[January 31, 2004] "No Free Lunch: Microsoft Fumbles the Patent Ball." By Steve Gillmor. In eWEEK (January 30, 2004). "Microsoft has coupled royalty-free licensing with its Office XML schema patent filings, but the move may turn out to be very expensive indeed. Microsoft's decision to drop the other shoe on Office 2003's XML schemas may come back to haunt it. News reports of patent filings with New Zealand and the European Union triggered fears that third-party vendors would be prevented from accessing Office documents without licensing the new formats... It's no coincidence that Microsoft announced the 'opening' of the Office Schema licenses at a time when the software giant is under pressure to settle the six-year antitrust probe by the European Union. And just as with its DRM licensing, just because it's free now doesn't mean it will continue to be down the road once market share reaches a dominant position. But getting to 90 percent share or greater -- as Microsoft did with Windows, Office and Internet Explorer -- will not be as easy this time. Oddly, Redmond seems blinded to the reality of the new Web operating system, where technologies such as RSS are pushing the marketplace toward small XML fragments called micro-content and away from bulky Word documents. Part of the problem is of Microsoft's own making. The company's reluctance to cannibalize the Office file formats has slowed down Outlook's move to an XML underpinning. For years now, Outlook's XML object model has trailed other Office apps. Luckily for Redmond, office suite competitors such as Lotus and Novell imploded at the same time. Even now, Sun's OpenOffice has cloned the Microsoft hairball rather than producing micro-content objects that could be stitched together to create the same kind of rich compound documents... In a micro-content world, business documents are broken down into their constituent elements: notification, transaction, context, priority and lifetime. IM traffic, Weblog posts, breaking news, appointments, alerts and good old e-mail comprise a dominant percentage of micro-content traffic. Managing the real-time flow of information becomes Job One, followed closely by archiving and publishing snapshots of the data as 'documents'... To be sure, Microsoft can take comfort in its strategy of waiting for the competition to do the R&D and then swooping in when the market is primed. Micro-content authoring tools are in their infancy, held back by the lack of resources in mom-and-pop RSS aggregator shops. But the patent filings are giving companies such as Apple and Sun time to seed their platforms with common services that can be bootstrapped by small ISVs..." See the news story: "Microsoft Files for Patents Related to XML Parsing and Word Processing."

[January 31, 2004] "Microsoft on Patenting XML Formats." By Dan Gillmor. From SiliconValley.com (January 27, 2004). "I recently asked whether Microsoft's moves to patent the XML formats it's using in new versions of Office were, once again, a customer lock-in ploy. Here's a (slightely edited) reply from Mark Martin, who's employed by the Microsoft's PR company: [...] 'While the XML standard itself is royalty free, nothing precludes a company from seeking patent protection for a specific software implementation that incorporates elements of XML. This is an industry-standard means of differentiation followed by other major companies. This does not, in any way, change the royalty-free nature of the XML standard itself. The presence of this patent application in New Zealand does nothing to change the commitment Microsoft made this past November when it announced the available of a royalty-free licensing program for our Office 2003 XML Reference Schemas...' Dan Gillmor: "I don't think anyone is alleging that Microsoft is trying to block XML development. The worries are that Microsoft is trying to enforce rights that would block some people from freely using this supposedly open technology. There's a difference. It also sounds to me like Microsoft wants it both ways, but maybe these patents truly are defensive and nothing else. We'll find out soon enough, I suspect, when OpenOffice developers and others from the open-source community try to use the Microsoft XML schemas in a serious way. Of course, as I noted before, Microsoft could demonstrate good intentions, not just state them, by putting the schemas into a Creative Commons conservancy. No hint of that, however..." See: (1) "Creative Commons Project"; (2) "Microsoft Files for Patents Related to XML Parsing and Word Processing."

[January 31, 2004] "The SPIRITS (Services in PSTN requesting Internet services) Protocol." Edited by Vijay K. Gurbani. Contributors: Alec Brusilovsky, Igor Faynberg, Jorge Gato, Musa Unmehopa, and Kumar Vemuri. IETF Internet Draft. Reference: 'draft-ietf-spirits-protocol-07.txt'. Category: IETF Standards Track. January 2004, expires July 2004. 43 pages. Section 9 provides the XML schema definition. ['The IESG has received a request from the Service in the PSTN/IN Requesting Internet Service WG to consider this document as a Proposed Standard. The IESG plans to make a decision in the next few weeks, and solicits final comments on this action by 2004-02-12.'] "SPIRITS (Services in the PSTN Requesting InTernet Services) is an IETF architecture and associated protocol that enables call processing elements in the telephone network to make service requests that are then processed on Internet hosted servers. The term Public Switched Telephone Network (PSTN) is used here to include all manner of access; i.e., wireline circuit-switched network as well as the wireless circuit-switched network. This document defines a base XML schema for subscriptions to events. The list of events that can be subscribed to is defined in the SPIRITS protocol requirements document and this document provides an XML schema for it. All SPIRITS subscribers (any SPIRITS entity capable of issuing a SUBSCRIBE, REGISTER, or INVITE request) must support this schema. All SPIRITS notifiers (any SPIRITS entity capable of receiving and processing a SUBSCRIBE, REGISTER, or INVITE request) must support this schema... The document also defines a base XML schema for notifications of events. All SPIRITS notifiers must generate XML documents that correspond to the base notification schema. All SPIRITS subscribers must support XML documents that correspond to this schema. The amount of information that can be available in a notification depends on the information elements available to the PSTN entity generating the notification for the event subscribed to. It is entirely conceivable that some PSTN entities may have richer information elements, while others simply support the most primitive information elements. Thus, the SPIRITS protocol includes provisions for extending the notification schema... The namespace URI for elements defined in this document is a Uniform Resource Name (URN), using the namespace identifier 'ietf' - urn:ietf:params:xml:ns:spirits. SPIRITS XML documents may have a default namespace, or they may be associated with a namespace prefix following the convention established in XML namespaces. Regardless, the elements and attributes of SPIRITS XML documents must conform to the SPIRITS XML schema..."

[January 31, 2004] "What's New in Tomcat 5." By Jason Brittain (Friendster Inc). From O'Reilly ONJava.com (January 28, 2004). "The Apache Tomcat developers have released their latest version of the popular open source Java servlet and JSP container, version 5.0.16, as the first stable release of Tomcat 5. In this article, we'll take a look at the latest features in Tomcat 5. The release of Tomcat 5 corresponds with the final release of the Servlet 2.4 and JSP 2.0 specifications. The Servlet 2.4 Specification is only a slight evolution of the Servlet 2.3 Specification, so the API and semantics are almost completely backwards-compatible. With very few exceptions, Servlet 2.3 web applications should work fine in a Servlet 2.4 container. This is great news for those currently using Tomcat 4 who wish to upgrade to Tomcat 5 -- you probably don't need to modify your web applications... The deepest impact that the Servlet 2.4 specification has on Tomcat 5 is the integration of XML Schema. In previous versions of the servlet specification, the deployment descriptors for servlet web applications were defined and validated using an XML DTD. This worked fine, but as it turned out, DTDs aren't quite modular or flexible enough for other technologies to be able to leverage servlet web apps as a framework. To achieve this level of flexibility and modularity, those involved in revising the Servlet 2.4 Specification and other J2EE 1.4 specifications decided to base the deployment descriptor definition and validation on the newer XML Schema, while maintaining backwards-compatibility with the older servlet 2.3 (and lower) DTDs. The JavaServer Pages 2.0 Specification is a new version of JSP, and quite a bit larger due to its many new features, but aims to be backward-compatible with JSP 1.2. The most important addition to JSP 2.0 is the inclusion of the JavaServer Pages Expression Language (EL). Since EL is now part of the JSP container, EL became more useful because it can be used even in the middle of template text as opposed to just within certain custom tags. For Tomcat developers, the main thing to keep in mind with this new addition is that EL is now also part of Tomcat 5, which makes version 5 more featureful and easier to use than Tomcat 4 for developing detailed web applications. Also included in JSP 2.0 are improvements to the handling of XML content, which allow developers to write their dynamic XML content as JSP content... Tomcat 5.0 contains many substantial updates and improvements over Tomcat 4.1. Many of the underlying technologies that Tomcat builds upon have been updated, enabling Tomcat 5 to offer a wider range of solutions and features to the administrator and developer. This, combined with many performance enhancements and a smaller memory footprint during heavy loads means that Tomcat 5 does a better job with the same web apps than does Tomcat 4. Tomcat 5 is also more manageable, more easily monitored, and is easier to build. Tomcat 5.0 is production-ready now. The Tomcat community tested many releases of Tomcat 5 before it was voted stable late last year..." See also Tomcat: The Definitive Guide, by Jason Brittain and Ian F. Darwin (O'Reilly).

[January 31, 2004] "DCML Brings Clarity to Data Center Chaos. By Capturing Properties and Relations, DCML Bids to Break the Management Barrier." By Doug Allen. From Network Magazine (January 05, 2004). "For just about any IT manager, the data center is chaos: a sea of multivendor servers, arrays, cabling, and so on-all of which must play nicely together amidst a torrent of ever-shifting user demands, new software and capacity upgrades, and dynamic user policies. The thought of capturing this complexity, whether to improve management capabilities or to replicate the design for sister distributed data centers, is truly frightening... A [proposed] DCML standard is in the works that will use Extensible Markup Language (XML) to describe any data center environment. Much like an architect's blueprint, the resulting template will document both the necessary network elements (servers, software infrastructure and applications, network and storage components, plus various OS platforms) and their interdependencies -- that is, the way each element or subelement works with and affects every other element in the data center. In short, this means an open, cross-platform dynamic database of configurations, user policies, and real-time management and monitoring data. A DCML template replaces or complements previous approaches to describing the data center, such as manual documentation, ad hoc or platform-specific standards, and configuration imaging... A DCML file contains nine profiles: server configurations (hardware specifications, I/O settings, OS loads, and patch levels), software configurations (installed packages or images, installation sequences and patch levels, and so on), applications (descriptions of complete n-tier business applications across disparate servers or code), environmental lifecycle (classifying servers and code into groups such as development, build, test, staging/stress testing, and production and/or disaster recovery), networking (firmware versions, protocols, and configurations for switches, routers, bridges, access devices, and so on), security (firmware versions, flash configurations, and administrative and configuration settings for firewalls, IDS/IPSs, anti-virus solutions, and so on), storage (disk space allocation and configuration for storage arrays, NAS, and SANs), the data center itself (complete hierarchical combinations of all elements), and environmentals (enterprise requirements of the center itself, including power, cooling, floor space, and physical configurations)... It's important to note that the DCML Organization hasn't been able to enlist Microsoft, which will likely push its own Systems Definition Model (SDM). HP, IBM, and Sun Microsystems are also no-shows so far. DCML may have a fight on its hands, or else must position itself as complementary to the big boys. In any case, the organization plans to develop the specification and then merge with a larger standards group, such as OASIS, the IETF, or the DMTF. Formal ratification is expected by the end of 2004..." See the news story "Opsware and EDS Launch Data Center Markup Language (DCML) for Utility Computing."

[January 31, 2004] "Tech Giants Lock Down Wireless Content." By Ben Charny, Richard Shim, and John Borland. In CNET News.com (January 30, 2004). ['A group of technology heavyweights is expected to announce new technology for securing music and video on wireless devices. Bottom line: Development of a wireless content security specification could help spur new mobile media services -- and pose a fresh challenge to Microsoft and others developing similar technology.'] Formerly known as "Project Hudson," the DRM effort "will kick off publicly Monday [2004-02-02], with the announcement of new digital rights management (DRM) specification from industry group the Open Mobile Alliance (OMA), as well as the formation of a new licensing body led by Intel, Nokia, Panasonic and Samsung that will promote the technology, according to sources. Toshiba was originally a member of the licensing group but has since backed out. The licensing entity will be known as the Content Management License Administrator (CMLA) and will promote an implementation of the latest version of OMA's digital rights management standard... CMLA aims to ease piracy concerns among movie studios and record labels over a growing number of devices, including cell phones, capable of connecting to wireless networks. According to one source familiar with the plan, the DRM scheme will be built into mobile handsets, allowing encrypted files to be streamed onto compliant devices. Known as OMA DRM 2.0 Enabler Release, the specification could also potentially support devices connected in wireless networks based on the 802.11 standards, or Wi-Fi. Despite being a relative newcomer in the crowded DRM space, the CMLA plan has already won some early support from major content owners... Software makers hope to cash in on the media industry's demand for DRM by supplying security standards that could ultimately give them a slice of the profits every time a song or movie is bought or played online. They also stand to reap substantial fees from hardware companies that would be required to license their technology in order to legally play back most copyrighted music and videos. A wave of competing and incompatible DRM products has hit the market from Microsoft, Apple Computer, Sony, IBM, RealNetworks and others, creating interoperability headaches for consumers. For example, Apple's best-selling iPod digital-music player supports only the company's own flavor of DRM, which is used on songs purchased from its iTunes Music Store. DRM-protected songs purchased from other music download stores can't be played back on the iPod, nor will iTunes songs play on any MP3 player other than the iPod. Nokia, Motorola, Sony Ericsson Mobile Communications and Siemens make a total of 46 handsets that use an early version of OMA's DRM, while Ericsson and Openwave Systems make servers that use the technology, according to OMA's Web site..." General references in: (1) "Open Mobile Alliance: Digital Rights Management" [December 2003]; (2) "Proposed Open Mobile Alliance (OMA) Rights Expression Language Based Upon ODRL"; (3) "XML and Digital Rights Management (DRM)."

[January 30, 2004] "XML Security: The XML Key Management Specification. XKMS Helps Make Security Manageable." By Manish Verma (Second Foundation). From IBM developerWorks (January 27, 2004). "With an ever-increasing number of people and businesses relying on the Internet to exchange confidential and sensitive information, security has become a hot issue. Two security-related topics have gained significant importance: Ease of management: Making the security infrastructure's usage and integration with applications easy so that its adoption becomes widespread. Portable trust: After a trust relationship has been established with an entity, having a standard mechanism to transfer that trust to another cooperating entity. Single SignOn is a typical example of portable trust. After a user has been authenticated with a particular Web site, a standard mechanism passes that information to other cooperating sites that require the user's authentication information. This allows those sites to transparently share information about an entity without the need to request the same information from the entity again and again. For single sign-on to work, the entities must recognize each other's credentials. The XML Key Management Specification (XKMS) allows for easy management of the security infrastructure, while the Security Assertion Markup Language (SAML) makes trust portable. SAML provides a mechanism for transferring assertions about authentication of entities between various cooperating entities without forcing them to lose ownership of the information. This article discusses the role that XKMS plays in managing the security infrastructure, and provides a step-by-step guide to using XKMS... Often, good technologies fall by the wayside because they are cumbersome to use; in such cases, only a small devoted set of developers continue using the technology without it ever being adopted by average IT departments. PKI has been around for many years, but has not yet made it into typical IT departments. Now, XKMS provides an easy mechanism for using and integrating PKI with applications. In this article, I have explained the objectives of having an XKMS abstraction layer on various PKI solutions, and demonstrated how easy it is to use the XKMS service for registering and locating your key. In my next article, I will focus on explaining how to make this trust portable using SAML..." See general references in: (1) "XML Key Management Specification (XKMS)"; (2) "Security Assertion Markup Language (SAML)."

[January 30, 2004] "Systinet Broadens XML Schema for Verticals." By Rich Seeley. In Application Development Trends (January 26, 2004). "As XML Schema definitions proliferate in e-business Web services applications, developers face the almost overwhelming task of finding ways to process them, according to Peter Lacey, director of field engineering at Systinet Corp., Cambridge, Mass. Some definitions, such as Parlay X in the telecommunications industry, don't even fully adhere to the XML Schema standard, Lacey said, but developers and tools and platform vendors still need to support it. Seeking to provide broad support for emerging vertical industry standards such as Parlay X for telcos and the Financial products Markup Language (FpML) for banks, Systinet has released an enhanced version of its WASP Server for Java. WASP Server for Java 4.7 supports not only vertical industry XML Schema definitions, but can be customized as individual companies create company specific standards, Lacey said. He pointed to a banking customer of Systinet as an example. 'The bank in this case uses FpML' he said. 'But then they extended it to encompass the needs that are particular to them that are not generic to the entire financial products industry'..." From the WASP Version 4.7 announcement: "Systinet, the leading independent Web services software company, today announced the availability of Systinet WASP Server for Java, 4.7, the award-winning Web services infrastructure platform that provides a complete solution for developing and deploying enterprise Web services applications. WASP Server for Java, 4.7 makes it possible, for the first time, to deploy Web services in critical business projects that demand proven reliability and security and that require seamless integration at both the application and data levels. WASP Server for Java, 4.7 provides unique functionality for data integration with the industry's broadest support for XML Schema definitions, including FpML, OFX, ACORD, Parlay and HL7. For developers, this means they can deploy Web services applications and can confidently rely on WASP to validate XML data formats and values according to the rules encapsulated in the XML Schema. This makes the developer more productive and eliminates errors and inconsistencies..." See also: (1) the WASP Version 4.7 Overview; (2) company announcement 2004-01-29: "Systinet Closes Highly Successful 2003 with Strong Momentum and Growth. Leading Independent Web Services Software Provider Grows its Revenue 5X in 2003, Signs Over 70 Customer Deals and is Poised for Continued Growth in 2004." (3) general references in "Financial Products Markup Language (FpML)."

[January 30, 2004] "Microsoft Scraps IE Changes in Eolas Patent Dispute." By Matt Hicks. In eWEEK (January 05, 2004). "Microsoft Corp. gave Web developers a reprieve on Thursday, announcing that it had scrapped its plans to modify Internet Explorer this year in response to a patent infringement verdict against it. Microsoft in October said it would change the way the Web browser and Windows XP handle Web pages that use its ActiveX Controls, its version of an applet. The modified version of IE was expected to be out early this year to overcome the patent dispute at the heart of the $521 million verdict that Eolas Technologies Inc. won in August against Microsoft. Despite holding off on the browser modifications for now, Microsoft's decision is temporary. Whether it moves forward with IE changes in the future largely depends on the outcome of its appeal and on the results of a U.S. Patent and Trademark Office reexamination of Eolas' patent..." See also the Microsoft announcement and the W3C Summary in "Summary of 23 January 2004 HTML PAG teleconference." Background in: (1) "US Federal Trade Commission Report Calls for Patent Law and Policy Reform"; (2) "W3C Presents Prior Art Filing to USPTO and Urges Removal of Eolas Patent"; (3) "Patents and Open Standards."

[January 30, 2004] "Sun Urges Eclipse to Unify Java World." By Martin LaMonica. In CNET News.com (January 30, 2004). "Java steward Sun Microsystems has sent a letter to members of Eclipse, urging the increasingly influential open-source project to unify rather than fragment the Java-based development tool market. Sun sent the letter Thursday afternoon, only a few days before Eclipse is set to break from founder IBM as an independent open-source project. Sun also reiterated its previous decision not to join Eclipse because that would mean abandoning its NetBeans open-source Java tools initiative, which forms the basis for Sun's commercial products. Eclipse maintains a Java development tool platform -- also known as Eclipse -- that allows developers to mix and match different types of tools in a single programming application. NetBeans serves largely the same function, but has not garnered as much industry support as Eclipse. Before such software became prevalent, it was difficult, if not impossible, for many Java tools to work together... On Thursday, Sun warned that despite the change of status, a number of issues could still concentrate power in IBM's hands or serve to advance the business interests of some companies, rather than the Java industry -- Sun included -- as a whole. IBM is heavily invested in Eclipse software, which it's using across its entire software product line. Although staunch rivals, Java software companies such as IBM, Sun and Oracle have also cooperated to ensure that Java software and tools can work together. The ability to share Java products and applications from different companies, which run on different operating systems, is an important selling point against Microsoft's Windows-centric software. In particular, Sun warned that the new bylaws of Eclipse give the position of executive director, now held by an IBM employee, an "unusual amount of power" to dictate the work of the open-source group. Sun also questioned whether IBM employees will continue to make up the majority of project staffers. Finally, Sun urged Eclipse to explore and accept intellectual property from outside the membership of the open source group..." See also Eclipse.Org: "Eclipse is an open platform for tool integration built by an open community of tool providers. Operating under a open source paradigm, with a common public license that provides royalty free source code and world wide redistribution rights, the eclipse platform provides tool developers with ultimate flexibility and control over their software technology... In the Eclipse Platform, code access and use is controlled through the Common Public License, which allows individuals to create derivative works with worldwide re-distribution rights that are royalty free..." See also "Industry Reacts to Sun Eclipse Letter," by Darryl K. Taft.

[January 30, 2004] "Tip: Use Language-Specific Tools for XML Processing. Alternatives to SAX and DOM." By Uche Ogbuji (Principal Consultant, Fourthought, Inc). From IBM developerWorks.January 30, 2004. "DOM and SAX are the two best known systems for XML processing, but they are really compromises across programming languages. As such, they do not take advantage of any language's particular strengths. Often it is better to duck conventional wisdom and use special APIs that take advantage of particular strengths. SAX and DOM are the ruling pair of XML processing APIs. The choice developers generally know best are between the standard model of SAX (push events from the parser to a detached handler) and DOM (parse the document into a tree of readily-accessible objects). SAX generally offers better performance on sizeable documents and DOM generally offers more straightforward code. SAX was designed for the Java language, although bindings to other languages have been developed. In these other languages, however, the Java heritage of SAX generally shows through and many of the strengths of the language being used are forfeit. DOM was designed to be as language-neutral as possible, specified in ISO Interface Definition Language (IDL); standard bindings exist for the Java language and ECMAScript (JavaScript), but these still reflect the language-neutral constructs of the IDL, and all the language bindings, official or unofficial, again forfeit some strengths of the host language. To better take advantage of core language strengths, various developers have developed XML processing APIs that are native to particular languages. Almost all well-known languages have one or more toolkits offering such an API. For some time, the conventional wisdom has been that it's best to stick to SAX and DOM for maximum portability, but experience has convinced me that this is more often than not an overstated consideration. For one thing, because the language bindings for SAX and DOM have some deviations, code is rarely truly portable across languages; the work needed to adapt the code from one language to another is still considerable... So regardless of which language you prefer, you have many options for processing XML. Don't be afraid to put aside conventional wisdom and look for options besides the ruling pair..."

[January 28, 2004] "Managing Data Centers Through XML." By Patrick Thibodeau and Tim Howes. In Computerworld Australia (January 28, 2004). "Last year, some 40 management tool vendors formed the DCML Organization, a consortium committed to developing an open standard to facilitate interoperability and better integration between tools. Vendors say the the evolving Data Center Markup Language will be critical to the development of utility computing and simplify life for data center managers. The first release of DCML is scheduled this quarter, with products adapted to the specification expected by midyear. One of the leaders of the effort is Tim Howes, chief technology officer at Opsware Inc., a data center software automation vendor in Sunnyvale, Calif. He discussed the motivations for developing DCML and its technical challenges and potential user benefits with reporter Patrick Thibodeau." [Howes:] "There's a need to have all these management products communicate with one another, and that's what DCML is about -- providing a common data format for exchanging information about the environment being managed between all of these different management systems... When you provision a new machine, you want to make sure that machine is monitored, so you need to communicate to your monitoring system that there's a new machine to be monitored. Today that happens, if you are lucky, by somebody leaving a Post-it note on the monitor of the guy who runs the monitoring system. But DCML allows that to happen in a more automated fashion. Similarly, that happens with security systems, backup systems -- there are all kinds of different systems. DCML provides the vocabulary, the language if you will, for those systems to communicate with each other... We're trying to create a standard data format that can be used to exchange information between automation and utility computing systems and traditional management systems. The use cases that we have in mind are: making sure provisioning systems can communicate with the systems that manage the machines that they provision; making sure those systems can communicate with the asset-tracking, inventory and billing systems that are responsible for keeping track of what's going on in the environment; and translating that into billing for customers or cost accounting for internal purposes. We want all these things to be able to communicate with one another..." See the news story "Opsware and EDS Launch Data Center Markup Language (DCML) for Utility Computing."

[January 27, 2004] "Web Services Security Spec Moves Toward Approval. OASIS Braces for Membership Vote." By Paul Krill. In InfoWorld (January 27, 2004). "WS-Security, a widely supported proposal for securing Web services, could become an official OASIS standard by March. OASIS in mid-February anticipates a full-membership vote on the WS-Security specification, which is intended to provide critical security for Web services. If approved during a 30-day voting period, WS-Security becomes an OASIS standard. The OASIS Web Services Security Technical Committee earlier this month approved a set of documents pertaining to the specification, which is officially referred to as Web Services Security: SOAP Message Security 1.0. The specification, which was subjected to a public review as well, describes enhancements to SOAP messaging to provide for message integrity and confidentiality, according to OASIS. Related documents also approved included Username Token Profile, for using WS-Security for user names and passwords, and X.509 Certificate Token Profile, for using WS-Security to sign and encrypt messages via X.509 digital certificates, said Kelvin Lawrence, co-chairman of the OASIS committee and an IBM Distinguished Engineer. Also approved were documents pertaining to XML Schema and XML extensions pertinent to WS-Security..." See details in the news story "OASIS Web Services Security TC (WSS) Approves Committee Draft Specifications."

[January 27, 2004] "XML in Yukon: New Version Showcases Native XML Type and Advanced Data Handling." By Bob Beauchemin. In Microsoft MSDN Magazine (February 2004). "The next version of Microsoft SQL Server, code-named 'Yukon,' takes the groundbreaking XML support that was introduced in SQL Server 2000 and enhances it to include even more innovative functionality and ease of use. Yukon adds native XML data storage to the database management system (DBMS) through a new native XML data type. The introduction of this native XML data type, coupled with the emerging industry standard XQuery language, should spark a revolution in database application development. Support for the native XML data type is extensive. It includes XML Schema-based validation and additional XML-based constraints, special XML Infoset-based indexes, and queries over XML content objects using XQuery. In addition to this radical new functionality, the existing SQL Server 2000 XML functionality has been fine-tuned for better performance and ease of use. This article discusses Yukon's built-in ability to expose its data through Web services, and other XML features of Yukon... In Yukon, support is enhanced to include composition, decomposition, and distributed relational queries. It also includes native XML queries and native XML storage. The new XML data type differs from the conventional storage of an XML document in a text data type. The new data type is a first-class type; you can use it in most of the ways any other SQL Server data type can be used, including as a column in a table, a variable in T-SQL, a stored procedure or user-defined function parameter, or a user-defined function return value. The XML type is quite similar to the concept of a distinct type defined by SQL-99 (the latest version of the ANSI SQL standard) and to the character-based large object (CLOB) types varchar(max) and nvarchar(max). You must convert it to and from a varchar or nvarchar type, although the T-SQL INSERT statement will do automatic conversion from a varchar and nvarchar value used in a VALUES list to an XML data type column value. You cannot CAST or CONVERT the XML type to any type other than varchar or nvarchar. Two instances of an XML data type cannot be compared. Like a SQL-99 distinct type, the XML type has its own methods; these methods enable you to use an alternate query language, XQuery. The data in an XML type does not follow the relational data model, but it does follow the XQuery 1.0 and XPath 2.0 data model. The primary reason for having an XML data type is that when you define an XML data type column, the data in that column is stored in the database itself. The column is not a pointer to an XML document on the file system. This means that XML data is included in the backup and restore process, is subject to ordinary SQL Server security, and participates in transactions and logging. Having XML data inside a relational database may offend some relational purists, but it means that your data lives in a single repository for reasons having to do with administration, reliability, and control..."

[January 27, 2004] "Oracle to Add RFID Support to Warehouse Application." By John Pallatto. In eWEEK (January 05, 2004). "Oracle Corp. said it plans to release a new version of Oracle Warehouse Management in the summer season that will support radio frequency identification (RFID) and electronic product code (EPC) features. Oracle officials discussed the new Warehouse Management features at this week's Oracle AppsWorld conference here. The new Oracle Warehouse Management package will be based Oracle Database 10g and Oracle Application Server 10g to enable customers to automate the process of counting and tracking goods moving in and out of warehouses... The application server will include built-in RFID middleware to provide the connection-control and filtering features required to process RFID data. The warehouse management module will be able to produce and process RFID labels that are required for commodity tracking. The new version of Oracle Warehouse Management will provide compatibility with RFID tags along with the reading and printing devices produced by Alien Technology Corp., Internet Technologies Corp. and Zebra Technologies. The demand for RFID technology has been gaining momentum because major retailers, just as Wal-Mart Stores Inc. and the U.S. Department of Defense are requiring their highest volume suppliers to support RFID technology if they want to do business with them, said Jon Chorley, senior director of Oracle Inventory and Warehouse Management System. Read more here about RFID technology and both Wal-mart and DoD's requirements for it. The new version of Oracle Warehouse Management will support the RFID tagging of entire pallets of goods as well as individual cases. In addition, warehouse operators can track in-bound and outbound shipments, Chorley said. The automated tagging and reading process cuts the time it takes to track inventory, reduces costs and improves the accuracy of inventory reports, he said. The technology will also improve warehouse security because with RFID readers installed at the warehouse doors, the RFID application can watch for any outbound or even inbound shipments are authorized..." General references in "Radio Frequency Identification (RFID) Resources and Readings."

