Santa Web Application, Part 1: The Beans. A Step-By-Step Guide to the Tools, Technology, Design, and Implementation" By Merlin Hughes. From IBM DeveloperWorks. December 17, 2003. "Merlin Hughes presents the design and implementation of a J2EE-based secret Santa Web application, along with a discussion of the tools and technologies that can be used to ease the development of such applications. The 3-part series provides a broad overview of how to build a J2EE application from the ground up, using some modern tools and frameworks, with details of how these different technologies work together to produce the end result. While not intended as detailed treatises on any individual technology, these articles instead serve as guides to developing a Web application with J2EE. This first article focuses on the beans, their design and implementation, and the use of XDoclet to accelerate their development and deployment. It examines the tools and technologies used to implement the application, and walks through the model implementation, including the entity beans that encapsulate its state, relations, and some business logic. When developing J2EE applications, you can build them from scratch or work with the many tools that are currently available to maximize your productivity. The latter approach will not only speed your development time, but the resulting solution will often be more robust and scalable, as it will benefit from the significant experience that has driven the development of the support tools, and you'll have more time to design and test the result. Aside from the underlying J2EE technologies, our implementation of the secret Santa application model has benefited tremendously from the use of XDoclet; little over a thousand lines of commented code result in an application four times the size. The majority of this code will therefore be autogenerated code that has seen deployment, use, and validation, and thus should have few or no errors. XDoclet has many strengths, not least of which is how it supports customization for different application designs, as seen in the custom value object pattern employed here..." See also Part 2 and Part 3.

[December 16, 2003] "Introducing WS-CAF: More Than Just Transactions." By Mark Little and Jim Webber (Arjuna Technologies). In Web Services Journal Volume 03, Issue 12 (December 2003). "Web services have become the integration platform of choice for enterprise applications. Those applications by the very nature of their enterprise-scale components can be complex in structure, which is compounded by the need to share common data or context across business processes supported by those applications. Those processes may be very long lived, and may contain periods of inactivity, for example, where constituent services require user interactions. In response to these issues, WSCAF (Web Services Composite Application Framework) was publicly released in July 2003 after almost two years of effort, and has broad industry support from companies such as Iona, Oracle, Sun, and a host of others, and is now under the care of an OASIS standardization effort through the WS-CAF Technical Committee. The WS-CAF specifications are a suite of protocols designed to provide the necessary framework for composing Web services into larger aggregate business processes. Given that WS-CAF is the first framework of its kind to make its way into standardization, it's important to understand the principles underpinning it. This article provides a high-level view of WS-CAF starting from the bottom up, explaining the layered architecture of the trio of specifications that comprise WS-CAF, and demonstrating how each of the specifications can be used in its own right or as a whole to provide a rich framework for building reliable composite applications... From a distance, WS-CAF may be misinterpreted simply as the industry's third attempt at designing a transaction management solution for Web services. However, while one aspect of WS-CAF does address the kind of extended transaction models that are crucial for Web services reliability, there is actually much more to WS-CAF than just transactions. WS-CAF also provides generic context-management and service-coordination frameworks that can form the basis of composite applications, processes, and workflows. These features are exposed to Web services-based applications and can be tailored to build protocols that are specific to particular applications domains..." Note: the article also features a section "Comparison Between OASIS BTP and WS-Coordination/Transaction." See also: (1) "OASIS Forms Web Services Composite Application Framework Technical Committee"; (2) WS-CAF Technical Committee web site.

[December 16, 2003] "Sun Sets Up European RFID Test Center." By Andy McCue. In CNET News.com (December 05, 2003). "Sun Microsystems will open a facility in Europe where companies can test their radio frequency identification systems. The announcement, made at Sun's first European user conference Friday, signals the company's intention to stake a claim in what is likely to be a lucrative market. In a demonstration Friday, Sun's Chief Executive Scott McNealy checked out a shopping basket of RFID-tagged goods. The center is due to open in February next year and is an addition to Sun's U.S. facility. Sun maintains that RFID tags have the potential to cut huge costs from the supply chain of retailers and manufacturers. In the United States, Wal-Mart Stores is set to spend $3 billion on RFID technology, and the retailer has drawn up specifications that its top 100 merchandise suppliers should adhere to by January 1, 2005. The new European testing center will allow companies to comply with the Wal-Mart mandate... Sun's move is unlikely to be popular with privacy groups who, earlier this month, called for the suspension of RFID implementation amid fears that the tags will be used for more nefarious people-tracking purposes once they have left stores with tagged goods. Sun's chief researcher, John Gage, told Silicon.com that the center will work to make sure the launch complies with privacy laws, but he admitted that more work needs to be done to reassure consumers that the data will not be later used for other purposes..." See also: (1) "Sun to Open a Wal-Mart Compliant RFID Test Center. New Director of Auto-ID Business Unit Claims New Facility Will Speed Supplier Compliance to Wal-Mart Standards."; (2) "RFID Resources and Readings"; (3) "Physical Markup Language (PML) for Radio Frequency Identification (RFID)."

[December 16, 2003] "New Storage Management Specification Key to Managing Multi-Vendor SANs." By Shankar Subramanian. In CNET Asia (December 09, 2003). "Storage management will take a major step forward this year when the Storage Networking Industry Association (SNIA) completes work on the first version of the Storage Management Interface Specification (SMI-S), a specification for a standardized interface for storage management applications. Managing multi-vendor Storage Area Networks (SANs) is a key concern for end-users and integrators alike. SMI-S incorporates mechanisms for standards-based management of legacy devices with proprietary interfaces. Devices and subsystems can be integrated into an SMI-S network using software agents (one per device) or CIM object. SMI-S provides a common interoperable and extensible management transport. SMI-S is the unifying factor between objects that must be managed in a storage network and the tools used to manage them. It is based on the Web Based Enterprise Management (WBEM) architecture and the Common Information Model (CIM) as pioneered by DMTF. The use of the CIM-XML over HTTP standard, an object independent management protocol, allows vendors to dynamically extend the features and functions of their products without redesign of the management transport... SMI-S will shift the industry development model relieving vendors of the tedious task of integrating incompatible and 'feature thin' management interfaces, allowing them to focus on building management engines that reduce the cost and extend functionality. Device vendors will be spared the expense of 'pushing' management interface functionality across an industry of management applications developers and empowered to build new features and functions into subsystems..." General references in "SNIA Storage Management Initiative Specification (SMI-S)."

[December 16, 2003] "Reusable Asset Specification Advances at OMG." By David Rubinstein. In Software Development Times (December 15, 2003). "The architecture board of Object Management Group Inc. last month gave its approval to the Reusable Asset Specification, basing it on the XML Metadata Interchange to facilitate the growth of what the group is calling asset-based development. The vote moves the specification, which has been in development for three years, closer to realization. There is now a 90-day comment period open, and if nothing emerges to undermine the effort, OMG's board of directors will vote to finalize the specification. OMG expects the Reusable Asset Specification (RAS) to become adopted by the board of directors in July 2004. The move to XMI from the original proposal, which relied upon the XML Schema, gives the RAS the ability to model and map relationships in a less obtrusive manner, according to Grant Larsen, a model-driven development strategist for IBM's Rational division and a contributor to the specification. Rational engineers developed the core ideas behind the specification in 1999; the effort was joined by IBM, Microsoft and ComponentSource in an RAS vendor consortium in 2000. The group submitted the specification to OMG for consideration around May. 'The spec today has two parts,' Larsen said. 'The incumbent tells how to store and capture metadata, which is realized and defined in XML Schema. Flashline, LogicLibrary and Rational have built tools around it. The newcomer is XMI, and I'm not aware of any tooling created around that as of yet'... Larsen defined asset-based development as creating, managing and consuming assets. Asset creation involves identifying, harvesting, refining and packaging a software artifact from the name, rules and extension points..." See also the following bibliographic entry and "XML Metadata Interchange (XMI)."

[December 16, 2003] "Draft RFC Submitted to OMG: Reusable Asset Specification (RAS)." An OMG Draft. Version 2.1. August 2003. Copyright (c) 2003 IBM, Flashline, LogicLibrary, ComponentSource, and Adaptive. 84 pages. Contributions by Brent Carlson (LogicLibrary); Charles Stack (Flashline); Craeg Strong (Ariel Partners); Ed Bacon (Vanguard); Grant Larsen (IBM); Jim Conallen (IBM); Jim Green (Microsoft); Jimmy Kerekes (Telstra); John Cheesman (Irene 7); John Steele (Charles Schwab); Lance Delano (Microsoft); Lior Amar (OSTnet); Martin LeClerc (IBM); Kumar Vagaparty (Merrill Lynch); Pete Rivett (Adaptive); Sam Patterson (ComponentSource); Sridhar Iyengar (IBM); Wayne Wulfert (Caterpillar); Wojtek Kozaczynski (Microsoft). "The Reusable Asset Specification (RAS) defines a standard way to package reusable software assets. A reusable software asset is, broadly speaking, any cohesive collection of artifacts that solve a specific problem or set of problems encountered in the software development life cycle. A reusable software asset is created with the intent of reuse... There are three key dimensions that describe reusable assets: granularity, variability, and articulation... Every reusable asset must contain at a minimum one manifest file, which are described below, and at least one artifact to be considered a valid reusable asset. The manifest file is an XML document that validates against one of the known RAS XML Schemas, and passes an additional set of semantic constraints described in the profile document. An asset package is the collection of artifact files plus a manifest. It can be a location on a filesystem or a single archive file. The manifest document is an XML document; the authoritative description of the RAS manifest document structure is provided as an XML Schema. XML Schemas express shared vocabularies and allow machines to carry out rules made by people. They provide a means for defining the structure, content and semantics of XML documents... The OMG Analysis & Design Task Force (ADTF) creates model and meta model standards for software development. RAS describes assets as part of asset-based development (ABD) which is an element of software development. The RAS includes UML models and XML schemas in support of ABD. ABD compliments model-driven development (MDD) by describing asset production, asset consumption, and asset management. These assets may be models that may be transformed to support the MDA standard. RAS leverages existing OMG technologies / standards, as it is described using UML. RAS is also described using XML schema. We are in the process of defining a MOF 2.0 model of RAS so that the XML schemas produced will be compliant to MOF 2.0 and XMI 2.0. The final RFC will confirm to MOF 2, UML 2, XMI 2, and W3C XML. The current XML schemas will continue to be normative because there are many implementations that conform to that specification. There are several tool vendors that have implemented the currently released RAS XML schema in their tools including, IBM, Flashline, and LogicLibrary..." [adapted from the v2.1 draft]

