[February 26, 2004] "Whitepaper on Liberty Protocol and Identity Theft." Edited by William Duserick (Fidelity Investments). From the Liberty Alliance Project. February 20, 2004. 11 pages. Contributors: Paul Madsen (Entrust), Sandra Silk (Fidelity Investments), Luc Mathan (France Telecom), Margareta Bjorksten (Nokia), Niina Karhuluoma (Nokia), Shin Adachi (NTT), Eric Norlin (Ping Identity Corporation), Linda Elliott (Ping Identity Corporation), Karyn Murphy (RSA Security), Tanya Candia (Sigaba), Piper Cole (Sun Microsystems), Susan Landau (Sun Microsystems), and Stephen Deadman (Vodafone). "Identity theft, a modern crime of this modern age, has become a significant threat to the growth of electronic commerce. Cases of misuse of online accounts by imposters as well as creation of new accounts using stolen identity and attribute information are prevalent. The resulting press accounts have served to dampen citizen, corporate, and government enthusiasm for electronic interactions which are sensitive or have monetary value. Federated identity management provides the ability to leverage authentication and use personal or business information stored with one online entity to conduct business with another. The Liberty Alliance Project is developing standards for federated identity management which emphasize security and support the privacy of users in a networked world. This paper discusses how the Liberty Alliance Project addresses the current issue of identity theft through specifications, best practice documentation and implementation guidelines. Identity federation as specified by the Liberty Alliance Project is a controlled method by which partnering companies can provide more integrated and complete customer service to a qualified group of individuals within certain sets of business transactions. The mechanisms inherent in the concepts of identity federation, and the Liberty Alliance Project specifications in particular, should help protect the user from theft and abuse. There are several considerations which lead to this conclusion: (a) Superior security and privacy inherent in interactions; (b) No single point of failure, i.e., limited information in any one repository; (c) Permission-based access to attributes; (d) Upgrades to the specifications to deal with breach experience..." See: (1) the announcement, "Liberty Alliance White Paper Outlines Federated Identity's Ability to Reduce Identity Theft." (2) general references in "Liberty Alliance Specifications for Federated Network Identification and Authorization." [cache]

[February 26, 2004] "Getting Reacquainted with dbXML 2.0." By Tom Bradford. From XML.com (February 25, 2004). "The goal of the dbXML project has been to produce a high quality, small footprint XML database that just works. dbXML is a native XML database written in Java. Native XML databases (NXDs) are databases that store XML using an internalized format for faster overall processing and representational flexibility. NXDs also provide support for indexing XML for improved query performance. Because it utilizes Java's memory mapped I/O and overlapping socket I/O, dbXML requires Java 1.4 or higher... In version 2.0 dbXML supports basic journaling transactions under the hood. At present, all transactions are implicit unless you're accessing dbXML using the database's lowest level APIs. Explicit transaction APIs will be exposed via the client/server APIs in a future release... The database now has a pluggable security model. There are currently three security managers to choose from. (1) NoSecurityManager provides no security whatsoever and is used when authentication is not needed to access the database. (2) SimpleSecurityManager provides simple security, where a single user name and password is used for the entire database. The user name and password are defined in the database's system.xml configuration file. (3) DefaultSecurityManager is so named because it is the default security manager. It provides access control based on users and roles stored in the database's system collections. dbXML 1.0 leveraged CORBA to provide client/server communications. While CORBA made dbXML accessible to many platforms and languages, it also came with its share of headaches. For version 2.0, it was decided that CORBA would no longer be used. dbXML 2.0 utilizes a web services hub called Project Labrador to provide client/server communications. Currently, Labrador only supports REST and the XML-RPC protocol. As a result, dbXML only supports these modes of access. A future version of Labrador will support SOAP; when it does, dbXML will automatically inherit this capability. This project has evolved quite a bit since version 1.0 and is very likely to evolve considerably in the coming year. It is already a mature product, with some rather high profile users, and is in a very good position to become the dominant open source XML database, if not one of the more popular XML databases in general..." See references in "XML and Databases."

[February 26, 2004] "VoIP Gets SIMPLE for Avaya." By Christopher Saunders. In Instant Messaging Planet (February 23, 2004). "Communications networking giant Avaya on Monday became the latest major enterprise technology player to launch a business instant messaging solution, debuting the offering in connection with its new Voice Over IP suite. At the heart of the new VoIP offering is the Avaya Converged Communications Server, representing the Basking Ridge, N.J.-based company's foray into solutions based on Session Initiation Protocol (SIP), a leading standard in the Internet telephony industry. That technology also forms the basis for SIP for Instant Messaging and Presence Leveraging Extensions (SIMPLE), a protocol supported by several of the largest competitors in the enterprise IM space, such as IBM Lotus and Microsoft. Thanks to its new SIP/SIMPLE support, Avaya's converged communications solution now incorporates user availability awareness and controls — or 'presence,' in industry parlance — into its core VoIP offerings. A new edition of its IP telephony software, Avaya Communication Manager, integrates with Converged Communications Server to support the technology, as does the Avaya IP Softphone R5, an on-screen call manager client. As a result, users of the Softphone client can view colleagues' availability using a presence-enabled contact list, much like the Buddy Lists found in AOL Instant Messenger and similar programs. When integrated with the new Converged Communications Server, the Avaya IP Softphone shows friends' and colleagues' real-time statuses, such as 'Away,' 'On the Phone,' or 'Busy.' Users can then click their contacts to launch IM, voice, or conference calling sessions with others..." See: "IETF SIMPLE Specifications Support Presence-Based IM, Video, and Voice."

[February 26, 2004] "IETF Closes in on Linking Geographic Info, Presence." By Christopher Saunders. In Instant Messaging Planet (January 28, 2004). "Instant messaging brought 'presence' — the ability to tell when others are available for chat — to the desktop. Now, the concept could be on the cusp of another, quiet evolution: incorporating location information... Groupware, Web conferencing and telephony applications have also begun incorporating presence information, broadening its impact. Now, figures in the Internet communications community are working to take presence to the next level by creating a framework for merging users' location data into their presence information. That's long been viewed as a logical add-on to the basic availability data now available in most implementations of presence. But there are important considerations to take into account before simply merging the data. Access to users' geographic information needs to be subject to user control, much like presence is handled in most consumer instant messaging clients — which generally enable users to hide their availability status from certain classes of fellow users, such as unknown contacts. Otherwise, everyone on a network could have unrestricted knowledge of others' whereabouts without any form of authorization. Within the Internet Engineering Task Force, the Geographic Location/Privacy Working Group (also known as GEOPRIV) has taken up the task of walking the line between establishing a means of disseminating geographic data that is subject to the same sorts of privacy controls as presence is today. GEOPRIV is close to finalizing on a recommendation for just such a system. That draft recommendation, authored by Neustar's Jon Peterson and known officially as 'A Presence-based GEOPRIV Location Object Format,' is actually based on earlier work done in formulating the basic requirements for presence data: the Presence Information Data Format (PIDF)... The latest effort doesn't aim to hammer out a standard for geographic information itself. Rather, it's based on current geographic data standards, and focuses instead on encapsulating location information within presence data, and applying the same sorts of user preferences. Geography Markup Language (GML) is the expected location format over which the GEOPRIV draft's specifications will be applied. 'There is related work out there, tons of it in the GEOPRIV working group for providing more specific policy tools and language ... and OpenGIS (Geographic Information Systems) and the GML 3.0 spec seem adequate for expressing simple and extremely complex coordinate space,' Peterson said... Peterson, an early figure in Session Initiation Protocol (SIP) and SIP for Instant Messaging and Presence Leveraging Extensions (SIMPLE) has his own anticipated scenarios. For one thing, VOIP applications based on SIP could see a major boost with the introduction of location-based data, which would provide necessary infrastructure for 911 emergency calling...' See: (1) "Geography Markup Language (GML)"; (2) "Presence Information Data Format (PIDF)"; (3) "Six New Internet Drafts from the IETF Geographic Location/Privacy Working Group."