[January 27, 2004] "Inside XAML." By Ian Griffiths. From O'Reilly ONDotnet.com (January 05, 2004). "One of Longhorn's most interesting technologies for developers is its new XML-based markup language, codenamed XAML (short for eXtensible Application Markup Language, and pronounced 'Zammel'). User interfaces in Longhorn applications are typically built using XAML. In this article, we look at how XAML relates to the underlying support provided by WinFX. XAML user interfaces are built in much the same way as HTML web user interfaces -- you simply create a document with tags for each of the user interface elements you require... You might be wondering why Microsoft decided to invent a brand-new markup language for building user interfaces, rather than using HTML or SVG. One of the reasons is functionality -- Avalon provides many sophisticated user interface features that are not available in HTML, such as scaling and rotation of both text and graphics, and animation. Also, HTML has been developed primarily for use on the Web, whereas XAML's principal target is applications that run directly on Windows (i.e., 'rich clients' or 'smart clients'). But this still leaves the question of why Microsoft didn't use SVG (Scalable Vector Graphics -- a graphically rich, XML-based markup language.) After all, SVG addresses many of HTML's shortcomings as a rich-client markup language. However, the most powerful reason for devising a new markup language is the very close relationship between elements in a XAML file, and objects at runtime. Unlike any previous markup languages, XAML is designed to integrate directly with WinFX... XAML is a simple but powerful way of building trees of .NET objects. Because it is based on XML, it is straightforward to create XAML-based markup. This not only makes it easy to build user interfaces by hand, it also makes it relatively straightforward for tools to generate XAML -- in the future, design tools will emerge that are able to export documents and drawings in XAML format. It is also easy to use technologies such as XSLT to transform XML data sources into XAML documents. XAML enables a clean separation of user interface from code through the use of code-behind files, while its close integration with WinFX makes it very easy for code to manipulate the user interface elements defined in the markup..." General references in "Microsoft Extensible Application Markup Language (XAML)."

[January 27, 2004] "Parasoft Touts Security, WS-I in Web Services Test Tool. Web Services Product Complies With Industry Efforts." By Paul Krill. In InfoWorld (January 27, 2004). "Parasoft on Tuesday is releasing SOAPtest 2.5, an upgrade of the company's Web services testing tool that sports security enhancements and adherence to upcoming WS-I test tool functions... Looking to prevent errors early in the development stage, the product verifies aspects of a Web service ranging from WSDL validation to functional and performance testing, according to Parasoft. Version 2.5 tests for a variety of security factors through compliance with the WS-Security specification, which includes adherence to X509, user name security tokens, and SAML, Parasoft said. Compliance with XML Digital Signature and XML Encryption also is tested, the company said. Security is critical to Web services to enable users to move from internally deployed Web services to using the services to interact with other businesses, said Jeehong Min, technical leader for software at Parasoft. "WS-Security is the standard that people have agreed upon as a security layer for Web services. It's the XML message-level security layer," Min said. The product features a WS-I Analyzer tool to verify WSDL and SOAP traffic for interoperability. The tool conforms with the upcoming WS-I Testing Tools 1.0 tools from the Web Services Interoperability Organization, Parasoft said. The WS-I tools are intended to test for compliance with the WS-I Basic Profile 1.0 guidelines for Web services interoperability. The WS-I Testing Tools 1.0, which will feature Analyzer and Monitor tools, are due in a month from the WS-I, for the C# and Java languages. Also featured in SOAPtest 2.5 is testing for MIME attachments, including meeting SOAP with Attachments and OASIS ebXML specifications and receiving both text/XML and binary attachments..." See details and references in: (1) the announcement, "Parasoft Releases SOAPtest 2.5 for Comprehensive Web Services Testing. Web Services Testing Product Now Offers Security Features, MIME Attachment Support and Enhanced Load Testing Features."; (2) "Web Services Interoperability Organization (WS-I)."

[January 27, 2004] "XForms 1.1 Requirements." Edited by John Boyer (PureEdge Solutions Inc), Roland Merrick (IBM), and Sebastian Schnitzenbaumer (SAP). Produced by members of the W3C XForms Working Group. W3C Working Group Note. 26-January-2004 Version URL: http://www.w3.org/TR/2004/NOTE-xforms-11-req-20040126/. Latest version URL: http://www.w3.org/TR/xforms-11-req/. "XForms is an XML application that represents the next generation of forms for the Web. This document specifies the requirements for XForms 1.1. XForms Version 1.1 will build upon the solid foundation set forth by XForms 1.0 -- the Next Generation of Web Forms. The 1.1 version makes incremental improvements over version 1.0 to provide expanded behaviors for the existing and established XForms Model-View-Controller Framework and by embracing SOAP. It also makes adjustments to XForms to facilitate its adoption in other host languages. The incremental improvements to XForms 1.0 include Repeat/Insert Enhancements; Bind Attribute on Bind Element; Email-address Datatype; XForms Processor as XML Editor; Power Function; Referencing Bind Sites in XPath Expressions; and Improved Search for Instance Data by Key Value... XForms expresses a processing model and user interface for the modification of data expressed in XML. Currently, the XML can be obtained from within the document or from a server. It would be useful to allow XForms processors to edit XML obtained from the local computer, and to return the edited XML to the local computer. To avoid security issues, this cannot be done by simply using a file scheme in the src attribute of the XForms instance element. [The requirement is to] allow an XForms processor to provide an XML editing capability... To increase widespread adoption of XForms in web applications, it is necessary to reduce the difficulty of authoring XForms in XHTML, which is currently hindered by the incessant need to flip between the host language namespace and the XForms namespace when authoring the user interface component of a form..." General references in "XML and Forms."

[January 27, 2004] "XML Data Formats Take Center Stage in the Financial Services Industry." By Uche Ogbuji. From XMLHack.com (January 05, 2004). "The Third Annual XML for Financial Services conference, held in New York City, USA, casts doubt on the conventional wisdom about Web services and the role of tightly-coupled middleware in real-world XML developments. This conference is dominated by technical managers from the Financial Services industry rather than the usual idealistic and diverse cadre of XML professionals. The emphasis in discussing technology is firmly on maturity, practicality, enterprise scalability, international scope and regulatory awareness. The standards organizations that convey authority are not the likes of W3C, OASIS, WS-I or the like, but rather ISO, UN and financial regulators. Under this light mainstream Web Services are a curiosity based on intriguing propositions, but not yet proving their mettle for enterprise deployment, and running out of time to prove such mettle. The package of ebXML technologies looks to be on a more solid path to enterprise deployment in this industry, but is still not convincing managers to come out of wait-and-see mode... This trend is an interesting contrast to the seeming situation in the general XML and Web services world, where toolkits and wizards for infrastructure and content are making a lot of noise in the marketplace. The invasion of the middleware crowd into XML has put off a growing number of XML purists, but it seems that the need for vendor independence, local control, document longevity, global regulation and transparency in the Financial Services world means it is a natural home for the sort of richly expressive and loosely coupled systems that were once the main promise of XML..." See also XML specifications for the financial industry.

[January 27, 2004] "IBM Patents Developer Payment Method." By Darryl K. Taft. In eWEEK (January 27, 2004). "In a nod to the open-source development model, IBM has patented a scheme that maps out a method of payment for broad numbers of developers working together on projects, a move that has upset some developers. In U.S. Patent number 6,658,642, which IBM applied for in June of 2000 and was granted last month, the systems giant identifies a 'system, method and program product for computer program development' that employs a distributed programming model, according to the documentation defining the patent. The patent describes the current software development environment, where pressure to turn out quality software quickly is pushing companies to rely on developers outside their corporate walls... 'The high-tech industry is moving very fast and the first to market has a big advantage over competitors, often deciding the early winner,' IBM said in a description of the patent. 'So, speeding up software development increases the likelihood of success. One way to speed up software development is to increase the number of programmers on the project, distributing the workload to as many programmers as possible. Unfortunately, hiring people for a very short period of time complicates rather than simplifies development.' The description cites a programmer shortage and adds: 'So, to supplement their permanent workforce, companies are forced to contract with independent contractors, delegating customized or specialized software development to the contractors. Typically, the contractors are paid either in advance or, incrementally, as the project progresses. Regardless of how much the package developer may be willing to pay, contractors still face the same programmer shortage.' The IBM 'invention' is aimed at 'reducing software development time and costs, while increasing the likelihood of software development success,' the patent said. 'As a result, with the advent of Internet, to maximize the number of programmers working on a particular project, collaborative software development projects, such as open source software development (e.g., Linux), are undertaken or initiated daily. Web based electronic businesses have formed offering contractors a solution to temporary programmer shortages,' the patent said. 'One such e-business is an auction site (www.cosource.com) for software development contracts, focusing on the needs of open source development. However, this approach matches a single programmer with each task. Money is paid in advance with the package developer bearing the risk that the project will not complete on schedule.' Yet, IBM's patent defines a mechanism for paying programmers who work in an open-source-like model... IBM issued a press release earlier this month citing the number of patents the company had been issued in 2003. According to IBM, the company was issued 3,415 patents last year by the U.S. Patent and Trademark Office. And the company had more than 1,400 software-related patents, or about 40 percent of the patents the company received last year, IBM officials said. In fact, with the 3,415 patents IBM said it broke the record for patents received in a single year. And during the past 11 years, IBM has gained more than 25,000 U.S. patents..."

[January 27, 2004] "OWL Web Ontology Language: Parsing OWL in RDF/XML." By Sean Bechhofer (University of Manchester). W3C Working Group Note. 21-January-2004. Produced by members of the W3C Web Ontology Working Group. Version URL: http://www.w3.org/TR/2004/NOTE-owl-parsing-20040121. Latest version URL: http://www.w3.org/TR/owl-parsing. "The OWL Semantics and Abstract Syntax document provides a characterisation of OWL ontologies in terms of an abstract syntax. This is a high level description of the way in which we can define the characteristics of classes and properties. In addition, S&AS gives a mapping to RDF triples. This tells us how such an abstract description of an OWL ontology can be transformed to a collection of RDF triples, which can then be represented in a concrete fashion using, for example RDF/XML. In order to parse an OWL-RDF file into some structure closer to the abstract syntax we need to reverse this mapping, i.e., determine what the class and property definitions were that lead to those particular triples. An OWL-RDF parser takes an RDF/XML file and attempts to construct an OWL ontology that corresponds to the triples represented in the RDF. This document describes a basic strategy that could be used in such a parser... Note that this is not intended as a complete specification, but hopefully provides enough information to point the way towards how one would build a parser that will deal with a majority of (valid) OWL ontologies..." See also: (1) "Ontology Web Language for Services (OWL-S) Version 1.0"; (2) general references in "OWL Web Ontology Language."

[January 27, 2004] "Use XInclude to Synchronize WSDL with Source Schemata. Importing the Payload Format for Document/Literal Message Descriptions." By Uche Ogbuji (Principal Consultant, Fourthought, Inc). From IBM developerWorks. January 22, 2004. "In the types section of a WSDL file, you provide XML schema snippets to formalize the XML that is exchanged in the Web service. In most mainstream cases, this means the contents of the SOAP body. In the RPC style of Web services, this is usually a specialized XML format that maps W3C XML Schema (WXS) constructs to the SOAP encoding. This is usually very specific to the Web service, and not really useful outside it. This separation between the XML that is likely to be used at application level at either end-point and the format that ends up being transmitted across the wire is often key to criticism of RPC-style Web services, and the basis for advocacy of document/literal style... In document/literal style, the XML format that is most immediately meaningful to the processing on either side is simply bundled into the envelope and transmitted as is. This means that the schema details that go into the types section of the WSDL are often just a part of a more generally used schema. It may even be a globally well known schema such as XHTML, Docbook, or one of the many XML formats for business interchange, such as UBL or OAGIS. This means that embedding the schema into WSDL documents could open up synchronization or consistency problems. What happens when the overall schema changes and one does not catch up to all the WSDL that needs to be touched up accordingly? It could lead to subtle problems or big failures... This article shows how to use XInclude to incorporate external schema fragments into a WSDL file... XInclude is simple and is supported by many XML tools. It is a handy tool for many situations, and can certainly help improve the maintenance of document/literal style WSDL documents..." See also XML Inclusions (XInclude) Version 1.0 [W3C Working Draft 10-November-2003].

[January 27, 2004] "A Standards-Based Registry/Repository Using UK MOD Requirements as a Basis." By Paul Spencer (with OASIS TC Members). Version 0.3 (draft). January 22, 2004. 13 pages. "This paper is the result of a joint study by Paul Spencer and three OASIS Technical Committees -- the ebXML Registry TC (regrep), the Content Assembly Mechanism (CAM) TC and the e-Government TC. The intention is to consider whether and how the standards being developed by the regrep and CAM TCs can help meet the needs of the MOD, and wider Government needs, for managing schema components. This management involves: registering proposed schema components as drafts; reviewing proposed schema components; registering approved schema components; assembling complete schemas from components; and managing the lifecycle of the components and schemas. ... The MOD has a sophisticated data dictionary developed in-house using a SQL Server database. The dictionary is referred to as the DDR, and the System on which it runs is called Accord. This dictionary currently has over 4000 entries, with an expectation that it will grow substantially, possibly to around 100,000 entries. Accord includes support for proposing, reviewing and signing off dictionary entries. The following screen shots give a feel for the system... The MOD is starting to use XML widely, and has adopted a set of policies in use throughout the organization. It is some of these policies that simplify the management of XML artifacts within the MOD, allowing the present management system and making this a useful case study for use of OASIS regrep and CAM standards... There are three main issues of XML management in the MOD: (1) proposing and approving XML data types and elements; (2) version management of XML data types; and (3) assembling data types into schemas for message types..." The OASIS TCs include: Content Assembly Mechanism TC [Wiki], ebXML Registry TC, and e-Government TC. [cache]

[January 27, 2004] "Lightweight XML Search Servers." By Jon Udell. In XML.com (January 21, 2004). "In earlier installments of this column, I made the case for exploiting the combination of XHTML and CSS, and I demonstrated a browser-based technique for searching XHTML/CSS content using XPath. I've been using a variation of this technique on my weblog. It works, and it's been a revelation to see what's possible using nothing but JavaScript, the DOM, and the XML and XSLT processors embedded in both MSIE and Mozilla. But as my corpus of well-formed content grew it became impractical to load it into a browser in order to perform structured searches. In the spirit of the lightweight browser-based solution, I decided to create an equally lightweight server-based version based on Python and libxml2/libxslt. I'm also working on a slightly heftier, but more powerful variation based on Berkeley DB XML; we'll explore that one next time. The minimal search server is packaged into a single Python script which contains: [1] A mini-httpd that extends Python's BaseHTTPServer class; [2] An XSLT stylesheet, with markers for a replaceable XPath query; [3] Various search-page elements: HTML forms, CSS stylesheet, JavaScript helper... In the next installment we'll look at a database-backed alternative based on Sleepycat's Berkeley DB XML..."

[January 27, 2004] "Web Services Make Enterprise Strides." By Peter Coffee. In eWEEK (January 19, 2004). "Web services crossed key thresholds of enterprise acceptance during the last months of 2003, with corporate IT builders expressing dramatically greater interest in using the model for transactions up and down the supply chain as well as for in-house applications. Last fall, Forrester Research Inc. found almost three-fifths of a sample of 75 large corporate sites planning customer service initiatives and more than two-fifths planning supply chain projects using Web services technologies. Crucially, the same study found comparable or greater percentages of these sites migrating customer and product/service data to XML-based formats, an important precursor to broader use of Web services models. Gartner Inc., of Stamford, Conn., went further, projecting that Web services would be the dominant model -- used for at least two-thirds of all new development projects -- by next year. Conventional wisdom has been that outward-facing Web services would not gain momentum until key security issues were addressed directly by Web services standards... it would be nice to have agreement on where the destination lies. Web services can be defined in the affirmative -- what they are, or in the negative, what they are not. The easiest way to describe a Web service is to say that if it's done on the Internet, using Web protocols, and it doesn't involve a live user operating a Web browser, then it's a Web service. Microsoft Corp. CEO Steve Ballmer has called the result 'the programmable Web,' emphasizing the evolution from a Web of people clicking on hyperlinks to a Web of applications accessing standards-based interfaces. This definition encourages a focus on the benefits of the model: the growing ubiquity of a standards-based network of wired and wireless connections, the exploding resource base of data and functions accessible on that network, and the proliferation of convenient tools for leveraging those assets into a supporting background or a foreground user interface in a custom application..."

[January 27, 2004] "A Survey of XML Standards. Part 1: The Core Standards." By Uche Ogbuji (Principal Consultant, Fourthought, Inc). From IBM developerWorks. January 20, 2004. ['The world of XML is vast and growing, with a huge variety of standards and technologies that interact in complex ways. It can be difficult for beginners to navigate the most important aspects of XML, and for users to keep track of new entries and changes in the space. In this series of articles, Uche Ogbuji provides a guide to XML standards, including a wide range of recommended resources for further information.'] "XML started strong and has grown quite rapidly. It has proven itself a very valuable technology, but it can be an intimidating one, when one considers all the moving parts that fall under the term 'XML.' In this series of articles, I provide a summary of what I see as the most important XML technologies, and discuss how they each fit into the greater scope of things in the XML world. I also recommend tutorials and other useful resources for evaluating and learning to use each technology. All the technologies presented here are standards, although that word is itself a bit slippery. Standards come in all forms, and multiple standards often compete in the same space. I follow the practical approach of defining a standard as any specification that is significantly adopted by a diversity of vendors, or is recommended by a respectable, vendor-neutral organization... In Part 2, I shall survey standards important to those using XML in applications processing..."

[January 27, 2004] "Eclipse 3.0 Upgrade Demos on Tap at EclipseCon." By Vance McCarthy. From Integration Developer News (January 09, 2004). "Eclipse committers are hard at work on upgrade features for Eclipse 3.0, slated for release in summer 2004. Key improvements will include a generalized Eclipse platform for building non-IDE applications, increased UI responsiveness, improved user experience, and generalized Java tools to support Java like languages. To get a closer look at Eclipse 3.0, OET spoke with Erich Gamma, one of the Eclipse Project Leads. Gamma will be surveying the latest progress on Eclipse 3.0 at February's EclipseCon event. While the Eclipse download for Windows is still the most popular, there is a growing interest in Eclipse on other platforms like Linux and MacOS X... To enable rich client application development the IDE-specific features were separated into a new plug-in. With Eclipse 3.0's "generic workbench... Rather than re-invent the wheel and implement yet another run-time with dynamic component deployment support, the Eclipse team will build on top of the OSGi standard component framework. This OSGi based approach will be mostly hidden to clients and existing Eclipse plug-ins continue to work... The Eclipse 3.0 Java tools will be opened-up so that other parties can participate in search and refactoring operations. Beyond that, the Java tools will be opened so that contributors can participate in some key productivity features like quick fix and quick assist. This change would mean that a developer could contribute additional checks and fix suggestions to support EJB development, for example..." See also the EclipseCon 2004 conference.

[January 27, 2004] "Learn XForms Today: XForms Institute." By Micah Dubinko. In O'Reilly ONLamp.com (January 18, 2004). "Readers have asked for a gentler tutorial to W3C XForms, and others have asked to see some examples of 'real-world' XForms. Here are both, together on one fun site, XForms Institute (Interactive XForms School). The XForms web site has what you'd expect from a tutorial: progressive lessons, each building upon the last. It also has interactive quizzes, written without script in XForms. These run fine in nearly any browser, thanks to a remarkable Flash program called DENG, the Desktop Engine. In a mere 120k of SWF files, this small applet implements a huge swipe of XForms, XHTML, and CSS level 3. Each live example includes a 'View Source' link so that you can see how it works in the full context of a complete document..." See also: (1) the XForms Institute RSS Channel and the online book XForms Essentials. General references in "XML and Forms."

[January 27, 2004] "RSS for President." By Steve Gillmor. In eWEEK (January 20, 2004). "The Net has enormously accelerated the conversation that the aggregated campaigns have joined. A range of collaboration software, from sales force automation to wikis to the nascent social software tools, has compressed the electorate into rapidly forming affinity groups. Once in place, these groups become a dynamic type of focus group, with the enhanced ability to create, test-market, refine and deploy strategic muscle at lightning speed. It's difficult to catch this change at the surface level -- where network and even cable news operations can only sound-bite the dynamics. But the RSS space -- as a synthesis of both a filtered mainstream media and the bottom-up drivers of the blogosphere -- is the quickest way to take the pulse, and affect (or reinfect) the process in return... But if Iowa is any indication, the conversation has been altered by the presence of the network -- and RSS..." General references in See "RDF Site Summary" | "Really Simple Syndication" (RSS)."

[January 27, 2004] "Telco Punts $2.5m on Interactive-Voice XML." By Julian Bajkowski. In ComputerWorld Australia (January 20, 2004). "AAPT [Australian telecommunication company, owned by New Zealand's largest telecommunications company, Telecom New Zealand] will invest more than $2.5 million on a new, retail-customer interactive voice project that ports directly back into its mainframe billing and transaction systems in an effort to reduce call centre and administration costs. Based on a VeCommerce natural speech recognition engine and SOAP/XML interface, the solution will allow customers a voice interface directly into the telco's billing system to perform transactions -- rather than waiting for a call centre employee to do the same thing. While AAPT says that inbound customers will still be able to speak to staff, under the new system, the voice-driven, self-serve regime is clearly designed to eliminate both customer-service bottlenecks and cut the call centre staff costs that go with them. Analysts say such systems may offer competitive advantages because of operational cost reductions through shifting inbound call centre functions from a human base to robotic base. Gartner's vice president of research for enterprise networks, Geoff Johnson, confirmed that the uptake of voice-driven XML (or VXML) has been swift over the last 18 months, largely led by investments in VoIP infrastructure and voice engine and application improvements. 'It's the diplomacy and sophistication along with fluency and fault tolerance that is driving this. It's the personal productivity [to the customer] that makes this attractive,' Johnson said Despite obvious pay offs, Johnson warned risks still existed in deploying voice-driven XML systems, noting some cultures (like Japan) simply do not tolerate non-human interfaces. Johnson said rollouts can come unstuck if enterprises attempted to port 'too many complex functions' to such systems..." General references in "VoiceXML Forum."

[January 27, 2004] "Red Hat Offers Software Warranty." By Stephen Shankland. In CNET News.com (January 19, 2004). "In response to SCO Group's legal action against Linux, Red Hat is offering new legal protection that guarantees the company will replace any code found to infringe copyrights. The warranty, part of a new project called the Open Source Assurance Program, is for all existing and future customers of the Raleigh, N.C.-based company's Red Hat Enterprise Linux operating system products, the company said in an announcement Monday night, shortly before the LinuxWorld Conference and Expo that begins Wednesday in New York. SCO alleges that IBM improperly moved Unix intellectual property into Linux and, independently, that Linux infringes on the company's Unix copyrights. But offers of legal defense are sprouting all over the Linux landscape as advocates try to defuse threats from SCO, which has sued IBM for breach of contract and has promised to sue a Linux user for copyright infringement... Novell, the No. 2 Linux seller after Red Hat by virtue of its acquisition of SuSE Linux, began indemnifying its Linux customers last week, following in the footsteps of Hewlett-Packard. The Open Source Development Labs, a multi-company Linux consortium, began a a $10 million legal defense fund last week. And Montavista Software, which sells Linux for "embedded" computing devices such as consumer electronics or telecommunications gear, like Red Hat has a warrantee program. And at the last LinuxWorld show, in August, Red Hat began a legal defense fund to protect open-source programmers... Open-source software such as Linux is developed by a multitude of programmers, many not working for the company selling a product such as a version of Linux or a server that includes the operating system. That collaborative programming method, while leading programmers from competing companies to cooperate, makes it harder for a single company to control what's in a specific software package..."

[January 23, 2004] "Software Patents 'Threaten Linux'." By Clark Boyd and Bruce Perens. In BBC News, UK Edition (January 23, 2004). ['Open source advocate Bruce Perens tells BBC technology correspondent Clark Boyd why the real threat to Linux and the open source movement is not from the SCO lawsuits, but from software patents. Perens: We're looking at a future where only the very largest companies will be able to implement software, and it will technically be illegal for other people to do so.'] "The good news is that SCO has pretty much exhausted any chance of being successful in court. Their legal discovery documents have not yielded sufficient evidence. But, let's go on to the future beyond SCO. The biggest challenge that will face us after that is software patenting. Software patents that are being accepted are not necessarily inventions, their definitions are overbroad. And you can never finish a patent search. The definitions are so broad, you can't ever be sure a company would or would not assert their patent on what you are doing. You have to consider engineers today spend their entire careers combining other people's intellectual property. And every small and medium sized enterprise is at risk regarding software patenting. That is a problem in Europe, because representatives to the European Parliament are pushing very hard for software patenting that would indeed shut out all small and medium businesses from the software development business, not just open source. We're looking at a future where only the very largest companies will be able to implement software, and it will technically be illegal for other people to do so. That's a very, very bad situation developing. We must do something so that there is reason for people to innovate, there is reason for people to invent, but that companies can execute without this constant fear that we will be sued into the ground regarding software patenting... We have all of the Linux-based software we need for 80% of the people in the world. The other 20% may use specialised applications that are not yet available in open source. And when I say 80%, that's all free software. What we're doing in 2004 is some bug removal, and some integration, not additional features, because the features are all already there... We are facing a problem in that there are two dominant companies in Linux distribution - Red Hat and Novell, which just purchased SuSE. We do not intend to let it stay that way. I'm leading a project called User Linux. The project aims to make a zero-cost Linux distribution, where people, if they want service, will pay for service on a services rendered basis. And we're establishing a global support network made of small companies, more than large ones, to make that work. And if we take the open source paradigm, which is a lot of little guys all around the world collaborating to make an organisation bigger than IBM or Microsoft, and we take that to the business sector, we may really invent something new here, taking open source into the economy to a degree it has never gone before..." General references in "Patents and Open Standards."

[January 23, 2004] "Next-Generation E-Forms." By Jon Udell. In InfoWorld (January 23, 2004). ['Paper will never die. Instead, it's going digital and providing a better, XML-enabled way to enter critical data.'] "The transition from paper to electronic forms seems like a no-brainer. Who wouldn't want to abolish the anachronism of paper forms in capturing and relaying business-critical information? ... E-forms provide a more accurate, intuitive replacement for paper forms than plain HTML forms or antiseptic data entry screens -- and in the latest e-forms software, they wrap captured data in XML format. These products also provide design tools that allow you to build attractive XML-enabled forms quickly and easily. Microsoft's XML-oriented InfoPath, which shipped with Office 2003 in October, is now deployed and in use. Adobe plans to ship a beta version of its PDF- and XML-oriented forms designer in the first quarter of this year. And e-forms veterans such as PureEdge and Cardiff, whose offerings are built on an XML core, are lining up behind XForms, an e-forms specification that became an official W3C recommendation in October 2003. Common to all these vendors' approaches is the use of XML as the bridge between applications that gather data from end-users and the back-office systems that absorb that data... Within this broad XML consensus, there are differences that reflect the legacies of Microsoft, Adobe, the e-forms vendors, and the customers they serve. The relationship of e-forms solutions to printed forms, and to the processes that surround them, is a major source of differentiation. For all their inefficiency as data-gathering instruments, printed forms are highly engineered information displays. People who scan and process forms often rely on their layout and typography, which is why some industries -- insurance, for example -- standardize the look and feel of forms as well as their content... XForms, which can be thought of as HTML forms on steroids, specifies a processing model and set of user-interface controls that are device-neutral and platform-independent. So a form's interactive behavior and to some extent its business logic can be made portable, too. A key aspect of that portability is the relationship of XForms to its so-called host markup language. In one implementation, the XML syntax defining an XForms form might be embedded in a Web page, using HTML as its host language, and a list of choices would be rendered as an HTML pick list. In another implementation, the same form definition might be embedded in a smartphone application, using VoiceXML as its host language, and the same list of choices would be rendered as on a voice menu..." See general references in "XML and Forms."