[December 16, 2003] "BEA Thinks Simple With Weblogic Revamp." By Martin LaMonica. In CNET News.com (December 16, 2003). "BEA Systems is hoping to simplify the management of Java software with an upcoming release of its WebLogic product, underscoring a broader industry push to lower the cost of managing applications. The company's WebLogic 9.0 application server software is being designed so that businesses can see how well their Java business applications are performing, and quickly spot and fix problems, said Benjamin Renaud, deputy chief technology officer at BEA. WebLogic 9.0 will also add better Extensible Markup Language (XML) messaging capabilities for sharing information, and will support the most recent XML-based Web services specifications ratified by standards organizations, Renaud said. BEA's WebLogic application server is based on the Java 2 Enterprise Edition (J2EE) standard, used to build and implement custom business applications. In August of this year, company CEO Alfred Chuang said WebLogic 9.0 would be completed in 12 to 18 months, or the latter half of 2004. BEA is the No. 2 maker of application server software, behind IBM. The company's focus on simplifying application management reflects growing demand among customers for business applications that are cheaper to maintain, analysts said. Businesses typically allocate well over half of their information technology budgets to maintaining existing applications... IBM is building in closer ties between its WebSphere Java server and its Tivoli systems management line. And Microsoft has launched its Dynamic Systems Initiative, which will make it easier for Windows applications to feed operational information to its management console. These built-in management features are designed to give companies a better sense of whether systems are meeting performance goals and to help spot glitches. With the industry coalescing around a few management standards, such as Web services management, application server companies can now more easily share application performance information with customers' existing management tools, analysts said..."

[December 16, 2003] "Optimizing Web Services Using Java, Part I: Generic Java and Web Services." By Jordan Anastasiade. In Web Services Journal Volume 03, Issue 12 (December 2003). "What lies behind Web services? Some say the answer depends on the power of the language used in the implementation, in addition to known standards like XML, SOAP, and WSDL. Developing Web services is hard since incorrect use of the language can cause subtle and pernicious errors. What patterns and idioms should we use for simplifying the development process? In this first of two articles, I describe some of the proposed changes to Java and show how they work together to make Java technology a more expressive language for Web services development. In a later article I'll use the Java Web Services Developer Pack (JWSDP 1.3), JAX-RPC 1.1 with its improved schema binding, and the architecture for Basic Profile 1.0, to demonstrate how to design Web services that perform well, how to identify idioms and patterns, and how to optimize Web services performance. ... This first article describes how generics will improve the design of Web services in Java. So what are generic types? Generics is basically a way to abstract over types. Practically, you can parameterize classes, interfaces, arrays, and methods... We examine the issues involved in supporting variant generic types in Java. A key aim in introducing genericity and variance to the Java programming language is the desire to write general, flexible, and complex Web services where decoupling and reuse are very important goals, while retaining and improving static type safety. Furthermore, variance annotations in class- and interface-type parameters increase the flexibility of subtyping relationships, allowing a better abstraction and maintainability and optimizing Web services as later articles will demonstrate. Generics increases the readability, maintainability, and safety of our Web services and will be introduced in the next release of the Java programming language (J2SE 1.5 Tiger code name). That release will also include JSR-201 with enumerations, autoboxing for loop enhancements, import of static members, and metadata - features that are easy to use as neither syntax nor semantic restrictions have been imposed on the original language. My next article will demonstrate how to us the JWSDP 1.2, JAX-RPC 1.1 with generics and some of the new features that will make our Web services safer and easier to develop..."

[December 16, 2003] "Screen XML Documents Efficiently With StAX." By Berthold Daum (BDaum Industrial Communications). From IBM developerWorks. December 11, 2003. ['Retrieve the information you want, then stop the parsing process.'] "The screening or classification of XML documents is a common problem, especially in XML middleware. Routing XML documents to specific processors may require analysis of both the document type and the document content. The problem here is obtaining the required information from the document with the least possible overhead. Traditional parsers such as DOM or SAX are not well suited to this task. DOM, for example, parses the whole document and constructs a complete document tree in memory before it returns control to the client. Even DOM parsers that employ deferred node expansion, and thus are able to parse a document partially, have high resource demands because the document tree must be at least partially constructed in memory. This is simply not acceptable for screening purposes. This article shows you how to retrieve specific information from XML documents and how to stop the parsing process once this information is collected... StAX offers a pull parser that gives client applications full control over the parsing process. A client application may decide at any time to discontinue the parsing process, and no tricks are required to stop the parser. This is ideal for screening purposes..." "BEA Offers Preview Release of JSR 173 Streaming API for Java (StAX)."

[December 16, 2003] "Longhorn for Developers: Controls and XAML." By Brent Rector. In Microsoft MSDN Library (December 16, 2003). From Introducing "Longhorn" for Developers. "Longhorn platform applications typically consist of an Application object and a set of user interface pages that you write in a declarative markup language called XAML. The Application object is a singleton and persists throughout the lifetime of the application. It allows your application logic to handle top-level events and share code and state among pages. The Application object also determines whether the application is a single window application or a navigation application. You typically write each user interface page using a dialect of XML named Extensible Application Markup Language (XAML). Each page consists of XAML elements, text nodes, and other components organized in a hierarchical tree. The hierarchical relationship of these components determines how the page renders and behaves. You can also consider a XAML page to be a description of an object model. When the runtime creates the page, it instantiates each of the elements and nodes described in the XAML document and creates an equivalent object model in memory. You can manipulate this object model programmatically -- for example, you can add and remove elements and nodes to cause the page to render and behave differently. Fundamentally, a XAML page describes the classes that the runtime should create, the property values and event handlers for the instances of the classes, and an object model hierarchy -- that is, which instance is the parent of another instance. All XAML documents are well-formed XML documents that use a defined set of element names. Therefore, all rules regarding the formation of well-formed XML documents apply equally to XAML documents... Each XAML page contains one or more elements that control the layout and behavior of the page. You arrange these elements hierarchically in a tree. Every element has only one parent. Elements can generally have any number of child elements. However, some element types -- for example, Scrollbar -- have no children; and other element types -- for example, Border -- can have a single child element. Each element name corresponds to the name of a managed class. Adding an element to a XAML document causes the runtime to create an instance of the corresponding class... A XAML page typically begins with a panel element. The panel is a container for a page's content and controls the positioning and rendering of that content. In fact, when you display anything using XAML, a panel is always involved, although sometimes it is implicit rather than one you describe explicitly. A panel can contain other panels, allowing you to partition the display surface into regions, each controlled by its panel... XAML has all the controls you've come to expect from Windows -- buttons, check boxes, radio buttons, list boxes, combo boxes, menus, scroll bars, sliders, and so on..." General references in "Microsoft Extensible Application Markup Language (XAML)" and in "XML Markup Languages for User Interface Definition."

[December 16, 2003] "BitTorrent and RSS Create Disruptive Revolution. XML Syndication and Peer-To-Peer Meet to Extend the Power and Efficiency of Web-based Information Distribution." By Steve Gillmor. In eWEEK (December 14, 2003). "Disruptive technologies are born for all sorts of reasons -- good ideas, market pressure, economic opportunity, and sometimes just plain luck. Many of today's disruptive leaders only emerged when combined with other seemingly unrelated inventions. Wi-Fi and broadband (DSL and cable but not satellite) have prospered in a mutually symbiotic fashion. So too have weblogs and RSS. For newbies, RSS feeds are XML text files generated by blogs, websites and other web servers that desktop clients -- called RSS Readers or Weblog Readers -- download on a set schedule, usually once an hour. As RSS gains momentum, it begins to strain the boundaries of its current infrastructure. Feeds are increasingly containing full text, graphics, and even multimedia files. Strict constructionists are bemoaning the trend, suggesting that syndication is all about signaling rather than transporting. Those of us who've moved to RSS as the gateway to as much information as we can filter reject that notion... RSS has forever altered the way I acquire information, and its disruptive quality can surely bond with another such technology to conquer this bottleneck... One such candidate is peer-to-peer, as resurrected in the form of Bram Cohen's BitTorrent. It's an elegant protocol for distributing files, one that takes advantage of 'the unused upload capacity of your customers.' BitTorrent breaks up files into shards that are uploaded around the network as the file is downloaded by multiple clients. The more popular a file, the more endpoints exist. You download a file with BitTorrent by simultaneously collecting shards, assembling them together locally as they arrive. Map this to RSS feeds: the more popular the feed, the more nodes on the network serving pieces of the feed. That would allow rapid downloads by many users by distributing the data across multiple sites. It's a digital Robin Hood, redistributing the wealth from the server to a network of peers. BitTorrent does cryptographic hashing of all data, so feed owners can be confident the file reaches its target unchanged. But there's even more to this disruptive alliance: a small amount of special code known as a tracker sits inside the host Web site and emits information to help other downloaders find each other. As Bram Cohen describes: '[Trackers] speak a very simple protocol layered on top of HTTP in which a downloader sends information about what file it's downloading, what port it's listening on, and similar information, and the tracker responds with a list of contact information for peers which are downloading the same file.' So you've got a list of peers connected via known ports, a trusted group of RSS feed subscribers, who can marshall their resources for additional economic benefit. That could take the form of an affinity group marketing their attention to an advertiser or political cause, a secure pool of computing resources for distributing confidential information, and a pathway for signaling information about new content on that particular subnetwork..." General references in "RDF Site Summary" | "Really Simple Syndication" (RSS)."

[December 16, 2003] "Sun Bolsters Services Efforts. Company Emphasizing Technologies Involving Managed Services and Utility Computing to Solve Services-Related Problems." By Ed Scannell. In InfoWorld (December 16, 2003). "Sun Microsystems on Tuesday [2003-12-16] underlined its commitment to driving cost and complexity out of corporate IT shops with a hard focus on technology-based solutions through its professional services group. Taking a different course than archrivals IBM and Hewlett Packard, Sun will place a stronger emphasis on technologies involving managed services and utility computing to solve a range of different services-related problems instead of just throwing more bodies at those problems, according to Pat Sueltz, Sun's executive vice president in a briefing with reporters at its Burlington, Mass. facilities. To ensure the success of this effort Sun has also combined its utility computing and managed services groups under one roof. 'The priorities we have in this area are centered around advanced services. You will see an eventual confluence of remotely managed services and remote utility computing where everything is connected to the network. You can't keep throwing people at these services and outsourcing problems,' Sueltz said. Sun intends to broaden its services portfolio by moving into managed security, which the company sees as a growing opportunity among its largest corporate accounts. This growing emphasis on services, however, does not mean Sun will take its eye off the product and technology ball. Sun still very much thinks of itself as a systems-oriented company, according to Sueltz, despite services now accounting for 37 percent of its business..."