[February 26, 2004] "Grid Forum Backs Utility Computing Standards." By Paul Shread. From GridComputingPlanet.com (February 25, 2004). "The Distributed Management Task Force's effort to draft standards for utility computing has received the backing of the Global Grid Forum (GGF), the Grid computing standards-setting body. 'This is an important activity and we are excited to see the DMTF bring this group together, while simultaneously tapping related efforts, such as GGF's Open Grid Services Architecture (OGSA) and several new GGF research groups focused on commercial enterprise Grid application use cases and requirements,' Charlie Catlett, senior fellow at Argonne National Laboratory and chair of GGF, said in a statement... 'We have been working very closely with both DMTF for the past year, and in the past six months, also with OASIS, because these things are converging,' Catlett said. 'The efforts are indeed complementary, and where we have found intersection of activities we have created high-bandwidth liaison activities. For instance, we have a Common Management Model working group within GGF that was created by some folks who also participate in DMTF, and one of the objectives is cross-fertilization between Grid/utility computing and the distributed systems management world.' Catlett said 'the best sign of convergence' is the WS-Resource Framework (WSRF) effort to recast several key components of GGF's Open Grid Services Infrastructure (OGSI) specification into a set of Web services specs. The work is a joint effort between Grid services proponents from the GGF community and Web services proponents, Catlett said. 'The path forward for this is that WSRF specifications are most likely to be standardized via OASIS, where most Web services work is happening these days,' Catlett said. The GGF OGSI working group will serve a liaison function, and Catlett said he expects the WSRF-related OASIS technical committees to hold meetings at the thrice-yearly Grid forums. 'These are only a few of the ways we are discussing to work together with OASIS and DMTF,' Catlett said. Catlett also said he is 'personally very intrigued by DCML,' the Data Center Markup Language effort, and is 'trying to figure out how it might fit into Grid projects that I am doing without my GGF hat on. I definitely think DCML is quite interesting, but I have not followed what they're doing. We had extended an offer to them to do the work within GGF, but we haven't followed up. Regardless of where the work is done, I am hoping that we can form a liaison activity with them to make sure there is good exchange of ideas with the Grid community'..." See: (1) the announcement "DMTF Announces New Working Group for Utility Computing. OASIS, GGF and Industry Leaders Join Forces with DMTF to Further Management Standards for Utility Computing."; (2) WSRF specs news item in "Web Services Notification and Web Services Resource Framework."

[February 26, 2004] "IBM's Sutor: SOA Is So Necessary." By Darryl K. Taft. In eWEEK (February 25, 2004). ['Bob Sutor, IBM's director of WebSphere infrastructure software, will be keynoting at this week's Edge 2004 conference on software development in Boston. Sutor, who will be speaking on the concept of service-oriented architecture, took time last week to explain IBM's SOA strategy to eWEEK Senior Writer Darryl K. Taft.'] Sutor: "In brief, an SOA is distributed computing where you identify the different units of work or units of activity as services. So a service is some piece of software that you can issue queries to, issue commands to in some way, basically tell it to do something, and it responds back to you. It's critical that there is a large degree of standardization in how you actually define these services. That is, we can't have one language for talking about this service and another language for talking about that service. The key is to try to make what is essentially an extremely heterogeneous implementation to look as homogeneous as possible — that is, your service or another service can be described in exactly the same terms and therefore processed by exactly the same tools. Given this notion that I can describe services, I can get those descriptions, I then need to connect to them. And I have certain requirements about that connectivity. So I have requirements about reliability, that is I know if I invoke a service I'd like to know that something actually happened. That it got the message and responded back to me. So it basically boils down to distributed computing with standards that tell us how to invoke different applications as services in a secure and reliable way and then how we can link the different services together using choreography to create business processes. And then finally so that we can manage these services so that ultimately we can manage and monitor our business performance..."

[February 25, 2004] "WS-I Releases Web Services Security Scenarios." By Elizabeth Montalbano. In CRN (February 25, 2004). "The Web Services Interoperability Organization (WS-I) Wednesday released a document aimed at helping solution providers and customers take the first steps toward implementing Web services-based security. [Hal] Lockhart said there are an infinite number of ways for companies to use standards such as WS-Security and SOAP Message Security 1.0 to secure Web services messages. The WS-I is providing only a sample of those ways in its work, and encourages commentary from the industry on other possible scenarios. 'This activity will form the basis for what we consider to be the basic security profile,' Lockhart said. 'We really want feedback from people about whether this is the right set of scenarios, the right set of choices to make. We hope people will look at this document and feed back to us their reactions in terms of whether we are working on the right problems.' The WS-I plans to release a draft of its Basic Security Profile, which will deal with how to use WS-Security and SOAP Message Security — among other standards — in Web services-based transactions, by the end of March, said Eve Maler, XML architect at Sun and another member of the Security Profile Working Group. The Basic Security Profile builds on the WS-I Basic Profile to propose how to provide security mechanisms around existing Web-services standards. The WS-I's Basic Profile 1.0, released in August, provides guidelines for using several established standards for building Web services — SOAP, WSDL, UDDI and XML Schema. In the future, the Security Profile Working Group will address how to utilize other security standards, such as security assertion markup language (SAML) and Kerberos, with Web services, Maler said..." See details in the news story "WS-I Releases Public Working Draft Document on Security Scenarios."

[February 24, 2004] "Microsoft Previews InfoPath Update. Update Inlcudes Fixes, New Features." By Joris Evers. In InfoWorld (February 23, 2004). "Microsoft Corp. is giving users a chance to test enhancements to its InfoPath XML forms manager. Microsoft plans to deliver those enhancements as part of Service Pack 1 (SP1) for its Office 2003 products in late June. Called InfoPath 2003 Service Pack 1 Preview, the update not only bundles software fixes, but also adds a host of new features. InfoPath is Microsoft's new XML forms manager. It joined the Office family last October part of the Office 2003 release. SP1 updates to InfoPath fall into four main areas: security, reliability, user experience and programming environment. On the security side, Microsoft has improved support for digital signatures, adding the ability to sign different parts of the form as well as cosigning, among other features. Perhaps the most important element to driving adoption of InfoPath are improvements and additions in the InfoPath programming environment. Developers using Microsoft's Visual Studio .Net can now create InfoPath applications using managed code. Previously InfoPath developers were limited to using scripting. Additionally, the update adds tools for working with ActiveX controls and complex XML schemas as well as layout controls for working with printed forms and promises easier integration into existing business process and workflows..." See: (1) the announcement, "Newest Enhancements to Microsoft Office InfoPath 2003 Now Available for Preview. Microsoft to Add Enhanced Programming Tools, Richer Page Layout Controls, and Improved Schema and Digital Signature Support to Its Popular Information-Gathering Program."; (2) "Microsoft Office 11 and InfoPath [XDocs]."

[February 24, 2004] "AVDL Integrates Application Security." By Jan Bialkowski and Kevin Heineman. In Network World (February 23, 2004). "Because traditional security tools such as firewalls, VPNs and intrusion-detection systems inadequately protect against application-layer attacks, security managers are turning to next-generation application security products such as vulnerability scanners, application security gateways and patch management systems. However, these best-of-breed stand-alone systems still require individual and separate user interactions, leaving the overall security management process too manual, time-consuming and error-prone. Application Vulnerability Description Language (AVDL) is a new security interoperability standard in development by OASIS. Proposed by leading application security vendors and users, AVDL creates a rich and effective set of consistent XML schema definitions to describe application security properties and vulnerabilities. Using AVDL, security tools and products from different vendors will be able to communicate to coordinate their security operations and automate security management. The basic concept embodied in the AVDL schema is an application-level transaction, called a probe, which describes HTTP exchanges between browsers and Web application servers. Defined mark-ups allow specification of the HTTP messages in full detail at various levels of abstraction (raw byte stream, or parsed to HTTP header constructs). Such probes might specify valid and expected request-response exchanges between browsers and servers, or might specify application vulnerability exploits. In the former case, traversal-step probes supply a host of information, including target URLs, links, cookies and other headers, as well as query or form parameters, their attributes and ranges of legitimate values. The traversal probes can be used to automate enforcement of safe usage policies. In the latter case, vulnerability probes further highlight questionable constructs and supply detailed specifications of vulnerabilities, including human-readable description and machine-readable assessment information such as vulnerability severity, applicability and its historical records. The vulnerability probes supply information necessary to configure protective 'deny' rules and information about hot fixes if any are available, workarounds and so forth that can be used to automate management of remediation processes. In a typical usage scenario, a security scanner maps out the application and detects its flaws and vulnerabilities. The scanner then sends its assessment in the form of a set of AVDL probes to other security devices. The recipients, such as patch management systems or security gateways, use the AVDL input to automatically generate configuration recommendations..." See the recent announcement.