[January 23, 2004] "SAML Tops Federation Projects Survey." By Dave Kearns. In Network World (January 09, 2004). Ping Identity, sponsor of the SourceID Web site, recently surveyed folks who downloaded its open-source Liberty Alliance tool kit. "When asked about the priority of federation protocols, it wasn't surprising that the Liberty Alliance protocols out-polled the WS-Federation protocol (favored by IBM and Microsoft) since the respondents were specifically those who downloaded a Liberty Alliance tool kit. But even adding together those who preferred Liberty phase II with those who preferred Liberty phase I (a total of 42% of the respondents) they were still outweighed (at 49%) by those who favored Versions 1.0, 1.1 and 2.0 of the Security Assertion Markup Language (SAML). SAML is the transport mechanism for the Liberty Alliance proposals, and one of the allowed transports for WS-Federation, but it appears that a number of projects are working directly with SAML and by-passing the 'higher' layers of the two competing standards. It might be that the projects being talked about are all early stage developments, with the SAML parts being worked on now while the developers look to see which of the two competing standards will emerge with an edge -- or, perhaps, a consolidation or merger might occur with one standard being created from the two we currently have. If you think that's a likely scenario, then it would be wise to put off any development at that upper level until the parameters of the eventual standard begin to take shape. Another of the survey questions asked downloaders what additional protocols were 'of interest' to them vis-à-vis federation. The big winner there was OASIS' Extensible Access Control Markup Language (XACML), with 49%, followed by Service Provisioning Markup Language (SPML) at 29%, and Extensible Resource Identifier (XRI) with 14%. A scattering of other protocols took 8% of the responses. XRI could be considered a competitor to Universal Description, Discovery and Integration..." On Liberty, see "Liberty Alliance Specifications for Federated Network Identification and Authorization." General references in: (1) "Security Assertion Markup Language (SAML)"; (2) "Extensible Access Control Markup Language (XACML)"; (3) "XML-Based Provisioning Services"; (4) "OASIS TC Promotes Extensible Resource Identifier (XRI) Specification."

[January 23, 2004] "ebXML Adoption Update." By Monica Martin (Sun Microsystems) and others, ebXML MARKETING. December 22, 2003. 44 pages. "The OASIS ebXML Awareness Team has prepared this document in collaboration with OASIS member organizations and partners to give a global picture of the current status of ebXML adoption. Our aim is to increase awareness of the substantial amount of ebXML-related activity occurring throughout the world today. This report -- which represents our best initial and ongoing research at this time and may not be exhaustive -- summarizes the status of close to 100 completed, ongoing or progressive ebXML-related projects. ebXML is unique in the breadth of its standards vision and arguably represents the culmination of all previous standards efforts toward a shared global Internet-based B2B framework. ebXML is complementary to many existing standards, such as legacy EDI, XML-based business document standards, and Web Services. Decision makers, involved in global B2B commerce and responsible for making B2B infrastructure investments must evaluate their business strategies and consider the likely need to support trading partners who will want to engage electronically using ebXML protocols. No truly successful technology or standard is an island. It is therefore exciting to witness ebXML adapting, evolving and growing through research and deployment around the world. Over 2,000 people contributed to the original ebXML development efforts, made public in May 2001. Since then, continuing standards development, pursued jointly by OASIS and UN/CEFEACT, has being augmented by creative real world projects applying ebXML with other technologies such as Web Services, XML as a whole, as well as legacy EDI. Major vendors have developed ebXML support into their flagship products and new ebXML vendors are emerging. Key industry sectors and government entities are deploying new eBusiness applications that are serving as benchmarks in the adoption of ebXML globally. Industry groups and standards bodies are working to bring their vocabularies into alignment around ebXML, promising a new level of interoperability that industry has been seeking for more than a decade..." General references in "Electronic Business XML Initiative (ebXML)."

[January 23, 2004] "Multimodal Interaction on the Web." By Peter Mikhalenko. In XML.com (January 21, 2004). "The W3C Multimodal Interaction Activity is developing specifications as a basis for a new breed of Web application with multiple modes of interaction. Consider applications which use speech, hand writing, and key presses for input, and spoken prompts, audio and visual displays for output. It is implemented by several drafts, which we will briefly review in this article. These include InkML, a language that serves as the data exchange format for representing ink entered with an electronic pen or stylus; and EMMA, a data exchange format for representing application specific interpretations of user input together with annotations such as confidence scores, time stamps, and input medium. Multimodal interactions are the center of multimodal systems, systems that support communication with the user through different modes, including voice, gesture, handwriting, and typing. In multimodal systems an event is a representation of some occurrence of interest to the multimodal system. Examples include mouse clicks, hanging up the phone, speech recognition results or errors. Events may be associated with information about the user interaction e.g. the location the mouse was clicked. Interaction (input, output) between the user and the application may often be conceptualized as a series of dialogs, managed by an interaction manager. A dialog is an interaction between the user and the application that involves turn-taking. In each turn, the interaction manager manager working on behalf of the application collects input from the user, processes it using the session context and possibly external knowledge sources, computes a response and updates the presentation for the user. The field of potential use cases of multimodal interaction is very broad. Devices deployed in different use cases can be classified from the point of view of 'thickness': a thin client is a device with little processing power and capabilities that can be used to capture user input (microphone, touch display, stylus, etc.) as well as non-user input such as GPS; a thick client such as PDA or notebook; and a medium client: a device capable of input capture and some degree of interpretation. Processing is distributed in a client-server or a multidevice architecture..." See: (1) W3C Multimodal Interaction Activity; (2) W3C Releases Public Working Draft for the Ink Markup Language (InkML)"; (3) "EMMA: Extensible MultiModal Annotation Markup Language" [W3C Working Draft 18-December-2003].

[January 23, 2004] "Tags for Identifying Languages." By Addison Phillips (Editor, webMethods, Inc) and Mark Davis (IBM). IETF Network Working Group, Internet Draft. Reference: 'draft-phillips-langtags-02'. December 17, 2003; expires June 16, 2004. 29 pages. "This document describes a language tag for use in cases where it is desired to indicate the language used in an information object, how to register values for use in this language tag, and a construct for matching such language tags, including user defined extensions for private interchange..." The ABNF formally specifies the syntax in which "the language tag is composed of one or more parts: A primary language subtag and a (possibly empty) series of subsequent subtags. The sequence of subtags has a specific structure that depends on the length of the subtag to distinguish each tag type." This Internet draft is based upon the earlier RFC 3066: "The main goals were to maintain backward compatibility (so that all previous codes would remain valid); reduce the need for large numbers of registrations; to provide a more formal structure to allow parsing into subtags even where software does not have the latest registrations; to provide stability in the face of potential instability in ISO 639, 3166, and 15924 codes (demonstrated instability in the case of ISO 3166); and to allow for external extension mechanisms. [The specification;] (1) Allows ISO15924 script code subtags and allows them to be used generatively. (2) Adds the concept of a variant subtag and allows variants to be used generatively. (3) Adds an extension mechanism which does not require registration to use. (4) Defines the private use tags in ISO639, ISO15924, and ISO3166 as the mechanism for creating private use language, script, and region subtags respectively. (5) Defines a syntax for private use variant subtags which can be used without registration. (6) Defines a process for handling reuse of values by ISO639, ISO15924, and ISO3166 in the event that they register a previously used value for a new purpose. (7) Changes the IANA language tag registry to a language subtag registry..." Note on the "demonstrated instability" of ISO 3166: see the entry "Stability of ISO 3166 and other infrastructure standards" under Unicode Technical Committee Public Positions and UTC Resolution 96-M5 (August 26, 2003): "The recent decision by the maintenance agency for ISO 3166 to re-assign 'cs' (formerly Czechoslovakia) to Serbia and Montenegro can cause severe problems. Country codes are a fundamental component of modern computing infrastructure: major operating systems, postal services, business applications, identification and security systems, to name a few. Their stability must be guaranteed. Data that is identified by these codes has a shelf life of decades, not five years. [Recommended corrective actions to take include: (1) Rescind the re-assignment of the code 'cs' to Serbia and Montenegro at the earliest opportunity available, to minimize the impact; (2) Change the policy to allow the re-use of codes only after a long period of time, such as 100 years..." Davis wrote (2003-08-05) "The major computer systems and standards around the world, including most operating systems, use the two letter country codes. These codes must be stable and unique or data corruption will occur. Simply because a country ceases to exist does not mean that data for that country ceases to exist, nor that new data referring to that previous country cannot be created..." IAB Chair memo to Oliver Smoot and IAB's request that ICANN not delegate .cs to represent Serbia Montenegro. General references in: (1) "Language Identifiers in the Markup Context"; (2) "Markup and Multilingualism."

[January 23, 2004] [Apropos of Localization:] "GDP by Language." By Mark Davis (President, The Unicode Consortium; IBM Corporation). Unicode Technical Note #13, Version 1 (first public version). 2003-01-22. Latest Version URL: http://www.unicode.org/notes/tn13. ['While English is a major language, it only accounts for around 30% of the world Gross Domestic Product (GDP), and is likely to account for less in the future.'] "Many people in the software industry don't realize how important it is to localize products for different languages around the world. While English is a major language, it only accounts for around 30% of the world Gross Domestic Product (GDP), and is likely to account for less in the future. Neglecting other languages means ignoring quite significant potential markets. This short article provides one picture of the economic significance of different languages, with a breakdown of the percentages of world GDP by language. Not only does it show the current breakdown, but it also provides data for the years 1975 to 2002 to show modern trends. The most notable feature is the steady rise of Chinese and slow relative decline of Japanese and most European languages. Korean and Indic languages also show growth over that period, though slower than Chinese." Figure 1 portrays GDP by Language for 1975-2002. Figure 2 shows projected GDP by Language, 2003-2010. A paper from Goldman Sachs ('DreamingWith BRICs: The Path to 2050') projects that "the combined GDP of the BRIC countries (Brazil, Russia, India, and China) will exceed that of the current G6 (United States, Japan, Germany, France, United Kingdom, and Italy) before the year 2050. The chart [Figure 2] uses that data to extrapolate what the GDP by Language breakdown would be over the coming years. Chinese would have increasing weight; Russian, Portuguese, and Indic would all increase as well, but most significantly after 2010..." Note: This Unicode Technical Note is supplied purely for informational purposes and publication does not imply any endorsement by the Unicode Consortium. Mark Davis is co-author of the proposed revision to RFC 3066, "Tags for Identifying Languages"; see the preceding bibliographic reference. General references in: (1) "Language Identifiers in the Markup Context"; (2) "Markup and Multilingualism."

[January 23, 2004] "Microsoft Seeks XML-Related Patents." By David Becker. From CNET News.com (January 23, 2004) ['Microsoft applies for patents that could prevent competing applications from reading documents created with the latest version of Office. XML capabilities have been one of the main selling points for Office 2003. The patents could create a barrier for competing software, such as future versions of OpenOffice and StarOffice, from working with Microsoft's XML format.'] "Microsoft has applied for patents that could prevent competing applications from processing documents created with the latest version of the software giant's Office program. The company filed patent applications in New Zealand and the European Union that cover word processing documents stored in the XML (Extensible Markup Language) format. The proposed patent would cover methods for an application other than the original word processor to access data in the document. The U.S. Patent Office had no record of a similar application... The proposed patents apparently seek to protect methods other applications could use to interpret the XML dialect, or schema, Office uses to describe and organize information in documents. Microsoft recently agreed to publish those schemas and is looking at opening other chunks of Office code. Despite those moves toward openness, the patents could create a barrier to competing software, said Rob Helm, an analyst for research firm Directions on Microsoft. 'This is a direct challenge to software vendors who want to interoperate with Word through XML,' he said. 'For example, if Corel wanted to improve WordPerfect's support of Word by adopting its XML format...for import/export, they'd probably have to license this patent.' The patents likely wouldn't immediately affect the open-source software package OpenOffice, which uses different XML techniques to describe a document, Helm said. But they could prevent future versions of OpenOffice and StarOffice, its proprietary sibling, from working with Microsoft's XML format. Analyst Matt Rosoff, also with Directions on Microsoft, said the proposed patents fit with recent moves by Microsoft -- such as the licensing of FAT (file allocation table) systems and ClearType font technology -- to be more aggressive in licensing its intellectual property. 'In the last few months, we're sort of seeing more emphasis from Microsoft on turning its patents into a revenue source,' Rosoff said..." See details in the news story: "Microsoft Files for Patents Related to XML Parsing and Word Processing."

[January 23, 2004] "Word-Processing Document Stored in a Single XML File." European Patent Office. Patent Number: EP1376387. [Register] Publication Date: 2004-01-02. Date of filing: April 30, 2003. Inventor(s): Krueger Anthony D (US); Jones Brian M (US); Bishop Andrew K (US); Little Robert A (US); Sawicki Marcin (US); Snyder Daniel R (US) Applicant(S): Microsoft Corp (US). "A word processor including a native XML file format is provided. The well formed XML file fully represents the the word-processor document, and fully supports 100% of the word-processor's rich formatting. There are no feature losses when saving the word-processor document as XML. A published XSD file defines all the rules behind the word-processor's XML file format. Hints may be provided within the XML associated files providing applications that understand XML a shortcut to understanding some of the features provided by the word-processor. The word-processing document is stored in a single XML file. Additionally, manipulation of word-processing documents may be done on computing devices that do not include the word-processor itself." Claims include "a computer-readable medium having computer-executable components, comprising: a first component for reading a word-processor document stored as a single XML file; a second component that utilizes an XSD for interpreting the word-processor document, and a third component for performing an action on the word-processor document... A method for handling a word-processing document, comprising: parsing the document, wherein the document is contained within a single XML file and includes all of the instructions necessary to display the document according to how a word-processor would display the document; and interpreting the document according to an XSD... A system for creating, interpreting, and modifying a word-processor document stored as as single WPML file, comprising: a WPML file; a validation engine configured to validate the WPML file; and a word processor configured to read a WPML file created in accordance with a schema..." [see the "Claims" text]. See more complete description via the "esp@cenet database", including (1) description, (2) claims, (3) figures, and (4) original document (PDF, 109 pages). Also the archived/unofficial screen-scraped information and in the news story: "Microsoft Files for Patents Related to XML Parsing and Word Processing."

[January 23, 2004] "System and Method for Validating an XML Document and Reporting Schema Violations." United States Patent Application #20040006744. Assignee: Microsoft Corporation. Application publication date: January 8, 2004. "Inventors: Jones, Brian M. (Redmond, WA); Sawicki, Marcin (Kirkland, WA); Little, Robert A. (Redmond, WA)." Patent application filed: June 27, 2002. Abstract: "A system and method for validating an extensible markup language (XML) document and reporting schema violations in real time. A parallel tree is maintained that includes nodes corresponding to non-native XML elements of the XML document. When changes occur to the XML document, the non-native XML elements corresponding to the changes are marked. The nodes corresponding the marked non-native XML elements are validated against an XML schema that corresponds to the non-native XML markup. The elements and nodes corresponding to errors in the non-native XML markup are then reported to the user according to display indicators in the XML document and the parallel tree. [A claim for] a method for validation and reporting of schema violations for an extensible markup language (XML) document, wherein the XML document includes native XML and non-native XML, the method comprising: locating a change to a non-native XML element within the XML document; marking a portion of the XML document to signify that the change has occurred with relation to that portion of the XML document; marking a node within a parallel tree to signify that the change has occurred, wherein the node corresponds to the portion of the XML document where the change occurred; validating the node of the parallel tree against a corresponding non-native XML schema; determining if an error in the non-native XML element exists from error data supplied in response to validating the node; and displaying an error notification within the XML document and the parallel tree if the error occurred..." See: "Microsoft Files for Patents Related to XML Parsing and Word Processing."

[January 23, 2004] "Microsoft Justifies Its XML Patent Moves." By Mary Jo Foley. From Microsoft Watch (January 23, 2004). ['Microsoft's Not-So-Secret Plot to Overthrow XML? Microsoft is seeking to patent XML interoperability technology around Word. The company claims it isn't seeking to derail XML. And it denies that its patent moves contradict its decision last fall to open up its XML schemas for Word, Excel and InfoPath. Is Microsoft within its rights to seek protection for technology that rides above the XML standard? Or is this just another example of Microsoft seeking to monkey with standards?'] "Redmond claims its decisions to open its XML schemas, while seeking patents for elements of its XML implementations, are not as contradictory as they appear. Microsoft watchers are questioning yet again Microsoft's intentions around XML, the Worldwide Web Consortium (W3C) Extensible Markup Language standard. Last year, Microsoft released publicly its Word 2003, Excel 2003 and InfoPath 2003 XML schemas. The company made the schemas freely downloadable from its own Web site, and in the case of WordXML, also via a central repository hosted by the Danish government. Microsoft said it did so as a gesture of goodwill, rather than as a response to criticism regarding its promises to open up its XML schemas. But on the heels of that move, Microsoft has sought patent protection in Europe and New Zealand for word processing documents stored in XML format. The European application is dated January 2, 2004. The New Zealand one is dated April 24, 2003. Neither patent has been granted yet. It's not clear exactly what Microsoft is seeking to patent. But some company watchers claim that the company's patent is attempt to prohibit competing desktop word-processing applications, such as those from Sun Microsystems, Corel and others, from being able to access Microsoft Word 2003 data stored in the XML format... This isn't the first time that Microsoft has sought patent protection for technologies that are W3C standards. For example, the Redmond software company was granted a patent for the W3C cascading-style-sheet technology in 1999..." See "Microsoft Files for Patents Related to XML Parsing and Word Processing."

[January 23, 2004] "Globus Details Roadmap for Toolkit. Grid Computing Software to Gain Performance, Reliability and Usability." By Joris Evers. In InfoWorld (January 22, 2004). "The Globus Alliance in March [2004] plans to release an updated version of its Globus Toolkit for grid computing, adding performance, reliability and usability improvements and bug fixes since the 3.0 release last year, the group's co-leader said Wednesday. After the March release of version 3.2 the Globus Alliance plans to release version 4.0 in the third quarter, said Ian Foster, speaking at the GlobusWorld 2004 conference in San Francisco. A beta for the 3.2 release is set to start soon, he said. The 4.0 release of the Globus Toolkit will include draft WS Resource Framework (WSRF) specifications, announced earlier this week at the GlobusWorld event. WSRF encompasses the WS-Resource Lifetime and WS-Resource Properties specifications introduced at the GlobusWorld event and intended to converge Web services and grid computing. WS-Resource Lifetime allows a user to specify a period during which a resource definition is valid and WS-Resource Properties defines how data associated with a stateful resource can be queried and changed using Web services technologies, according to a statement released Tuesday at GlobusWorld. 'We don't believe it is appropriate to wait for the specifications to wind their way through the standardization process to start implementing them,' Foster said. However, this does mean that the toolkit software will need revision when the final standards arrive, probably some time next year, but the toolkit will always offer backwards compatibility, he said. 'We are very concerned with supporting our existing user base and improving our software,' Foster said. The open source Globus Toolkit is a bundle of software to enable grid computing. It includes software services and libraries for resource monitoring, discovery and management, plus security and file management. The toolkit is a central part of science and engineering grid projects and used by IT vendors for commercial grid products..." See the following entry and Globus Toolkit web site. Other details in the news story "Web Services Notification and Web Services Resource Framework."

[January 23, 2004] "WS-Resource Framework:Globus Alliance Perspectives." By Ian Foster [WWW] (Argonne National Laboratory / University of Chicago / Globus Alliance). Presentation January 20, 2004 at GlobusWORLD 2004. See especially slide #9, "From OGSI to WSRF:Refactoring and Evolution." "... Despite enthusiasm for OGSI [Open Grid Services Infrastructure (OGSI) Version 1.0], adoption within Web community turned out to be problematic: Too much stuff in one specification, does not work well with existing Web services tooling, Too 'object oriented'. The solution: WSRF partitions OGSI version 1.0 functionality into a family of composable specifications, tones down the usage of XML Schema, and makes an explicit distinction between the 'service' and the stateful 'resources' acted upon by that service..." Other details in the news story "Web Services Notification and Web Services Resource Framework." [source .PPT, cache]

[January 23, 2004] "Grid and Web Services to Converge." By Peter Abrahams (Bloor Research). In IT-Analysis (January 23, 2004). "The two big computing ideas of the twenty first century grid computing and web services were brought closer together by an announcement this week at GlobusWorld the grid conference run by Globus Alliance. The Globus Alliance is a research and development project focused on enabling the application of Grid concepts to scientific and engineering computing and has developed the toolkit used by most scientific and university grid computing projects. It is an alliance between several university and laboratories in the US and Europe including Edinburgh. Web services have concentrated on creating an environment for 'applications on-demand' whereas grid has concentrated on providing 'computer-resources on-demand'. The announcement is made up of two new web services specifications that are necessary to make the grid computer resources available to the applications without the applications having to be grid aware. The two are the WS-Resource Framework and the WS-Notification specifications... WS-Resource Framework specification was contributed to by IBM, Globus and HP. It defines how to access a WS Resource through a web service. A web service is stateless whereas a WS-Resource is stateful, the state could be such things as data in a purchase order, current usage agreement for resources on a grid, or metrics associated with work load on a Web server. The framework describes a standard way to access a WS-resource by referencing it through an endpoint reference made up of the web services address and a resource id. It also defines how a web service can access or create new WS resources. The WS-Notification specification was contributed to by IBM, Globus, Akamai, HP, SAP, Tibco and Sonic. It provides a publish-subscribe messaging capability for Web Services. It enables changes or events to be published in a standard way and then notification send directly or via a broker. This is bringing some of Sonic's Enterprise Service Bus (ESB) concepts into a standards specification. WS-Notification is important for grid computing because it provides a standard way for grid resources such as web servers to notify grid schedulers of changes in state. Changes in state include coming on and off stream, being fully loaded or having spare capacity, having a fault that needs attention etc. All of this information is required for a grid scheduler to make informed decision on what resources to use next..." Details in the news story "Web Services Notification and Web Services Resource Framework."

[January 22, 2004] "HP, IBM and Akamai Bring Web Services to Grid Computing." By Jay Lyman. From TechNewsWorld (January 21, 2004). "Rob Batchelder, industry analyst and president of IT consultancy Relevance, said that joining grid computing with Web services makes perfect sense... In an effort to pair and propel two emerging technologies, IBM, HP, Akamai, and other tech companies have proposed new specs to integrate grid computing with Web services. The companies, which announced the new WS-Notification and WS-Resource Framework specs, said the proposed standards represent the first availability of a common, standards-based infrastructure designed for business applications working in conjunction with grid resources... The proposed Web services specifications -- backed by IBM, HP, Akamai, the Globus Alliance, Sonic Software and Tibco -- are intended to define a scalable architecture that has the ability to connect resources (such as servers) to logical constructs (such as business agreements and contracts). The new standard would let customers perform just-in-time procurement with multiple suppliers who all adhere to the same specifications. Plus, the system would allow for grid-based workload balancing and the ability to detect system outages and recover from those outages automatically. One example of the standard in action would be suppliers automatically getting notified to replenish inventory once current inventory drops to a certain level. 'These new Web services specifications will significantly extend the types of enterprise solutions customers can easily deploy,' said IBM director of dynamic e-business technologies Karla Norsworthy. 'These new specifications provide customers with the ability to use a common Web-services-based infrastructure that supports grid- and management-based solutions'... While some observers pointed out that the Web services standards proposed by IBM, HP and the others differ from similar standards advanced by Microsoft and partners, Batchelder said all of the parties promoting Web services realize that 'everybody needs to do this'..." See details in the news story "Web Services Notification and Web Services Resource Framework."

[January 06, 2004] WS-I Basic Profile: Not Just Another Web Service Specification." By Christopher Ferris (IBM). In Web Services Journal Volume 4, Issue 1 (January 2003). "The Final Material version of the WS-I Basic Profile 1.0 specification released by the Web Services Interoperability Organization (WS-I) represents an important milestone for WS-I and the Web services community as a whole. It specifies the standards and technologies required for interoperability between Web services implementations running on different software and operating system platforms... The promise of interoperability is possibly the most important aspect of Web services technologies. That promise stems from the fact that Web services has its foundations in XML, which itself is interoperable across all platforms and programming languages. However, because Web services leverages heavily on the extensible nature of XML, the interoperability aspect of Web services is significantly challenged. While most, if not all, vendors provide support for the established Web services standards, they are still motivated to provide added value to their customers in the form of advanced feature support for things such as security, reliability, transactions, and business process orchestration. Because many of the advanced Web services features are still in the early stages of development and adoption, developers and IT managers need more than just a checklist of (emerging) standards when making project implementation or product purchasing decisions. They need help in being able to determine when they are 'coloring outside the lines' so that they can weigh the merits of incorporating these advanced features against the importance of ensuring broad interoperability of the deployed solution. WS-I was founded with a mission to provide users of Web services technology with the guidance and tools that help them better understand where the boundary lies between the interoperable and not-necessarily-interoperable solution spaces so that they can make well-informed decisions. The WS-I Basic Profile 1.0 is, of course, just the tip of the iceberg. WS-I has already begun work on a number of follow-on profiles for Web services, including Attachments and Basic Security. Work will begin on future profiles, tackling some of the more advanced Web services features as the various specifications upon which they are based mature and stabilize and as the interoperability requirements associated with these advanced features are better understood by the community..." General references in "Web Services Interoperability Organization (WS-I)."

[January 06, 2004] "Java Tools Community Formed. Sun-Led Group Looks to Boost Interoperability, but Borland, IBM are Absent." By Paul Krill and Tom Sullivan. In InfoWorld (January 06, 2004). "Eleven software companies, led by Sun Microsystems and BEA Systems, on Tuesday unveiled the Java Tools Community (JTC), which is intended to promote interoperability of Java-based tools... Featuring members of the Java Community Process (JCP), the JTC is touting the concept of 'toolability,' which is being defined as a measurement of how easy it is to build tools around a particular standard or technology. Developers through the work of the JTC will be able to more easily use Java technology to build Java applications, thus increasing the rate of Java adoption, according to JTC... The JTC will work to make standard Java technology APIs friendlier for tool development and will promote adoption and advancement of Java Specification Requests. JSR 198, pertaining to a standard for plug-ins to Java IDEs, is one technology proposal that will be reviewed by the JTC. The organization will seek to resolve the issue of proprietary techniques hindering use of tools. Initially, the JTC will begin deliberations in an online community fashion, but formal meetings also may be scheduled. 'What's been missing is a forum for tool community members to get together to talk about all the JRS' that go on,' said Sun's Joe Keller, vice president of marketing for Java, Web services, and tools. The JTC will seek to boost communications across the 'design-time' community, allowing tools vendors, customers, and developers to access information and provide input when building or extending design-time standards via the JCP. As the JTC proceeds, there will be discussions of product deliverables based on the organization's work, said Dave Cotter, director of developer marketing at BEA... Eclipse and JTC serve different purposes, JTC members stressed. While JTC is focused on Java standards, Eclipse is about building an open source toolset, Keller said. Sun last month declined an invitation to join Eclipse, saying the company was not offered 'an equitable share in mutual development.' Sun lobbied IBM about supporting the JTC, but IBM company officials declined the offer believing that Eclipse, with 56 companies now on its board of stewards, already has the necessary momentum to compete effectively against Visual Studio. 'We think Eclipse has a tremendous amount of momentum. We do not see a lot of obstacles standing in its [Eclipse's] way,' said Bob Sutor, IBM's director of WebSphere Software. 'Frankly, we are more focused on working against our number one competitor, Microsoft. We see it boiling down to more of an Eclipse-based IDE world vs. Visual Studio,' he said. Sutor added he does not believe there will be much self-destructive competition between the Eclipse and JTC camps and is confident both sides will work to make it clear that each will serve to complement the other..." See references in the news story "Java Tools Community (JTC) Formed to Support Design-Time Java Standards Interoperability."

[January 05, 2004] "OpenOffice Finds Sweet Spot with Governments." By Sean Michael Kerner. From InternetNews.com (January 01, 2003). "Following a trend by foreign administrations, the Israeli government this week suspended its acquisitions of new computer software from Microsoft. Price issues and the U.S. company's refusal to sell individual programs from its standard software package are cited as the main reason behind the switch, according Associated Press reports. Instead, Israeli news outlet Arutz Sheva said Wednesday that the Israeli Ministry of Finance will begin distributing Openoffice.org to its users beginning this week. The Israeli government plans to begin distributing Openoffice.org software on CD-ROM to public access points across the country in 2004. The Hebrew version of Openoffice.org was translated by Sun Microsystems and IBM with the support and assistance of the Israeli Finance Ministry... The Open Office software suite (properly referred to as Openoffice.org or OOo) is one of the better-known applications of the open source movement. It provides an alternative to Microsoft's ubiquitous Office application with similar word processing, spreadsheet and presentation software... Governments around the world appear to be taking an interest in Openoffice.org and open source software in general. The city of Austin, Texas recently adopted openoffice.org software and governments in Germany, France, Brazil and China to name of few have stated interest in going the open source route as well. In the U.K Scottish Public Libraries have made Openoffice.org software available for lending to the public... In the case of governments, open standards may potentially be viewed as a necessary form of democratic pluralism themselves. 'Should governments be using a format that is unique to a particular vendor to talk to its citizens? 'Noted Linux Guru and author of the Open Source Definition Bruce Perens asks. 'The government should not be saying you can only drive up to a government office in a particular brand of car. In the same sense the government should not be saying you can only talk to your government if you have Microsoft Windows software on your computer'..." See also: (1) "OpenOffice.org XML File Format"; (2) the news story "Danish Board of Technology Report Recommends Open Source Software for E-Government."