[December 16, 2003] "Server Vendors Launch Management Initiative. Intel, IBM, HP, Dell to Work in Conjunction with DMTF to Standardize the Way Servers are Managed." By Robert McMillan. In InfoWorld (December 16, 2003). "Intel Corp., Dell Inc., IBM Corp., and Hewlett-Packard Co. have announced plans to jointly work with an industry organization to standardize the way servers are managed... The four companies will lead a new working group, called the Server Management Working Group, being formed within the Distributed Management Task Force, Inc. (DMTF) standards organization. It will define interfaces for the discovery, configuration and management of servers on a network, said Chad Engelgau, the senior manager responsible for server manageability planning at Dell. The new interfaces will make it easier for independent software vendors and system administrators to write software that works with a variety of hardware, said Engelgau. 'With this new standard, information is going to be exposed in an industry standards way so that any third party is going to be able to access that information,' he said. The Server Management Working Group plans to develop these standards in a specification called the Command Line Interface (CLI), a draft of which is expected to be delivered in by July 1, 2004, according to a DMTF statement. The effort is also being supported by Advanced Micro Devices Inc. and Sun Microsystems Inc... Speaking at the Oracle Open World conference in September, Dell Chief Executive Officer Michael Dell said his company was 'in discussions with some fairly large computer companies to get some agreement on a standard blade architecture.' At the time, the discussions included standards for common software APIs (application programming interfaces), hardware interconnects and form factors for high-density servers, like blades..." See details in the news story: "New DMTF Server Management Working Group to Evolve CIM Specification." General references in "DMTF Common Information Model (CIM)."

[December 16, 2003] "Atom in Depth." By Sam Ruby. Presentation at the XML 2003 News Standards Summit. December 08, 2003. Sam Ruby (Senior Technical Staff Member in IBM Emerging Technologies Group, also VP, Apache Software Foundation) provided a state-of-affairs overview of the Atom news syndication format at the recent News Standards Summit. The presentation (summarized in 59 slides) covers: Background to Atom, Core model, Syndication, 'API', and the Web Accessible Archive. "The key insights are these: design Atom such that content is not treated as a second class citizen; insist upon a uniform mechanism for expressing the core concepts independent of the usage; keep the format open and simple. Atom is based heavily on the concepts and experiences with RSS. Special thanks go out to: NetScape, UserLand, RSS-Dev working group, and especially the RSS community! On October 22nd, Mark Pilgrim and I announced the availability of a RSS validator built from the ground up to support all versions of RSS. Both in the development effort itself, and in examining both feeds that failed, and feeds that one aggregator developer or another wished would fail, we became frustrated by a number of ambiguities in these specs. Contrary to what some would have you believe, pretty much all of these ambiguities apply to all RSS versions... Markup in the Atom title? The default is text/plain, i.e., no markup; markup is permitted, iff explicitly indicated, mode='escaped' type='text/html'. [As to the Atom 'API':] Instead of focusing on Applications, the focus is on Data (Post, Get, Put, Delete); clients may optionally use SOAP..." Related references in: (1) the news story: "Atom as the New XML-Based Web Publishing and Syndication Format"; (2) "XML 2003 News Standards Summit Seeks Interoperability and Convergence."

[December 15, 2003] "XML 2003 Session Report: News from the World of DSDL." By Uche Ogbuji. From XMLhack.com (December 15, 2003). "On 10-December-2003 at the XML 2003 Conference in Philadelphia, Eric van der Vlist kicked off a block of presentations opening up the world of ISO Document Schema Definition Languages (DSDL) (ISO/IEC JTC 1 SC 34 WG 1), and some of the innovative work being undertaken in that working group. Eric presented an 'Update on ISO DSL Overview and Update'. He proceeded through the various parts of DSDL in order... Part 2: Grammar-based validation is a re-write of the RELAX NG OASIS Specification to meet the requirements of ISO publications, i.e., more formal language. The features will remain the same and the specifications are meant to be identical for assessment of conformance. Eventually RELAX NG compact syntax will be added as an addendum to DSDL Part 2. In Part 3: Rule-based validation, the intent is to create a hosting language for expressing general-purpose rules in XML. The main input is Schematron, and it has been decided that in effect, DSDL Part 3 will present the evolution of Schematron. An example of what DSDL Part 3 will add to Schematron is extension so that not only XPath 1.0 is supported, but also expressions taken from other languages such as EXSLT, XPath 2.0, XSLT 2.0, and even XQuery 1.0... An audience member expressed concern that DSDL is too 'secretive'. He mentioned too a dearth of documents available for public content, despite the clear volume of activity. He noticed that the public mailing list archives were very sparse and many of the archives were private. DSDL members in attendance reassured him that exclusion is not the intention, and expressed a willingness to address concerns about the openness of the project..." See also on RELAX NG (== DSDL Part 2) as an ISO standard: "RELAX NG XML Schema Language Published as an ISO Standard (DSDL Part 2)." General references in "Document Schema Definition Languages (DSDL)" and "Schematron: XML Structure Validation Language Using Patterns in Trees."

[December 15, 2003] "BEA Pushing XML Document Effort. Company Also Eyeing Notification Technology for Browsers." By Paul Krill. In InfoWorld (December 15, 2003). "BEA Systems on Monday plans to offer up to the Apache open source community its XML Beans technology for XML document management. The company is submitting XML Beans as an Apache Project to ensure its interoperability and support of a broad spectrum of XML and schema types. 'This [submission] is important for integrating with other back-end systems. It's important for Web services,' said Byron Sebastian, BEA vice president and general manager of BEA WebLogic Workshop and WebLogic Portal. XML Beans makes it easier to write logic that takes advantage of XML messages being passed between Web services, Sebastian said. XML Beans is a technology to help Java developers more easily manage XML documents. It provides Java object interfaces while preserving access to underlying XML messages to enable loose coupling between applications for greater application reliability and scalability, according to BEA. BEA on Monday also is launching its Page Flow Portability Kit, which is designed to make it easier for developers to build enterprise Web applications on the BEA WebLogic Platform 8.1 The kit enables flexibility to deploy page flows to any J2EE platform. Page Flows provides a software engineering framework to enable developers to separate user interface code from navigational control and other business logic, and to track application status. BEA is basing Page Flows on Struts 1.1, a framework for building enterprise Web sites..." See details in the announcement: "BEA Systems Delivers New Innovations, Standards Contributions to Help Developers Reduce Coding Complexity for Dramatically Increased Productivity. New Portability Kit, Open Source Project and Web Site Further Drive Investment Protection and Faster Time to Value for Customers."

[December 12, 2003] "The Atom Syndication Format 0.3 (PRE-DRAFT)." By Mark Nottingham [WWW]. With contributions from Tim Bray, Mark Pilgrim, and Sam Ruby; the content and concepts within are a product of the Atom community. APE (Atom/Pie/Echo) Working Group. December [12] 2003 [or later]. Reference: 'draft-nottingham-atom-format-01'. Supersedes: The Atom Syndication Format (PRE-DRAFT), 'draft-nottingham-atom-format-00a', August 2003. "Atom is an XML-based file format intended to allow lists of information, known as 'feeds', to be synchronised between publishers and consumers. Feeds are composed of a number of items, known as 'entries', each with an extensible set of attached metadata. For example, each entry has a title. The primary use case that Atom addresses is for syndicating Web content such as Weblogs and news headlines to other Web sites and directly to consumers. However, nothing precludes it from being used for other purposes and types of content... This specification describes version 0.3 of the Atom, an XML-based Web content and metadata syndication format. Discussion of this draft happens on: (1) The Atom Syntax mailing list; (2) The Atom Wiki Web site. This version incorporates several changes, including: new format for link elements; new format for content-related elements; media type registration; new format for generator; general reorganisation and cleanup." The author is seeking "feedback regarding the fidelity of the draft to the agreement reached in the Atom community, as that is the intended measure of success. Technical ideas and issues still under discussion, as well as general comments on Atom itself should be sent to the list..." See general discussion in the news story: "Atom as the New XML-Based Web Publishing and Syndication Format."[text version; cache, text version]

[December 10, 2003] "A 'Suite' Deal for Adobe Developers." By Jim Rapoza. In eWEEK (December 08, 2003). "The newly released Adobe Creative Suite Premium is the first package that includes all Adobe Systems Inc.'s popular design development tools. It offers users the opportunity to effectively and affordably use these products to create and edit images, print content, and generate online content in an integrated and collaborative work environment. Adobe Creative Suite Premium includes new CS versions of Photoshop, ImageReady, Illustrator, InDesign and GoLive. It also includes Acrobat 6.0; a standard edition that lacks GoLive and Acrobat is also available. InDesign CS is probably the most significant upgrade of the new products. The Adobe publishing system includes several welcome new features including a very good Story Editor, improved typographical controls and styles, and custom work spaces... The main integration feature of the suite is the new Version Cue system, which is essentially an updated version of Web Workgroup Server in GoLive 6.0. Version Cue provides a collaborative server environment that makes it possible to share content across workgroups and use content management features such as check-in/ check-out and versioning. Furthermore, all the products in the suite can use Adobe's PDF format natively, which made it easy in tests to share content across work environments and platforms. And, of course, all the products feature the same basic Adobe interface. This will make the suite components easy to learn, but it may make things confusing for those who regularly have more than one application open at a time..." See also on FrameMaker v7.1.

[December 09, 2003] "OASIS Elects IBM, Nokia, Oracle Staff to Board. Companies Fill New Seats Created During Organization's Expansion." By Stacy Cowley. In InfoWorld (December 08, 2003). "Representatives from Nokia Corp., Oracle Corp. and IBM Corp. have joined the Organization for the Advancement of Structured Information Standards' (OASIS) board of directors, the organization announced Monday. Frederick Hirsch of Nokia, Jeff Mischkinsky of Oracle and Michael Weiner of IBM were elected to fill three new seats created through the recent expansion of OASIS' board. The 11-member board also includes representatives of companies such as Hewlett-Packard Co., BEA Systems Inc., Microsoft Corp. and Sun Microsystems Inc. OASIS, headquartered in Boston, oversees several standards fundamental to Web services, including XML and UDDI..." See details in the announcement: "OASIS Expands Board of Directors. International Standards Consortium Adds Representatives from IBM, Nokia, and Oracle."