[February 24, 2004] "Application Security Standard Edges Forward." By George V. Hulme. In InformationWeek (February 23, 2004). "An application security standard known as Application Vulnerability Description Language, which was proposed last year, is moving closer to reality. AVDL, which was submitted to the standards group OASIS, is based on XML and is designed to provide a standard way for application vulnerabilities to be defined and classified so all security applications from different vendors that companies use to secure their apps will understand the same language when it comes to security threats. For example, when a new software vulnerability surfaces, a company's vulnerability scanner could scan systems to spot the new flaw. The scanner then could send information to firewalls and patch-management systems, which those applications could then use to automatically adjust to better protect against any potential attacks, such as a worm or a hacker attack. At this week's RSA Security Conference in San Francisco, security vendors will demonstrate how the draft AVDL specifications have been implemented in their applications..." See: (1) the announcement, "Application Security Leaders Announce Support for AVDL OASIS Committee Draft. Cenzic, Citadel, Department of Energy CIAC, GuardedNet, NetContinuum, Qualys, SPI Dynamics, Teros and WhiteHat Among Growing Number of Organizations to Support AVDL."; (2) "OASIS Committee Draft for the Application Vulnerability Description Language (AVDL)"; (3) "Application Security Standards."

[February 24, 2004] "Ink Markup Language." W3C Working Draft 23-February-2004. By Gregory Russell (IBM), Yi-Min Chee (editor, IBM), Giovanni Seni, Larry Yaeger (Apple), Christopher Tremblay (Corel), Katrin Franke (Fraunhofer Gesellschaft), Sriganesh Madhvanath (HP), Max Froumentin (W3C). Produced by the W3C Multimodal Interaction WG as part of the W3C Multimodal Interaction Activity. Latest version URL: http://www.w3.org/TR/InkML. "The Ink Markup Language serves as the data format for representing ink entered with an electronic pen or stylus. The markup allows for the input and processing of handwriting, gestures, sketches, music and other notational languages in Web-based (and non Web-based) applications. It provides a common format for the exchange of ink data between components such as handwriting and gesture recognizers, signature verifiers, and other ink-aware modules. This second version of the Working Draft adds facilities for detailed recording of time information for the captured ink. The attribute for associating the format of trace data with the device used to capture it has also been defined. The draft introduces a new, generic mapping syntax which allows for MathML formulas, and the mechanism for referring to ink traces (for semantic labelling or other purposes) has also been simplified. Finally, each element has been given its own section, which includes a definition of its attributes and contents..." See the news story for the previous WD version, "W3C Releases Public Working Draft for the Ink Markup Language (InkML)."

[February 24, 2004] "IBM, Veritas Lead New Utility Computing Standard." By Clint Boulton. In InternetNews.com (February 11, 2004). With followon article 2004-02-17. "A new standards body has been formed to create a method for ensuring the interoperability of utility computing environments using products from different companies... According to a Distributed Management Task Force document obtained by internetnews.com, the new Utility Computing Working Group is co-chaired by one representative from IBM and VERITAS Software and has a goal of unifying data center management, an integral part of on-demand computing. The work, which will be carried out with the help of standards bodies such as the World Wide Web Consortium (W3C) and OASIS, could be seen as IBM's and VERITAS' competitive answer to the Data Center Markup Language (DCML) launched by EDS, Computer Associates, and others last year... Analysts following the space noted that neither IBM nor HP, widely acknowledged as the two biggest on-demand computing players, were involved with DCML. Now, the latest interoperability group appears to be an answer to DCML, as well as another reminder that standards-creation often spurs rivals to line up on opposing sides in the process. 'It sure looks like IBM is pushing its agenda on autonomic computing,' said a source familiar with the utility computing space and the standards process. 'The big difference between this and DCML is that it has big guy sponsorship — is this how IBM expects to drive forward the Web Services Notification and Resource Framework standards that it introduced in January at Global Grid Forum? If so then HP will also be on board with this.' The source said the alignment of the grid standards with the Web services standards is vital to IBM's view of autonomic computing and 'it seems like the GGF can't do it on their own.' The DMTF, which created the Common Information Model (CIM) to describe how management programs will be able to control devices and applications from different vendors in the same way, did not respond to calls seeking comment as of press time..." Other details in the WG charter. See: (1) the 2004-02-17 announcement: "DMTF Announces New Working Group for Utility Computing. OASIS, GGF and Industry Leaders Join Forces with DMTF to Further Management Standards for Utility Computing." (2) "Opsware and EDS Launch Data Center Markup Language (DCML) for Utility Computing"; (3) "DMTF Common Information Model (CIM)."

[February 23, 2004] "Enterprise Instant Messengers Make the Grade." By Curtis Franklin Jr., Brian Chee, and Mike Heck. In InfoWorld (February 11, 2004). "Instant messaging is alive and well in the workplace. We tested four solutions in this roundup -- Lotus Instant Messaging and Web Conferencing 3.1, Microsoft Live Communications Server 2003, Novell GroupWise Messenger 1.0, and Jabber XCP (Extensible Communications Platform) 2.7 -- and found that enterprise IM solutions provide the security, manageability, and auditing capabilities that companies need. And they also include features, ranging from transaction logging to document collaboration, that will support business processes in the enterprise. All four of these products enhance security through full encryption of traffic streams, providing the ultimate protection for traffic that traverses public data links. Each integrates with directory services such as Active Directory, LDAP, and RADIUS, giving administrators the ability to control user population and privileges, and allowing users to share a central contact list across the organization... The solutions also allow administrators to create and manage a central archive of messages and conversations, providing the auditing capabilities necessary, for example, to ensure accountability or comply with Securities and Exchange Commission (SEC) requirements or Health Insurance Portability and Accountability Act (HIPPA) responsibilities. The IM products from IBM Lotus, Microsoft, and Novell also integrate with their respective collaboration platforms. If you've committed to a particular vendor's groupware, very likely you'll be best served by their enterprise IM solution. On the other hand, there are other options to consider depending on whether you want application sharing or whiteboarding with IM, and what flavor of directory services runs in your infrastructure. .." See also the news story on IETF SIMPLE WG IM and presence specifications.

[February 23, 2004] "Handling Privacy in WSDL 2.0." Edited by Hugo Haas (W3C). W3C Team Submission. 13-February-2004. ['This document discusses how to handly privacy in WSDL 2.0 and shows a possible solution using the P3P generic attribute and a WSDL 2.0 feature in order to express a Web service provider entity's privacy policy.'] "In the same way Web sites have privacy policies, Web services may raise privacy concerns, as shown in section 2 and 4 of J. Reagle, et al., "P3P: Beyond HTTP." Users of Web services may want to know how and for what purpose their personal data will be used before deciding to use a service. The Platform for Privacy Preferences Project (P3P) enables Web sites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents. P3P user agents will allow users to be informed of site practices (in both machine- and human-readable formats) and to automate decision-making based on these practices when appropriate. Thus users need not read the privacy policies at every site they visit. The Web Services Description Language (WSDL) 2.0 is an XML language for describing Web services. When used in combination with P3P, one can express the privacy policy of a Web service. This document proposes two ways to express and process privacy policies in WSDL 2.0. One way is to use the generic P3P attribute of the Platform for Privacy Preferences 1.1 (P3P1.1) Specification to extend a WSDL 2.0 description to attach provider entities' privacy policies. The other way is to use a WSDL 2.0 feature..." General references in "Platform for Privacy Preferences (P3P) Project."