[January 05, 2004] "How to Make a Faceted Classification and Put It On the Web." By William Denton (Toronto, Canada). Student essay. "Faceted classifications are increasingly common on the World Wide Web, especially on commercial web sites... This is not surprising, as facets are a natural way of organizing things. Many web designers have probably rediscovered them independently by asking, 'What other ways would people want to view this data? What's another way to slice it?' A survey of the literature on applying facets on the web shows that librarians think it a good idea but are unsure how to do it, while the web people who are already doing it are often unaware of S.R. Ranganathan, the Classification Research Group, and the decades of history behind facets. This paper will attempt to bridge the gap by giving procedures and advice on all the steps involved in making a faceted classification and putting it on the web. Web people will benefit by having a rigorous seven-step process to follow for creating faceted classifications, and librarians will benefit by understanding how to store such a classification on a computer and make it available on the web. The paper is meant for both webmasters and information architects who do not know a lot about library and information science, and librarians who do not know a lot about building databases and web sites. The classifications are meant for small or medium-sized sets of things, meant to go on public or private web sites, when there is a need to organize items for which no existing classification will do... Kwasnick (Barbara H. Kwasnick, "The role of classification in knowledge representation and discovery," Library Trends 48/1, 1999, pages 22-47) identifies four classificatory structures: hierarchies, trees, paradigms, and facets. When one of the first three works, use it. If some other organizing principle, such as a timeline or ordering by size, works, use it. The design of the classification must follow its purpose, and different things can be classified in different ways for different purposes, requiring different structures. If the others are insufficient, look to facets..." Author's introduction: "[Here's] an essay for library school about how to make faceted classifications... I take Louise Spiteri's stripped-down set of principles, based on Ranganathan's and the CRG's canons and so on, and set out a seven-step method for making a new classification... One thing I had fun with was coming up with a fresh example to demonstrate the method I propose for making a classification. I use dishwashing detergents. A faceted system suits them very nicely..." See also: (1) "Putting Facets on the Web: An Annotated Bibliography"; (2) "Resource Description and Classification."

[January 05, 2004] "Web Services Composite Application Framework: Key Messages and FAQ." [Draft] Submitted 2004-01-05 by Martin Chapman (Oracle) to the OASIS Web Services Composite Application Framework TC document repository. "Composite applications have unique requirements that are not yet addressed in a standard way, such as a method for sharing common information (context) and enabling the success or failure of individual Web services to be tied to the success or failure of a larger unit of work comprising multiple Web services. Thus, WS-CAF addresses some of the last remaining items to be standardized for Web services -- a generic context mechanism, a context management service, and asynchronous multi-protocol transactions. Shared context in a composite Web services application could include items such as security credentials -- so that a person could log in once and invoke multiple Web services without having to log in again -- a database connection over which to perform multiple operations from multiple Web services without having to establish a new connection each time, or a device address to which to post results from multiple Web services without having to search for the device's network address each time. Shared context can also be viewed as context that needs to be 'carried' across multiple operations..." The purpose of the OASIS WS-CAF TC is to "define a royalty-free, generic and open framework for supporting applications that contain multiple Web services used in combination (composite applications)." See also: (1) "OASIS Forms Web Services Composite Application Framework Technical Committee"; "Introducing WS-CAF: More Than Just Transactions," by Mark Little and Jim Webber (Web Services Journal); (3) WS-CAF Technical Committee web site.

[January 05, 2004] "Context, Coordinators, and Transactions - The Importance of WS-CAF." By Eric Newcomer. From Webservices.org (January 02, 2004). ['Eric Newcomer discusses the OASIS Web Services-Composite Application Framework (WS-CAF) which defines a new and unique context management service for composite Web services applications, and enhances related Web services coordination and transaction specifications such as WS-T and WS-C.'] "In the evolving world of Web services specifications, WS-CAF fits in and supports other specifications, both open and proprietary. In particular, WS-CAF addresses the lack of a generic context management mechanism, and defines a way to coordinate the results of composite Web services, including those that are mapped to disparate software systems as part of a long-running business process execution. Without a generic context management service, specifications such as WS-Security and WS-BPEL manage shared context independently and therefore inefficiently when used in combination. And without adapting transaction management to Web technologies, it is impossible to reliably determine the outcome of a set of composite Web services when one or more of the services fail. WS-CAF's context management provides a mechanism for Web services to share persistent state, which is required to support conversational interactions, single sign-on, transaction coordination, and other features dependent upon system-level data items such as IDs, tokens, and file and device addresses. Context provides a way to correlate a set of messages into a larger unit of work by sharing common information such as a security token exchanged within a single sign on session. Because distributed computing systems depend upon a variety of IDs, tokens, channels, and addresses, which are a part of every software infrastructure, and because Web services are independent of any particular execution environment, this type of system level information needs to be organized and managed in a persistent, shared context structure. Applications need a service to manage the lifecycle of the shared context, and to ensure the context structure is kept up to date and accessible. Web services executing within a composite application also need a way to define the scope of context sharing relative to the purpose of the composite. In other words, the scope of context sharing is also a way of identifying the Web services that participate in the same application instance..." See the WS-CAF Technical Committee web site.

[January 05, 2004] "Will Standards Turn Portals into Commodities? Two Approaches That Work." By Rickland Hollar. In Web Services Journal (December 2003). "WSRP defines portal services as interactions between consumers and producers, where consumers are applications and portals that 'consume' portlet services and producers are portal frameworks (or Web services applications) providing those services. WSRP defines portlets as Web services that generate markup and permit consumers to interact with that markup, and WSRP producers as containers containing Web services portlets. In this model, portlet containers expose their framework and the local portlets it supports through four types of Web services interfaces: Service description: Enables consumers to learn about the producer's capabilities and its portlets Markup: Allows consumers to request and interact with markup fragments and to convey information about window modes and states Portlet management: Gives consumers access to portlet state and property information and influence over portlet life-cycle events Registration: Allows consumers to create relationships with producers; and to register, deregister, and modify relationship information WSRP builds on Web services standards for publishing, finding, and binding services. Its goal is to enable any application, including portal frameworks, to publish their content as portlets, which portals can consume. JSR 168 and WSRP are complementary: one's focus is on the local portlet code and its interactions with the framework while the other's is on remote interactions. Once both standards mature and appear in products, you will be able to develop portlet applications to the JSR 168 standard and depend on portal frameworks to provide WSRP services, when appropriate... JSR 168 and WSRP focus on core portal functionality (aggregation and personalization) rather than advanced features (search, content management, knowledge management, and business intelligence), meaning they only address a subset of portal framework functionality. This opens the possibility for multiple classes (a high and a low end) of portal frameworks. Both standards distinguish between portlet containers and portal frameworks (leaving aggregation to the framework) and focus on defining the interfaces between portlets and portlet containers. This distinction opens the door for vendors to incorporate portlet containers, but not portal frameworks, into their products (similar to Web servers today where some Web servers are also J2EE Web containers)... You should ensure you are working with vendors that have been part of the JSR 168 and WSRP standards efforts with strong commitments to integrating the standards into their products. Once the standards appear in the products you use, you should focus on writing portlets using the standards' defined APIs and interfaces, avoiding to the maximum extent possible any proprietary extensions. This should allow you to develop 'write once, run anywhere' portlets, provided you stick with standards-based products. What if the prediction is wrong? How would this strategy change? It wouldn't! That's the beauty of standards and one of the benefits of the JSR 168 and WSRP efforts..." General references: "Web Services for Remote Portals (WSRP)."

[January 05, 2004] "Open-Source Databases Gaining Favor." By Martin LaMonica. In CNET News.com (January 05, 2004). "Big companies are warming up to open-source database software, according to a new study. The open-source database MySQL grew rapidly in popularity over the last year, according to results from a survey released Monday by research company Evans Data. Usage of MySQL for developing applications rose 30 percent over the past year, while usage of Microsoft's SQL Server and Access databases increased 6 percent, according to the survey of 550 developers conducted last month... Database buying patterns have shifted significantly in the past few years, with a sharp focus on cost-effectiveness. Database companies, which once touted speed and the ability to handle very demanding processing tasks, have boosted efforts to make databases more reliable and cheaper to operate. The Evans Data study found that interest in low cost spilled over to the choice of operating system as well, with 62 percent of database developers expecting some cost savings by using Linux... Developers are also keen to string together several cheaper database servers in a grid configuration as a cheaper alternative to pricier high-end database servers. Twelve percent of companies in the Evans Data survey said they have deployed or plan to implement grid computing within the next year..."

[January 05, 2003] "WASP UDDI 4.6: Extra Features Add to a Solid Product." Reviewed by Brian R. Barbash (Computer Sciences Corporation, Consulting Group). In Web Services Journal Volume 4, Issue 1 (January 2003). "If you're looking to deploy a UDDI registry that provides strong standards support, a capable API, and security and management capabilities, look no further than Systinet's WASP UDDI version 4.6. WASP UDDI is a UDDI server that supports UDDI specification versions 1 and 2 as well as the version 3 subscription API. Systinet has also added extensions to the core UDDI specification to provide additional functionality around management, security, inquiries, and other operations. The server can run on top of a number of databases, including Oracle, SQL Server, DB2, PostgreSQL, Sybase, Cloudscape, PointBase, and Hypersonic SQL (included)... Along with a full-featured Web interface, Systinet's WASP UDDI provides a rich, open-source client API written in Java that developers may leverage to create applications that interact with the UDDI repository. For this review, I will be focusing on the supplied Java API and exploring various pieces of the UDDI server's functionality... Both the Web interface and the Java API for the UDDI registry allow elements to be published to the registry. Out of the box, the UDDI registry is populated with sample data and a set of common taxonomies to support the tutorials and exercises in the documentation and allow services to be classified with existing industry standards... Systinet's WASP UDDI server is an easy-to-use, full-featured UDDI registry. In addition to providing support for versions 1 and 2, as well as parts of the version 3 UDDI specification, several enhancements have been provided. The Java API is full featured and does an excellent job of hiding the communications details of interacting with the registry. The additional security and administrative functions provide unique management capabilities for the product. Overall, Systinet's WASP UDDI server is a very solid product..." General references in "Universal Description, Discovery, and Integration (UDDI)." [print view]

[January 02, 2003] "Horses for Courses: Services, Objects, and Loose Coupling - Integration Without Compromise." By Jim Webber and Savas Parastatidis. In Web Services Journal Volume 4, Issue 1 (January 2003). "Object-oriented technologies are used today in the design and development processes for many computer systems; it is a proven paradigm and has made possible the development of large and complex software systems. Enabling platforms and tools for building and consuming Web services will not be an exception. However, how a service is implemented using objects and the way in which it interacts with other services via message exchanges require very different approaches. Today, most tools represent Web services to application developers as objects. Such an approach carries the danger of underperformance and fragile applications with too tight a level of coupling, which loses the benefits of service orientation. This article shows you how objects and services should be integrated to build loosely coupled, performant, and reusable services without compromising either paradigm... Building object-like systems on top of Web services specifications is a strategy that leads to tightly coupled, brittle, and underperforming systems. While the current crop of tool support implicitly advocates this approach to the unwary, a far better solution is to think of an application in terms of services and the messages that those services exchange. When building code for those service implementations don't be tempted to bind directly to a Web service, but instead bind to the messages that the service produces and consumes. Such an approach promotes loose coupling; your applications will be able to transcend changes in the service they consume and will be much easier to maintain..." [print view]

[December 26, 2003] "Web Services Security Kerberos Binding." By Giovanni Della-Libera (Microsoft), Brendan Dixon (Microsoft), Praerit Garg (Microsoft), Maryann Hondo (IBM), Chris Kaler (Microsoft), Hiroshi Maruyama (IBM), Anthony Nadalin (IBM), and Nataraj Nagaratnam (IBM). December 18, 2003. Copyright (c) 2003 IBM Corporation, Microsoft Corporation. 25 pages. ['This Web Services Security Kerberos Binding Specification is an initial public draft release and is provided for review and evaluation only.'] "This document describes how to use Web Services security specifications with Kerberos... Kerberos is an established authentication and security infrastructure in use in many environments today. Consequently, as applications integrate with and are developed for Web services, there is a need to leverage existing security infrastructure. This specification describes how to integrate Kerberos security environments with the Web service security architecture. Integration with Web services security requires the following aspects: (1) Requesting and issuing security tokens; (2) Attaching security token to messages; (3) Establishing a secure context; (4) Signing and encrypting the message using the security context. This specification describes two models of Web service usage and interoperability: GSS-API and Raw Kerberos... This specification builds on the WS-Security, WS-Trust, and WS-SecureConversation specifications to integrate Kerberos functionality... The security tokens used by both [GSS-API and Raw Kerberos] models are binary and not based on XML. Consequently, the <wsse:BinarySecurityToken> element from WS-Security is used to pass security tokens inside SOAP messages. The wsse:ValueType and wsse:EncodingType attributes describe the security token's type and encoding. Applications integrating Kerberos with WS-Security must include their tokens as instances of <wsse:BinarySecurityToken>. They should encode these in base64... GSS-API presents a common approach and feature set over a number of different and popular security protocols. It is frequently used when two Web services, both existing within Kerberos environments leveraging GSS-API, want to securely interoperate across the Internet... Alternatively instead of using GSS-API, interoperability can be achieved at the Kerberos level. That is, using raw Kerberos security tokens and cryptographic functions. The model is straightforward: tickets are obtained and the keys are extracted for use in signing and encrypting messages. Kerberos is an IETF standard third-party mediated protocol as described in RFC 1510... Conceptually, a Kerberos KDC implements what WS-Trust calls a Security Token Service: It generates security tokens (e.g., Kerberos TGT) in exchange for other tokens..." See also "Web Services Security Specification (WS-Security)." [cache]

[December 26, 2003] "Content Feeds with RSS 2.0. Syndication Goes Mainstream." By James Lewin (President, The Lewin Group). From IBM developerWorks, XML. December 23, 2003. ['A lot has happened in the RSS world since developerWorks last looked at RSS: Two new specifications have come out, RSS has become one of the most popular XML standards, and tools and feeds are popping up everywhere. RSS has contributed to the explosion of weblogs, and it is becoming a standard part of other Web sites, too. This article reviews RSS 2.0, looks at new RSS developments, and jump-starts your understanding of this important format.'] "It's been three years since I wrote my last article on RSS for developerWorks, "An introduction to RSS news feeds." At that time, RSS was one of the more popular uses for XML. Since then, Netscape abandoned the format, five new versions of the RSS specification have come out, and there was an acrimonious fork in the format. In spite of these setbacks, RSS is now more popular than ever... Today you can find tens of thousands of RSS feeds. Weblog users, news publishers, government agencies, and many personal and commercial Web sites support the format. Developer tools deal with RSS in Java technology, PERL, PHP, Python, and other major programming languages. Many viewers and aggregators work on the Web, on the desktop, even within e-mail clients... This article will give you a little background, review how the format is being used, and drop the names of some of the more popular tools for working with it. It will review the nuts and bolts of the format, give you examples, and tell you what you need to know to get started. Finally, it will cover some of the new features of RSS 2.0, such as extending RSS using namespaces. At the end of the article you'll find an annotated list of RSS resources... While headline syndication is the most common use for RSS, it is also used for many other purposes. RSS is a very popular format in the weblog community. It's also used for photo diaries, classified ad listings, recipes, reviews, and for tracking the status of software packages. RSS feeds are used in the world of e-commerce as a way of delivering information. For example, Amazon provides custom news feeds based on its Web services platform. This lets you track top books in your news reader, or include information on your Web site about related books for sale at Amazon. RSS has grown tremendously in popularity in the last few years. Syndic8.com maintains an index of RSS channels, and its list of feeds has grown by about 1400% in two years. Yahoo news, the BBC, Slashdot, LockerGnome, Amazon, CNN, Wired, Rolling Stone, and Apple Computer are among the many popular sources of RSS feeds..." See also: (1) "Atom as the New XML-Based Web Publishing and Syndication Format"; (2) "RDF Site Summary" | "Really Simple Syndication" (RSS)."

[December 24, 2003] "WS- and Liberty Convergence on Table." By Gavin Clarke. In Computer Business Review Online (December 24, 2003) [News Section]. "Convergence between rival web services specifications for secure identity is on next year's agenda, according to IBM Corp which is planning implementations in its software. IBM told ComputerWire it is in talks with members of the Liberty Alliance Project to establish interoperability and convergence with the WS- family of specifications, authored jointly with Microsoft Corp during 2002 and 2003. Meanwhile, two major elements of the WS-Roadmap, WS-ReliableMessaging and WS-Transaction, will next year begin to appear in IBM's WebSphere middleware brand. IBM's director of dynamic ebusiness technology Karla Norsworthy predicted security, interoperability, transaction and reliable messaging would be the focus of IBM and industry activity in 2004. Many in the industry believe next year will finally see many web services standards such as the WS- specifications increasingly implemented in vendors' products. IBM's web services partner Microsoft, for example, is expected to put Business Execution Language (BPEL) in BizTalk Server 2004. Analyst Gartner Group believes from next year onwards, big-brand stack vendors, like IBM and Microsoft, will see their products mature, as web services standards are increasingly adopted. Customers, meanwhile, are expected to finally roll out web services projects, moving beyond the pilot phase, and begin deployment outside of the corporate firewall. Security, it is believed, will top the list of technology priorities in the web services world. The industry, though, has two major security initiatives in the field of federated, single sign-in with the WS- roadmap and Liberty specifications. A basic level of interoperability exists between the two, as they use SAML assertions, a standard ratified by the Organization for the Advancement of Structured Information Standards (OASIS). Two frameworks, though, potentially cause a headache for enterprise developers implementing security for web services. Many today use ad-hoc XML work-arounds... Norsworthy said Liberty provided a high-level system for identity management and was especially suited to vertical markets, while the WS- specifications provides a broad set of horizontal technologies. She said IBM is 'anxious' to extend the functionally of WS- with Liberty's identity management functions'..." See: (1) "Security Assertion Markup Language (SAML)"; (2) "Liberty Alliance Specifications for Federated Network Identification and Authorization"; (3) WS- specifications list. [hash URL]

[December 24, 2003] "Jabber XCP Generates Corporate IM." By Michael Caton. In eWEEK (December 16, 2003). "Jabber Inc.'s Jabber Extensible Communications Platform has a lot under the covers that brings IM beyond user-to-user communications. Unfortunately, Jabber XCP lacks the graphical management tools found in competing products. Jabber XCP 2.7 is available now, priced at $30 per user. In eWEEK Labs' tests, we found a good deal to like in the way Jabber XCP and its included Jabber Messenger work together to deliver instant messaging, but the lack of a management console is a troubling shortcoming of the platform. In terms of base price, Jabber XCP is competitive with Microsoft Corp.'s Live Communications Server 2003. It costs much less than IBM's Lotus Sametime 3.1 but doesn't offer Sametime's Web conferencing features. Jabber Inc. originated out of the Jabber Open Source Project, when Webb Interactive Services Inc. created a software company around the core developers of the original open-source Jabber server. Open-source versions of products that leverage XMPP (Extensible Messaging and Presence Protocol), the XML-based Jabber communications protocol, are available through the Jabber Software Foundation at www.jabber.org. The JSF manages the standardization process for adding extensions to XMPP for backward compatibility. The Jabber XCP product differs from the open-source Jabberd server in that it is a multithreaded and modular application. Jabber offers an interesting wrinkle on IM As a framework application, Jabber XCP offers companies a flexible platform for delivering IM- and presence-aware applications. Overall, we liked the IM experience Jabber XCP provides, including its default options for indicating presence, which are broader than those in competing enterprise IM clients, and its ability to customize the Jabber IM client... Because Jabber XCP relies heavily on XML as the core to communications, seeing how the product works and making modifications can be relatively straightforward. For example, customizing the client's look and feel essentially involves making changes to three XML files..." See: (1) "Jabber XML Protocol"; "Extensible Messaging and Presence Protocol (XMPP)."

[December 23, 2003] "Web Services and C++." By Peter Lacey (Systinet). In Dr. Dobb's Journal #355 Volume 28, Issue 12 (December 2003), pages 54-58. [Database Development: Peter shows how to develop SOAP services and clients in C++ using the WASP Server for C++ from Systinet.] "While there's no shortage of information on how to implement web services using Java, C#, or even Perl, there's little information on how to bring web services to the C++ world -- despite the millions of lines of C/C++ code currently in production. In this article, I close this gap by showing how to develop SOAP services and clients in C++ using the WASP Server for C++ from Systinet... Although a license is required for deployment on multiCPU hardware, WASP is available for a variety of operating systems and compilers as a free download from Systinet. All you need is an operating system and C++ compiler for which WASP binaries are available, and a 1.3 or higher JVM... In SOAP, a 'service' loosely corresponds to a C++ 'class,' and an 'operation' to a 'method.' For instance, a sample service called 'Planet' contains a simple operation, getPlanet(). The service's endpoint (that is, URL) is /PlanetService/. The getPlanet() operation takes a single argument -- an integer between 1 and 9 -- and returns the name of the planet that corresponds to that position in order from the Sun. It returns a SOAP fault if the input parameter is out of bounds. There are two principal components to a web service -- the service itself and the Web Services Description Language (WSDL) document that describes it. It is helpful to have the WSDL document in hand when developing services, since you can use the WASP wsdlc utility to autogenerate the client stub code and service skeleton code. However, since WSDL documents can be complicated, it would be nice not to have to create the WSDL manually. To autogenerate WSDL documents, you have to have a source file that contains enough information to represent a service, and in a format that is simpler than WSDL itself. While WASP for C++ does not have a means of generating a WSDL from a C++ source or object file, you can generate a WSDL from a Java class file. The utility for doing so is Java2WSDL, included in the WASP for C++ Companion Toolkit... The ability to SOAP-enable new or existing C++ applications has important implications both inside and outside the enterprise. It lets you extend existing services to internal users and partners without having to generate and distribute a number of difficult and incompatible APIs. The ease with which this can be done, and the shallow learning curve of doing so, makes adopting web services much smoother than learning and implementing a complete C# or Java environment..."

[December 23, 2003] "XML 2003 Session Report: Namespace Routing Language." By Uche Ogbuji. From XMLHack.com (December 22, 2003). At the XML 2003 Conference in Philadelphia "James Clark followed a block of sessions on ISO Document Schema Definition Languages (DSDL) with a presentation on Namespace Routing Language (NRL), which is a key contribution to DSDL Part 4: 'Selection of validation candidates'... Clark said that NRL tried to redeem some of the cost of namespaces by using them to divide-and-conquer schema problems, using the best independent schema in the next schema language to address each sub-problem. NRL identifies groups of elements and attributes based on namespaces. The developer specifies a schema for validating each group. The data model for the entire XML document to be processed is a tree of trees. The big tree is divided into 'sections', which must be subtrees. This division uses a simple set of rules considering the relative subtree for each element and its namespace compared to that of its parents. Sections can also be applied against attributes according to whether they have the same namespace as its owner element, allowing for processing of what some call 'global attributes'. The NRL schema language defines a set of rules for sectioning documents and instructions for executing validation on each section. Rules can invoke validation against multiple schemata in multiple languages, and they can be constructed to handle otherwise unspecified namespaces, say for extremely lax or extremely strict processing. NRL supports modes similar to those in XSLT (in fact the overall processing model is much like that in XSLT). Actions can specify modes to be used for processing children of the context element. NRL also supports explicit setting of context, which allows for processing patterns that can't be expressed with modes alone. For example, one could specify a rule for processing any RDF/XML only if it was contained within an XHTML head element. NRL is designed for streaming implementation, though a subschema language might enforce building of a subtree in memory. SAX is the basis of the implementation of NRL in the open-source RELAX NG processor Jing..." See the full text from the preentation. General references in "Document Schema Definition Languages (DSDL)."

[December 23, 2003] "XML 2003 Conference Diary." By Eric van der Vlist. From XML.com (December 23, 2003). "Eric van der Vlist, author of O'Reilly's books on RELAX NG and W3C XML Schema, shares his personal view of December's XML 2003 Conference, held in Philadelphia, PA, USA... This year's conference has been dominated by schema languages... The other notable thing I noticed this week is a rise in interest for the Semantic Web at large and an increasing number of presentations showing concrete issues solved by its technologies... There was no formal DSDL tracks at XML 2003, but the next four sessions were nevertheless dedicated to DSDL parts. The first of these was James Clark's 'Incremental XML Parsing and Validation in a Text Editor', a wonderful presentation of how RELAX NG (aka DSDL part 2) can be used to guide XML editing. Although this was describing Clark's 'nXML' mode for Emacs, the principles given there were generic and could apply to other XML editing tools. What I liked the most in this talk is the different perspective on XML parsing and validation. Traditionally, we differentiate parsing from validation and include the check for well-formedness in the parsing. This separation does not work well during the editing of XML documents. Rick Jelliffe had already shown that in an amazing session called ' When Well-Formed is too much and Validity is too little' at XML Europe 2002. James Clark, who had already shown his interest in the concept by adding 'feasible validation' to his RELAX NG processor 'jing', is now following a similar path in nXML. An XML editor needs to be able to rapidly process the structure of the markup to provide syntax highlighting, and document-wide well-formedness is too much for that. Clark's nXML thus includes a parser which is limited to token recognition and does not check that tags are balanced, and a validator that checks well-formedness and validity against RELAX NG schemas when they are available... [one] area which was gave good food for thought in this presentation is that James Clark insisted that during the whole process of parsing and validation, no tree is ever built in memory. This is a new proof that the requirement undertaken by RELAX NG to allow stream processing is met, and another different perspective on XML documents. We tend to see them as trees, while they can also be seen and processed as streams of events. This dual nature of XML is something we should not forget in our applications... Murata Makoto presented 'Combining Multiple Vocabularies Without Tears', a high level introduction to DSDL part 4 and its 'divide and validate' paradigm, complemented by James Clark's 'Namespace Routing Language (NRL)' proposal. These two complementary talks described a new way to validate compound documents: rather than combining individual schemas, which often requires adapting them and requires that they use the same schema language, NRL (which is the main input to DSDL part 4) proposes a language that splits composite documents according to their namespaces, and specifies which schemas must be used for each of these parts. Many examples were given during these two talks, including the validation of SOAP messages with their envelope and payload, and XHTML documents embedding various namespaces going from SVG to RDF through XForms..." General references in "XML Schemas."

[December 23, 2003] "Editing and Authoring: A Structural Adviser for the XML Document Authoring." By Boris Chidlovskii (Xerox Research Centre Europe, France). Pages 203-211 in Proceedings of the 2003 ACM Symposium on Document Engineering. With 14 references. "Since the XML format became a de facto standard for structured documents, the IT research and industry have developed a number of XML editors to help users produce structured documents in XML format. However, the manual generation of structured documents in XML format remains a tedious and time-consuming process because of the excessive verbosity and length of XML code. In this paper, we design a structural adviser for the XML document authoring. The adviser intervenes at any step of the authoring process to suggest one tag or entire tree-like pattern the user is most likely to use next. Adviser suggestions are based on finding analogies between the currently edited fragment and sample data being either previously generated documents in the collection or the history of the current document authoring. The adviser is beneficial in cases when no schema is provided for XML documents, or schema associated with the document is too general and sample data contain specific patterns not captured in the schema. We design the adviser architecture and develop a method for efficient indexing and retrieval of optimal suggestions at any step of the document authoring... Interactive editors for the document preparation have evolved from Rita and Grif edition systems, that used predefined documentgrammars to provide the context information and to guide the authoring process, to the recent editors and validation systems for XML documents, likeMicrosoft XML Notepad, XML-Spy, Corel XMetaL, IBM Xeena, and others. The editors provide an interactive interface for the manual creation, editing and browsing of XML data. The interfaces are often coupled with DTD/XML Schema grammars and content views in order to validate data against DTDs or XML Schema schema definitions and to facilitate the creation of XML documents. Finding patterns in tree-like data is a core problem in various domains, like bioinformatics, Web mining, semi-structured data, etc. In the Web mining, the main interest is in the efficient enumeration of frequent trees in a data forest, where a frequent tree is a tree occurring at least minsup times. Enumerating all frequent patterns combines methods of efficient data mining and the tree pattern matching. Mohammed J. Zaki has recently presented TreeMiner, a novel timeand space-efficient algorithm for discovering all frequent subtrees in a forest In the semi-structured data, methods of the extraction... Our study concerns primarily the data mining aspect of the structural advising for XML documents. The method we proposed here shows that mining available data can considerably increase the 'intelligence' of an XML editor when assisting the authoring process. However, a number of important issues relevant to structural advising in an XML authoring system remained beyond the score of this paper. These issues like the graphical user interface or integration the data mining paradigm in the authoring environment put the user in the center of consideration. Recently, we have built a prototype that integrates the structured adviser in Adobe FrameMaker 6.0 in the form of plug-in. The next step will be developing different scenarios of providing structural suggestions to the user and running a set of evaluations through the case study and behavioral analysis... To our best knowledge, this is the first attempt to propose a method for mining available data and to rank tree patterns of different size accordingly to the efficiency metrics, expressed by the similarity and gain functions. The principle of an adviser and contextual suggestions is close to those implemented in various document editors, like MS Word, Emacs, Amaya, for spell-checking tasks; the knowledge of the language and associated dictionaries are hard-coded in the editor. The difference is that suggestions in these editors cope with the content of document; while the suggestions patterns in our structural adviser try to capture the structure of a document; moreover the patterns can be identified off-line or from scratch in the on-line mode..." See also: ACM Symposium on Document Engineering 2003 (November 20 - 22, 2003).