[December 09, 2003] "Review: StarOffice 7 -- Innovation In Action." By Bruce Byfield. From OSDN NewsForge (December 08, 2003). "Sun Microsystems' StarOffice 7, released November 12, offers significant advantages in performance, usability, and stability over rival commercial office suites, including Microsoft Office. However, when the comparison is to OpenOffice.org version 1.1, the open source project from which StarOffice takes its code, it's harder to say where the advantage lies. StarOffice 7's new features extend its usability in several directions. Its improved Microsoft Office filters, while still far from perfect, are an advance on those in StarOffice 6. Their results are certainly no worse than the formatting nightmares that occur between different installations of Microsoft Office because of the risky combination of a flaky template system and ignorant users... Some new features, such as export filters for Flash and Palm formats and an editor for XML export, acknowledge the rise of technologies newer than the office suite. Others, such as support for bi-directional and vertical writing, make Asian and Hebrew versions possible -- a possibility that is already being realized in OpenOffice.org localizations. Support for MySQL as a data source and for Python scripting, accessibility options, expanded Help sections -- all of these new features show StarOffice/OpenOffice.org developers listening to users. These features are built on a dependable core. Although it is possible to crash StarOffice, the breaking point is higher than with most office suites... OpenOffice.org has had almost 19 million downloads from its official sites. Since the software can be given away freely, this total could mean that some 60-80 million copies are floating around. In comparison, the unofficial word is that StarOffice has sold some 50 million licenses -- and that was before Sun's recently announced deal to supply the Republic of China. These are respectable figures for software whose release history (beginning with StarOffice 6.0 and OpenOffice.org 1.0, the first released after the open sourcing of the code) is less than two years old. It seems likely that, long after StarOffice has overcome it general obscurity, its real competition won't be Microsoft Office, but OpenOffice.org, its own shadow..." See general references in "OpenOffice.org XML File Format."

[December 09, 2003] "Blue Titan Ships SOA Tool. Network Director 2.5 Features Faster Linux Performance." By Paul Krill. In InfoWorld (December 09, 2003). Blue Titan is shipping Network Director 2.5, 'which the company is calling an enterprise service-oriented architecture (SOA) 'Fabric.' The company describes an SOA Fabric as a network overlay that provides a unified control layer for Web services-based interactions. '[Network Director] is essentially a run-time framework for Web services that works with any application that speaks Web services,' said Sam Boonin, vice president of marketing at Blue Titan. 'It basically provides lifecycle management and quality of service for Web services-based interactions.' Version 2.5 of Network Director allows users to define and enforce distributed, enterprise infrastructure policies. New features in Version 2.5 include scaling to as many as 2,000 messages per second on Linux hardware, which is two to three times faster than before; deployment across multiple network technologies; and a zero administrative effort for configuration or deployment..." See details in the announcement: "Blue Titan Advances Industry's First Enterprise SOA Fabric. Network Director 2.5 Delivers Increased Scalability and Extensibility."

[December 09, 2003] "Intelligent Documents Headline XML 2003." By Edd Dumbill. From XML.com (December 09, 2003). ['Edd Dumbill and Kendall Clark are reporting live this week from IDEAlliance's XML 2003 conference in Philadelphia.'] "At the opening of this year's XML USA conference in Philadephia, PA, smart XML documents were the star. Keynotes from Jon Udell of InfoWorld and Shantanu Narayen of Adobe focused on XML documents that conveyed the nuance of real world communication. Udell spoke of the importance of context in everyday communication. He noted that the most prevalent forms of business communication, email and instant messaging, tended to preserve the least context. It was a shame to see highly skilled, highly paid technical professionals spend excessive amounts of time trying to disentangle convoluted email threads. A shame, too, that while Microsoft has brought XML into the Word and Excel products, Outlook does not permit XML document creation. The other problem in preserving context, aside from the tools, is of course persuading people to create metadata in the first place. Udell suggested that a way of doing this might be through using style as a back door. Many people are willing to spend a long time on getting the look of a document right, but not be willing to spend that time on metadata creation. Udell suggested that by providing metadata-significant styles, authoring tools creators could encourage more preservation of context in communication through the carrot of creating beautiful documents. While Udell spoke from the personal content creation perspective, Shantanu Narayen of Adobe addressed 'smart documents' from the point of view of corporate needs. In addition to preserving metadata, it is important that business documents can also bundle presentation and behavioral information. Adobe intends to use its PDF document format and the deployed software base of Acrobat Reader as the bedrock for automating many business processes through smart documents. Taking the route of emulating traditional paper forms, Adobe's smart documents are fill-in forms that generate XML: to either static documents, web services, or databases..."

[December 09, 2003] "Microsoft, Adobe and W3C to Shake Up Electronic Forms Market." By Bill Trippe. In The Gilbane Report Volume 11, Number 8 (October 2003), pages 1-10. "eForms technology has grown by providing better functionality in at least three areas: (1) improvements in the rendering of the forms; (2) Improvements in the validation and user interface; (3) improvements in the interoperability of the forms technology with other software... InfoPath is an impressive new offering, but it will not immediately dominate the eForms market... InfoPath is also, intentionally, not a total eForms solution. Several of the existing eForms vendors have more comprehensive product offerings (e.g., Cardiff's Liquid Office), some of them do a better job of providing a more open and standards-based solution (e.g., PureEdge), and several of them successfully deliver page fidelity (what others might call pixel perfect form) to the original paper forms... InfoPath will propagate with the latest version of Microsoft Office; typically it takes more than a year for the latest version of office to replace earlier versions on the majority of desktops. In the meantime, Adobe will be introducing their new Forms Designer product, and continuing to emphasize the need for page fidelity and presentation in eForms applications. Adobe also can already point to the significant number of applications that already leverage Acrobat and the product lines they added in the Accelio acquisition. The good news for the eForms market is that Microsoft and Adobe bring new strategic thinking to what has been a relatively small market. InfoPath will have the immediate effect of bringing eForms to the attention of the CIO, and will help bring a new focus to improving the client experience for the business user. As organizations deploy more applications to a distributed workforce and partners, eForms will become a more strategic piece of the ECM mix. Indeed, eForms have a growing role beyond ECM itself, as they are emerging as the primary interface between people, process and programs. It is no accident that the significant initiatives nowSarbanes-Oxley, HIPAA, and the likeare forms-centric. Moreover, initiatives such as Sarbanes-Oxley are all about improving business process management while making access to both content and data more transparent and comprehensive. To this end, eForms must continue to evolve from a standalone artifact to a flexible interface intimately connected to enterprise infrastructure. The implications of this are profound. The vendors and organizations that can successfully manage this evolution will realize more success, more quickly, and will lead the next wave in integrated content and information technology..." General references in "XML and Forms."

[December 09, 2003] "XML Developers Get Slew of New Tools." By Darryl K. Taft. In eWEEK (December 09, 2003). "With XML adoption widespread in the industry, vendors exhibiting at the XML Conference and Expo 2003 are offering solutions to make it even more palatable for users and developers. Snapbridge Software Inc. released the beta versions of its Snapbridge FDX Information Server Developers Edition and Snapbridge XStudio XML development tools, said Benjamin Chen, chairman and chief technology officer of Snapbridge, based in Carlsbad, Calif. Snapbridge FDX Information Server Developers Edition is an integrated development environment that includes XStudio and the company's FDX Information Server. XStudio is the company's graphical design environment that features drag-and-drop tools for XML development. Both technologies are based on Snapbridge FDX, Snapbridge's core technology -- which the company announced last week. Snapbridge FDX is an XML-based data federation solution that helps accelerate XML processing, Chen said... Meanwhile, Ektron Inc., of Amherst, N.H., will showcase its newly announced Ektron CMS300 version 4.0, the company's browser-based Web content management system. Company officials said Ektron CMS300 version 4.0 hides the complexities of XML and Extensible Stylesheet Language Transformations (XSLT) from users, addresses regulatory issues and adds support for audit trails, index search meta tags and international language. Software AG Inc., of Reston, Va., announced Natural version 6, a new version of its development environment for accessing XML documents in the company's Tamino XML database system. Sarvega Inc., of Chicago, announced the availability of its Sarvega XRE 200, a blade system for XML Web services. Sarvega sells a suite of XML processing appliances that run the company's XML EventStream Operating System (XESOS), which handles Web services processing and XML and Web services security. The XRE 200 is the latest in that series and supports a blade environment..."

[December 09, 2003] "WS-I Issues Use Cases for Web Services. Ten Companies, Including IBM, Microsoft, Oracle, Sun, Provide Implementations." By Paul Krill. In InfoWorld (December 09, 2003). "The Web Services Interoperability Organization (WS-I) on Wednesday plans to release its WS-I Sample Application 1.0 documents, providing use cases for interoperable Web services. Being released at the XML Conference & Exposition 2003 event in Philadelphia, the documents consist of WS-I Supply Chain Use Cases 1.0, Usage Scenarios, Supply Chain Management Technical Architecture, and Sample Application 1.0 implementations developed by 10 vendor companies. The 10 companies include BEA Systems, Bowstreet, Corillian, IBM, Microsoft, Novell, Oracle, Quovadx, SAP, and Sun Microsystems. WS-I, with the documents, is looking to provide a simplified supply chain management scenario to demonstrate the features in the recently released WS-I Basic Profile 1.0 document for development of interoperable Web services. 'The biggest part of it is the actual implementations' with companies implementing binary, sample applications to demonstrate interoperability, said Rob Cheng, product director of technology marketing at Oracle, a WS-I member company... The Sample Application Technical Architecture featured in the documents implements several schema-naming conventions, SOAP message formats and styles, and WSDL design practices that conform to the Basic Profile. The Sample Application Usage Scenarios translate use cases into a set of technical requirements, defining general messaging patterns for Web services in structured interactions..." See: (1) details in the announcement "WS-I Delivers Sample Applications for Basic Profile. Sample Applications Provide Real-World Business Requirements to Web Services."; (2) "Web Services Interoperability Organization (WS-I)."