[February 23, 2004] "Television Listings and XMLTV." By Kyle Downey. From XML.com (February 18, 2004). "With a mini PC with a TV capture card, a WiFi card, a monster hard drive, and a Linux package like MythTV, can not only do almost everything a TiVO can do, but can also serve up MP3 files, act as a Windows file server with Samba, run a web server, and more. One critical element of a DIY TiVO is TV listings. Without these all the fancy hardware in the world won't do much good. But there's an open source, Perl XML-based solution by Edward Avis called XMLTV that many of the TV-on-your-PC packages like Freevo and MythTV support. With support for screen-scraping data for many country's cable systems, XMLTV can take various sources and create a consistent stream of XML. Good software can be used as a building block to make other software, and by this measure XMLTV -- both the de facto standard and the software -- is very useful. Although dreams of combining computers with televisions have yet to pan out, now there are solid mechanisms that let you combine Internet data with live video, and insert your own software in between. The exciting element is not what has been done, but the convergence of interesting information, ease of access and processing with XML-based formats like XMLTV, with freely-available, powerful software..." General references in "XMLTV."

[February 23, 2004] "Microsoft Creates a Stir in Its Work With the U.N." By John Markoff and Jennifer L. Schenker. In New York Times (February 23, 2004). [With caption: 'Klaus-Dieter Naujok, who works with the United Nations, says it is difficult to avoid Microsoft's influence.'] "The chairman of the Microsoft Corporation, Bill Gates, won widespread applause in January when he trumpeted an agreement to give $1 billion in software and cash to the United Nations as part of a job-training program for the developing world. But Microsoft did not seek any attention for a much smaller amount that it contributed earlier to pay some travel expenses for a United Nations business standards group. That payment, critics say, had a much more opportunistic motive than the big donation. Several software industry executives and technologists contend that Microsoft has been moving behind the scenes to undercut support for a set of business-to-business electronic transaction standards jointly developed by the United Nations and an industry-sponsored international standards group. Microsoft and senior United Nations officials said that the accusation was false and that the company's contributions were relatively modest, complied with United Nations guidelines, and did not unduly influence decision making. Microsoft and I.B.M. have been trying to gain backing for a competing approach to writing Internet software, which the two companies argue would be a better, more general solution for business-to-business computer communications than the original United Nations-developed standard, known as 'electronic business using extensible markup language,' or ebXML in the trade. The previously hidden dispute may seem arcane, but it revolves around computing standards that are likely to help determine control over an emerging generation of Web services software that is designed to automate buying and selling through networks of computer connections. Many industry executives predict that the new software will ultimately supplant computer operating systems as the linchpin of the industry. This new fight is occurring as Microsoft, the world's largest software company, moves to the final stages of its legal dispute with antitrust regulators in Europe over its right to integrate features of its competitors' products into its Windows operating system. On another front, Microsoft is being challenged by an array of open-source programs -- starting with Linux but expanding to other arenas -- that are being developed by a loosely organized group of software programmers and distributed at little or no cost..." See general references in "Electronic Business XML Initiative (ebXML)."

[February 23, 2004] "Remember ebXML? Doing Business in Real Time." By David S. Linthicum. In XML Journal Volume 5, Issue 2 (February 2004). "While there are many standards that look like ebXML, ebXML is the first horizontal standard designed to address the exchange of information and adherence to inter-enterprise processes. However, in attempting to reach this lofty goal, ebXML is also a complex standard and takes some understanding before we can comprehend its value to the world of application integration and electronic business. In recent years, it's been clear that ebXML (as well as many other modern Internet standards) has to take on a coexistence strategy rather than a replacement strategy. This is because most enterprises are reluctant to shut down their existing B2B systems, such as EDI, until new standards have proven their operational value. Thus, we have another evolution not revolution, which seems to be a common theme as we migrate to newer but more complex and invasive standards. There are several components to ebXML, including: Collaboration Protocol Profile (CPP); Collaboration Protocol Agreement (CPA); Business Process and Information Modeling; Core Components; Messaging; Registry/Repository..." General references in "Electronic Business XML Initiative (ebXML)."

[February 23, 2004] "Web Services Alphabet Soup: Is the Glut of Web Services Protocols a Morass or a Precursor to Unprecedented Harmony?" By Jon Udell. In InfoWorld (February 20, 2004). Strategic Developer. The original title of this column was 'WS-WorldPeace.' "Here's one popular definition of insanity: 'Do the same thing, expecting a different result.' Now consider the following partial list of proposed standards for Web services: WS-Addressing, WS-AtomicTransaction, WS-Attachments, WS-Context, WS-Coordination, WS-Eventing, WS-Federation, WS-Reliability, WS-ReliableMessaging, WS-Routing, WS-SecureConversation, WS-Security, WS-SecurityPolicy, WS-Transaction, and WS-Trust. That's just the WS series; there's also XML 1.0, XML Schema, SOAP, WSDL, UDDI, XML-DSig, XML-Encryption, XKMS, SAML, XACML, ebXML, BPEL4WS, WSRP, and a partridge in a pear tree. Is this nuts? Some people think so. The watchwords of XML Web services were the watchwords of the Web: simplicity and universality. But as the specs multiply like weeds, it's fair to ask if we're now just reinventing CORBA and DCOM, doing the same old thing and crazily hoping for a different result... [We have] a zoo of protocols that, for most developers, create severe cognitive overload. It's one thing to say that a secure transacted session can be composed out of these modular parts, but quite another to actually achieve that effect. [Microsoft's] Shewchuk agrees. The solution, he suggests, is tooling that enables a declarative style of programming. This idea dates back to MTS (Microsoft Transaction Server). Before COM+ and J2EE, MTS pioneered the notion that you need not write lines of code to invoke services such as transactions or object pooling. Instead, a programmer could invoke these services with simple attribute declarations. Or an administrator could achieve the same effect by setting attributes in a management console... 'In Indigo, it boils down to attributes,' Shewchuk says. 'You tell the run time you want confidentiality, longevity, and reliability, and it uses the composable architecture to translate that into a configuration on an execution pipeline.' You've got to love the vision. Is it a recipe for WS-WorldPeace? That will depend on Microsoft's commitment to base standards, which so far looks more solid in Indigo than in Avalan or WinFS. It will also depend on everybody else figuring out what Microsoft has always known: packaging technology, in ways that make sense to average developers, matters a lot..."

[February 12, 2004] "Microsoft Locks Up XML Patent." By Alexander Wolfe. From InternetNews.com (February 12, 2004). "The speculation as to whether Microsoft intends to patent XML technology is over. Microsoft has been granted United States patent 6,687,897 for 'XML script automation.' The patent, awarded by the U.S. Patent and Trademark Office on February 3, appears to deal with basic XML functionality. Specifically, it describes a method for unpacking multiple scripts contained within a single XML file. According to the application filed by Microsoft, the patent involves 'systems, methods and data structures for encompassing scripts written in one or more scripting languages in a single file.' 'The scripts of a computer system are organized into a single file using Extensible Language Markup (XML),' Microsoft's patent document continues. The document explained that each script is delimited by a file element and the script's instructions are delimited by a code element within each file element. When a script is executed, the file is analyzed to create a list of script names or functional descriptions of the scripts..." Summary in the following bibliographic entry. See the thread on XML-DEV, with comments by Michael Champion (bis), Bob Wyman, David Megginson, Michael Kay, W. E. Perry, James Anderson, Rick Jelliffe, and others. See also: (1) "Microsoft Files for Patents Related to XML Parsing and Word Processing"; (2) general references in "Patents and Open Standards."