[December 23, 2003] "XML and Information Integration: Conceptual Modeling of XML Schemas." By Bernadette Farias Lóscio, Ana Carolina Salgado, and Luciano do Rêgo Galvão (Centro de Informática, Universidade Federal de Pernambuco, Brasil). In Proceedings of the Fifth International Workshop on Web Information and Data Management (WIDM 2003) (November 7-8, 2003). "XML has become the standard format for representing structured and semi-structured data on the Web. To describe the structure and content of XML data, several XML schema languages have been proposed. Although being very useful for validating XML documents, an XML schema is not suitable for tasks requiring knowledge about the semantics of the represented data. For such tasks it is better to use a conceptual schema. This paper presents an extension of the Entity Relationship (ER) model, called X-Entity, for conceptual modeling of XML schemas. We also present the process of converting a schema, defined in the XML Schema language, to an X-Entity schema. The conversion process is based on a set of rules that consider element declarations and type definitions and generates the corresponding conceptual elements. Such representation provides a cleaner description for XML schemas by focusing only on semantically relevant concepts. The X-Entity model has been used in the context of a Web data integration system with the goal of providing a concise and semantic description for local schemas defined in XML Schema... The X-Entity representation provides a cleaner description for XML schemas hiding implementation details and focusing on semantically relevant concepts. The X-Entity model extends the ER model so that one can explicitly represent important features of XML schemas, including: element and subelement relationships, occurrence constraints of elements and attributes and choice groups. Due to space limitations, some X-Entity features were not presented in this paper. Other issues were not considered in our approach, including: hierarchy of elements and attributes, cardinality of group of elements, elements with mixed content and order of elements imposed by a sequence compositor. However, our model can be easily extended with additional features and new rules can be developed for the conversion process. We already implemented a prototype to generate XEntity schemas from XML Schemas..." General references in "XML Schemas."

[December 23, 2003] "Security Analysis of the SAML Single Sign-on Browser/Artifact Profile." By Thomas Gross (IBM Zurich Research Laboratory). Paper presented Thursday, December 11, 2003 at the 19th Annual Computer Security Applications Conference (December 8-12, 2003, Las Vegas, Nevada, USA). With 21 references. "Many influential industrial players are currently pursuing the development of new protocols for federated identity management. The Security Assertion Markup Language (SAML) is an important standardized example of this new protocol class and will be widely used in business-to-business scenarios to reduce user-management costs. SAML utilizes a constraint-based specification that is a popular design technique of this protocol class. It does not include a general security analysis, but provides an attack-by-attack list of countermeasures as security consideration. We present a security analysis of the SAML Single Sign-on Browser/Artifact profile, which is the first one for such a protocol standard. Our analysis of the protocol design reveals several flaws in the specification that can lead to vulnerable implementations. To demonstrate their impact, we exploit some of these flaws to mount attacks on the protocol... We have deduced several recommendations for the design of browser-based protocols from our analysis. First of all, we strongly recommend that secure channels such as SSL 3.0 or TLS 1.0 with unilateral authentication for message transfer always be used. They outmatch normal transfer of signed and encrypted messages, as they provide authentication, freshness, and replay prevention. We also recommend including more explicitness measures into the messages. It is important to name protocol type, protocol step, source and destination of a message explicitly in the message. Such measures could for instance prevent attacks where multiple services of a site are involved.We recommend not only considering successful protocol runs, but also analyzing all states the protocol can reach. Especially error states may hide opportunities for attacks such as our referrer attack. We are convinced that the SAML Single Sign-on Browser/Artifact profile is in general a well-written protocol. In fact, it is one of the most carefully designed browser-based protocols in federated identity management. Nevertheless, several changes are required to improve its security and prepare for its broad application in industry..." General references in "Security Assertion Markup Language (SAML)." [cache]

[December 23, 2003] "An Editor for Adaptive XML-Based Policy Management of IPsec." By Raj Mohan (Indian Army, India) with Timothy E. Levin and Cynthia E. Irvine (Naval Postgraduate School, USA). Paper presented at the 19th Annual Computer Security Applications Conference (December 8-12, 2003, Las Vegas, Nevada, USA). With 19 references. "TCP/IP provided the communications foundation for the Internet and the IPsec protocol now promises to enable the desired security strength. IPsec provides users with a mechanism to enforce a range of security services for both confidentiality and integrity, enabling them to securely pass information across networks. Dynamic parameterization of IPsec further enables security mechanisms to adjust the level of security service 'on-the-fly' to respond to changing network and operational conditions. The IPsec implementation in OpenBSD works in conjunction with the Trust Management System, KeyNote, to achieve this. However the KeyNote engine requires that an IPsec policy be defined in the KeyNote specification syntax. Defining such a dynamic security policy in the KeyNote Policy Specification language is, however, complicated and could lead to incorrect specification of the desired policy, thus degrading the security of the network. We present an alternative XML representation of this language and a graphical user interface to create and manage a consistent and correct security policy. The interface has the simplicity of a simple menu-driven editor that not only provides KeyNote with a policy in the specified syntax but also integrates techniques for correctness verification and validation... Security policy management is a critical issue in the management of computer and networking resources. IPsec and KeyNote provide a mechanism to implement a granular security policy. Previous research in the area of 'Quality of Security Service' demonstrates how an adaptive security policy can provide enhanced security with optimal utilization of network resources. A missing link in this process was the difficulty in specifying a well-defined, granular, error free and consistent security policy in the language understood by the KeyNote trust management engine. We have presented a solution to this problem in the form of an easy to use yet powerful security policy editor. The work demonstrates that use of XML technology as a middle layer provides us with a means to combine the security of KeyNote with the simplicity of a policy editor. This novel approach also provides us all the benefits of XML, such as XSL and XML security. While XSL was extensively used, XML security tools could also be used in follow up future work..." [cache]

[December 23, 2003] "An Analysis of XML Database Solutions for the Management of MPEG-7 Media Descriptions." By Utz Westermann and Wolfgang Klas (University of Vienna). In ACM Computing Surveys (CSUR) Volume 35, Issue 4 (December 16, 2003), pages 331 - 373. [ISSN: 0360-0300] "MPEG-7 constitutes a promising standard for the description of multimedia content. It can be expected that a lot of applications based on MPEG-7 media descriptions will be set up in the near future. Therefore, means for the adequate management of large amounts of MPEG-7-compliant media descriptions are certainly desirable. Essentially, MPEG-7 media descriptions are XML documents following media description schemes defined with a variant of XML Schema. Thus, it is reasonable to investigate current database solutions for XML documents regarding their suitability for the management of these descriptions. In this paper, we motivate and present critical requirements for the management of MPEG-7 media descriptions and the resulting consequences for XML database solutions. Along these requirements, we discuss current state-of-the-art database solutions for XML documents. The analysis and comparison unveil the limitations of current database solutions with respect to the management of MPEG-7 media descriptions and point the way to the need for a new generation of XML database solutions... For the management of MPEG-7 media descriptions (and certainly for the management of other data-centric XML documents as well, e.g., in the domain of electronic interchange of business data), we therefore see the need for a new generation of XML database solutions which recognize the central importance of exploiting the type information contained in schema definitions for the adequate management of XML documents. At the same time, these solutions should not neglect other important issues such as sophisticated (multidimensional) value, text, and path index structures, profound extensibility with custom functionality and index structures, and -- not to forget these -- classic DBMS functionality such as transactions, fine-grained concurrency and access control, and reliable means for backup and recovery. It seems that the necessity of using schema definitions to achieve an adequate management of XML documents is to becoming more and more recognized. As a newer XML database solution, Oracle XML DB/Structured Mapping already to some extent makes use of schema defi- nitions written in XML Schema for document validation and for the typing of basic document contents, as well as for query optimization. At least for the management of MPEG-7 media descriptions, however, the system has to be developed further to overcome its limitations with regard to the more complicated constructs of MPEG-7 DDL/XML Schema in order to be considered more than just a harbinger of a new generation of schema-aware XML database solutions." See also: (1) "A Typed Representation and Type Inference for MPEG-7 Media Descriptions"; (2) "An Analysis of XML Database Solutions Concerning the Management of MPEG-7 Media Descriptions" (Technical Report, No. TR-2002302, Dept. of Computer Science and Business Informatics, University of Vienna, September, 2002). General references in "Moving Picture Experts Group: MPEG-7 Standard."

[December 23, 2003] "Butting Heads Over B2B. ebXML Battles Web services Over Which Will Become the E-Business Platform of Choice." By Paul Desmond. In Network World (December 22, 2003). "Companies looking to conduct complex business transactions might expect Web services to enable those efforts. But along the way, they might find some business partners adamant about using another technology for the same purpose, electronic business with XML. Under development since the late 1990s, ebXML is a multifunction e-business framework that includes a secure document-messaging component and a methodology for constructing those documents. Web services, of course, fits a similar description, although the degree to which they help businesses conduct more than the simplest of online transactions is one subject of the Web services vs. ebXML debate. Another topic is whether a debate is needed at all. A number of experts say the two technologies are complementary, because ebXML can, and does, employ Web services underpinnings such as Simple Object Access Protocol (SOAP)... 'People think of ebXML as a holistic framework rather than having multiple aspects that can be adopted independently,' says Joseph Chiusano, senior consultant with Booz Allen Hamilton in McLean, Va., and a member of the OASIS ebXML technical committee. While Web services didn't really exist when ebXML was conceived, OASIS and UN/CEFACT, an international standards body that also plays a role in ebXML development, have since made multiple efforts to incorporate Web services components in ebXML. Those include an interface that enables ebXML messages to be carried via SOAP, and the ability to register and discover Web Services Description Language (WSDL) documents... [John] Radko says he sits in on numerous meetings in which the ebXML vs. Web services debate rages on. Members of the auto industry, for example, are debating whether to use ebXML document formats or those that are more closely aligned with Web services, such as WS-Attachments. This Microsoft-developed specification is at least the third attempt at defining how to send files back and forth in a Web services environment. He says such a specification must have four basic attributes: to, from, message type and a message ID, for tracking. 'EbXML does all that great; it was designed from the ground up to do that,' Radko says. Work is underway in standards bodies including the Internet Engineering Task Force and World Wide Web Consortium to define the same attributes for Web services. So why not simply use ebXML document formats and send them over a Web services-based transport? For one, ebXML uses a component-based approach toward building documents that Radko says is technically sophisticated but difficult to work with... Users must choose a platform for conducting business online -- Web services or the older but more established electronic business with XML (ebXML). Sun is the only large vendor with a certified interoperable ebXML offering, although at least nine smaller e-commerce providers and software vendors offer ebXML certified products. IBM, Microsoft and Oracle favor Web services. Resolution is questionable. The ebXML camp likely will try adding more Web services underpinnings, while Web services standards groups will strive for agreement on document format structure...' See also the following reference..." See also the following reference, and general references in "Electronic Business XML Initiative (ebXML)."

[December 23, 2003] "Comparing WSDL-based and ebXML based Approaches for B2B Protocol Specification." By Martin Bernauer, Gerti Kappel, and Gerhard Kramler (Business Informatics Group Business Informatics Group, Institute of Software Technology and Interactive Systems, Vienna Universiy of Technology. Presented at the First International Conference on Service Oriented Computing (ICSOC 2003), Trento, Italy, 15-18 December 2003. "When automating business processes spanning organizational boundaries, it is required to explicitly specify the interfaces of the cooperating software systems in order to achieve the desired properties of interoperability and loose coupling. So-called B2B protocols provide for the formal specification of relevant aspects of an interface, ranging from document types to transactions. Currently, there are two main approaches proposed for the specification of B2B protocols, the WSDL-based approach supporting Web Service languages, and the ebXML-based approach supporting languages defined along the ebXML project. Unfortunately, these approaches are not compatible, thus an organization wanting to engage in B2B collaboration needs to decide whether to embark on any of these new approaches, and which ones to use. This paper introduces a conceptual framework for B2B protocols, and based on this framework, a methodical comparison of the two approaches is provided, answering the questions of what the differences are and whether there are chances to achieve interoperability..." See also the abstract and the preceding bibliographic reference. Related: (1) comments on the OASIS ebXML Business Process Technical Committee (ebXML BP TC) discussion list; (2) general references in "Electronic Business XML Initiative (ebXML)." [cache]

[December 20, 2003] "Beyond Instant Messaging: Platforms and Standards for These Services Must Anticipate and Accommodate Future Developments." By John C. Tang and James "Bo" Begole (Sun Labs). In ACM Queue Volume 1, Number 8 (November 2003), pages 28-37. ACM Queue Special Issue on Instant Messaging. "The recent rise in popularity of IM (instant messaging) has driven the development of platforms and the emergence of standards to support IM. Especially as the use of IM has migrated from online socializing at home to business settings, there is a need to provide robust platforms with the interfaces that business customers use to integrate with other work applications. Yet, in the rush to develop a mature IM infrastructure, it is also important to recognize that IM features and uses are still evolving... In this discussion, we want to demonstrate how research prototypes that explore future directions can be used to guide and inform current efforts to develop an infrastructure. Our experience in using and studying IM has identified future opportunities in what we will refer to as 'awareness services.' That is, beyond the instant text-chat capability and sense of presence among online colleagues that IM provides, what other cues of activity should collaborators share to help coordinate their work? When a person you want to contact is not present, what information can the system provide to help you coordinate contact in the future? Even when you are physically present, can the system provide cues for when you are mentally receptive, or 'available,' to being interrupted? As examples of potential solutions to these issues, we summarize three research prototypes that demonstrate future directions in awareness services: (1) Awarenex - an IM and awareness prototype that demonstrates additional realtime awareness information useful both for initiating contact and negotiating conversation. (2) Rhythm Awareness - a system that analyzes awareness information over time to predict future times to contact people who are not currently available. (3) Lilsys - a system that integrates awareness information from a number of different sensors to infer when colleagues may not be available for interaction... The research prototypes described here, along with other research in this area, suggest an emergence of promising awareness features that would further help distributed work groups communicate and coordinate their collaboration. Technical platforms and standards need to support the ongoing development of awareness features and be capable of including new awareness information and services as they emerge. The technical infrastructure also needs to address privacy concerns so that users can easily understand and trust their control over who has access to this information. By developing platforms and standards today that anticipate and accommodate future developments in awareness services, we can build communication tools that will gracefully support the emergence of new awareness services as they become available..."

[December 20, 2003] "Nine IM Accounts and Counting." By Joe Hildebrand (Jabber). In ACM Queue Volume 1, Number 8 (November 2003), pages 44-50. ACM Queue Special Issue on Instant Messaging. ['The key word with instant messaging today is interoperability. Various standards are in contention.'] "Instant messaging (IM) has become nearly as ubiquitous as e-mail, in some cases -- on your teenager's computer, for example -- far surpassing e-mail in popularity. But it has gone far beyond teenagers' insular world to business, where it is becoming a useful communication tool. The problem, unlike e-mail, is that no common standard exists for IM, so users feel compelled to maintain multiple accounts -- for example, AOL, Jabber, Yahoo, and MSN. This decision makes no sense from the end-user perspective, but unfortunately it is an artifact of how IM has developed. Even without a common IM standard, interoperability is not much of a technical challenge, however. The open source community has demonstrated that since 1999. To interoperate or not to interoperate is actually a business decision. It comes down to giving corporate customers what they want. In some cases that means interoperability and in some cases it means creating a walled or gated community... Multiple standards are still vying for prominence today. The main contenders are XMPP and SIMPLE, both of which are still under discussion within the IETF. XMPP is an IETF adaptation of the open Jabber protocol for IM and presence. SIMPLE -- SIP for Instant Messaging and Presence Leveraging Extensions -- is based on the IETF signaling protocol known as the Session Initiation Protocol, or SIP. SIMPLE is a set of extensions built on top of SIP that will provide for an IM and presence system. Microsoft has thrown its considerable weight behind SIMPLE... Two features make IM unique: rapid-fire asynchronous messaging, and realtime presence information. We've only just begun exploring what it means to mix these and add them to a wide range of applications and devices. For example, one extension to presence is geographical location information. Once your car is a node on the network, its presence information could be provided (subject to permissions you control) to other nodes on the network, such as your garage door. Why push a button to open your garage door when it can open automatically whenever your car comes within 20 feet? Sure, that seems like a frivolous use of the technology, but don't think it won't happen just because it's frivolous. Adding presence information (from basic on/off status to extended presence about more sophisticated states) to applications and devices will open up a wealth of uses that we've only just begun to think about. The same is true of asynchronous messaging. While some industry pundits have bought into Microsoft's contention that the IM game is over and that the direction of IM technology will be based on SIMPLE, millions are actually building innovative applications and deploying large messaging and presence services using XMPP. Why? Because they can deploy today, knowing that XMPP is natively interoperable, extensible, and being chosen by some of the world's largest companies..." See also: (1) "Extensible Messaging and Presence Protocol (XMPP)"; (2) SIP for Instant Messaging and Presence Leveraging Extensions."

[December 20, 2003] "On Helicopters and Submarines." By Marshall T. Rose (Invisible Worlds). In ACM Queue Volume 1, Number 8 (November 2003), pages 10-13. ACM Queue Special Issue on Instant Messaging. ['You're not going to get any savings through integrating IM with your SIP infrastructure. SIP does a great job as a helicopter, but when you try to make it function as an IM submarine as well, disaster may follow.'] "Helicopters are great, and so are submarines. The problem is that if you try to build one vehicle to perform two fundamentally different jobs, you're going to get a vehicle that does neither job well. What does any of this have to do with instant messaging (IM)? Well, the Session Initiation Protocol (SIP) is an excellent helicopter, but it is also being proposed for use as an instant messaging submarine. The proposal is known by a clever acronym, SIMPLE (SIP for instant messaging and presence leveraging extensions), but the SIP/IM approach doesn't have any of the good features normally associated with simplicity... SIP is a rendezvous protocol used to establish media streams (e.g., voice over IP, conferencing, and so on). The key thing to understand about rendezvous protocols is that they play an important but very limited role in data communications. They negotiate all the parameters necessary for data exchange to occur; but their role is also limited, because once this negotiation completes, the rendezvous protocol goes away and the actual exchange of data occurs. Like all good protocols, SIP's design parameters reflect its operating environment. What this means is that SIP's design isn't optimal for use in other scenarios. For example, because the rendezvous protocol is used for brief exchanges, and comprises such a small part of an overall mix of data traffic (in comparison to the actual data exchange), SIP doesn't need to have a congestion-sensitive transmission algorithm. After all, SIP is trying to do only one or two handshakes, so using something like slow-start is actually counterproductive. The difficulty here is the same thing that afflicts most protocols that achieve cult-like popularity: SIP is being considered for use in all kinds of different applications. In fact, the magnitude of requests for SIP extensions has reached the point where there's actually an evolving review process for SIP modifications... Rendezvous protocols are great, and so are data-exchange protocols. The problem is that if you try to build one protocol to perform two fundamentally different jobs, you're going to get a protocol that does neither job well. In other words, SIP and IM are sufficiently different that trying to do them both in the same protocol is problematic..."

[December 20, 2003] "Broadcast Messaging: Messaging to the Masses." By Frank Jania (IBM). In ACM Queue Volume 1, Number 8 (November 2003), pages 38-43. ACM Queue Special Issue on Instant Messaging. ['This powerful form of communication has social implications as well as technical challenges.'] "We have instantaneous access to petabytes of stored data through Web searches. With respect to messaging, we have an unprecedented number of communication tools that provide both synchronous and asynchronous access to people. E-mail, message boards, newsgroups, IRC (Internet relay chat), and IM (instant messaging) are just a few examples. These tools are all particularly significant because they have become essential productivity entitlements. They have caused a fundamental shift in the way we communicate. Many readers can attest to feeling disconnected when a mail server goes down or when access to IM is unavailable. For some of us, network outages are now as inconvenient as a blackout. These tools are also significant because they represent technologies that provide a means for enhanced interaction. On one end, in the case of e-mail, the technology provides increased delivery speed over that of standard post. At the other extreme, in the case of IM, the ability to advertise awareness information and have a realtime text conversation comprises a new form of communication. Broadcast messaging is a technology that falls somewhere in between, and has several use-cases that highlight its efficacy and indicate that it also will someday enjoy the ubiquity of IM. There are, however, social implications to providing broadcast messaging to a large audience, as well as challenges in building broadcast messaging tools for such an audience... ICT is a suite of applications that incorporates broadcast messaging and IM. The most prolific use-case of ICT is the IBM internal deployment, with an average of 18,000 users per month. There are five applications for broadcast messaging: w3alert, TeamRing, SkillTap, FreeJam, and PollCast. Users broadcast many types of requests to one of many communities, but the most active is the "everyone" community. This is the community that everyone listens to by default. The novel feature of communicating to "everyone" is circumventing the need to categorize your request while getting it out to a large audience of potential responders. The ability to broadcast to everyone can be very powerful, but it also has social implications and technological challenges. I'll first discuss the specifics of ICT's broadcast applications and then their social implications and technological challenges..."

[December 20, 2003] "IM: A Conversation with Peter Ford." By Eric Allman and Peter Ford. In ACM Queue Volume 1, Number 8 (November 2003), pages 18-27. ACM Queue Special Issue on Instant Messaging. "Instant messaging (IM) may represent our brave new world of communications, just as e-mail did a few short years ago. Many IM players are vying to establish the dominant standard in this new world, as well as introducing new applications to take advantage of all IM has to offer. Among them, hardly surprising, is Microsoft, which is moving toward the Session Initiation Protocol (SIP) as its protocol choice for IM. Providing us with the Microsoft perspective on IM is Peter S. Ford, chief architect for MSN Messenger. At Microsoft he has worked on Messenger, TCP/IP, IP security (IPsec), RSVP and QoS, voice over IP (VoIP), and Mobile Data. Previously he worked at MCI on Internet access and virtual private networks (VPNs), on the evolution of the National Science Foundation network to network access points (NAPs) and very-high-speed Backbone Network Service (vBNS), and at Los Alamos National Laboratory on high-performance computer networking and nonlinear systems. In an earlier life he was a systems hacker at the University of Utah and the University of Michigan. In the Internet Engineering Task Force (IETF) he cochaired the team proposing the use of connectionless network service (CLNS) as the candidate for IPv6. Ford has a bachelor of general studies degree from the University of Michigan. Sparring with Ford in a discussion of IM is e-mail pioneer Eric Allman, chief technology officer and founder of Sendmail..." [PF:] "I see tremendous amounts of evolution in what you and I would call user-agents. The current IM clients and the current e-mail clients are just going to evolve like crazy in the next five years. We probably won't recognize them five years from now. The explosion of people trying to communicate with you, using instant messaging and e-mail, is going to grow tremendously. Having systems that can manage that in a human-friendly collaborative manner is going to be critically important as we move ahead. I'm very optimistic about that. At some level, it sounds like, 'Oh my god, we're all going to drown in an e-mail sea,' and I think that filtering technologies have come around very quickly in the last two years. I've been very impressed by how quickly people have addressed spam, and that's because it's so important. I think e-mail was the killer app of the Internet, and messaging still is the killer app. E-mail plus instant messaging are part of that whole messaging milieu. They probably will be for a long time. I'm one of the people who still believe that e-mail is as important if not more important than the Web in the Internet. The Web-heads of course would say, 'No, no, the Web is the most important thing,' but I'm a big believer that person-to-person messaging, whether it be e-mail or IM, is probably still the driver. Clearly, both are important. I give the nod to messaging because people can be closer to the people they care about, and it makes it easier for them to work with the people they need to work with..."

[December 20, 2003] "XML for the Rest of Us. Once Eclipsed by Machine-To-Machine Communications, the Human Factor of XML is Starting to Emerge." By Jon Udell. In InfoWorld (December 19, 2003). "Last week in Philadelphia, I had the honor of delivering the opening keynote address at XML 2003. On the morning of the talk, I watched the cubicles light up in the bank across the street from my hotel. XML is a disruptive technology that is almost certainly replumbing the IT infrastructure of that bank. But to those bankers booting up their PCs and sipping coffee in early morning CRT glow, XML is still probably just plumbing -- if that... At a previous XML conference in 2001, the agenda had been all about plumbing... XML 2003 was a much happier experience. Seven weeks after shipping InfoPath, Microsoft's Jean Paoli was onstage showing how officers of the North Carolina Highway Patrol are using XML documents to report incidents. And Adobe, which had earlier this year revealed the existence of latent XML capabilities in the free Acrobat 6 reader, demonstrated the beta version of a form designer that can turn a piece of digital paper into an XML-aware form. 'The relational database is designed to serve up rows and columns,' said BEA's Adam Bosworth in his keynote talk. 'But our model of the world is documents. It's, 'Tell me everything I want to know about this person or this clinical trial.' And those things are not flat, they're complex. Now we have the way to get not only the hospital records and prescriptions but also the doctor's write-ups.' The doctors and bankers will get that, just as the highway patrolmen already do. XML documents, flowing through XML plumbing, can now deliver very real and tangible benefits. For the publishing geeks who started it all, it's a moment to savor..."

[December 20, 2003] "To Boldly Go." By Martin Sexton (London Market Systems). In Financial IT [IncisiveMedia] (October 2003). "Since 2000, a number of industry and proprietary XML standards have emerged, raising concerns that there were too many XML vocabularies being developed. This has led to a general misconception that the market is full of competing XML standards, causing many participants to adopt a wait-and-see approach.' At the end of 2000 ISO 15022 Second Edition was initiated, its goal being to encourage convergence of industry-wide standards to create a single financial repository. The initial challenge was to merge SWIFT (post-trade and settlement) and FIX (pre-trade and trade) into a single XML standards framework. Discussions are now under way on the integration of MDDL (market data pricing and reference data, including corporate actions), FpML (derivatives trading), and TWIST (FX, money markets and commercial payments). The original delivery date for the ISO 15022 XML standard was December 2003, though to ensure the standards are properly integrated, tested and agreed this date has moved to mid-2004. Given the scope and plans of each standard is publicly available, one should not be concerned about committing to industry standards. Fears of being an early adopter should be balanced against meeting the needs of your organisation. Taking part in defining the standards will ultimately ensure the needs of your organisation are met. Financial standards landscape The working group behind ISO 15022 Second Edition produced an initial roadmap that is summarised in the diagram on the next page. It shows the Trade lifecycle and the scope of the existing 'non-XML' standards that are planned to be reverse engineered to produce the XML variants. Since its inception, ISO 15022 Second Edition has been expanded to include the other XML standards, FpML, MDDL, and TWIST. The principle driving force behind the creation of these standards has been the impending T+1 regulations. The SIA and GarnterG2 conducted a survey (July 2003) on the industry's efforts toward STP, and one of the report's recommendations was that industry leaders should, 'work with the Securities Industry Association and industry bodies to establish a consensus on STP standards'. Deploying global XML standards offers the opportunity for improvement in trade automation, resulting in tangibles benefits such as reduced staffing levels and shortened trade life cycles, as well as savings in hard currency... In April 2003, at the Defining the Reference Data Standard conference in New York, Keith Berry announced the success story of XML integration projects at Barclay Global Investors. By deploying XML, over 60 market data flat file interfaces were replaced with nine XML interfaces and a further 320 application interfaces were replaced by 75 XML equivalent. Other initiatives include the London Stock Exchange Sedol Master File and the FT Interactive Data pricing files projects; both have opted for MDDL as the delivery format. Potential users should not be concerned about possible standards turf wars or whether or not to use standards in a prescriptive manner. If real business benefits can be identified, one needs to ask 'why are we not using XML standards to solve part or all of our data management needs?' Given the benefits of using XML within the enterprise, there seems little point in duplicating the months of effort these standards represent without taking a good look at what they can offer -- why reinvent the wheel?" See also: (1) the London Market Systems XML Standards Guide for Market Data; (2) "FISD XML Messaging Specification for Real Time Streaming XML-Encoded Market Data."