[December 09, 2003] "Making Web Services Work at Amazon." By Edd Dumbill. From XML.com (December 09, 2003). "Jeff Barr, Amazon's web services evangelist, explained to XML 2003 attendees the decisions facing Amazon in opening up their systems for public use via web services. Barr's case study, delivered to a full room, formed part of the product presentations track on the first day of the conference. Barr set the scene by outlining the various groups that Amazon's customers fall into: buyers, sellers (merchants who sell on Amazon's platform), web site owners (associates), and developers (people who use Amazon's web services.) Amazon's associates scheme has been very successful: founded in 1996, it now has over a million registered associates. This success augured well for the uptake of Amazon web services. As Amazon's systems developed, they developed in the direction of interoperating feature components inside the firewall; e.g., the catalog, shopping cart, and personalization engine. Through their web services platform, Amazon is beginning to open these features up to public use, and Barr said they have ambitious plans to expose much more functionality. So how did Amazon arrive at the decision to provide web services? One of the main drivers was that its partners needed better data access -- some major ones had XML data feeds, others simply scraped Amazon's web pages -- so the process of collaboration was both expensive and brittle. A move to defined and reusable web services was thus a logical solution. Barr's talk provided many good pointers for large businesses considering opening themselves to greater programmatic interaction with developers. Amazon's decisions certainly seem to have set them on a course for success. Perhaps the best mark of this success and future promise is that Amazon is increasing the size of its internal team by five times for 2004..."

[December 09, 2003] "Software AG Extends Access to Natural Programs. Version 6 of Development Environment is Launched." By Paul Krill. In InfoWorld (December 09, 2003). "Software AG is shipping Version 6 of its Natural 4GL development environment, enabling Windows developers to access Natural programs running on a Unix or mainframe system. The company calls this feature Single-Point-of-Development. Using this function, programs developed in Windows can be modified directly on the server platform. This addresses versioning and synchronizing issues stemming from the need to save code separately on multiple platforms, according to Software AG. Version 6, for Windows, Unix, and Linux platforms, also enables access to XML documents stored in the company's Tamino XML Server without the need for an XML-specific query language. For example, Natural DML (Data Manipulation Language) statements can be used to access Tamino. Both the Single-Point-of-Development and XML document access capabilities are designed to boost the speed and convenience of using Natural in an 'open systems environment'..." See details in the announcement: "Software AG Increases XML Support Within Its Natural Development Environment for Windows, UNIX and Linux Platforms. Natural version 6 Enables Developers to Access XML Documents Stored in the Company's Tamino XML Server Without Learning an XML-Specific Query Language."

[December 09, 2003] "Building a Security Infrastructure." By Rich Salz. From O'Reilly WebServices.XML.com (December 09, 2003). "In a previous column the author offered a rationale for XKMS as an important web service, looking at reducing the problem of implementing such a service to a reasonable size. Salz now builds the infrastructure necessary to develop and deploy an XKMS registration server that can issue certificates and which is intended for use within an enterprise. The server needs an SSL certificate and private key. Since it will be signing certificates for others, it will also need a CA certificate and private key; that is, a certificate that says it is allowed to create certificates. In this exercise he builds an enterprise-quality public key infrastructure, using one of the certificates to create a server that uses SSL..." General references in "XML Key Management Specification (XKMS)."

[December 08, 2003] "Oracle Launches HR-XML Product. Will Microsoft Word Follow?" By Ephraim Schwartz. In InfoWorld (December 08, 2003). "Human Resources recruiters will receive welcome news this week when Oracle announces that its Human Resources Management System will use the HR-XML standard for data exchange. Developed by the HR-XML Consortium, over the long run the standard promises to reduce time spent in manually re-inputting resumes into custom systems and fees expended for resume parsing software and services. Among the Consortium membership are Oracle, PeopleSoft, IBM, Monster.com, and Hire.com. If accepted industrywide, resumes from any source will interface with HR applications and with recruiting software such as RecruitSoft and with online recruitment services such as Monster.com. The standard may also get a boost from Microsoft, which already has incorporated XML schema in its Office products. Sources say the Redmond giant will incorporate the HR-XML standard as one of its document formats in a future version of Word. One industry analyst said that the HR-XML standard, unlike many other standards, is a real-world practical solution..." See also: (1) the announcement: "Oracle Leads Development of Open Standards for Human Resources Software, Helps Customers Automate Information Exchange and Reduce Integration Costs. Oracle Human Resources Management System One of First to Receive HR-XML Certification."; (2) "HR-XML Consortium"; (3) "HR-XML Consortium Approves Assessments Specification for Skills Evaluation."

[December 08, 2003] "Open Integration and Security: XML Firewalls Provide Ease of Integration and Security." By John Lilly (Reactivity). In XML Journal Volume 4, Issue 12 (December 2003). "The good news about XML and Web services is that they're easier than ever to develop and deploy -- inside the firewall between internal applications, on the Internet with your customers and partners, anywhere. The bad news about XML and Web services is this: because they're so much easier to develop and deploy and for your customers and partners to connect to, it's that much easier (1) for your customers and partners to connect to them in ways you don't like, and (2) for everyone else to connect to them in ways you really don't like... you want to be able to build systems that are easy to integrate when you're setting them up, but act in an extremely secure manner when they are running over time. The only real way to do that is to consider both integration and security concerns from the beginning, and abstract their implementation and management from development efforts. A proven successful strategy for balancing integration and security is to introduce the new breed of XML firewalls into your organization. XML firewalls act as the Internet-facing gateway to all your Web services, and take care of many of the security tasks that are tedious or impractical for application developers to implement. By moving the responsibility for some of the security tasks to a device at the edge of the network, the XML firewall can catch problematic messages before they're inside your network, and deal with them before they can do any damage. XML firewalls can provide robust integration and interoperability points... Using an XML firewall, security architects and business managers can define the level of security enforcement they need to protect the enterprise and also meet their business requirements. With your critical systems exposed on the Internet, there are many new ways they can be vulnerable to any number of new threats. At many levels, the interests of ease of integration and security will always compete -- there are simply too many divergent concerns. As a practical matter, though, technologies such as XML firewalls can provide a way for businesses to develop applications that have both ease of integration and best-of-class security designed in from the start..."

[December 08, 2003] "Computer Associates Shows its WSDM." By Matt Villano. In CRN (December 08, 2003). "Computer Associates's newly shipping Unicenter Web Services Distributed Management (WSDM) software is the company's first offering to monitor and manage Web services across an enterprise. Though its solution won't be available in the channel for some time, the Islandia, N.Y.-based firm announced support for the new strategy from a range of industry partners, including BEA, Collaxa, DataPower, Mindreef and Systinet, to name a few. According to Dmitri Tcherevik, CA's vice president of Web Services, the new service incorporates pre-existing solutions for J2EE and .NET, making it a tool designed to manage the services themselves as opposed to the infrastructure that delivers them. He added that the adjoining partner component gives CA a Web Services management solution that can be integrated with a variety of other technologies, enhancing the product's power even more. 'This is a watershed event for CA and the industry as a whole,' Tcherevik told CRN. 'Web services is a popular technology and we wanted in.' Unicenter WSDM joins a handful of tools from smaller startups in providing insight into the performance of Web services, and works with any Web service based on the Web Services Description Language (WSDL) industry standard. Tcherevik explained that by automatically discovering, testing, and monitoring Web services applications, Unicenter WSDM will enable IT organizations to track a range of performance indicators and respond to service interruptions rapidly... Ultimately, this kind of automatic, self-healing network management could lead to CA's entry into the utility computing market. More immediately, however, the new Unicenter offering also will be integrated with products and services from solution providers, allowing customers to mix-and-match functionality depending on their needs. For instance, Redwood Shores, Calif.-based Collaxa will integrate with Unicenter WSDM to manage Business Process Execution Language (BPEL) processes running on the Collaxa BPEL server, while Cambridge, Mass.-based DataPower Technology will embed in-band Unicenter WSDM-compliant monitoring into its Web services security and XML-processing hardware..." See details in the announcement: "CA Ships Innovative Solution to Monitor and Manage Web Services Across and Beyond the Enterprise. Unicenter Web Services Distributed Management Ensures Reliability and Performance for On-Demand Computing."

[December 08, 2003] "U.K. Government Considers Sun in Open Source Software Push." By Scarlet Pruitt. In NetworkWorld (December 08, 2003). "The U.K. government has signed a five-year agreement with Sun to potentially offer the company's new Java Desktop System and Java Enterprise System software to public sector agencies as part of an overall open source push. The Office of Government Commerce (OGC) purchasing authority said Monday that it will soon begin trials of the software to evaluate costs and usability in the hopes of saving money on hardware and software upgrades... The OGC is just one of a growing number of government agencies looking to curb costs through the adoption of open source software. Sun recently announced a deal with the Chinese-government backed China Standard Software Co. Ltd., for example, to offer potentially millions of computers in China running software based on Java Desktop System. Sun CEO Scott McNealy trumpeted the China deal at the Comdex trade show in Las Vegas last month and again last week at the SunNetwork conference in Berlin. McNealy apparently hopped a flight to the U.K. after the Berlin show to sign a deal with the OGC Friday. Richard Barrington, head of government affairs and public policy for Sun in the U.K., Monday predicted that there would soon be more government deals to come, as well as agreements with 'major PC distributors' as soon as the first quarter of next year to ship JDS pre-installed. 'It's going to happen very quickly because the challenge for hardware vendors is that their margins have been cut and they need to offer something new,' Barrington said..." See details in the text of the announcement: "Sun's Radical New Java System Software Wins Whitehall Approval. Sun Microsystems and the UK Government Sign Software Purchasing Agreement to Offer the Public Sector Open, Secure Software Technology and Reduced IT Costs."

[December 08, 2003] "CA Releases Unicenter Web-Services Management System." By Darryl K. Taft. In eWEEK (December 08, 2003). "Computer Associates on Monday released its Unicenter Web Services Distributed Management system. It manages Web services natively at the service level by monitoring Simple Object Access Protocol messages. Dmitri Tcherevik, vice president of Web services at Islandia, N.Y.-based Computer Associates, said the company is responding to demand from its customers for a Web services management solution. "The focus is shifting from the development of Web services to the deployment, and once deployed the issue of management is becoming very apparent and we're experiencing a significant pull from our customers," Tcherevik said. Unicenter Web Services Distributed Management (WSDM) manages Web services natively at the service level by monitoring Simple Object Access Protocol (SOAP) messages, he said. In addition, Computer Associates is introducing an end-to-end management platform for Web services based on WSDM that includes a scalable Universal Description, Discovery and Integration (UDDI) server. Moreover, Computer Associates has enlisted several partners to support WSDM, including DataPower Technology Inc., Mindreef Inc., Collaxa Inc., JBoss Group LLC, Systinet Corp. Tcherevik said the company is working with industry leaders such as BEA Systems Inc., Microsoft Corp., and Sun Microsystems Inc. to provide native support for those platforms. For example, DataPower is integrating its XS40 XML security gateway with Computer Associates' Unicenter WSDM to bolster performance, security, reliability and integrity, the companies said. "The combination of DataPower's XML-aware networking devices and CA's Unicenter WSDM represents a key technological advancement and offers mutual customers the management capabilities to cope with the enormous complexity of Web services that are widely distributed across enterprise environments," said Eugene Kuznetsov, chairman and chief technology officer at Cambridge, Mass.-based DataPower..." See the announcement.