[February 12, 2004] "Microsoft Acquires United States Patent 6,687,897: XML Based Script Automation." 'Inventor': Olivier Guinart (Redmond, WA). Assignee: Microsoft Corporation. Application number: 727598. Filed: December 1, 2000. Granted: February 3, 2004. Abstract for patent #6,687,897: "Systems, methods and data structures for encompassing scripts written in one or more scripting languages in a single file. The scripts of a computer system are organized into a single file using Extensible Language Markup (XML). Each script is delimited by a file element and the script's instructions are delimited by a code element within each file element. Other information, such as a name of the script and a functional description of the script may also be included in the file using other XML elements to delimit that information. The language in which a particular script is written is also included within the XML format. When a particular script is executed, the file is parsed to create a list of the script names or of the functional descriptions of the scripts. One or more scripts are selected and the code for those scripts is extracted from the file and executed by the appropriate scripting process. The scripting process that executes a particular script is identified from the scripting extension attribute that is included in the XML format of the file..." See: (1) "Microsoft Files for Patents Related to XML Parsing and Word Processing"; (2) general references in "Patents and Open Standards."

[February 12, 2004] "Google Spurns RSS for Rising Blog Format [Atom]." By Paul Festa. In CNET News.com (February 11, 2004). "Google's Blogger service is bypassing Really Simple Syndication in favor of an alternative technology, a move that has sparked more discord in a bitter dispute over Web log syndication formats. The search giant, which acquired Blogger.com last year, began allowing the service's million-plus members to syndicate their online diaries to other Web sites last month. To implement the feature, it chose the new Atom format instead of the widely used, older RSS. The battle between RSS and Atom has divided the blogging world since the summer, when critics of RSS came together to create an alternative format. Since then, a raft of blog sites and individuals have lined up behind Atom, while Yahoo has thrown its considerable weight behind RSS. The Blogger decision to offer only Atom has angered supporters of RSS, who accuse Google of helping to splinter a wide network of RSS-using bloggers... 'They're breaking users, including people who aren't using their software,' wrote Dave Winer, a Harvard fellow who is commonly considered the arbiter of the RSS format, on his long-running Scripting.com blog. 'There is a lot of implicit trust in the RSS network, an assumption that vendors will behave rationally and will care for users. Any participant can break us, as Google is proving... RSS supporters argued that Google could have given members a choice between RSS or Atom, since Blogger already offers the older format. But Atom partisans lauded Google's move, saying it made sense in the context of the company's support for open-source software and open standards. 'RSS has long been controlled by a single vendor or entity,' said Mark Pilgrim, an early contributor to Atom. 'Atom's an open standard, so people can point at the spec and say they're conforming to it, and it's not controlled by one of their competitors. And RSS is.'... Atom backers are proceeding with plans to bring their technology under the auspices of the Internet Engineering Task Force (IETF). IBM engineer Sam Ruby, who has spearheaded the Atom effort, was scheduled to address O'Reilly's Emerging Technologies conference on a proposal for IETF to assume responsibility for Atom. Ruby could not immediately be reached for comment. But Pilgrim estimated that Atom, which dates back only to June of last year, would work its way through the IETF and be ratified as a 'request for comment' draft no later than August [2004]..." From Sam Ruby's slides, presented at the O'Reilly Emerging Technologies Conference, "!Echo wiki: Lessons Learned": "A draft [IETF] charter [for Atom work] will be prepared in time to be informally discussed at the IETF meeting is Seoul, Korea on the week of 29-February-2004 to 5-March-2004; Hopefully, the Working Group itself will be approved in March 2004; Most of the work will be done on mailing lists; Ideally, a face to face meeting of the Working Group will be scheduled to coincide with the August 1-6, 2004 meeting of the IETF in San Diego, CA..." See: (1) "RDF Site Summary" | "Really Simple Syndication" (RSS)"; (2) "Atom as the New XML-Based Web Publishing and Syndication Format."

[February 12, 2004] "How Will Office 2003 DRM Impact Interoperability?" By Paul Cesarini (Assistant Professor, Advanced Technological Education Program, Bowling Green State University, Bowling Green, Ohio). In IT Manager's Journal (February 12, 2004). "Last October, OpenOffice.org released the 1.1 version of its office productivity suite. This update included native PDF and Flash conversion, complex text layout language support, and increased compatibility with Microsoft Office file formats. Roughly a month later, Microsoft released Office 2003. This product was freshly-infused with digital rights management (DRM) technologies, dubbed 'information rights management' by Microsoft, designed to secure and restrict access to documents as needed. Documents employing DRM created in Office 2003 may well only be accessible via Office 2003. More recently, Microsoft filed for numerous patent applications in New Zealand and Europe, covering the interoperability of XML-based word processing documents... What do these tactics mean for interoperability between current and pending versions of Microsoft Office and competing products such as OpenOffice.org and StarOffice? Are the goals espoused by Microsoft, namely increased document security, the driving concern behind these moves, or is this a careful strategy designed to lock out competition? [...] Louis Suarez-Potts, OpenOffice.org's community manager argues that the point of files using [Microsoft] DRM is not to simply to make them more secure, but rather to enable an end-run around interoperability. 'On a superficial level, the point of DRM is to limit free access to only those applications able to read DRM-delimited documents', Suarez-Potts said. 'Put another way, MS Office will generate a class of files which only people with the same kind of MS Office will be able to open, let alone edit.' Additionally, Suarez-Potts added that '[OpenOffice.org] will doubtless have better equivalents, ones that are just as secure and conceivably also as limiting.' Suarez-Potts also believes that Microsoft's strategy is unlikely to succeed, due to the required software investment in both server and client sides -- particularly since both the sender and receiver of IRM-enabled Office files would have to buy in to these upgrades..." See: (1) "Microsoft Files for Patents Related to XML Parsing and Word Processing"; (2) "Microsoft Announces Licenses for Use of Office 2003 XML Reference Schemas"; (3) "Microsoft Announces Windows Rights Management Services (RMS)." General references in "XML and Digital Rights Management (DRM)."

[February 11, 2004] "Compuware Boosts Web Services Security in Modeling Tool." By Paul Krill. In ComputerWorld Australia (February 09, 2004). "Compuware this week unveiled OptimalJ 3.1, a model-driven Java development tool featuring support for the Web Services-Security specification as well as integration with application servers, modeling tools, and messaging middleware. The product, which supports UML, uses a model-driven, pattern-based (MDPB) approach, the company said. MDPB uses patterns to automatically translate business models into working applications, according to Compuware. A highlight of Version 3.1 is support for Web Services-Security (WS-Security), a specification expected to be finalized by OASIS by mid-March. The specification will help enterprises extend Web services to interact with other organizations, according to Compuware, which believes it is the first company to offer WS-Security support in a model-driven tool. 'Organizations are implementing Web services, but mostly behind the firewall. Really, it's a limitation to organizations,' said Michael Sawicki, OptimalJ product manager. Analyst Rikki Kirzner, research director for application development and deployment at International Data Corp., said that with security such a major issue these days, particularly in regards to Web services, tools vendors need to start incorporating it into their products... Version 3.1 also adds application server deployment support. New application server platforms supported include BEA WebLogic Server and IBM WebSphere. Previously, OptimalJ would perform unit tests in the JBoss application server and then generate deployment descriptors for IBM Corp. and BEA Systems Inc. application servers. With the new support, OptimalJ can test in the BEA or IBM production environment. The product also adds integration with the Borland Together Control Center and SparxSystems Enterprise Architect Modeling tools. Previous tools supported have included IBM Rational Rose. Integration with other modeling tools enables information exchange with OptimalJ and leveraging of existing models..." See: (1) the announcement: "Compuware Takes Model-Driven Development Mainstream, Releases Compuware OptimalJ 3.1 and Announces Vision for New Paradigm of Enterprise Application Development. Model-Driven Pattern-Based (MDPB) Approach Bridges J2EE Skills Gap. Enables Companies to Increase Productivity of Enterprise Application Development."; (2) "OMG Model Driven Architecture (MDA)"; (3) "OASIS Web Services Security TC (WSS) Approves Committee Draft Specifications."