[December 20, 2003] "XML: We Ain't Seen Nothin' Yet." By A. Russell Jones (DevX, Executive Editor). In DevX.com XML Zone (December 16, 2003). ['From interprocess communications to file systems to operating systems, XML is a magic elixir that provides new possibilities and solves a host of ailments. XML is becoming instrumental in areas that you may never have even considered before.'] "XML is a fundamentally simple idea -- take bits of content and give them identifying tags -- but it has far-reaching effects. In just a few short years, XML's evolution has sparked an explosion of innovation that's touched nearly every facet of computing, even the most basic computing building blocks, such as file systems, databases, displays, and communications. And it's not done yet. It won't be long before XML permeates nearly every system, application, and data store within reach. Think I'm exaggerating? Look at what XML has already accomplished... XML is set to fuel both file system (WinFS) and display (XAML, XUL) functionality in Windows. Similar capabilities for other OS's are likely not far behind. If you can capture the application management, data storage, and UI behavior in XML, you've essentially created a layer that can be moved between operating systems much more easily... XML-formatted configuration files increasingly hold directives, settings, preferences, and meta-data for individual applications, which means XML is already being used to perform one portion of application management. Applications also need data, and XML has made significant inroads into data storage, data transfer, and data query capabilities as well. Although relational databases remain the primary repository for enterprise and large-scale application data, modern applications that work with the data are retrieving it as XML. Microsoft's DataSets in .NET are one small example. For more indications, one need look no further than the fact that all major databases can now deliver XML-formatted data, accept XML data for update and insert operations, and are rapidly gaining the ability to store and query (see XQuery) data in native XML format. The essential point is this: Just as XML Web services provide a language-and-platform-independent layer between applications, XML configuration and management, data storage and display provide an equally language-and-platform-independent layer between operating systems. You'll see the fruits of this added layer of indirection in years to come..."

[December 20, 2003] "Q&A: Web Services Security." By Jack Vaughan [and Toufic Boubez]. In Appliccation Development Trends (December 01, 2003). "Toufic Boubez has a stellar record in Web services. At IBM, he co-authored UDDI. Later, he founded Layer 7 Technologies which recently released SecureSpan to promote Web services security and integration policy creation..." Boubez [excerpt]: "'Web services' denotes a set of technologies that is supposed to allow you to attain the ideal of just-in-time integration through loosely coupled systems. But the current model in its current use breaks down when it comes to anything other than the simplest, most straight-forward 'getQuote' type of toy examples. There are many areas of tight coupling in the SOAP message alone... In typical Web services scenarios, security mechanisms such as authentication, authorization, credential presentation, encryption, or digital signature requirements are hard coded into the Web service. The equivalent mechanisms must then be hard coded into the client applications that invoke this Web service. This results in a system where the requesting client application is tightly coupled to the implementation of the service, and breaks down if any of these terms need to be changed. But, to get back to the question, there definitely is a mechanism to make Web services security loosely coupled. This is where the crucial concept of policy enters the picture. In order to provide flexibility to an otherwise brittle system, policy documents have to be created to decouple 'invariants' from 'environment variables'. In this context, what I consider to be an invariant is the actual functionality of the service, tested and deployed, and not to be touched again until the business requirements change... A system cannot be 'half' loosely coupled - it either is or isn't. What's needed to complete the solution is a new concept that we're proposing, the policy application point, at the client side. This is where the requester is also decoupled from the security policy requirements, in the same way that the policy enforcement point decoupled the web service itself. The policy application and enforcement points can exchange policy documents and coordinate at runtime to make the whole security mechanism truly loosely coupled. This in essence is one of the most important features of the SecureSpan Solution..."

[December 20, 2003] "xmltramp and pxdom." By Uche Ogbuji. From XML.com (December 17, 2003). ['In his Python column, Uche Ogbuji covers "xmltramp", a tool for parsing XML documents into a data structure that's very friendly to Python, and "pxdom", a highlight-compliant, DOM Level 3 implementation.'] "In this article I cover two XML processing libraries with very disjoint goals. xmltramp, developed by Aaron Swartz, is a tool for parsing XML documents into a data structure very friendly to Python. Recently many of the tools I've been covering with this primary goal of Python-friendliness have been data binding tools. xmltramp doesn't meet the definition of a data binding tool I've been using; that is, it isn't a system that represents elements and attributes from the XML document as custom objects that use the vocabulary from the XML document for naming and reference. xmltramp is more like ElementTree, which I covered earlier, defining a set of lightweight objects that make information in XML document accessible through familiar Python idioms. The stated goal of xmltramp is simplicity rather than exhaustive coverage of XML features... pxdom, on the other hand, has the goal of strict DOM Level 3 compliance. It is developed by Andrew Clover, who contributed to the XML-SIG the document 'DOM Standards compliance', a very thorough matrix of feature and defect comparisons between Python DOM implementatons. DOM has generally not been the favorite API of Python users -- or, for that matter, of Java users -- but it certainly has an important place because of its cross-language support..." General references in "XML and Python."

[December 18, 2003] "Lack of Windows 98 Support Could Have Wide Impact: Study." By Jack Kapica. In The Globe and Mail (December 11, 2003). "Many companies are going to find themselves more vulnerable to viruses and security attacks on Jan. 16, a Canadian research company says. On that day, Microsoft Corp ceases to offer technical support and security updates for its five-year-old operating system Windows 98. And those operating systems are still very popular among cost-conscious companies. Inventory data collected by Ottawa-based AssetMetrix Research Labs of 370,000 computers -- from 670 companies ranging in size from 10 to 49,000 PCs -- found that more than 80 per cent of the companies were still using Windows 98 or Windows 95. But in mid-January, all those computers will be considered obsolete, and security patches will cease to be made for Windows 98 or its revised successor, Windows 98 SE... AssetMetrix Research Labs, the research division of AssetMetrix, an asset intelligence service, produced the report in support of Win98-Exodus, the company's new tool to help corporations upgrade to Windows 2000 and Windows XP... More than 27 per cent of PCs were running Windows 95 or Windows 98, AssetMetrix reported, compared to only 7 per cent for Windows XP..." See also the following bibliographic entry.

[December 18, 2003] "An Open Letter From Jonathan Schwartz." By Jonathan Schwartz (Executive Vice President, Sun Microsystems). From Sun News, Video, and Resources. December 17, 2003. "Microsoft's recent unilateral decision to discontinue support for Windows 98 and other products as of December 23, 2003 offers users a lesson, and an opportunity. It's a lesson in how a company with legendary market dominance can lose sight of customer priorities, and force an unnecessary transition onto a customer base already paralyzed with viruses and security breaches... Publicly, Microsoft says Sun forced its hand. Yet, they overlooked that this issue was part of a settlement it agreed to and Sun extended until September of next year. So apparently without consulting customers, partners or ISV's, Microsoft has unilaterally elected to pull their products from the market, then blamed it on Sun. We'd like you to know that this isn't accurate. The agreement between Sun and Microsoft gives customers a graceful transition path to a future platform, that extends far beyond December 23. Moreover, Sun has offered, and will continue to offer, a license to Java technology that would spare Microsoft any transition whatsoever so long as Microsoft maintains compatibility, and a commitment to the preservation of the very same standards igniting the world of web services... While Microsoft scapegoats Sun, the world is discovering the wonders of Sun's Java Desktop System -- which delivers all the functionality of a Windows environment, at a tenth the price, and with ten times the security. The Chinese government discovered it. The United Kingdom's National Health Service and Office of Government Commerce discovered it. Just like hospitals, universities, retailers - and soon, some of the worlds largest enterprises -- have discovered. Sun's Java Desktop System delivers an engaging, very low cost alternative to the proprietary Microsoft platform -- which you can deploy without retraining, or fear of incompatibility..." See also the preceding reference.

[December 18, 2003] "OpenOffice Makes Government Inroads." By Matthew Broersma. In CNET News.com (December 18, 2003). "Government bodies in Israel and Texas are starting to shift from Microsoft Office to open-source alternatives, driven by budget pressures. Two significant government bodies, the Israel Department of Commerce and the City of Austin, Texas, are moving toward replacing Microsoft Office installations with the OpenOffice.org productivity suite. This continues a worldwide trend of governments attempting to cut costs with open-source software. The Department of Commerce has made a strategic decision to reduce government dependency on Microsoft, and is to replace most of its Microsoft Office desktops with OpenOffice, according to a report this week in the Israeli business daily Globes. The software is to run on Windows using IBM hardware, the paper said. Also this week, the City of Austin said it would migrate several hundred Microsoft Office installations to OpenOffice beginning in January, as part of an ongoing testing program. OpenOffice is an open-source office suite based on Sun Microsystems' StarOffice. Open-source software is not controlled by any one company, making it attractive for organizations wary of paying steep licensing fees to a single supplier. Many public-sector bodies are also eyeing, or actively migrating to, the open-source Linux operating system for desktop use. Linux is widely used on servers, but has yet to make a serious dent in Microsoft's dominance of the desktop. Austin made the decision to shift 300 desktops in the Communications Technology Management department to OpenOffice after testing the software on 30 desktops for several months, according to Austin's acting chief information officer, Pete Collins. He said that testing would continue, with the possibility of more of the city's 5,200 desktops shifting to OpenOffice..." See also: (1) the news story "Danish Board of Technology Report Recommends Open Source Software for E-Government"; (2) "OpenOffice.org XML File Format."

[December 17, 2003] "New Storage Management Specification Key to Managing Multi-Vendor SANs." By Shankar Subramanian. In CNETAsia (December 09 2003). "Storage management will take a major step forward this year when the Storage Networking Industry Association (SNIA) completes work on the first version of the Storage Management Interface Specification, or SMI-S, a specification for a standardized interface for storage management applications. Managing multi-vendor Storage Area Networks (SANs) is a key concern for end-users and integrators alike. It typically requires the use of a several applications from multiple vendors. The applications are typically uncoordinated and unable to work together to deliver the functionality, distribution, security, and reliability to ensure the delivery of increased business efficiency. SMI-S specifies a protocol stack consisting of CIM-XML (object descriptions and management actions) over HTTP (session), over TCP (transport), over IP (interconnect). The ubiquity of the lower layers of this stack make it possible to manage components using in-band communications, out-of-band communications, or a mix of the two... SMI-S incorporates mechanisms for standards-based management of legacy devices with proprietary interfaces. Devices and subsystems can be integrated into an SMI-S network using software agents (one per device) or CIM object managers (CIMOMs -- one or multiple devices). Agents and object managers bridge to proprietary device management models and protocols and those of the SMIS. As higher-level abstractions than models developed specifically for individual components, SMI-S Object Models are applicable across entire classes of devices. Common abstractions make it feasible for software developers to implement policy -based management for entire storage networks... SMI-S [provides] a common interoperable and extensible management transport. SMI-S is the unifying factor between objects that must be managed in a storage network and the tools used to manage them. SMI-S is based on the Web Based Enterprise Management (WBEM) architecture and the Common Information Model (CIM) as pioneered by the Distributed Management Task Force (DMTF). The use of the CIM-XML over HTTP standard, an object independent management protocol, allows vendors to dynamically extend the features and functions of their products without redesign of the management transport. SMI-S will shift the industry development model relieving vendors of the tedious task of integrating incompatible and 'feature thin' management interfaces, allowing them to focus on building management engines that reduce the cost and extend functionality. Device vendors will be spared the expense of 'pushing' management interface functionality across an industry of management applications developers and empowered to build new features and functions into subsystems..." General references in "SNIA Storage Management Initiative Specification (SMI-S)."

[December 17, 2003] "DoS Flaw in SOAP DTD Parameter." By Ryan Naraine. From InternetNews.com (December 15, 2003). "Technology heavyweights IBM and Microsoft have released fixes for a potentially serious vulnerability in various Web Services products that could be exploited to trigger denial-of-service attacks. In separate alerts, the companies said the vulnerability was caused by an error in the XML parser when parsing the DTD (Document Type Definition) part of XML documents. Independent security researcher Secunia has tagged the flaw with a 'moderately critical' rating. Affected software include the IBM WebSphere 5.0.0 and Microsoft ASP.NET Web Services (.NET framework 1.0, .NET framework 1.1). According to IBM, the security patch fixes a flaw that could be exploited by sending a specially crafted SOAP request. 'This can cause the WebSphere XML Parser to consume an excessive amount of CPU resources,' Big Blue warned. An advisory from Microsoft confirmed the DTD error parsing vulnerability in its Web Services products, included with the .NET Framework 1.1..."

[December 17, 2003] "OASIS Members Demo Interoperability." By Dave Kearns. In Network World (December 17, 2003). ['The author references the Liberty Alliance's recent conformance testing results and looks at a more all-encompassing group of interoperability tests. These tests were done under the auspices of Organization for the Advancement of Structured Information Standards, the foremost proponent of XML as the lingua franca of business data exchanges, including those in the identity management arena.'] "At last week's XML 2003 conference in Philadelphia, OASIS and its members collaborated on separate interoperability demonstrations of five different OASIS Standards and specifications: Electronic Business XML (ebXML), Security Assertions Markup Language (SAML), Universal Business Language (UBL), Web Services Reliability (WS-Reliability), and Extensible Access Control Markup Language (XACML). All five specs involve identity management to a greater or lesser extent. SAML, of course, is the underlying mechanism used by the various federated identity schemes, one of which -- WS-Federation -- also encompasses WS-Reliability. XACML is a language that describes a namespace for the expression of authorization policies in XML. UBL and ebXML are more generalized business-to-business languages (ebXML is actually a family of protocols) which could be seen to be an outgrowth of and an extension to the older Electronic Data Interchange (EDI) formats x11 and EDIFACT. Identity, authentication and authorization have parts to play in all of these... There were actually four demos presented, and one covered multiple protocols: (1) Interoperability Using Test Frameworks - ebXML in a Supply-Chain environment; (2) WS-Reliability - A demonstration of guaranteed message delivery involving Fujitsu, Hitachi, NEC, Oracle and Sun; (3) Epidemic Management Using OASIS ebXML, UBL and XACML - A real-world test of disseminating information about a health problem; (4) Web Services for Remote Portlets - Reuse of 'mini-portals' and gadgets (so-called 'portlets') for multiple sites... The WS-Reliability demo should be of interest as it is part of the infrastructure necessary for WS-Federation. The presentation demonstrated the ability of the companies involved to deliver a message, guarantee no duplicate messages and order messages as part of a transaction while all sorts of nasty things (outages, re-routings, etc.) were occurring on the network. The Epidemic Management demo is also of interest since authentication and authorization are extremely important to medical information, which must be gathered, analyzed and disseminated quickly, yet authoritatively, while still protecting patients' privacy..." See the announcement: "OASIS Interoperability Demos Showcase ebXML, SAML, UBL, WS-Reliability, and XACML at XML 2003. Adobe, BEA, Citrix, Cyclone Commerce, Drake Certivo, Fujitsu, Hitachi, IBM, Korean National Computerization Agency (NCA), NEC, US National Institute of Standards and Technology (NIST), Oracle, Sun Microsystems, Vignette, and Others Demonstrate Interoperability of Standards."

[December 17, 2003] "Incremental XML Parsing and Validation in a Text Editor." By Uche Ogbuji. From XMLhack.com (December 15, 2003). "At XML 2003 in Philadelphia, James Clark presented the ideas and implementation behind his nXML XML editing mode for GNU Emacs. He pointed out that text editors could be classified as text editors and structure editors. Many well-known XML editors are actually the latter, in which the docuemnt is always well-formed (and maybe even schema-valid) by virtue of restrictions on user interaction. In developing nXML, Clark wanted people to truly be able to do all the things a plain text editor, and in particular Emacs, allows. This means that the document will proceed through varying levels of well-formedness and validity as the user works. The goal is to provide the user with as many cues as possible to the user as to well-formedness and validity, without interfering with the basic text editing. This is much like the argument that Rick Jelliffe has been making for a while, and which has informed the development of Rick's commercial venture, the Topologi XML editor. Clark has now provided for effective text-driven editing of XML in an open source tool..." See the download site and the following reference.

[December 17, 2003] "Incremental XML Parsing and Validation in a Text Editor." By James Clark. Presentation given at XML 2003. "XML editors can be divided into text editors and structure editors. In a structure editor, the user interacts with the document as an abstract tree of elements. In a text editor, the user interacts with a document as a sequence of characters or lines of text. In a normal text editor, a user is not constrained in how they can modify the content of the document: any text can be inserted at any point and any range of text can be deleted. Preserving this characteristic in an XML editor, while providing useful support for XML editing and acceptable performance, presents some challenges. A normal XML parser or validator starts at the beginning of the document, and processes the entire document until it reaches the end or possibly until it encounters an error. This kind of implementation is not useful for an XML editor. Completely reprocessing the document on every edit cannot scale to large documents. To solve this problem, XML processing must work incrementally: as the document is processed, additional information is recorded, so that when the document is subsequently modified, the necessary reprocessing is minimized. Three kinds of XML processing will be addressed: XML 1.0 parsing, XML Namespaces processing and RELAX NG validation. This session will describe two algorithms that allow all these three kinds of processing to be performed incrementally. These algorithms have been implemented for GNU Emacs completely in Emacs Lisp. This is a particularly challenging environment, since the implementation of Emacs Lisp in GNU Emacs is much slower than the typical implementation of a language such as C++, Java or C# in which a text editor would usually be written. Moreover, GNU Emacs lacks any support for multithreading. Note that this work is also relevant W3C XML Schemas, since, for the purposes of validation, W3C XML Schemas (minus integrity constraints) can be translated into RELAX NG schemas..." See also RELAX NG.

[December 17, 2003] "Atom Authentication." By Mark Pilgrim. From XML.com (December 17, 2003). "Atom, in case you missed it, is a new standard that uses XML over HTTP to publish and syndicate web-based content. It is initially targeted at weblogs, and most of the early adopters so far have been weblog vendors and users. It consists of the Atom API, which I discussed last month, and the Atom syndication format, which I will discuss next month. This month I want to talk about authentication... life would be much simpler if Atom could just use existing HTTP authentication, as-is. But it can't; I'm going to tell you why and then I'm going to tell you what we're doing instead... all previous weblog publishing APIs send passwords over the wire in clear text. Clearly none of these APIs will work: (1) Use HTTP basic authentication - this does not technically send passwords over the wire in clear text, but it encodes them in a way that is easily reversible. So this doesn't actually help Bob since it's not an improvement over clear text. (2) MD5-hash the password and only send the hash - this would solve the password sniffing problem, since you couldn't reverse engineer the hash to recover the original password, but it doesn't help because it's susceptible to replay attacks. (3) Use HTTP basic authentication over SSL - this would solve the password sniffing problem, but it doesn't help because we can't use SSL... (4) Use HTTP digest authentication - this would also solve the password sniffing problem, and it would solve the replay problem, but most web hosting providers don't turn on digest authentication... A little-known fact about RFC 2617 is that HTTP authentication is extensible. The RFC defines and Apache has modules for Basic and Digest authentication, but developers are free to define different algorithms for use within the HTTP authentication framework, and servers are free to insist that clients support those algorithms if they want access to the server's resources... After much haggling, the algorithm we chose [for Atom] was WSSE Username Token. WSSE is a family of open security specifications for web services, specifically SOAP web services. However, the Username Token algorithm is not SOAP-specific; it can be easily adapted to work within the HTTP authentication framework, and it solves all of the problems..." Note: the Atom authentication solution was still being discussed as of 2003-12-18. Other references in the news story: "Atom as the New XML-Based Web Publishing and Syndication Format."

[December 17, 2003] "Roll Your Own Secret Santa Web Application, Part 1: The Beans. A Step-By-Step Guide to the Tools, Technology, Design, and Implementation" By Merlin Hughes. From IBM DeveloperWorks. December 17, 2003. "Merlin Hughes presents the design and implementation of a J2EE-based secret Santa Web application, along with a discussion of the tools and technologies that can be used to ease the development of such applications. The 3-part series provides a broad overview of how to build a J2EE application from the ground up, using some modern tools and frameworks, with details of how these different technologies work together to produce the end result. While not intended as detailed treatises on any individual technology, these articles instead serve as guides to developing a Web application with J2EE. This first article focuses on the beans, their design and implementation, and the use of XDoclet to accelerate their development and deployment. It examines the tools and technologies used to implement the application, and walks through the model implementation, including the entity beans that encapsulate its state, relations, and some business logic. When developing J2EE applications, you can build them from scratch or work with the many tools that are currently available to maximize your productivity. The latter approach will not only speed your development time, but the resulting solution will often be more robust and scalable, as it will benefit from the significant experience that has driven the development of the support tools, and you'll have more time to design and test the result. Aside from the underlying J2EE technologies, our implementation of the secret Santa application model has benefited tremendously from the use of XDoclet; little over a thousand lines of commented code result in an application four times the size. The majority of this code will therefore be autogenerated code that has seen deployment, use, and validation, and thus should have few or no errors. XDoclet has many strengths, not least of which is how it supports customization for different application designs, as seen in the custom value object pattern employed here..." See also Part 2 and Part 3.

[December 16, 2003] "Introducing WS-CAF: More Than Just Transactions." By Mark Little and Jim Webber (Arjuna Technologies). In Web Services Journal Volume 03, Issue 12 (December 2003). "Web services have become the integration platform of choice for enterprise applications. Those applications by the very nature of their enterprise-scale components can be complex in structure, which is compounded by the need to share common data or context across business processes supported by those applications. Those processes may be very long lived, and may contain periods of inactivity, for example, where constituent services require user interactions. In response to these issues, WSCAF (Web Services Composite Application Framework) was publicly released in July 2003 after almost two years of effort, and has broad industry support from companies such as Iona, Oracle, Sun, and a host of others, and is now under the care of an OASIS standardization effort through the WS-CAF Technical Committee. The WS-CAF specifications are a suite of protocols designed to provide the necessary framework for composing Web services into larger aggregate business processes. Given that WS-CAF is the first framework of its kind to make its way into standardization, it's important to understand the principles underpinning it. This article provides a high-level view of WS-CAF starting from the bottom up, explaining the layered architecture of the trio of specifications that comprise WS-CAF, and demonstrating how each of the specifications can be used in its own right or as a whole to provide a rich framework for building reliable composite applications... From a distance, WS-CAF may be misinterpreted simply as the industry's third attempt at designing a transaction management solution for Web services. However, while one aspect of WS-CAF does address the kind of extended transaction models that are crucial for Web services reliability, there is actually much more to WS-CAF than just transactions. WS-CAF also provides generic context-management and service-coordination frameworks that can form the basis of composite applications, processes, and workflows. These features are exposed to Web services-based applications and can be tailored to build protocols that are specific to particular applications domains..." Note: the article also features a section "Comparison Between OASIS BTP and WS-Coordination/Transaction." See also: (1) "OASIS Forms Web Services Composite Application Framework Technical Committee"; (2) WS-CAF Technical Committee web site.

[December 16, 2003] "Sun Sets Up European RFID Test Center." By Andy McCue. In CNET News.com (December 05, 2003). "Sun Microsystems will open a facility in Europe where companies can test their radio frequency identification systems. The announcement, made at Sun's first European user conference Friday, signals the company's intention to stake a claim in what is likely to be a lucrative market. In a demonstration Friday, Sun's Chief Executive Scott McNealy checked out a shopping basket of RFID-tagged goods. The center is due to open in February next year and is an addition to Sun's U.S. facility. Sun maintains that RFID tags have the potential to cut huge costs from the supply chain of retailers and manufacturers. In the United States, Wal-Mart Stores is set to spend $3 billion on RFID technology, and the retailer has drawn up specifications that its top 100 merchandise suppliers should adhere to by January 1, 2005. The new European testing center will allow companies to comply with the Wal-Mart mandate... Sun's move is unlikely to be popular with privacy groups who, earlier this month, called for the suspension of RFID implementation amid fears that the tags will be used for more nefarious people-tracking purposes once they have left stores with tagged goods. Sun's chief researcher, John Gage, told Silicon.com that the center will work to make sure the launch complies with privacy laws, but he admitted that more work needs to be done to reassure consumers that the data will not be later used for other purposes..." See also: (1) "Sun to Open a Wal-Mart Compliant RFID Test Center. New Director of Auto-ID Business Unit Claims New Facility Will Speed Supplier Compliance to Wal-Mart Standards."; (2) "RFID Resources and Readings"; (3) "Physical Markup Language (PML) for Radio Frequency Identification (RFID)."

[December 16, 2003] "New Storage Management Specification Key to Managing Multi-Vendor SANs." By Shankar Subramanian. In CNET Asia (December 09, 2003). "Storage management will take a major step forward this year when the Storage Networking Industry Association (SNIA) completes work on the first version of the Storage Management Interface Specification (SMI-S), a specification for a standardized interface for storage management applications. Managing multi-vendor Storage Area Networks (SANs) is a key concern for end-users and integrators alike. SMI-S incorporates mechanisms for standards-based management of legacy devices with proprietary interfaces. Devices and subsystems can be integrated into an SMI-S network using software agents (one per device) or CIM object. SMI-S provides a common interoperable and extensible management transport. SMI-S is the unifying factor between objects that must be managed in a storage network and the tools used to manage them. It is based on the Web Based Enterprise Management (WBEM) architecture and the Common Information Model (CIM) as pioneered by DMTF. The use of the CIM-XML over HTTP standard, an object independent management protocol, allows vendors to dynamically extend the features and functions of their products without redesign of the management transport... SMI-S will shift the industry development model relieving vendors of the tedious task of integrating incompatible and 'feature thin' management interfaces, allowing them to focus on building management engines that reduce the cost and extend functionality. Device vendors will be spared the expense of 'pushing' management interface functionality across an industry of management applications developers and empowered to build new features and functions into subsystems..." General references in "SNIA Storage Management Initiative Specification (SMI-S)."

[December 16, 2003] "Reusable Asset Specification Advances at OMG." By David Rubinstein. In Software Development Times (December 15, 2003). "The architecture board of Object Management Group Inc. last month gave its approval to the Reusable Asset Specification, basing it on the XML Metadata Interchange to facilitate the growth of what the group is calling asset-based development. The vote moves the specification, which has been in development for three years, closer to realization. There is now a 90-day comment period open, and if nothing emerges to undermine the effort, OMG's board of directors will vote to finalize the specification. OMG expects the Reusable Asset Specification (RAS) to become adopted by the board of directors in July 2004. The move to XMI from the original proposal, which relied upon the XML Schema, gives the RAS the ability to model and map relationships in a less obtrusive manner, according to Grant Larsen, a model-driven development strategist for IBM's Rational division and a contributor to the specification. Rational engineers developed the core ideas behind the specification in 1999; the effort was joined by IBM, Microsoft and ComponentSource in an RAS vendor consortium in 2000. The group submitted the specification to OMG for consideration around May. 'The spec today has two parts,' Larsen said. 'The incumbent tells how to store and capture metadata, which is realized and defined in XML Schema. Flashline, LogicLibrary and Rational have built tools around it. The newcomer is XMI, and I'm not aware of any tooling created around that as of yet'... Larsen defined asset-based development as creating, managing and consuming assets. Asset creation involves identifying, harvesting, refining and packaging a software artifact from the name, rules and extension points..." See also the following bibliographic entry and "XML Metadata Interchange (XMI)."