[December 08, 2003] "News Standard Summit Wrapup." By Sam Ruby (Intertwingly.net). December 08, 2003. Notes on the Philadelphia News Standards Summit. A presentation on the Atom syndication format was given by Sam Ruby at the News Standards Summit, held 2003-12-08 in conjunction with XML 2003. Ruby's random set of notes: "Overall, I was very impressed by the participants. I've been in similar meetings in the past where what I found was people who were in deep denial and were seeking other people to reassure them. In this meeting, I found a completely different set of people: ones who are trying to keep on top of the current trends so that they can make informed decisions... SportsML is an example of a vocabulary for a specific problem domain. PRISM is an ongoing effort on standardizing markup for publishing data. This is done via modular XHTML vocabulary (disabling portions and additions), and includes standardizing class names for different types of data. ICE: once money changes hands, consumer expectations change; these guys are collaborating (using a Wiki!) on trying to define a set of standards for paid subscriptions, encapsulating any types of data..." See: (1) "XML 2003 News Standards Summit Seeks Interoperability and Convergence"; (2) "IPTC Joins in XML News Standards Summit."

[December 08, 2003] "A Potluck Party for XML." By Clint Boulton. From InteretNews.com (December 05, 2003). "How can XML applications written by disparate parties work in harmony? The answer may come as early as next week in a flurry of demonstrations by top-tier vendors. The foundation language for Web services, which allow applications to talk to one another, Extensible Markup Language (XML) serves as the backbone for many of the applications developers are writing today. It is used to create common information formats and share the format and the data on the Internet. Most software companies employ the language to build more useful applications. Microsoft, BEA, and Adobe will have a presence at the XML Conference and Expo 2003, which is taking place at the Pennsylvania Convention Center Dec. 7-12, 2003. While not a product launch-oriented event, XML 2003 affords participants the chance to showcase their progress in developing software and offers attendees the opportunity to see numerous product demonstrations in action. XML 2003 Chairperson Lauren Wood, who is also chair emerita of the W3C DOM Working Group, is responsible for overseeing the content of the event. Wood said the offer to participate in the 100 tutorial or demonstration time slots was met by a flurry of 400 applications. She also said there is one big difference between this year and previous years: results... Key standards bodies, under which where members gather to work on XML-based projects together, will also preside, including the World Wide Web Consortium, Organization for the Advancement of Structured Information Standards (OASIS) and the Web Services Interoperability (WS-I) consortium. Wood, who expects somewhere in the range of 1,000 attendees, said standards bodies W3C, OASIS and WS-I will all show interoperability demonstrations. OASIS will showcase WS-Reliability interoperability with participants Fujitsu, Hitachi, NEC, Oracle, and Sun Microsystems. WS-Reliability is designed for applications that require guaranteed message delivery, a task that will be demonstrated by the companies using a case derived from a commercial scenario. Participants will act as server or client while various combinations of trouble are introduced in the network. Correct operation and inter-operation of these implementations will be demonstrated with dropped messages, duplicated messages and disordered messages. On a practical level, OASIS will show how software can help manage a health epidemic using ebXML, UBL and XACML. Yellow Dragon, Sun Microsystems, Sybase, Adobe, and AmberPoint will join forces to show how a scientist electronically fills an communicable disease form declaring an outbreak Hospitals nationwide are then electronically notified of the epidemic outbreak..." See details in the announcement: "OASIS Interoperability Demos Showcase ebXML, SAML, UBL, WS-Reliability, and XACML at XML 2003. Adobe, BEA, Citrix, Cyclone Commerce, Drake Certivo, Fujitsu, Hitachi, IBM, Korean National Computerization Agency (NCA), NEC, US National Institute of Standards and Technology (NIST), Oracle, Sun Microsystems, Vignette, and Others Demonstrate Interoperability of Standards."

[December 05, 2003] "Web Services Intermediaries Evolve." By Phillip J. Windley. In InfoWorld (December 16, 2003). ['The next generation of Web services management platforms address business needs with service virtualization, self-provisioning, and exception handling.'] "WSI (Web services intermediaries) address the need for faster, more flexible application integration with configurable tools for creating reliable, scalable Web services networks. There are more than a dozen WSI product vendors -- more if you throw in XML firewalls, which are quickly adding Web services deployment and management to their security capabilities. recently sat down with product managers and engineers from Actional, AmberPoint, Flamenco Networks, Infravio, and Westbridge Technology to get a preview of the new WSI products they are releasing this quarter. I discovered maturing conceptual models, more sophisticated and intuitive user interfaces, and evolutionary changes to product features. Service virtualization is one of the staple features of WSI products. In its simplest form, service virtualization creates a proxy of the Web service, hiding implementation details from service consumers. In addition to the security benefits you get from a proxy, service virtualization has practical benefits as well. For example, it allows you to move a service from one machine to another or run it on multiple machines without affecting service consumers. In the latest round of WSI products, service virtualization has matured and expanded to become one of the central organizing concepts. As an example, Westbridge Technology's XMS (XML Message Server) 3.0 uses service views to create an abstraction layer for back-end services. Westbridge has already made a name for itself in the XML firewall space, and XMS is a capable WSI product in its own right... Building strong exception handling into a Web services intermediary allows the system to evolve to cover error conditions that weren't anticipated and wouldn't be worth fixing if the fix involved recoding a method. In this model, the system evolves to meet business needs in ways that more tightly coupled systems cannot. The latest offerings from WSI vendors show that the market is continuing to deliver innovative fixes to IT problems. As the number of back-end Web services available for mixing and matching grows, WSI products will give IT shops the opportunity to show real agility in meeting business needs through custom solutions. But the wide range of vendors, architectures, interfaces, and conceptual metaphors can be daunting. My advice is to look past feature sets, sit down with the interface, and find the product that feels most comfortable and matches how your organization plans to use Web services..."

[December 05, 2003] "Test Center Analysts Debate Wrapping Up Web Presence. Will Web Services Be the Catalyst for Collaboration Evolution?" By P.J. Connolly and Jon Udell. In InfoWorld (December 05, 2003). "Enterprise collaboration faces a number of challenges in the years to come. IM systems today are where e-mail was back in the late 1980s: islands of common use separated by protocols, vendors, and the network itself. Test Center Lead Analyst Jon Udell and Senior Analyst P.J. Connolly debate whether Web services will be the catalyst for the transformation of collaboration, and how. Udell: 'Effective collaboration is partly about the medium, and we have more of those than we know what to do with: phone, e-mail, IM, SMS. It's also about the message, though, and the messaging technologies we now use need some help. None of them is able to wrap adequate context around documents and discussions. P.J.: 'Here's the problem: There's still no agreement on how presence shall be presented as a Web service. On one side are the proponents of XMPP, an XML-based outgrowth of the Jabber project, which doesn't seem to be supported by anyone bigger than Novell. On the other, I see IBM and Microsoft agreeing that SIP/SIMPLE is the way to go... it's hard to envision how vendors are going to package their dream world where e-mails spawn IMs, which turn into telephone calls or launch a business process without XML somewhere in the data-transformation process. But we're a long way from platform-neutral services today. Customers are going to have to open up their wallets to pay for these features, and vendors are going to have to open up their products to add these features in such a way that they are easily deployed and managed. That's the tricky part because the major vendors have turf to protect -- from one another as well as from more nimble competitors... it's hard to envision how vendors are going to package their dream world where e-mails spawn IMs, which turn into telephone calls or launch a business process without XML somewhere in the data-transformation process. But we're a long way from platform-neutral services today. Customers are going to have to open up their wallets to pay for these features, and vendors are going to have to open up their products to add these features in such a way that they are easily deployed and managed. That's the tricky part because the major vendors have turf to protect -- from one another as well as from more nimble competitors'..." See also: (1) "Extensible Messaging and Presence Protocol (XMPP)"; (2) ACM Queue special issue on Instant Messaging.

[December 03, 2003] "Versioning XML Vocabularies." By David Orchard. From XML.com (December 03, 2003). ['A whitepaper presenting best practices for versioning W3C XML Schema based XML vocabularies, describing techniques to achieve more effective loose coupling between systems by increasing the possibility for backwards- and forwards-compatible changes to occur when related systems evolve.'] "XML is designed for the creation of languages based upon self-describing markup. The inevitable evolution of these languages is called versioning. Versioning means adding, deleting, or changing parts of the language. Making versioning work in practice is one of the most difficult problems in computing, with a long history of failed attempts. Arguably one reason why the Web rose dramatically in popularity is because evolution and versioning were built into HTML and HTTP headers, each of which provides explict extensibility points and rules for understanding extensions that enabled their decentralized extension and versioning. XML Namespaces provide an ideal mechanism for identifying versions of languages, and all XML schema languages -- such as W3C XML Schema -- provide for controlled extensibility. This article describes techniques to achieve more effective loose coupling between systems by increasing the possibility for backwards- and forwards-compatible changes to occur when related systems evolve. These techniques are designed for compatible changes with or without schema propagation. A number of rules are described for versioning XML vocabularies, making use of XML Namespaces and XML Schema constructs. It includes rules for working with languages that provide an extensible container model, notably SOAP. The collective set of rules is called the 'Must Ignore' pattern of extensibility... To a certain degree, the technique described herein is a combination of the ##any and ##other designs with well-known rules to produce a design that achieves the goals of compatible extensibility and versioning with validation using W3C XML Schema. The namespace name owner can add backwards- and forwards-compatible changes into the extensibility element while retaining the ability to validate all components, and other authors can add their changes at the ##other wildcard location..."