[February 11, 2004] "XML How-To: First of All, Never Cross Your Authors." By Patricia Daukantas. In Government Computer News (February 09, 2004). ['The Fish and Wildlife Service's Owen Ambur says he's glad the XML industry recognizes that users want open standards.'] "Agencies that don't already have an Extensible Markup Language evangelist should get one, advises Brand L. Niemann. Why? Because the person tapped for the job can act as a guide to the burgeoning technology, said Niemann, an Environmental Protection Agency computer scientist and member of the CIO Council's Emerging Technology Subcommittee. Niemann also has headed the CIO Council's XML Web Services Working Group through its existence. The effort has morphed into a series of quarterly government conferences on software component technology. 'The quicker we can define XML schemas and make them available to vendors to put into applications, the better we'll all be,' said Owen Ambur, a Fish and Wildlife Service systems analyst and co-chairman of the CIO Council's XML Working Group. Agencies need three levels of applications for XML documents, Niemann said. The first type lets users create documents without any kind of tagging. The second requires minimal tagging. The third includes advanced features for application developers and programmers..." See also "US Federal CIO Council XML Working Group."

[February 11, 2004] "XML Schema Definition for IDMEF Message." By Kohei OHTA (Cyber Solutions Inc). IETF Network Working Group, Internet Draft. Reference: 'draft-kohei-idmef-schema-00.txt'. February 09, 2004; expires August 9, 2004. 33 pages. Prepared for consideration by the IETF Intrusion Detection Exchange Format Working Group. "The purpose of this document is to define a message format of IDMEF in XML Schema. The Intrusion Detection Message Exchange Format is formally defined in an XML DTD. The data model and basic definitions are specified according to the original definition in the DTD format. In the original definition in the DTD, urn:iana:xml:ns:idmef is used as the namespace and defined as attribute. In this definition in XML Schema, we use urn:ietf:params:xml:ns:idmef as the namespace according to the document The IETF XML Registry..." From the main IDMEF spec: "The purpose of the Intrusion Detection Message Exchange Format (IDMEF) is to define data formats and exchange procedures for sharing information of interest to intrusion detection and response systems, and to the management systems which may need to interact with them. This Internet-Draft describes a data model to represent information exported by intrusion detection systems, and explains the rationale for using this model. An implementation of the data model in the Extensible Markup Language (XML) is presented, an XML Document Type Definition is developed, and examples are provided." See: (1) See: "Intrusion Detection Message Exchange Format"; (2) general references in "Application Security Standards." [IETF source URL]

[February 11, 2004] "W3C Approves Pair of Semantic Web Specs." By Darryl K. Taft. In eWEEK (February 11, 2004). "The World Wide Web Consortium has announced the approval of two Semantic Web technologies as standards. Janet Daly, a spokeswoman for the W3C, of Cambridge, Mass., said the approval of the Resource Description Framework (RDF) and the Web Ontology Language (OWL) as W3C recommendations is likely to be one of the W3C's most important announcements this year. RDF and OWL set a framework for sharing and reuse of data on the Web, as well as for asset management and enterprise integration... Using RDF and OWL content developers can connect metadata with documents to enable better search capabilities. Other enhanced capabilities include the ability to integrate enterprise applications and better manage Web sites. W3C officials said XML, RDF and OWL set the foundation for the Semantic Web. XML sets rules for syntax for structured documents, RDF adds a way to provide descriptive information, and OWL represents a language for creating domain-specific vocabularies for various subjects. Although the news of the W3C approval of RDF and OWL is important, the bigger issue is the flurry of industry support around the specifications, according to Daly. The W3C issued testimonials from 24 companies, universities and organizations supporting the standards..." See details in the news story: "W3C Recommendations: Resource Description Framework (RDF) and Web Ontology Language (OWL)."

[February 11, 2004] "Index Grid Services Using Globus Toolkit 3.0. Learn How to Use the Index Service of Globus Toolkit 3.0." By Cai Jun Jie (Software engineer, Globalization Certification Laboratory, IBM). From IBM developerWorks, Grid computing. February 03, 2004. ['The Index Service of Globus Toolkit 3.0 is a helpful component for building grid applications. It can be used to index Service Data carrying state information from multiple grid service instances for use in resource discovery, selection and optimization. In this article the author explains how to set up the Index Service for static and dynamic indexing, and how to improve the reliability of the indexing. The primary way of writing a grid service with custom Service Data and how these data can be queried from the Index Service after aggregation are also covered.'] "Information management is a key issue in the construction of grid applications. This usually involves the generation, aggregation and synchronization of information about grid resources for use in resource discovery, selection, and optimization. In the Open Grid Service Architecture (OGSA), everything is represented as a grid service and expresses its state in a standardized way as Service Data Elements (SDEs). As the reference implementation of Open Grid Service Infrastructure (OGSI), which forms the foundation of OGSA, Globus Toolkit Version 3.0 (GT3) provides three additional components referred as GT3 Base Services. Information service, implemented as the Index Service, is one of the GT3 Base Services. It provides the functionality within which Service Data can be collected, aggregated, and queried; data feeds can be monitored; and Service Data can be created dynamically on demand. This article focuses on how the Index Service can be used to index grid services, for example, to index Service Data from multiple grid service instances through the subscription and notification interfaces that OGSI has defined. This can be accomplished either statically using the configuration file of the Index Service, or dynamically by calling the interface of the Index Service programmatically, both of which will be covered in this article. However, since subscriptions are transient in current GT3 implementation, indexing is not reliable. Data loss or inconsistency can occur when the Index Service or any of the aggregated grid service instances are restarted. Fortunately, there are still ways to implement more reliable indexing if it is really desired... The Index Service aggregates Service Data from multiple grid service instances using the subscription-notification mechanism defined by the OGSI specification -- that is, it subscribes to the Service Data it wants to index so that it will be notified and get the most up-to-date value whenever there is an update. As a result, the grid service providing this Service Data must implement the NotificationSource portType..."

[February 06, 200] "Plumtree Reins in Diverse Web Applications. Portal Package Oversees Security, Content, Collaboration, and Search." By Mike Heck (InfoWorld Test Center). In InfoWorld (February 06, 200). "Does your organization often turn to portals in an attempt to manage the sprawl of Web-based applications? If so, you may be all too aware that these projects can fail to deliver their anticipated ROI. That's because IT managers overlook the need to extend core functions — content management, search, and security — to the applications that appear within a portal. As a result, companies often settle for a portal that provides a decent user experience for a few locally hosted functions. However, the portal doesn't provide an overarching administration framework, nor does it help you lower development and maintenance expenses... Plumtree Enterprise Web Suite includes major updates to every Plumtree product. Plumtree Corporate Portal 5.0 offers new community, knowledge management, and administrative functions, most notably the ability to index content and broker security from many systems. Complementing the portal are the Plumtree Search, Collaboration, Content, and Studio (portlet development) Servers that better integrate with the portal. Equally important, you get an architecture based entirely on Web services (either Java or .Net), which simplifies creating portal applications and customizing the user interface. Plumtree's implementation of WSRP (Web Services for Remote Portlets) and JSR (Java Specification Requests) 168 is strong. Plumtree Corporate Portal communicates with a container that holds the JSR 168 portlet so the portlet can run on any J2EE or Windows application server. The other advantage with this approach is that Plumtree Corporate Portal can handle a larger number of portlets than if the portlets were running on the Plumtree portal server..." General references: "Web Services for Remote Portals (WSRP)."