[December 16, 2003] "Draft RFC Submitted to OMG: Reusable Asset Specification (RAS)." An OMG Draft. Version 2.1. August 2003. Copyright (c) 2003 IBM, Flashline, LogicLibrary, ComponentSource, and Adaptive. 84 pages. Contributions by Brent Carlson (LogicLibrary); Charles Stack (Flashline); Craeg Strong (Ariel Partners); Ed Bacon (Vanguard); Grant Larsen (IBM); Jim Conallen (IBM); Jim Green (Microsoft); Jimmy Kerekes (Telstra); John Cheesman (Irene 7); John Steele (Charles Schwab); Lance Delano (Microsoft); Lior Amar (OSTnet); Martin LeClerc (IBM); Kumar Vagaparty (Merrill Lynch); Pete Rivett (Adaptive); Sam Patterson (ComponentSource); Sridhar Iyengar (IBM); Wayne Wulfert (Caterpillar); Wojtek Kozaczynski (Microsoft). "The Reusable Asset Specification (RAS) defines a standard way to package reusable software assets. A reusable software asset is, broadly speaking, any cohesive collection of artifacts that solve a specific problem or set of problems encountered in the software development life cycle. A reusable software asset is created with the intent of reuse... There are three key dimensions that describe reusable assets: granularity, variability, and articulation... Every reusable asset must contain at a minimum one manifest file, which are described below, and at least one artifact to be considered a valid reusable asset. The manifest file is an XML document that validates against one of the known RAS XML Schemas, and passes an additional set of semantic constraints described in the profile document. An asset package is the collection of artifact files plus a manifest. It can be a location on a filesystem or a single archive file. The manifest document is an XML document; the authoritative description of the RAS manifest document structure is provided as an XML Schema. XML Schemas express shared vocabularies and allow machines to carry out rules made by people. They provide a means for defining the structure, content and semantics of XML documents... The OMG Analysis & Design Task Force (ADTF) creates model and meta model standards for software development. RAS describes assets as part of asset-based development (ABD) which is an element of software development. The RAS includes UML models and XML schemas in support of ABD. ABD compliments model-driven development (MDD) by describing asset production, asset consumption, and asset management. These assets may be models that may be transformed to support the MDA standard. RAS leverages existing OMG technologies / standards, as it is described using UML. RAS is also described using XML schema. We are in the process of defining a MOF 2.0 model of RAS so that the XML schemas produced will be compliant to MOF 2.0 and XMI 2.0. The final RFC will confirm to MOF 2, UML 2, XMI 2, and W3C XML. The current XML schemas will continue to be normative because there are many implementations that conform to that specification. There are several tool vendors that have implemented the currently released RAS XML schema in their tools including, IBM, Flashline, and LogicLibrary..." [adapted from the v2.1 draft]

[December 16, 2003] "BEA Thinks Simple With Weblogic Revamp." By Martin LaMonica. In CNET News.com (December 16, 2003). "BEA Systems is hoping to simplify the management of Java software with an upcoming release of its WebLogic product, underscoring a broader industry push to lower the cost of managing applications. The company's WebLogic 9.0 application server software is being designed so that businesses can see how well their Java business applications are performing, and quickly spot and fix problems, said Benjamin Renaud, deputy chief technology officer at BEA. WebLogic 9.0 will also add better Extensible Markup Language (XML) messaging capabilities for sharing information, and will support the most recent XML-based Web services specifications ratified by standards organizations, Renaud said. BEA's WebLogic application server is based on the Java 2 Enterprise Edition (J2EE) standard, used to build and implement custom business applications. In August of this year, company CEO Alfred Chuang said WebLogic 9.0 would be completed in 12 to 18 months, or the latter half of 2004. BEA is the No. 2 maker of application server software, behind IBM. The company's focus on simplifying application management reflects growing demand among customers for business applications that are cheaper to maintain, analysts said. Businesses typically allocate well over half of their information technology budgets to maintaining existing applications... IBM is building in closer ties between its WebSphere Java server and its Tivoli systems management line. And Microsoft has launched its Dynamic Systems Initiative, which will make it easier for Windows applications to feed operational information to its management console. These built-in management features are designed to give companies a better sense of whether systems are meeting performance goals and to help spot glitches. With the industry coalescing around a few management standards, such as Web services management, application server companies can now more easily share application performance information with customers' existing management tools, analysts said..."

[December 16, 2003] "Optimizing Web Services Using Java, Part I: Generic Java and Web Services." By Jordan Anastasiade. In Web Services Journal Volume 03, Issue 12 (December 2003). "What lies behind Web services? Some say the answer depends on the power of the language used in the implementation, in addition to known standards like XML, SOAP, and WSDL. Developing Web services is hard since incorrect use of the language can cause subtle and pernicious errors. What patterns and idioms should we use for simplifying the development process? In this first of two articles, I describe some of the proposed changes to Java and show how they work together to make Java technology a more expressive language for Web services development. In a later article I'll use the Java Web Services Developer Pack (JWSDP 1.3), JAX-RPC 1.1 with its improved schema binding, and the architecture for Basic Profile 1.0, to demonstrate how to design Web services that perform well, how to identify idioms and patterns, and how to optimize Web services performance. ... This first article describes how generics will improve the design of Web services in Java. So what are generic types? Generics is basically a way to abstract over types. Practically, you can parameterize classes, interfaces, arrays, and methods... We examine the issues involved in supporting variant generic types in Java. A key aim in introducing genericity and variance to the Java programming language is the desire to write general, flexible, and complex Web services where decoupling and reuse are very important goals, while retaining and improving static type safety. Furthermore, variance annotations in class- and interface-type parameters increase the flexibility of subtyping relationships, allowing a better abstraction and maintainability and optimizing Web services as later articles will demonstrate. Generics increases the readability, maintainability, and safety of our Web services and will be introduced in the next release of the Java programming language (J2SE 1.5 Tiger code name). That release will also include JSR-201 with enumerations, autoboxing for loop enhancements, import of static members, and metadata - features that are easy to use as neither syntax nor semantic restrictions have been imposed on the original language. My next article will demonstrate how to us the JWSDP 1.2, JAX-RPC 1.1 with generics and some of the new features that will make our Web services safer and easier to develop..."

[December 16, 2003] "Screen XML Documents Efficiently With StAX." By Berthold Daum (BDaum Industrial Communications). From IBM developerWorks. December 11, 2003. ['Retrieve the information you want, then stop the parsing process.'] "The screening or classification of XML documents is a common problem, especially in XML middleware. Routing XML documents to specific processors may require analysis of both the document type and the document content. The problem here is obtaining the required information from the document with the least possible overhead. Traditional parsers such as DOM or SAX are not well suited to this task. DOM, for example, parses the whole document and constructs a complete document tree in memory before it returns control to the client. Even DOM parsers that employ deferred node expansion, and thus are able to parse a document partially, have high resource demands because the document tree must be at least partially constructed in memory. This is simply not acceptable for screening purposes. This article shows you how to retrieve specific information from XML documents and how to stop the parsing process once this information is collected... StAX offers a pull parser that gives client applications full control over the parsing process. A client application may decide at any time to discontinue the parsing process, and no tricks are required to stop the parser. This is ideal for screening purposes..." "BEA Offers Preview Release of JSR 173 Streaming API for Java (StAX)."

[December 16, 2003] "Longhorn for Developers: Controls and XAML." By Brent Rector. In Microsoft MSDN Library (December 16, 2003). From Introducing "Longhorn" for Developers. "Longhorn platform applications typically consist of an Application object and a set of user interface pages that you write in a declarative markup language called XAML. The Application object is a singleton and persists throughout the lifetime of the application. It allows your application logic to handle top-level events and share code and state among pages. The Application object also determines whether the application is a single window application or a navigation application. You typically write each user interface page using a dialect of XML named Extensible Application Markup Language (XAML). Each page consists of XAML elements, text nodes, and other components organized in a hierarchical tree. The hierarchical relationship of these components determines how the page renders and behaves. You can also consider a XAML page to be a description of an object model. When the runtime creates the page, it instantiates each of the elements and nodes described in the XAML document and creates an equivalent object model in memory. You can manipulate this object model programmatically -- for example, you can add and remove elements and nodes to cause the page to render and behave differently. Fundamentally, a XAML page describes the classes that the runtime should create, the property values and event handlers for the instances of the classes, and an object model hierarchy -- that is, which instance is the parent of another instance. All XAML documents are well-formed XML documents that use a defined set of element names. Therefore, all rules regarding the formation of well-formed XML documents apply equally to XAML documents... Each XAML page contains one or more elements that control the layout and behavior of the page. You arrange these elements hierarchically in a tree. Every element has only one parent. Elements can generally have any number of child elements. However, some element types -- for example, Scrollbar -- have no children; and other element types -- for example, Border -- can have a single child element. Each element name corresponds to the name of a managed class. Adding an element to a XAML document causes the runtime to create an instance of the corresponding class... A XAML page typically begins with a panel element. The panel is a container for a page's content and controls the positioning and rendering of that content. In fact, when you display anything using XAML, a panel is always involved, although sometimes it is implicit rather than one you describe explicitly. A panel can contain other panels, allowing you to partition the display surface into regions, each controlled by its panel... XAML has all the controls you've come to expect from Windows -- buttons, check boxes, radio buttons, list boxes, combo boxes, menus, scroll bars, sliders, and so on..." General references in "Microsoft Extensible Application Markup Language (XAML)" and in "XML Markup Languages for User Interface Definition."

[December 16, 2003] "BitTorrent and RSS Create Disruptive Revolution. XML Syndication and Peer-To-Peer Meet to Extend the Power and Efficiency of Web-based Information Distribution." By Steve Gillmor. In eWEEK (December 14, 2003). "Disruptive technologies are born for all sorts of reasons -- good ideas, market pressure, economic opportunity, and sometimes just plain luck. Many of today's disruptive leaders only emerged when combined with other seemingly unrelated inventions. Wi-Fi and broadband (DSL and cable but not satellite) have prospered in a mutually symbiotic fashion. So too have weblogs and RSS. For newbies, RSS feeds are XML text files generated by blogs, websites and other web servers that desktop clients -- called RSS Readers or Weblog Readers -- download on a set schedule, usually once an hour. As RSS gains momentum, it begins to strain the boundaries of its current infrastructure. Feeds are increasingly containing full text, graphics, and even multimedia files. Strict constructionists are bemoaning the trend, suggesting that syndication is all about signaling rather than transporting. Those of us who've moved to RSS as the gateway to as much information as we can filter reject that notion... RSS has forever altered the way I acquire information, and its disruptive quality can surely bond with another such technology to conquer this bottleneck... One such candidate is peer-to-peer, as resurrected in the form of Bram Cohen's BitTorrent. It's an elegant protocol for distributing files, one that takes advantage of 'the unused upload capacity of your customers.' BitTorrent breaks up files into shards that are uploaded around the network as the file is downloaded by multiple clients. The more popular a file, the more endpoints exist. You download a file with BitTorrent by simultaneously collecting shards, assembling them together locally as they arrive. Map this to RSS feeds: the more popular the feed, the more nodes on the network serving pieces of the feed. That would allow rapid downloads by many users by distributing the data across multiple sites. It's a digital Robin Hood, redistributing the wealth from the server to a network of peers. BitTorrent does cryptographic hashing of all data, so feed owners can be confident the file reaches its target unchanged. But there's even more to this disruptive alliance: a small amount of special code known as a tracker sits inside the host Web site and emits information to help other downloaders find each other. As Bram Cohen describes: '[Trackers] speak a very simple protocol layered on top of HTTP in which a downloader sends information about what file it's downloading, what port it's listening on, and similar information, and the tracker responds with a list of contact information for peers which are downloading the same file.' So you've got a list of peers connected via known ports, a trusted group of RSS feed subscribers, who can marshall their resources for additional economic benefit. That could take the form of an affinity group marketing their attention to an advertiser or political cause, a secure pool of computing resources for distributing confidential information, and a pathway for signaling information about new content on that particular subnetwork..." General references in "RDF Site Summary" | "Really Simple Syndication" (RSS)."

[December 16, 2003] "Sun Bolsters Services Efforts. Company Emphasizing Technologies Involving Managed Services and Utility Computing to Solve Services-Related Problems." By Ed Scannell. In InfoWorld (December 16, 2003). "Sun Microsystems on Tuesday [2003-12-16] underlined its commitment to driving cost and complexity out of corporate IT shops with a hard focus on technology-based solutions through its professional services group. Taking a different course than archrivals IBM and Hewlett Packard, Sun will place a stronger emphasis on technologies involving managed services and utility computing to solve a range of different services-related problems instead of just throwing more bodies at those problems, according to Pat Sueltz, Sun's executive vice president in a briefing with reporters at its Burlington, Mass. facilities. To ensure the success of this effort Sun has also combined its utility computing and managed services groups under one roof. 'The priorities we have in this area are centered around advanced services. You will see an eventual confluence of remotely managed services and remote utility computing where everything is connected to the network. You can't keep throwing people at these services and outsourcing problems,' Sueltz said. Sun intends to broaden its services portfolio by moving into managed security, which the company sees as a growing opportunity among its largest corporate accounts. This growing emphasis on services, however, does not mean Sun will take its eye off the product and technology ball. Sun still very much thinks of itself as a systems-oriented company, according to Sueltz, despite services now accounting for 37 percent of its business..."

[December 16, 2003] "Server Vendors Launch Management Initiative. Intel, IBM, HP, Dell to Work in Conjunction with DMTF to Standardize the Way Servers are Managed." By Robert McMillan. In InfoWorld (December 16, 2003). "Intel Corp., Dell Inc., IBM Corp., and Hewlett-Packard Co. have announced plans to jointly work with an industry organization to standardize the way servers are managed... The four companies will lead a new working group, called the Server Management Working Group, being formed within the Distributed Management Task Force, Inc. (DMTF) standards organization. It will define interfaces for the discovery, configuration and management of servers on a network, said Chad Engelgau, the senior manager responsible for server manageability planning at Dell. The new interfaces will make it easier for independent software vendors and system administrators to write software that works with a variety of hardware, said Engelgau. 'With this new standard, information is going to be exposed in an industry standards way so that any third party is going to be able to access that information,' he said. The Server Management Working Group plans to develop these standards in a specification called the Command Line Interface (CLI), a draft of which is expected to be delivered in by July 1, 2004, according to a DMTF statement. The effort is also being supported by Advanced Micro Devices Inc. and Sun Microsystems Inc... Speaking at the Oracle Open World conference in September, Dell Chief Executive Officer Michael Dell said his company was 'in discussions with some fairly large computer companies to get some agreement on a standard blade architecture.' At the time, the discussions included standards for common software APIs (application programming interfaces), hardware interconnects and form factors for high-density servers, like blades..." See details in the news story: "New DMTF Server Management Working Group to Evolve CIM Specification." General references in "DMTF Common Information Model (CIM)."

[December 16, 2003] "Atom in Depth." By Sam Ruby. Presentation at the XML 2003 News Standards Summit. December 08, 2003. Sam Ruby (Senior Technical Staff Member in IBM Emerging Technologies Group, also VP, Apache Software Foundation) provided a state-of-affairs overview of the Atom news syndication format at the recent News Standards Summit. The presentation (summarized in 59 slides) covers: Background to Atom, Core model, Syndication, 'API', and the Web Accessible Archive. "The key insights are these: design Atom such that content is not treated as a second class citizen; insist upon a uniform mechanism for expressing the core concepts independent of the usage; keep the format open and simple. Atom is based heavily on the concepts and experiences with RSS. Special thanks go out to: NetScape, UserLand, RSS-Dev working group, and especially the RSS community! On October 22nd, Mark Pilgrim and I announced the availability of a RSS validator built from the ground up to support all versions of RSS. Both in the development effort itself, and in examining both feeds that failed, and feeds that one aggregator developer or another wished would fail, we became frustrated by a number of ambiguities in these specs. Contrary to what some would have you believe, pretty much all of these ambiguities apply to all RSS versions... Markup in the Atom title? The default is text/plain, i.e., no markup; markup is permitted, iff explicitly indicated, mode='escaped' type='text/html'. [As to the Atom 'API':] Instead of focusing on Applications, the focus is on Data (Post, Get, Put, Delete); clients may optionally use SOAP..." Related references in: (1) the news story: "Atom as the New XML-Based Web Publishing and Syndication Format"; (2) "XML 2003 News Standards Summit Seeks Interoperability and Convergence."

[December 15, 2003] "XML 2003 Session Report: News from the World of DSDL." By Uche Ogbuji. From XMLhack.com (December 15, 2003). "On 10-December-2003 at the XML 2003 Conference in Philadelphia, Eric van der Vlist kicked off a block of presentations opening up the world of ISO Document Schema Definition Languages (DSDL) (ISO/IEC JTC 1 SC 34 WG 1), and some of the innovative work being undertaken in that working group. Eric presented an 'Update on ISO DSL Overview and Update'. He proceeded through the various parts of DSDL in order... Part 2: Grammar-based validation is a re-write of the RELAX NG OASIS Specification to meet the requirements of ISO publications, i.e., more formal language. The features will remain the same and the specifications are meant to be identical for assessment of conformance. Eventually RELAX NG compact syntax will be added as an addendum to DSDL Part 2. In Part 3: Rule-based validation, the intent is to create a hosting language for expressing general-purpose rules in XML. The main input is Schematron, and it has been decided that in effect, DSDL Part 3 will present the evolution of Schematron. An example of what DSDL Part 3 will add to Schematron is extension so that not only XPath 1.0 is supported, but also expressions taken from other languages such as EXSLT, XPath 2.0, XSLT 2.0, and even XQuery 1.0... An audience member expressed concern that DSDL is too 'secretive'. He mentioned too a dearth of documents available for public content, despite the clear volume of activity. He noticed that the public mailing list archives were very sparse and many of the archives were private. DSDL members in attendance reassured him that exclusion is not the intention, and expressed a willingness to address concerns about the openness of the project..." See also on RELAX NG (== DSDL Part 2) as an ISO standard: "RELAX NG XML Schema Language Published as an ISO Standard (DSDL Part 2)." General references in "Document Schema Definition Languages (DSDL)" and "Schematron: XML Structure Validation Language Using Patterns in Trees."

[December 15, 2003] "BEA Pushing XML Document Effort. Company Also Eyeing Notification Technology for Browsers." By Paul Krill. In InfoWorld (December 15, 2003). "BEA Systems on Monday plans to offer up to the Apache open source community its XML Beans technology for XML document management. The company is submitting XML Beans as an Apache Project to ensure its interoperability and support of a broad spectrum of XML and schema types. 'This [submission] is important for integrating with other back-end systems. It's important for Web services,' said Byron Sebastian, BEA vice president and general manager of BEA WebLogic Workshop and WebLogic Portal. XML Beans makes it easier to write logic that takes advantage of XML messages being passed between Web services, Sebastian said. XML Beans is a technology to help Java developers more easily manage XML documents. It provides Java object interfaces while preserving access to underlying XML messages to enable loose coupling between applications for greater application reliability and scalability, according to BEA. BEA on Monday also is launching its Page Flow Portability Kit, which is designed to make it easier for developers to build enterprise Web applications on the BEA WebLogic Platform 8.1 The kit enables flexibility to deploy page flows to any J2EE platform. Page Flows provides a software engineering framework to enable developers to separate user interface code from navigational control and other business logic, and to track application status. BEA is basing Page Flows on Struts 1.1, a framework for building enterprise Web sites..." See details in the announcement: "BEA Systems Delivers New Innovations, Standards Contributions to Help Developers Reduce Coding Complexity for Dramatically Increased Productivity. New Portability Kit, Open Source Project and Web Site Further Drive Investment Protection and Faster Time to Value for Customers."

[December 12, 2003] "The Atom Syndication Format 0.3 (PRE-DRAFT)." By Mark Nottingham [WWW]. With contributions from Tim Bray, Mark Pilgrim, and Sam Ruby; the content and concepts within are a product of the Atom community. APE (Atom/Pie/Echo) Working Group. December [12] 2003 [or later]. Reference: 'draft-nottingham-atom-format-01'. Supersedes: The Atom Syndication Format (PRE-DRAFT), 'draft-nottingham-atom-format-00a', August 2003. "Atom is an XML-based file format intended to allow lists of information, known as 'feeds', to be synchronised between publishers and consumers. Feeds are composed of a number of items, known as 'entries', each with an extensible set of attached metadata. For example, each entry has a title. The primary use case that Atom addresses is for syndicating Web content such as Weblogs and news headlines to other Web sites and directly to consumers. However, nothing precludes it from being used for other purposes and types of content... This specification describes version 0.3 of the Atom, an XML-based Web content and metadata syndication format. Discussion of this draft happens on: (1) The Atom Syntax mailing list; (2) The Atom Wiki Web site. This version incorporates several changes, including: new format for link elements; new format for content-related elements; media type registration; new format for generator; general reorganisation and cleanup." The author is seeking "feedback regarding the fidelity of the draft to the agreement reached in the Atom community, as that is the intended measure of success. Technical ideas and issues still under discussion, as well as general comments on Atom itself should be sent to the list..." See general discussion in the news story: "Atom as the New XML-Based Web Publishing and Syndication Format."[text version; cache, text version]

[December 10, 2003] "A 'Suite' Deal for Adobe Developers." By Jim Rapoza. In eWEEK (December 08, 2003). "The newly released Adobe Creative Suite Premium is the first package that includes all Adobe Systems Inc.'s popular design development tools. It offers users the opportunity to effectively and affordably use these products to create and edit images, print content, and generate online content in an integrated and collaborative work environment. Adobe Creative Suite Premium includes new CS versions of Photoshop, ImageReady, Illustrator, InDesign and GoLive. It also includes Acrobat 6.0; a standard edition that lacks GoLive and Acrobat is also available. InDesign CS is probably the most significant upgrade of the new products. The Adobe publishing system includes several welcome new features including a very good Story Editor, improved typographical controls and styles, and custom work spaces... The main integration feature of the suite is the new Version Cue system, which is essentially an updated version of Web Workgroup Server in GoLive 6.0. Version Cue provides a collaborative server environment that makes it possible to share content across workgroups and use content management features such as check-in/ check-out and versioning. Furthermore, all the products in the suite can use Adobe's PDF format natively, which made it easy in tests to share content across work environments and platforms. And, of course, all the products feature the same basic Adobe interface. This will make the suite components easy to learn, but it may make things confusing for those who regularly have more than one application open at a time..." See also on FrameMaker v7.1.

[December 09, 2003] "OASIS Elects IBM, Nokia, Oracle Staff to Board. Companies Fill New Seats Created During Organization's Expansion." By Stacy Cowley. In InfoWorld (December 08, 2003). "Representatives from Nokia Corp., Oracle Corp. and IBM Corp. have joined the Organization for the Advancement of Structured Information Standards' (OASIS) board of directors, the organization announced Monday. Frederick Hirsch of Nokia, Jeff Mischkinsky of Oracle and Michael Weiner of IBM were elected to fill three new seats created through the recent expansion of OASIS' board. The 11-member board also includes representatives of companies such as Hewlett-Packard Co., BEA Systems Inc., Microsoft Corp. and Sun Microsystems Inc. OASIS, headquartered in Boston, oversees several standards fundamental to Web services, including XML and UDDI..." See details in the announcement: "OASIS Expands Board of Directors. International Standards Consortium Adds Representatives from IBM, Nokia, and Oracle."

[December 09, 2003] "Review: StarOffice 7 -- Innovation In Action." By Bruce Byfield. From OSDN NewsForge (December 08, 2003). "Sun Microsystems' StarOffice 7, released November 12, offers significant advantages in performance, usability, and stability over rival commercial office suites, including Microsoft Office. However, when the comparison is to OpenOffice.org version 1.1, the open source project from which StarOffice takes its code, it's harder to say where the advantage lies. StarOffice 7's new features extend its usability in several directions. Its improved Microsoft Office filters, while still far from perfect, are an advance on those in StarOffice 6. Their results are certainly no worse than the formatting nightmares that occur between different installations of Microsoft Office because of the risky combination of a flaky template system and ignorant users... Some new features, such as export filters for Flash and Palm formats and an editor for XML export, acknowledge the rise of technologies newer than the office suite. Others, such as support for bi-directional and vertical writing, make Asian and Hebrew versions possible -- a possibility that is already being realized in OpenOffice.org localizations. Support for MySQL as a data source and for Python scripting, accessibility options, expanded Help sections -- all of these new features show StarOffice/OpenOffice.org developers listening to users. These features are built on a dependable core. Although it is possible to crash StarOffice, the breaking point is higher than with most office suites... OpenOffice.org has had almost 19 million downloads from its official sites. Since the software can be given away freely, this total could mean that some 60-80 million copies are floating around. In comparison, the unofficial word is that StarOffice has sold some 50 million licenses -- and that was before Sun's recently announced deal to supply the Republic of China. These are respectable figures for software whose release history (beginning with StarOffice 6.0 and OpenOffice.org 1.0, the first released after the open sourcing of the code) is less than two years old. It seems likely that, long after StarOffice has overcome it general obscurity, its real competition won't be Microsoft Office, but OpenOffice.org, its own shadow..." See general references in "OpenOffice.org XML File Format."

[December 09, 2003] "Blue Titan Ships SOA Tool. Network Director 2.5 Features Faster Linux Performance." By Paul Krill. In InfoWorld (December 09, 2003). Blue Titan is shipping Network Director 2.5, 'which the company is calling an enterprise service-oriented architecture (SOA) 'Fabric.' The company describes an SOA Fabric as a network overlay that provides a unified control layer for Web services-based interactions. '[Network Director] is essentially a run-time framework for Web services that works with any application that speaks Web services,' said Sam Boonin, vice president of marketing at Blue Titan. 'It basically provides lifecycle management and quality of service for Web services-based interactions.' Version 2.5 of Network Director allows users to define and enforce distributed, enterprise infrastructure policies. New features in Version 2.5 include scaling to as many as 2,000 messages per second on Linux hardware, which is two to three times faster than before; deployment across multiple network technologies; and a zero administrative effort for configuration or deployment..." See details in the announcement: "Blue Titan Advances Industry's First Enterprise SOA Fabric. Network Director 2.5 Delivers Increased Scalability and Extensibility."

[December 09, 2003] "Intelligent Documents Headline XML 2003." By Edd Dumbill. From XML.com (December 09, 2003). ['Edd Dumbill and Kendall Clark are reporting live this week from IDEAlliance's XML 2003 conference in Philadelphia.'] "At the opening of this year's XML USA conference in Philadephia, PA, smart XML documents were the star. Keynotes from Jon Udell of InfoWorld and Shantanu Narayen of Adobe focused on XML documents that conveyed the nuance of real world communication. Udell spoke of the importance of context in everyday communication. He noted that the most prevalent forms of business communication, email and instant messaging, tended to preserve the least context. It was a shame to see highly skilled, highly paid technical professionals spend excessive amounts of time trying to disentangle convoluted email threads. A shame, too, that while Microsoft has brought XML into the Word and Excel products, Outlook does not permit XML document creation. The other problem in preserving context, aside from the tools, is of course persuading people to create metadata in the first place. Udell suggested that a way of doing this might be through using style as a back door. Many people are willing to spend a long time on getting the look of a document right, but not be willing to spend that time on metadata creation. Udell suggested that by providing metadata-significant styles, authoring tools creators could encourage more preservation of context in communication through the carrot of creating beautiful documents. While Udell spoke from the personal content creation perspective, Shantanu Narayen of Adobe addressed 'smart documents' from the point of view of corporate needs. In addition to preserving metadata, it is important that business documents can also bundle presentation and behavioral information. Adobe intends to use its PDF document format and the deployed software base of Acrobat Reader as the bedrock for automating many business processes through smart documents. Taking the route of emulating traditional paper forms, Adobe's smart documents are fill-in forms that generate XML: to either static documents, web services, or databases..."

[December 09, 2003] "Microsoft, Adobe and W3C to Shake Up Electronic Forms Market." By Bill Trippe. In The Gilbane Report Volume 11, Number 8 (October 2003), pages 1-10. "eForms technology has grown by providing better functionality in at least three areas: (1) improvements in the rendering of the forms; (2) Improvements in the validation and user interface; (3) improvements in the interoperability of the forms technology with other software... InfoPath is an impressive new offering, but it will not immediately dominate the eForms market... InfoPath is also, intentionally, not a total eForms solution. Several of the existing eForms vendors have more comprehensive product offerings (e.g., Cardiff's Liquid Office), some of them do a better job of providing a more open and standards-based solution (e.g., PureEdge), and several of them successfully deliver page fidelity (what others might call pixel perfect form) to the original paper forms... InfoPath will propagate with the latest version of Microsoft Office; typically it takes more than a year for the latest version of office to replace earlier versions on the majority of desktops. In the meantime, Adobe will be introducing their new Forms Designer product, and continuing to emphasize the need for page fidelity and presentation in eForms applications. Adobe also can already point to the significant number of applications that already leverage Acrobat and the product lines they added in the Accelio acquisition. The good news for the eForms market is that Microsoft and Adobe bring new strategic thinking to what has been a relatively small market. InfoPath will have the immediate effect of bringing eForms to the attention of the CIO, and will help bring a new focus to improving the client experience for the business user. As organizations deploy more applications to a distributed workforce and partners, eForms will become a more strategic piece of the ECM mix. Indeed, eForms have a growing role beyond ECM itself, as they are emerging as the primary interface between people, process and programs. It is no accident that the significant initiatives nowSarbanes-Oxley, HIPAA, and the likeare forms-centric. Moreover, initiatives such as Sarbanes-Oxley are all about improving business process management while making access to both content and data more transparent and comprehensive. To this end, eForms must continue to evolve from a standalone artifact to a flexible interface intimately connected to enterprise infrastructure. The implications of this are profound. The vendors and organizations that can successfully manage this evolution will realize more success, more quickly, and will lead the next wave in integrated content and information technology..." General references in "XML and Forms."