[December 03, 2003] "Styling RDF Graphs with GSS." By Emmanuel Pietriga. From XML.com (December 03, 2003). ['Visualising RDF graphs is a hard problem, as they can quickly become unwieldy. This article introduces a solution in the form off GSS (Graph Style Sheets), an RDF vocabulary for describing rule-based style sheets used to modify the visual representation of RDF models represented as node-link diagrams.'] "RDF models describe web resources using subject-predicate-object triples. Combined together, these triples form a graph structure, which cannot be easily conveyed by textual syntaxes such as RDF/XML, Notation 3 or N-Triple because of their one-dimensional nature. Visual editors such as IsaViz and RDF Author represent models as editable node-link diagrams, making the graph structure easier to understand compared to textual serializations. However, visual representations are not fully satisfying and have their own problems: diagrams can quickly become big and over-cluttered, and some editing tasks can be more difficult to achieve when dealing with a visual representation of the model. The first version of IsaViz offered partial solutions to these problems, such as a zoomable user interface combined with enhanced navigation capabilities... GSS (Graph Style Sheets) is an RDF vocabulary for describing rule-based style sheets used to modify the visual representation of RDF models represented as node-link diagrams. Possible modifications include changing the visual aspect of nodes and links (color, shape or icon, font, etc.), but also hiding parts of the graph or changing the layout of some elements. GSS draws many of its instructions from existing W3C Recommendations, namely, CSS and SVG. GSS features a cascading mechanism; its transformation model is loosely based on that of XSLT... the graph stylesheet is made of a set of rules. The left-hand side of a rule is called the selector, while the right-hand side is called the styling instruction set. Given the set of rules defined in a stylesheet (or several cascading stylesheets), the program in charge of styling RDF models (called a GSS engine) walks the entire graph, including resources, literals, and properties, and evaluates relevant rules on them. If the selector of a rule matches the current node (or arc) in the graph, the corresponding set of styling instructions is applied to the node or arc. Conflicts between rules matching the same node or arc are resolved, first, by giving higher priority to rules in the stylesheet applied last, and, second, to the most specific selector if both are in the same stylesheet... GSS stylesheets can be combined together with ease thanks to the cascading mechanism and the RDF language's capability to merge models. What we need now are stylesheets for all widely-used vocabularies..." See: (1) W3C RDF resources; (2) local referencesin "Resource Description Framework (RDF)."

[December 03, 2003] "Trees, Temporarily." By Bob DuCharme. From XML.com (December 03, 2003). ['In his latest Transforming XML column Bob DuCharme explains XSLT 2.0's Temporary Trees, and then he demonstrates how to use them.'] " XPath 1.0 has a special data type called Result Tree Fragments. For example, an xsl:variable element can store a single string, but it can also store an XML element with all the descendants and attributes you like. This structure is a Result Tree Fragment... There's little you can do with result tree fragments in XSLT 1.0; you can treat them as strings and you can use xsl:copy-of to copy them to the result tree, and that's it. Because many XSLT developers longed for a way to pass composite structures to named templates, and then use the pieces of those structures individually inside the named template, instead of merely copying the structure to the result tree or pulling substrings out of it, several XSLT 1.0 processors offer extension functions such as Xalan's nodeset() and Saxon's node-set() that convert these fragments to node sets whose nodes can be addressed with XPath expressions. XSLT 2.0 eliminates result tree fragments and replaces them with a more powerful feature: temporary trees. Once you create a temporary tree in an xsl:variable, xsl:param, or xsl:with-param element, you can do anything with it that you can do with a source tree..." General references in "Extensible Stylesheet Language (XSL/XSLT)."

[December 03, 2003] "IBM, BEA Lay Out New Java Specs. Sun, Oracle, Not Behind Initiative." By Ed Scannell. In InfoWorld (December 01, 2003). "IBM and BEA Systems last week disclosed that they are working jointly on three new specifications for the Java platform. The new specifications -- Service Data Objects, Work Manager for Application Servers, and Timer for Applications Servers -- are all designed to increase much-needed application portability between IBM's WebSphere and BEA's WebLogic application servers. 'We both have been innovating in a number of areas around Java APIs, and developers have been looking for commonality,' said Scott Dietzen, CTO of BTA. Executives at both companies said they do not expect to deliver products that take advantage of the new specifications for about a year; they are releasing the necessary technical information now so that developers have time to digest it. Sun Microsystems and Oracle, however, have yet to pledge support for the proposed standards. Some observers believe IBM and BEA will ruffle some feathers because the new standards should go first through the Java Community Process (JCP)... Also last week, in a separate development related to Java, a group headed by Oracle and Sun formed the JTC (Java Tools Community) whose charter is to make Java more interoperable through tool frameworks and open standards. Just as Oracle and Sun have yet to endorse the IBM-BEA Java standards, IBM and BEA have not advocated the JTC..." See details in the news story: "BEA and IBM Publish Service Data Objects (SDO) Specifications."

[November 26, 2003] "Do IT Patents Work?" By Andrew Updegrove. In Consortium Standards Bulletin Volume 2, Number 10 (November 2003). ['Editorial. From the days of VisiCalc until today, software -- and software patents -- have come a long way. The patent system itself, on the other hand, is still where it was before the PC was invented. It's time for a change.'] "Ask anyone whether they are satisfied with the current state of patents in the American IT world, and you are not likely to find many fans of the status quo. In our November News Cluster, we focus on two current events: the well-publicized Eolas victory over Microsoft, followed by the W3C's successful quest for a review by the PTO, and the barely noticed release by the Federal Trade Commission of a comprehensive report suggesting meaningful reforms to the patent system. Whether the combination of the outcry over the Eolas patent and the FTC's good work will be sufficient to spark a change remains to be seen. But those that have a serious stake in the game would be wise to seize upon this opportunity to speak out in favor of a serious effort to bring the patent system up to date. Perhaps the Founding Fathers would be proud of us if we do..." See: (1) "US Federal Trade Commission Report Calls for Patent Law and Policy Reform"; (2) "W3C Presents Prior Art Filing to USPTO and Urges Removal of Eolas Patent"; (3) "Patents and Open Standards."

[November 25, 2003] "Developing a X-KRSS Web Service." By Rich Salz. From O'Reilly WebServices.XML.com (November 25, 2003). "In a previous column the author sketched out an alternative to WSDL. In an ongoing attempts to suggest useful ideas for others to implement, Salz now discusses an implementation of service for XKMS (XML Key Management Service). XKMS is W3C Last Call Working Draft that specifies protocols for distributing and registering public keys, suitable for use in conjunction with the proposed standard for XML Signature and XML Encryption. The XML Key Management Specification comprises two parts: the XML Key Information Service Specification (X-KISS) and the XML Key Registration Service Specification (X-KRSS). Web services need end-to-end message integrity and privacy, which means that they need XML Digital Signature and XML Encryption. Those technologies, in turn, scale best when they use public key cryptography. Public key crypto needs a supporting infrastructure, PKI, to handle distribution and certification of keys, etc. PKI has historically been very expensive and unwieldy, and XKMS seems to be the last best chance to get a reasonable infrastructure so that we can sign and encrypt our web service messages. The XKMS spec isn't very big, and it covers a great deal and can really be seen as an enabling technology for general web services deployment..." See general references in "XML Key Management Specification (XKMS)."

[November 24, 2003] "An Introduction to Schematron." By Eddie Robertsson. From XML.com (November 12, 2003). "The Schematron schema language differs from most other XML schema languages in that it is a rule-based language that uses path expressions instead of grammars. This means that instead of creating a grammar for an XML document, a Schematron schema makes assertions applied to a specific context within the document. If the assertion fails, a diagnostic message that is supplied by the author of the schema can be displayed. One advantages of a rule-based approach is that in many cases modifying the wanted constraint written in plain English can easily create the Schematron rules. In order to implement the path expressions used in the rules in Schematron, XPath is used with various extensions provided by XSLT. Since the path expressions are built on top of XPath and XSLT, it is also trivial to implement Schematron using XSLT, which is shown later in the section Schematron processing. Schematron makes various assertions based on a specific context in a document. Both the assertions and the context make up two of the four layers in Schematron's fixed four-layer hierarchy: phases (top-level), patterns, rules (defines the context), and assertions... This introduction covers only three of these layers (patterns, rules and assertions); these are most important for using embedded Schematron rules in RELAX NG... Version 1.5 of Schematron was released in early 2001 and the next version is currently being developed as an ISO standard. The new version, ISO Schematron, will also be used as one of the validation engines in the DSDL (Document Schema Definition Languages) initiative..." See: (1) "Schematron: XML Structure Validation Language Using Patterns in Trees"; (2) "Document Schema Definition Languages (DSDL)"; (3) "XML Schemas."

[November 12, 2003] "Take It to the Bank: Implementing FpML." By Andrew Parry (Deutsche Bank). In Web Services Journal (November 12, 2003). "The International Swaps and Derivatives Association (ISDA) is the global trade association representing participants in the privately negotiated derivatives industry, a business covering swaps and options across all asset classes. One of its most notable achievements has been the formation of a standardized document architecture that has greatly facilitated market evolution. As a natural next step in market evolution, ISDA is working with market participants to express the hardcopy document architecture in softcopy form to allow increasing volumes in the derivatives markets to be handled with greater accuracy and lower cost, through extensive use of automation. As part of this process, ISDA formally adopted FpML.org, the organization that developed Financial products Mark-Up Language, a business information exchange standard for electronic dealing and processing of financial derivatives instruments. Based on XML, FpML establishes the industry protocol for sharing information and dealing in, financial swaps, derivatives, and structured products. FpML 4.0 provides XML Schema objects to describe the majority of derivative contracts by volume, derived directly from the legal framework established by ISDA, and is made freely available by them under public license... ISDA does not provide 'off-theshelf' support in the public standard; it is straightforward to create private extensions, for product description or workflow reasons. These XML Schema objects are composed to form different distinct document prototypes, such as a Trade Confirmation. This document-centric approach allows us to form document instances that represent both the full economics of the deal (or optionally, a reference to it) and the workflow state the document instance is currently in. Web services provide an ideal interface to services that operate on document instances given the support provided for structure, data typing, and platform neutrality. Support can be provided at all stages of process flow..." See general references in "Financial Products Markup Language (FpML)."