[February 05, 2004] "OASIS, AMD Push Open Identity Management Standard." By David Worthington. In BetaNews (February 05, 2004). "Trusted identity management just got a new complement: trusted asset management. While commonly viewed as two distinct but overlapping disciplines, new technology promises usher in an alternative to proprietary identity and data management systems by lassoing both together into a single solution. This breakthrough enables rich software and hardware scenarios -- specifically in the realms of rights management and trusted computing. By being an open standard, these solutions are delivered to the masses all while skirting corporate patent portfolios... The XRI and XDI framework is designed such that companies and organizations no longer need to represent individuals through identity management solutions such as America Online's Screen Name or Microsoft's Passport. Instead, XRI permits recognition of identity in both a personal and generic context, without requiring a user to be federated with an organization. An upcoming release of Passport focusing on satisfying many of these same issues is code-named TrustBridge. Cordance's Drummond Reed, co-chair of the OASIS XRI and XDI Technical Committees, told BetaNews that the XRI and XDI standards were not trying to compete with or circumvent other open identity solutions such as Liberty Alliance, saying the two have different goals... XDI builds upon existing and emerging XML standards to solve the problems long associated with data sharing. Many of these problems are, in fact, fundamental. [According to] Jamie Lewis, CEO and Research Chair of the Burton Group: 'Today, we use a wide variety of different mechanisms for identification, including e-mail addresses, IP addresses, phone numbers, and object identifiers. But most of these are specific to one specific means of interaction. None of them is persistent across the many different ways that people, applications, and devices can communicate, and so they don't function well as identifiers in the long run. In the future, for example, a variety of factors may determine where you would like to receive in-bound communications; you may want to receive e-mail when using your laptop, a phone call when all you have is your mobile device, and a text message when in a meeting. But how do people (or applications or devices) know when and how to communicate with you if they identify you by one of the addressing schemes used by these different communication services? In such a case, it would be better to have a persistent, unique identifier, and then use a current email address, phone number, and IM screen name as attributes of that identifier. Thus, a simple change in a preference setting could effectively route incoming communications to the appropriate service, or tell people who want to communicate with you how best to do so at a given time. Also, if your e-mail address or phone number changes, the persistence of the underlying identifier makes maintaining consistency through such changes much easier... In the telecommunications space, for example, major mobile carriers could, in theory, adopt XDI/XRI as a means of managing presence and communication preference information per my earlier example. Likewise, the Trusted Computing Group could, in theory, use XRI/XDI as a basis for their specifications. AMD is involved in the creation of the spec, which is somewhat encouraging. But neither Microsoft nor IBM, two major players in the trusted computing arena, have even hinted that they will adopt the specification in their trusted computing work'..." See the news story "OASIS Members Form XRI Data Interchange (XDI) Technical Committee."

[February 03, 2004] "Coordinating Web Services Activities with WS-Coordination, WS-AtomicTransaction, and WS-BusinessActivity." By Luis Felipe Cabrera, George Copeland, Jim Johnson, and David Langworthy (Microsoft Corporation). Microsoft White Paper. With contributions from Omri Gazitt, Johannes Klein, Rodney Limprecht, Matt Powell, Rebecca Dias, and Brad Lovering. January 28, 2004. 22 pages. This document is intended to show "how the new WS-BusinessActivity Framework specification relates to the WS-AtomicTransaction and WS-Coordination specifications. The Web Service architecture provides a set of modular protocol building blocks that can be composed in varying ways to create protocols specific to particular applications. The protocols present in WS-Coordination, WS-AtomicTransaction, and WS-BusinessActivity are mechanisms to create activities, join into them, and reach common agreement on the outcome of joint operations. These specifications provide a basis on which to build interoperable, distributed applications that desire to coordinate joint work. The operations of Web service activities that are common to explicit coordination are defined in the WS-Coordination specification. The WS-AtomicTransaction and WS-BusinessActivity specifications each define a type of agreement coordination that addresses the needs of complementary classes of activities. Both of them leverage WS-Coordination and jointly provide agreement coordination infrastructure for tightly and loosely coupled activities, whether short- or long-lived. In particular, activities that require the traditional atomic, consistent, isolated, and durable (ACID) properties of transactions are natural users of WS-AtomicTransaction. Those activities that require tentative operations that are visible to third parties before the final outcome of an activity are natural users of WS-BusinessActivity. As Web services may belong to different enterprises, there is need to support arm's-length relationships. Each pair-wise relationship between services should be defined to include everything needed for the two parties to interoperate and reach an agreed outcome, but nothing else. These specifications achieve this goal by assuming: (1) Asynchronous operation among participants; (2) Explicit registration in activities with pre-defined behaviors; (3) All communication between participants is based on a collection of mandatory messages and mandatory message exchange patterns for coordination operations; (4) Composition with other WS-* specifications so that additional functionality, such as reliable messaging and end-to-end secure message exchanges, can be achieved. The coordination specifications describe on-the-wire protocols, including XML schema, WSDL, state transition diagrams, and state tables. This paper supplements these specifications with our perspective on why these mechanisms are what they are, what to use them for, and when it is appropriate to use them..." See details in "WS-BusinessActivity Specification Completes the Web Services Transaction Framework."

[February 03, 2004] "Microsoft Balances Patents, Standards." By David Becker. In CNET News.com (February 3, 2004). ['In the past month, Microsoft has applied for patents in Europe and elsewhere to cover how XML-based documents are created in the company's dominant Word software. The applications are indicative of a struggle faced by Microsoft and other companies: They want to profit from their research and innovations, yet standards-based technology has to be freely available on some level to encourage broad adoption and ensure interoperability.'] "To patent or not to patent, that is the question for Microsoft. The software giant has been a prolific intellectual property mill over the past two decades, securing more than 3,000 U.S. patents. But as Microsoft and other large companies actively embrace open standards as a way to expand the market for Web services and other technology, they walk a fine line between promoting the adoption of standards and protecting valuable proprietary software... Analysts and rivals claim the company is attempting to use patented technology to lock out competitors. Microsoft contends it is simply protecting its intellectual property... The balancing act is particularly tricky as Microsoft embarks on a new mission to generate more revenue from its intellectual property. The company last year hired Marshall Phelps, the lawyer who made intellectual property licensing a major revenue source for IBM, and recently began licensing several commonly used technologies as part of a broad campaign to boost its intellectual-property-licensing business... One of the toughest issues is deciding what level of innovation is worthy of protection. The XML standard itself obviously isn't patentable, but what about a minor and somewhat obvious way of manipulating data based on the standard? What about a fairly radical idea, such as embedding a different customized user interface within every XML document? [...] David Kaefer, director of business development for Microsoft, said royalty-free licensing made sense for Office XML schemas, but that approach may not apply to other XML-based innovations. "With the XML schemas, we saw a lot of partner and customer requests to make those schemas available," he said. "By making those available, there's a real benefit to encouraging the market to standardize and adopt XML. It's hard to say what beyond that we will do...It comes down to what offers the best benefits for customers and partners." Kaefer added that free and for-profit intellectual property licensing can serve the goals of interoperability and open standards..." See: (1) "Microsoft Files for Patents Related to XML Parsing and Word Processing"; (2) "Patents and Open Standards."

[January 31, 2004] "No Free Lunch: Microsoft Fumbles the Patent Ball." By Steve Gillmor. In eWEEK (January 30, 2004). "Microsoft has coupled royalty-free licensing with its Office XML schema patent filings, but the move may turn out to be very expensive indeed. Microsoft's decision to drop the other shoe on Office 2003's XML schemas may come back to haunt it. News reports of patent filings with New Zealand and the European Union triggered fears that third-party vendors would be prevented from accessing Office documents without licensing the new formats... It's no coincidence that Microsoft announced the 'opening' of the Office Schema licenses at a time when the software giant is under pressure to settle the six-year antitrust probe by the European Union. And just as with its DRM licensing, just because it's free now doesn't mean it will continue to be down the road once market share reaches a dominant position. But getting to 90 percent share or greater -- as Microsoft did with Windows, Office and Internet Explorer -- will not be as easy this time. Oddly, Redmond seems blinded to the reality of the new Web operating system, where technologies such as RSS are pushing the marketplace toward small XML fragments called micro-content and away from bulky Word documents. Part of the problem is of Microsoft's own making. The company's reluctance to cannibalize the Office file formats has slowed down Outlook's move to an XML underpinning. For years now, Outlook's XML object model has trailed other Office apps. Luckily for Redmond, office suite competitors such as Lotus and Novell imploded at the same time. Even now, Sun's OpenOffice has cloned the Microsoft hairball rather than producing micro-content objects that could be stitched together to create the same kind of rich compound documents... In a micro-content world, business documents are broken down into their constituent elements: notification, transaction, context, priority and lifetime. IM traffic, Weblog posts, breaking news, appointments, alerts and good old e-mail comprise a dominant percentage of micro-content traffic. Managing the real-time flow of information becomes Job One, followed closely by archiving and publishing snapshots of the data as 'documents'... To be sure, Microsoft can take comfort in its strategy of waiting for the competition to do the R&D and then swooping in when the market is primed. Micro-content authoring tools are in their infancy, held back by the lack of resources in mom-and-pop RSS aggregator shops. But the patent filings are giving companies such as Apple and Sun time to seed their platforms with common services that can be bootstrapped by small ISVs..." See the news story: "Microsoft Files for Patents Related to XML Parsing and Word Processing."