[December 09, 2003] "XML Developers Get Slew of New Tools." By Darryl K. Taft. In eWEEK (December 09, 2003). "With XML adoption widespread in the industry, vendors exhibiting at the XML Conference and Expo 2003 are offering solutions to make it even more palatable for users and developers. Snapbridge Software Inc. released the beta versions of its Snapbridge FDX Information Server Developers Edition and Snapbridge XStudio XML development tools, said Benjamin Chen, chairman and chief technology officer of Snapbridge, based in Carlsbad, Calif. Snapbridge FDX Information Server Developers Edition is an integrated development environment that includes XStudio and the company's FDX Information Server. XStudio is the company's graphical design environment that features drag-and-drop tools for XML development. Both technologies are based on Snapbridge FDX, Snapbridge's core technology -- which the company announced last week. Snapbridge FDX is an XML-based data federation solution that helps accelerate XML processing, Chen said... Meanwhile, Ektron Inc., of Amherst, N.H., will showcase its newly announced Ektron CMS300 version 4.0, the company's browser-based Web content management system. Company officials said Ektron CMS300 version 4.0 hides the complexities of XML and Extensible Stylesheet Language Transformations (XSLT) from users, addresses regulatory issues and adds support for audit trails, index search meta tags and international language. Software AG Inc., of Reston, Va., announced Natural version 6, a new version of its development environment for accessing XML documents in the company's Tamino XML database system. Sarvega Inc., of Chicago, announced the availability of its Sarvega XRE 200, a blade system for XML Web services. Sarvega sells a suite of XML processing appliances that run the company's XML EventStream Operating System (XESOS), which handles Web services processing and XML and Web services security. The XRE 200 is the latest in that series and supports a blade environment..."

[December 09, 2003] "WS-I Issues Use Cases for Web Services. Ten Companies, Including IBM, Microsoft, Oracle, Sun, Provide Implementations." By Paul Krill. In InfoWorld (December 09, 2003). "The Web Services Interoperability Organization (WS-I) on Wednesday plans to release its WS-I Sample Application 1.0 documents, providing use cases for interoperable Web services. Being released at the XML Conference & Exposition 2003 event in Philadelphia, the documents consist of WS-I Supply Chain Use Cases 1.0, Usage Scenarios, Supply Chain Management Technical Architecture, and Sample Application 1.0 implementations developed by 10 vendor companies. The 10 companies include BEA Systems, Bowstreet, Corillian, IBM, Microsoft, Novell, Oracle, Quovadx, SAP, and Sun Microsystems. WS-I, with the documents, is looking to provide a simplified supply chain management scenario to demonstrate the features in the recently released WS-I Basic Profile 1.0 document for development of interoperable Web services. 'The biggest part of it is the actual implementations' with companies implementing binary, sample applications to demonstrate interoperability, said Rob Cheng, product director of technology marketing at Oracle, a WS-I member company... The Sample Application Technical Architecture featured in the documents implements several schema-naming conventions, SOAP message formats and styles, and WSDL design practices that conform to the Basic Profile. The Sample Application Usage Scenarios translate use cases into a set of technical requirements, defining general messaging patterns for Web services in structured interactions..." See: (1) details in the announcement "WS-I Delivers Sample Applications for Basic Profile. Sample Applications Provide Real-World Business Requirements to Web Services."; (2) "Web Services Interoperability Organization (WS-I)."

[December 09, 2003] "Making Web Services Work at Amazon." By Edd Dumbill. From XML.com (December 09, 2003). "Jeff Barr, Amazon's web services evangelist, explained to XML 2003 attendees the decisions facing Amazon in opening up their systems for public use via web services. Barr's case study, delivered to a full room, formed part of the product presentations track on the first day of the conference. Barr set the scene by outlining the various groups that Amazon's customers fall into: buyers, sellers (merchants who sell on Amazon's platform), web site owners (associates), and developers (people who use Amazon's web services.) Amazon's associates scheme has been very successful: founded in 1996, it now has over a million registered associates. This success augured well for the uptake of Amazon web services. As Amazon's systems developed, they developed in the direction of interoperating feature components inside the firewall; e.g., the catalog, shopping cart, and personalization engine. Through their web services platform, Amazon is beginning to open these features up to public use, and Barr said they have ambitious plans to expose much more functionality. So how did Amazon arrive at the decision to provide web services? One of the main drivers was that its partners needed better data access -- some major ones had XML data feeds, others simply scraped Amazon's web pages -- so the process of collaboration was both expensive and brittle. A move to defined and reusable web services was thus a logical solution. Barr's talk provided many good pointers for large businesses considering opening themselves to greater programmatic interaction with developers. Amazon's decisions certainly seem to have set them on a course for success. Perhaps the best mark of this success and future promise is that Amazon is increasing the size of its internal team by five times for 2004..."

[December 09, 2003] "Software AG Extends Access to Natural Programs. Version 6 of Development Environment is Launched." By Paul Krill. In InfoWorld (December 09, 2003). "Software AG is shipping Version 6 of its Natural 4GL development environment, enabling Windows developers to access Natural programs running on a Unix or mainframe system. The company calls this feature Single-Point-of-Development. Using this function, programs developed in Windows can be modified directly on the server platform. This addresses versioning and synchronizing issues stemming from the need to save code separately on multiple platforms, according to Software AG. Version 6, for Windows, Unix, and Linux platforms, also enables access to XML documents stored in the company's Tamino XML Server without the need for an XML-specific query language. For example, Natural DML (Data Manipulation Language) statements can be used to access Tamino. Both the Single-Point-of-Development and XML document access capabilities are designed to boost the speed and convenience of using Natural in an 'open systems environment'..." See details in the announcement: "Software AG Increases XML Support Within Its Natural Development Environment for Windows, UNIX and Linux Platforms. Natural version 6 Enables Developers to Access XML Documents Stored in the Company's Tamino XML Server Without Learning an XML-Specific Query Language."

[December 09, 2003] "Building a Security Infrastructure." By Rich Salz. From O'Reilly WebServices.XML.com (December 09, 2003). "In a previous column the author offered a rationale for XKMS as an important web service, looking at reducing the problem of implementing such a service to a reasonable size. Salz now builds the infrastructure necessary to develop and deploy an XKMS registration server that can issue certificates and which is intended for use within an enterprise. The server needs an SSL certificate and private key. Since it will be signing certificates for others, it will also need a CA certificate and private key; that is, a certificate that says it is allowed to create certificates. In this exercise he builds an enterprise-quality public key infrastructure, using one of the certificates to create a server that uses SSL..." General references in "XML Key Management Specification (XKMS)."

[December 08, 2003] "Oracle Launches HR-XML Product. Will Microsoft Word Follow?" By Ephraim Schwartz. In InfoWorld (December 08, 2003). "Human Resources recruiters will receive welcome news this week when Oracle announces that its Human Resources Management System will use the HR-XML standard for data exchange. Developed by the HR-XML Consortium, over the long run the standard promises to reduce time spent in manually re-inputting resumes into custom systems and fees expended for resume parsing software and services. Among the Consortium membership are Oracle, PeopleSoft, IBM, Monster.com, and Hire.com. If accepted industrywide, resumes from any source will interface with HR applications and with recruiting software such as RecruitSoft and with online recruitment services such as Monster.com. The standard may also get a boost from Microsoft, which already has incorporated XML schema in its Office products. Sources say the Redmond giant will incorporate the HR-XML standard as one of its document formats in a future version of Word. One industry analyst said that the HR-XML standard, unlike many other standards, is a real-world practical solution..." See also: (1) the announcement: "Oracle Leads Development of Open Standards for Human Resources Software, Helps Customers Automate Information Exchange and Reduce Integration Costs. Oracle Human Resources Management System One of First to Receive HR-XML Certification."; (2) "HR-XML Consortium"; (3) "HR-XML Consortium Approves Assessments Specification for Skills Evaluation."

[December 08, 2003] "Open Integration and Security: XML Firewalls Provide Ease of Integration and Security." By John Lilly (Reactivity). In XML Journal Volume 4, Issue 12 (December 2003). "The good news about XML and Web services is that they're easier than ever to develop and deploy -- inside the firewall between internal applications, on the Internet with your customers and partners, anywhere. The bad news about XML and Web services is this: because they're so much easier to develop and deploy and for your customers and partners to connect to, it's that much easier (1) for your customers and partners to connect to them in ways you don't like, and (2) for everyone else to connect to them in ways you really don't like... you want to be able to build systems that are easy to integrate when you're setting them up, but act in an extremely secure manner when they are running over time. The only real way to do that is to consider both integration and security concerns from the beginning, and abstract their implementation and management from development efforts. A proven successful strategy for balancing integration and security is to introduce the new breed of XML firewalls into your organization. XML firewalls act as the Internet-facing gateway to all your Web services, and take care of many of the security tasks that are tedious or impractical for application developers to implement. By moving the responsibility for some of the security tasks to a device at the edge of the network, the XML firewall can catch problematic messages before they're inside your network, and deal with them before they can do any damage. XML firewalls can provide robust integration and interoperability points... Using an XML firewall, security architects and business managers can define the level of security enforcement they need to protect the enterprise and also meet their business requirements. With your critical systems exposed on the Internet, there are many new ways they can be vulnerable to any number of new threats. At many levels, the interests of ease of integration and security will always compete -- there are simply too many divergent concerns. As a practical matter, though, technologies such as XML firewalls can provide a way for businesses to develop applications that have both ease of integration and best-of-class security designed in from the start..."

[December 08, 2003] "Computer Associates Shows its WSDM." By Matt Villano. In CRN (December 08, 2003). "Computer Associates's newly shipping Unicenter Web Services Distributed Management (WSDM) software is the company's first offering to monitor and manage Web services across an enterprise. Though its solution won't be available in the channel for some time, the Islandia, N.Y.-based firm announced support for the new strategy from a range of industry partners, including BEA, Collaxa, DataPower, Mindreef and Systinet, to name a few. According to Dmitri Tcherevik, CA's vice president of Web Services, the new service incorporates pre-existing solutions for J2EE and .NET, making it a tool designed to manage the services themselves as opposed to the infrastructure that delivers them. He added that the adjoining partner component gives CA a Web Services management solution that can be integrated with a variety of other technologies, enhancing the product's power even more. 'This is a watershed event for CA and the industry as a whole,' Tcherevik told CRN. 'Web services is a popular technology and we wanted in.' Unicenter WSDM joins a handful of tools from smaller startups in providing insight into the performance of Web services, and works with any Web service based on the Web Services Description Language (WSDL) industry standard. Tcherevik explained that by automatically discovering, testing, and monitoring Web services applications, Unicenter WSDM will enable IT organizations to track a range of performance indicators and respond to service interruptions rapidly... Ultimately, this kind of automatic, self-healing network management could lead to CA's entry into the utility computing market. More immediately, however, the new Unicenter offering also will be integrated with products and services from solution providers, allowing customers to mix-and-match functionality depending on their needs. For instance, Redwood Shores, Calif.-based Collaxa will integrate with Unicenter WSDM to manage Business Process Execution Language (BPEL) processes running on the Collaxa BPEL server, while Cambridge, Mass.-based DataPower Technology will embed in-band Unicenter WSDM-compliant monitoring into its Web services security and XML-processing hardware..." See details in the announcement: "CA Ships Innovative Solution to Monitor and Manage Web Services Across and Beyond the Enterprise. Unicenter Web Services Distributed Management Ensures Reliability and Performance for On-Demand Computing."

[December 08, 2003] "U.K. Government Considers Sun in Open Source Software Push." By Scarlet Pruitt. In NetworkWorld (December 08, 2003). "The U.K. government has signed a five-year agreement with Sun to potentially offer the company's new Java Desktop System and Java Enterprise System software to public sector agencies as part of an overall open source push. The Office of Government Commerce (OGC) purchasing authority said Monday that it will soon begin trials of the software to evaluate costs and usability in the hopes of saving money on hardware and software upgrades... The OGC is just one of a growing number of government agencies looking to curb costs through the adoption of open source software. Sun recently announced a deal with the Chinese-government backed China Standard Software Co. Ltd., for example, to offer potentially millions of computers in China running software based on Java Desktop System. Sun CEO Scott McNealy trumpeted the China deal at the Comdex trade show in Las Vegas last month and again last week at the SunNetwork conference in Berlin. McNealy apparently hopped a flight to the U.K. after the Berlin show to sign a deal with the OGC Friday. Richard Barrington, head of government affairs and public policy for Sun in the U.K., Monday predicted that there would soon be more government deals to come, as well as agreements with 'major PC distributors' as soon as the first quarter of next year to ship JDS pre-installed. 'It's going to happen very quickly because the challenge for hardware vendors is that their margins have been cut and they need to offer something new,' Barrington said..." See details in the text of the announcement: "Sun's Radical New Java System Software Wins Whitehall Approval. Sun Microsystems and the UK Government Sign Software Purchasing Agreement to Offer the Public Sector Open, Secure Software Technology and Reduced IT Costs."

[December 08, 2003] "CA Releases Unicenter Web-Services Management System." By Darryl K. Taft. In eWEEK (December 08, 2003). "Computer Associates on Monday released its Unicenter Web Services Distributed Management system. It manages Web services natively at the service level by monitoring Simple Object Access Protocol messages. Dmitri Tcherevik, vice president of Web services at Islandia, N.Y.-based Computer Associates, said the company is responding to demand from its customers for a Web services management solution. "The focus is shifting from the development of Web services to the deployment, and once deployed the issue of management is becoming very apparent and we're experiencing a significant pull from our customers," Tcherevik said. Unicenter Web Services Distributed Management (WSDM) manages Web services natively at the service level by monitoring Simple Object Access Protocol (SOAP) messages, he said. In addition, Computer Associates is introducing an end-to-end management platform for Web services based on WSDM that includes a scalable Universal Description, Discovery and Integration (UDDI) server. Moreover, Computer Associates has enlisted several partners to support WSDM, including DataPower Technology Inc., Mindreef Inc., Collaxa Inc., JBoss Group LLC, Systinet Corp. Tcherevik said the company is working with industry leaders such as BEA Systems Inc., Microsoft Corp., and Sun Microsystems Inc. to provide native support for those platforms. For example, DataPower is integrating its XS40 XML security gateway with Computer Associates' Unicenter WSDM to bolster performance, security, reliability and integrity, the companies said. "The combination of DataPower's XML-aware networking devices and CA's Unicenter WSDM represents a key technological advancement and offers mutual customers the management capabilities to cope with the enormous complexity of Web services that are widely distributed across enterprise environments," said Eugene Kuznetsov, chairman and chief technology officer at Cambridge, Mass.-based DataPower..." See the announcement.

[December 08, 2003] "News Standard Summit Wrapup." By Sam Ruby (Intertwingly.net). December 08, 2003. Notes on the Philadelphia News Standards Summit. A presentation on the Atom syndication format was given by Sam Ruby at the News Standards Summit, held 2003-12-08 in conjunction with XML 2003. Ruby's random set of notes: "Overall, I was very impressed by the participants. I've been in similar meetings in the past where what I found was people who were in deep denial and were seeking other people to reassure them. In this meeting, I found a completely different set of people: ones who are trying to keep on top of the current trends so that they can make informed decisions... SportsML is an example of a vocabulary for a specific problem domain. PRISM is an ongoing effort on standardizing markup for publishing data. This is done via modular XHTML vocabulary (disabling portions and additions), and includes standardizing class names for different types of data. ICE: once money changes hands, consumer expectations change; these guys are collaborating (using a Wiki!) on trying to define a set of standards for paid subscriptions, encapsulating any types of data..." See: (1) "XML 2003 News Standards Summit Seeks Interoperability and Convergence"; (2) "IPTC Joins in XML News Standards Summit."

[December 08, 2003] "A Potluck Party for XML." By Clint Boulton. From InteretNews.com (December 05, 2003). "How can XML applications written by disparate parties work in harmony? The answer may come as early as next week in a flurry of demonstrations by top-tier vendors. The foundation language for Web services, which allow applications to talk to one another, Extensible Markup Language (XML) serves as the backbone for many of the applications developers are writing today. It is used to create common information formats and share the format and the data on the Internet. Most software companies employ the language to build more useful applications. Microsoft, BEA, and Adobe will have a presence at the XML Conference and Expo 2003, which is taking place at the Pennsylvania Convention Center Dec. 7-12, 2003. While not a product launch-oriented event, XML 2003 affords participants the chance to showcase their progress in developing software and offers attendees the opportunity to see numerous product demonstrations in action. XML 2003 Chairperson Lauren Wood, who is also chair emerita of the W3C DOM Working Group, is responsible for overseeing the content of the event. Wood said the offer to participate in the 100 tutorial or demonstration time slots was met by a flurry of 400 applications. She also said there is one big difference between this year and previous years: results... Key standards bodies, under which where members gather to work on XML-based projects together, will also preside, including the World Wide Web Consortium, Organization for the Advancement of Structured Information Standards (OASIS) and the Web Services Interoperability (WS-I) consortium. Wood, who expects somewhere in the range of 1,000 attendees, said standards bodies W3C, OASIS and WS-I will all show interoperability demonstrations. OASIS will showcase WS-Reliability interoperability with participants Fujitsu, Hitachi, NEC, Oracle, and Sun Microsystems. WS-Reliability is designed for applications that require guaranteed message delivery, a task that will be demonstrated by the companies using a case derived from a commercial scenario. Participants will act as server or client while various combinations of trouble are introduced in the network. Correct operation and inter-operation of these implementations will be demonstrated with dropped messages, duplicated messages and disordered messages. On a practical level, OASIS will show how software can help manage a health epidemic using ebXML, UBL and XACML. Yellow Dragon, Sun Microsystems, Sybase, Adobe, and AmberPoint will join forces to show how a scientist electronically fills an communicable disease form declaring an outbreak Hospitals nationwide are then electronically notified of the epidemic outbreak..." See details in the announcement: "OASIS Interoperability Demos Showcase ebXML, SAML, UBL, WS-Reliability, and XACML at XML 2003. Adobe, BEA, Citrix, Cyclone Commerce, Drake Certivo, Fujitsu, Hitachi, IBM, Korean National Computerization Agency (NCA), NEC, US National Institute of Standards and Technology (NIST), Oracle, Sun Microsystems, Vignette, and Others Demonstrate Interoperability of Standards."

[December 05, 2003] "Web Services Intermediaries Evolve." By Phillip J. Windley. In InfoWorld (December 16, 2003). ['The next generation of Web services management platforms address business needs with service virtualization, self-provisioning, and exception handling.'] "WSI (Web services intermediaries) address the need for faster, more flexible application integration with configurable tools for creating reliable, scalable Web services networks. There are more than a dozen WSI product vendors -- more if you throw in XML firewalls, which are quickly adding Web services deployment and management to their security capabilities. recently sat down with product managers and engineers from Actional, AmberPoint, Flamenco Networks, Infravio, and Westbridge Technology to get a preview of the new WSI products they are releasing this quarter. I discovered maturing conceptual models, more sophisticated and intuitive user interfaces, and evolutionary changes to product features. Service virtualization is one of the staple features of WSI products. In its simplest form, service virtualization creates a proxy of the Web service, hiding implementation details from service consumers. In addition to the security benefits you get from a proxy, service virtualization has practical benefits as well. For example, it allows you to move a service from one machine to another or run it on multiple machines without affecting service consumers. In the latest round of WSI products, service virtualization has matured and expanded to become one of the central organizing concepts. As an example, Westbridge Technology's XMS (XML Message Server) 3.0 uses service views to create an abstraction layer for back-end services. Westbridge has already made a name for itself in the XML firewall space, and XMS is a capable WSI product in its own right... Building strong exception handling into a Web services intermediary allows the system to evolve to cover error conditions that weren't anticipated and wouldn't be worth fixing if the fix involved recoding a method. In this model, the system evolves to meet business needs in ways that more tightly coupled systems cannot. The latest offerings from WSI vendors show that the market is continuing to deliver innovative fixes to IT problems. As the number of back-end Web services available for mixing and matching grows, WSI products will give IT shops the opportunity to show real agility in meeting business needs through custom solutions. But the wide range of vendors, architectures, interfaces, and conceptual metaphors can be daunting. My advice is to look past feature sets, sit down with the interface, and find the product that feels most comfortable and matches how your organization plans to use Web services..."

[December 05, 2003] "Test Center Analysts Debate Wrapping Up Web Presence. Will Web Services Be the Catalyst for Collaboration Evolution?" By P.J. Connolly and Jon Udell. In InfoWorld (December 05, 2003). "Enterprise collaboration faces a number of challenges in the years to come. IM systems today are where e-mail was back in the late 1980s: islands of common use separated by protocols, vendors, and the network itself. Test Center Lead Analyst Jon Udell and Senior Analyst P.J. Connolly debate whether Web services will be the catalyst for the transformation of collaboration, and how. Udell: 'Effective collaboration is partly about the medium, and we have more of those than we know what to do with: phone, e-mail, IM, SMS. It's also about the message, though, and the messaging technologies we now use need some help. None of them is able to wrap adequate context around documents and discussions. P.J.: 'Here's the problem: There's still no agreement on how presence shall be presented as a Web service. On one side are the proponents of XMPP, an XML-based outgrowth of the Jabber project, which doesn't seem to be supported by anyone bigger than Novell. On the other, I see IBM and Microsoft agreeing that SIP/SIMPLE is the way to go... it's hard to envision how vendors are going to package their dream world where e-mails spawn IMs, which turn into telephone calls or launch a business process without XML somewhere in the data-transformation process. But we're a long way from platform-neutral services today. Customers are going to have to open up their wallets to pay for these features, and vendors are going to have to open up their products to add these features in such a way that they are easily deployed and managed. That's the tricky part because the major vendors have turf to protect -- from one another as well as from more nimble competitors... it's hard to envision how vendors are going to package their dream world where e-mails spawn IMs, which turn into telephone calls or launch a business process without XML somewhere in the data-transformation process. But we're a long way from platform-neutral services today. Customers are going to have to open up their wallets to pay for these features, and vendors are going to have to open up their products to add these features in such a way that they are easily deployed and managed. That's the tricky part because the major vendors have turf to protect -- from one another as well as from more nimble competitors'..." See also: (1) "Extensible Messaging and Presence Protocol (XMPP)"; (2) ACM Queue special issue on Instant Messaging.

[December 03, 2003] "Versioning XML Vocabularies." By David Orchard. From XML.com (December 03, 2003). ['A whitepaper presenting best practices for versioning W3C XML Schema based XML vocabularies, describing techniques to achieve more effective loose coupling between systems by increasing the possibility for backwards- and forwards-compatible changes to occur when related systems evolve.'] "XML is designed for the creation of languages based upon self-describing markup. The inevitable evolution of these languages is called versioning. Versioning means adding, deleting, or changing parts of the language. Making versioning work in practice is one of the most difficult problems in computing, with a long history of failed attempts. Arguably one reason why the Web rose dramatically in popularity is because evolution and versioning were built into HTML and HTTP headers, each of which provides explict extensibility points and rules for understanding extensions that enabled their decentralized extension and versioning. XML Namespaces provide an ideal mechanism for identifying versions of languages, and all XML schema languages -- such as W3C XML Schema -- provide for controlled extensibility. This article describes techniques to achieve more effective loose coupling between systems by increasing the possibility for backwards- and forwards-compatible changes to occur when related systems evolve. These techniques are designed for compatible changes with or without schema propagation. A number of rules are described for versioning XML vocabularies, making use of XML Namespaces and XML Schema constructs. It includes rules for working with languages that provide an extensible container model, notably SOAP. The collective set of rules is called the 'Must Ignore' pattern of extensibility... To a certain degree, the technique described herein is a combination of the ##any and ##other designs with well-known rules to produce a design that achieves the goals of compatible extensibility and versioning with validation using W3C XML Schema. The namespace name owner can add backwards- and forwards-compatible changes into the extensibility element while retaining the ability to validate all components, and other authors can add their changes at the ##other wildcard location..."

[December 03, 2003] "Styling RDF Graphs with GSS." By Emmanuel Pietriga. From XML.com (December 03, 2003). ['Visualising RDF graphs is a hard problem, as they can quickly become unwieldy. This article introduces a solution in the form off GSS (Graph Style Sheets), an RDF vocabulary for describing rule-based style sheets used to modify the visual representation of RDF models represented as node-link diagrams.'] "RDF models describe web resources using subject-predicate-object triples. Combined together, these triples form a graph structure, which cannot be easily conveyed by textual syntaxes such as RDF/XML, Notation 3 or N-Triple because of their one-dimensional nature. Visual editors such as IsaViz and RDF Author represent models as editable node-link diagrams, making the graph structure easier to understand compared to textual serializations. However, visual representations are not fully satisfying and have their own problems: diagrams can quickly become big and over-cluttered, and some editing tasks can be more difficult to achieve when dealing with a visual representation of the model. The first version of IsaViz offered partial solutions to these problems, such as a zoomable user interface combined with enhanced navigation capabilities... GSS (Graph Style Sheets) is an RDF vocabulary for describing rule-based style sheets used to modify the visual representation of RDF models represented as node-link diagrams. Possible modifications include changing the visual aspect of nodes and links (color, shape or icon, font, etc.), but also hiding parts of the graph or changing the layout of some elements. GSS draws many of its instructions from existing W3C Recommendations, namely, CSS and SVG. GSS features a cascading mechanism; its transformation model is loosely based on that of XSLT... the graph stylesheet is made of a set of rules. The left-hand side of a rule is called the selector, while the right-hand side is called the styling instruction set. Given the set of rules defined in a stylesheet (or several cascading stylesheets), the program in charge of styling RDF models (called a GSS engine) walks the entire graph, including resources, literals, and properties, and evaluates relevant rules on them. If the selector of a rule matches the current node (or arc) in the graph, the corresponding set of styling instructions is applied to the node or arc. Conflicts between rules matching the same node or arc are resolved, first, by giving higher priority to rules in the stylesheet applied last, and, second, to the most specific selector if both are in the same stylesheet... GSS stylesheets can be combined together with ease thanks to the cascading mechanism and the RDF language's capability to merge models. What we need now are stylesheets for all widely-used vocabularies..." See: (1) W3C RDF resources; (2) local referencesin "Resource Description Framework (RDF)."

[December 03, 2003] "Trees, Temporarily." By Bob DuCharme. From XML.com (December 03, 2003). ['In his latest Transforming XML column Bob DuCharme explains XSLT 2.0's Temporary Trees, and then he demonstrates how to use them.'] " XPath 1.0 has a special data type called Result Tree Fragments. For example, an xsl:variable element can store a single string, but it can also store an XML element with all the descendants and attributes you like. This structure is a Result Tree Fragment... There's little you can do with result tree fragments in XSLT 1.0; you can treat them as strings and you can use xsl:copy-of to copy them to the result tree, and that's it. Because many XSLT developers longed for a way to pass composite structures to named templates, and then use the pieces of those structures individually inside the named template, instead of merely copying the structure to the result tree or pulling substrings out of it, several XSLT 1.0 processors offer extension functions such as Xalan's nodeset() and Saxon's node-set() that convert these fragments to node sets whose nodes can be addressed with XPath expressions. XSLT 2.0 eliminates result tree fragments and replaces them with a more powerful feature: temporary trees. Once you create a temporary tree in an xsl:variable, xsl:param, or xsl:with-param element, you can do anything with it that you can do with a source tree..." General references in "Extensible Stylesheet Language (XSL/XSLT)."

[December 03, 2003] "IBM, BEA Lay Out New Java Specs. Sun, Oracle, Not Behind Initiative." By Ed Scannell. In InfoWorld (December 01, 2003). "IBM and BEA Systems last week disclosed that they are working jointly on three new specifications for the Java platform. The new specifications -- Service Data Objects, Work Manager for Application Servers, and Timer for Applications Servers -- are all designed to increase much-needed application portability between IBM's WebSphere and BEA's WebLogic application servers. 'We both have been innovating in a number of areas around Java APIs, and developers have been looking for commonality,' said Scott Dietzen, CTO of BTA. Executives at both companies said they do not expect to deliver products that take advantage of the new specifications for about a year; they are releasing the necessary technical information now so that developers have time to digest it. Sun Microsystems and Oracle, however, have yet to pledge support for the proposed standards. Some observers believe IBM and BEA will ruffle some feathers because the new standards should go first through the Java Community Process (JCP)... Also last week, in a separate development related to Java, a group headed by Oracle and Sun formed the JTC (Java Tools Community) whose charter is to make Java more interoperable through tool frameworks and open standards. Just as Oracle and Sun have yet to endorse the IBM-BEA Java standards, IBM and BEA have not advocated the JTC..." See details in the news story: "BEA and IBM Publish Service Data Objects (SDO) Specifications."