[November 11, 2003] "PTO Director Orders Re-Exam for '906 Patent." By Dale Dougherty. From O'Reilly Developer Weblogs (November 11, 2003). "In what could be good news for the Web, the Director of the US Patent and Trademark Office has ordered a re-examination of the '906 patent, which was the subject of a patent infringement lawsuit this summer brought by Eolas against Microsoft. Apparently, the PTO responded to the W3C's request for re-examination, saying 'a substantial outcry from a widespread segment of the affected industry has essentially raised a question of patentability.' This order, issued on October 30, 2003 reviewed the claims and declared that the prior art introduced by Berners-Lee and Raggett raised 'a substantial new question of patentabity.' The order, signed by Steve Kunin, Deputy Commissioner of the US PTO, called for a reexamination of all claims relating to the '906 patent. A patent lawyer that I spoke to said that the quick response by the PTO was unusual, and he thought it was a good sign. He said that the order seemed to give a clear indication of support for the claims against the patent. We'll now have to wait for a patent examiner to examine the evidence in more detail and rule on the patent..." Background: In October 2003, Tim Berners-Lee (Director, World Wide Web Consortium) sent a letter to the Director of the United States Patent and Trademark Office (James E. Rogan, Under Secretary of Commerce for Intellectual Property) appealing for a "reexamination of the '906 patent in order to prevent substantial economic and technical damage to the operation of World Wide Web." The '906 patent granted by the USPTO to the University of California is described as applicable to Java applets, browser plug-ins, ActiveX components, Macromedia Flash, Windows Media Player, and related "embedded program objects." See: (1) "W3C Presents Prior Art Filing to USPTO and Urges Removal of Eolas Patent" and (2) "W3C Opens Public Discussion Forum on US Patent 5,838,906 and Eolas v. Microsoft." Also: "US Federal Trade Commission Report Calls for Patent Law and Policy Reform."

[November 11, 2003] "Patent Office to Re-Examine Eolas Patent." By Paul Festa. In CNET News.com (November 11, 2003). "The U.S. Patent and Trademark Office has stepped squarely into a fight roiling the Web by agreeing to re-examine the Eolas patent for a browser plug-in, a development likely to bring cheer to Microsoft and software patent foes alike. The 906 patent, owned by the University of California and licensed exclusively to one-man software company Eolas, describes how a Web browser can use external applications. The patent also earned that school and company a $521 million judgment after a federal jury found that Microsoft's Internet Explorer browser infringed on it. After Microsoft made public planned changes to IE that held the potential to break millions of Web sites, the World Wide Web Consortium (W3C) last month urged the USPTO to re-examine the so-called 906 patent in light of W3C technologies that it said predated Eolas' patent. Specifically, the consortium pointed out early HTML drafts by W3C Director Tim Berners-Lee and W3C staff member Dave Raggett that it said qualified as prior art in the case. The W3C's public call came as part of a larger campaign to identify prior art relevant to the Eolas case. Prior art is a similar invention that predates a patent, therefore invalidating it. The USPTO responded quickly to the W3C's request, and on Oct. 30 the office initiated an order for re-examination. On Monday that order was docketed to the patent examiner. 'A substantial outcry from a widespread segment of the affected industry has essentially raised a question of patentability with respect to the 906 patent claims,' Stephen Kunin, the USPTO's deputy commissioner for patent examination policy, wrote in his order for re-examination. 'This creates an extraordinary situation for which a director-ordered examination is an appropriate remedy'..." See "W3C Presents Prior Art Filing to USPTO and Urges Removal of Eolas Patent"

[November 10, 2003] "Demystifying Service-Oriented Architecture." By Jim Webber (Arjuna Technologies) and Savas Parastatidis (North-East Regional e-Science Center - NEReSC). In Web Services Journal Volume 3, Issue 11 (November 2003). "Service orientation requires us to adapt to a new approach to system integration and application development. However, at the moment most of us are still learning about this new technology and so we tend to apply familiar patterns when building Web services-based applications. Applying object-oriented patterns to service-based systems is generally a poor idea since the scale of a typical object-oriented application is dwarfed by the scale of a Web services-based application, which may span many enterprises and departments. It is crucial to remember that the use of SOAP and WSDL in our applications does not constitute service orientation. This article outlines the basics of (Web) service-oriented architectures and looks at the distinguishing features of SOA that make it the right approach to take when developing Web services-based applications. We define the concept of a service, compare the emerging service-oriented programming to object-oriented programming, and outline how to advance to SOA. Finally, we explore these concepts in the context of an example banking system... There are two possible approaches rising to prominence in the Web services community: (1) Correlation based on message content. This is best exemplified by the correlation-set mechanism in BPEL, where parts of messages incident on a Web service can be used to form a unique identifier, implicitly linking related messages together on such 'keys' as account number, date, or suchlike. (2) WS-Coordination or WS-Context [part of the WS-CAF suite of specifications] Assumes a context identifying related messages is embedded in a SOAP header block on each related message. Which approach we choose is determined by our deployment scenario since both broadly achieve the same goal. Where the simplicity and potential interoperability benefits of a standard, explicit context-based approach are appealing, we need additional infrastructure to deal with context generation and lifetime management. Conversely, with the implicit correlation-based approach, we need no external infrastructure, though we run the risk of altering message content solely to be able to generate uniqueness... Whichever context form is selected, the upshot is the same: context allows consumers to have 'stateful' interactions with Web services, but does not require back-end objects to be exposed. This means the Web service has a free hand in deciding how to manage its back-end resources, since they remain encapsulated away from the consumer. This is in contrast to the object-based approach, where invocation context is set by references to objects and the invocation history of referenced objects. The big drawback with this scheme is that object references between enterprises are likely to be brittle and impose too tight a level of coupling between the client and the serving object..."

[November 10, 2003] "Portal Vendors Unite Behind Standards. Plumtree, Sun, BEA, Documentum Create Open Source Site for Portlet Sharing." By Cathleen Moore. In InfoWorld (November 10, 2003). "Attempting to drive real-world deployments of standardized portlets, several competing enterprise portal vendors this week kicked off an open source site designed to let customers share portlets developed according to new standards. Plumtree, Sun Microsystems, BEA Systems, and Documentum joined forces to launch the POST (Portlet Open-Source Trading) site, an open source Web site where customers can share portlets and submit components for community development. Available at sourceforge.net/post, the site is hosted by SourceForge, an independent organization that hosts a variety of Java and Linux-based initiatives. JSR 168 and WSRP (Web Services for Remote Portlets), two portlet standards developed by the Java Community Process and OASIS standards bodies, respectively, aim to let portal components be deployed across a variety of platforms. JSR 168 was approved in early October, while WSRP was finalized in mid-September. The idea of POST is to create a way for portal customers to share and leverage standardized portal components, according to Glenn Kelman, vice president of product marketing and management at Plumtree... Any registered organization can contribute portlets to POST, which then become available to all other members of the open source effort. POST lets participants see lists of newly available portlets, post requests to the community for the development of new portlets, search for portlets, upload or download new portlets, submit modified or enhanced versions of portlets, and discuss portlet development best practices, issues, and solutions. Plumtree, BEA, Sun, and Documentum each will provide an initial library of standards-based portlets, and will offer ongoing feedback, suggestions, and best practices for portlet development. One incentive for customers to share portlets is the capability to improve their code, Kelman said..." See details and references in the news story: "Portlet Open Source Trading (POST) Site for JSR 168 and WSRP Portlets."

[November 10, 2003] "XML in Unexpected Places." By Eugene Kuznetsov (Chairman & CTO, DataPower Technology, Inc). In XML Journal Volume 4, Issue 11 (November 2003). "SOAP is 'firewall friendly' [...] and so there's a need to secure it. To secure it intelligently, a firewall or gateway must be XML-aware. This plays into a larger trend of shifting from transport-layer to message-level security. People dynamics, security hygiene, and organizational politics drive separation of concerns and moving this security into dedicated devices. The whole trend is an opportunity to finally create a universal application security layer... In a departure from its document publishing and invoice-schema roots, XML is also used in IM. The most prominent is probably Jabber and its XML-based protocol that is now beginning to be adopted for other, non-IM uses. XML, sometimes in its binary-encoded forms, has long been present in cellphones and PDAs, and it is starting to gather momentum as a control and configuration protocol in telephone networks... XML is also appearing inside government agencies in both the U.S. and the rest of the world. However, the use of XML should not be surprising given that government agencies have been longtime users of SGML. Several of the U.S. initiatives are worth highlighting. As part of the eGov initiative, the XML Working Group has been doing great work in promoting XML and unified schema registries. The ability to publish both electronically and in print from the same source is important to civilian agencies seeking to move online without leaving those reliant on paper behind. Law enforcement and military agencies are using XML to integrate intelligence data ... The use of XML in networks is not limited to XML-aware actions on application data to route, transform, or filter them. Today, network and systems management is primarily done using a menagerie of technologies: SNMP MIBs, CLI (such as Cisco's commandline interface), product-specific GUIs, syslog logs, and proprietary agent plugins. Of these, product-specific GUIs and CLIs tend to provide the most detailed and up-to-date information, but are the most difficult to integrate into an overall network or security management framework. Finding XML in all of these unexpected places is a great sign for adoption, but can be a little disorienting and saddening for pioneers. For them, it's not unlike the day when the rest of the world discovered the Internet, and it suddenly became something very different from what it was. Seeing the reasons for the emergence of XML outside software systems requires an understanding of the bigger picture and organizational dynamics, such as the need to control company-wide security policy outside application code. Beware of combining all XML projects into one corporate initiative -- the presence of XML today is becoming so broad that such a combination may prevent all of them from making progress rather than conserve resources..."

[November 10, 2003] "Adobe Buys XML Software Maker." By David Becker. In CNET News.com (November 10, 2003). "Publishing software giant Adobe Systems announced Monday that it has acquired Yellow Dragon Software, a small company that specializes in XML tools that will support Adobe's electronic document strategy. Vancouver, British Columbia-based Yellow Dragon makes two products that help business use XML (Extensible Markup Language), the widely spreading standard for exchanging corporate data among disparate computing systems. Terms of the deal for privately held Yellow Dragon were not disclosed. Adobe will initially focus on the company's XML registry software, which keeps track of the metadata behind XML-based files. Adobe will incorporate the registry software in future server products, said Chris Ethier, senior product manager for Adobe, to provide an integrated way for customers to track XML-enabled documents created in Adobe's Portable Document Format (PDF) and other formats... XML is a key part of Adobe's strategy to expand PDF, already widely used for electronic distribution of documents that are later printed. XML functionality is particularly important as Adobe tries to expand PDF as a format for creating and distributing electronic forms. Yellow Dragon's other product is a server application for securely exchanging instant messages based on Electronic Business Extensible Markup Language (ebXML)..." See details in the announcement: "Adobe Extends Commitment to XML Standards with Acquisition of Yellow Dragon Software. Acquired Technology Assets Enable Native ebXML Support in Adobe's Intelligent Document Platform and Streamline Collaboration Across the Extended Enterprise."