[January 31, 2004] "Microsoft on Patenting XML Formats." By Dan Gillmor. From SiliconValley.com (January 27, 2004). "I recently asked whether Microsoft's moves to patent the XML formats it's using in new versions of Office were, once again, a customer lock-in ploy. Here's a (slightely edited) reply from Mark Martin, who's employed by the Microsoft's PR company: [...] 'While the XML standard itself is royalty free, nothing precludes a company from seeking patent protection for a specific software implementation that incorporates elements of XML. This is an industry-standard means of differentiation followed by other major companies. This does not, in any way, change the royalty-free nature of the XML standard itself. The presence of this patent application in New Zealand does nothing to change the commitment Microsoft made this past November when it announced the available of a royalty-free licensing program for our Office 2003 XML Reference Schemas...' Dan Gillmor: "I don't think anyone is alleging that Microsoft is trying to block XML development. The worries are that Microsoft is trying to enforce rights that would block some people from freely using this supposedly open technology. There's a difference. It also sounds to me like Microsoft wants it both ways, but maybe these patents truly are defensive and nothing else. We'll find out soon enough, I suspect, when OpenOffice developers and others from the open-source community try to use the Microsoft XML schemas in a serious way. Of course, as I noted before, Microsoft could demonstrate good intentions, not just state them, by putting the schemas into a Creative Commons conservancy. No hint of that, however..." See: (1) "Creative Commons Project"; (2) "Microsoft Files for Patents Related to XML Parsing and Word Processing."

[January 31, 2004] "The SPIRITS (Services in PSTN requesting Internet services) Protocol." Edited by Vijay K. Gurbani. Contributors: Alec Brusilovsky, Igor Faynberg, Jorge Gato, Musa Unmehopa, and Kumar Vemuri. IETF Internet Draft. Reference: 'draft-ietf-spirits-protocol-07.txt'. Category: IETF Standards Track. January 2004, expires July 2004. 43 pages. Section 9 provides the XML schema definition. ['The IESG has received a request from the Service in the PSTN/IN Requesting Internet Service WG to consider this document as a Proposed Standard. The IESG plans to make a decision in the next few weeks, and solicits final comments on this action by 2004-02-12.'] "SPIRITS (Services in the PSTN Requesting InTernet Services) is an IETF architecture and associated protocol that enables call processing elements in the telephone network to make service requests that are then processed on Internet hosted servers. The term Public Switched Telephone Network (PSTN) is used here to include all manner of access; i.e., wireline circuit-switched network as well as the wireless circuit-switched network. This document defines a base XML schema for subscriptions to events. The list of events that can be subscribed to is defined in the SPIRITS protocol requirements document and this document provides an XML schema for it. All SPIRITS subscribers (any SPIRITS entity capable of issuing a SUBSCRIBE, REGISTER, or INVITE request) must support this schema. All SPIRITS notifiers (any SPIRITS entity capable of receiving and processing a SUBSCRIBE, REGISTER, or INVITE request) must support this schema... The document also defines a base XML schema for notifications of events. All SPIRITS notifiers must generate XML documents that correspond to the base notification schema. All SPIRITS subscribers must support XML documents that correspond to this schema. The amount of information that can be available in a notification depends on the information elements available to the PSTN entity generating the notification for the event subscribed to. It is entirely conceivable that some PSTN entities may have richer information elements, while others simply support the most primitive information elements. Thus, the SPIRITS protocol includes provisions for extending the notification schema... The namespace URI for elements defined in this document is a Uniform Resource Name (URN), using the namespace identifier 'ietf' - urn:ietf:params:xml:ns:spirits. SPIRITS XML documents may have a default namespace, or they may be associated with a namespace prefix following the convention established in XML namespaces. Regardless, the elements and attributes of SPIRITS XML documents must conform to the SPIRITS XML schema..."

[January 31, 2004] "What's New in Tomcat 5." By Jason Brittain (Friendster Inc). From O'Reilly ONJava.com (January 28, 2004). "The Apache Tomcat developers have released their latest version of the popular open source Java servlet and JSP container, version 5.0.16, as the first stable release of Tomcat 5. In this article, we'll take a look at the latest features in Tomcat 5. The release of Tomcat 5 corresponds with the final release of the Servlet 2.4 and JSP 2.0 specifications. The Servlet 2.4 Specification is only a slight evolution of the Servlet 2.3 Specification, so the API and semantics are almost completely backwards-compatible. With very few exceptions, Servlet 2.3 web applications should work fine in a Servlet 2.4 container. This is great news for those currently using Tomcat 4 who wish to upgrade to Tomcat 5 -- you probably don't need to modify your web applications... The deepest impact that the Servlet 2.4 specification has on Tomcat 5 is the integration of XML Schema. In previous versions of the servlet specification, the deployment descriptors for servlet web applications were defined and validated using an XML DTD. This worked fine, but as it turned out, DTDs aren't quite modular or flexible enough for other technologies to be able to leverage servlet web apps as a framework. To achieve this level of flexibility and modularity, those involved in revising the Servlet 2.4 Specification and other J2EE 1.4 specifications decided to base the deployment descriptor definition and validation on the newer XML Schema, while maintaining backwards-compatibility with the older servlet 2.3 (and lower) DTDs. The JavaServer Pages 2.0 Specification is a new version of JSP, and quite a bit larger due to its many new features, but aims to be backward-compatible with JSP 1.2. The most important addition to JSP 2.0 is the inclusion of the JavaServer Pages Expression Language (EL). Since EL is now part of the JSP container, EL became more useful because it can be used even in the middle of template text as opposed to just within certain custom tags. For Tomcat developers, the main thing to keep in mind with this new addition is that EL is now also part of Tomcat 5, which makes version 5 more featureful and easier to use than Tomcat 4 for developing detailed web applications. Also included in JSP 2.0 are improvements to the handling of XML content, which allow developers to write their dynamic XML content as JSP content... Tomcat 5.0 contains many substantial updates and improvements over Tomcat 4.1. Many of the underlying technologies that Tomcat builds upon have been updated, enabling Tomcat 5 to offer a wider range of solutions and features to the administrator and developer. This, combined with many performance enhancements and a smaller memory footprint during heavy loads means that Tomcat 5 does a better job with the same web apps than does Tomcat 4. Tomcat 5 is also more manageable, more easily monitored, and is easier to build. Tomcat 5.0 is production-ready now. The Tomcat community tested many releases of Tomcat 5 before it was voted stable late last year..." See also Tomcat: The Definitive Guide, by Jason Brittain and Ian F. Darwin (O'Reilly).

[January 31, 2004] "DCML Brings Clarity to Data Center Chaos. By Capturing Properties and Relations, DCML Bids to Break the Management Barrier." By Doug Allen. From Network Magazine (January 05, 2004). "For just about any IT manager, the data center is chaos: a sea of multivendor servers, arrays, cabling, and so on-all of which must play nicely together amidst a torrent of ever-shifting user demands, new software and capacity upgrades, and dynamic user policies. The thought of capturing this complexity, whether to improve management capabilities or to replicate the design for sister distributed data centers, is truly frightening... A [proposed] DCML standard is in the works that will use Extensible Markup Language (XML) to describe any data center environment. Much like an architect's blueprint, the resulting template will document both the necessary network elements (servers, software infrastructure and applications, network and storage components, plus various OS platforms) and their interdependencies -- that is, the way each element or subelement works with and affects every other element in the data center. In short, this means an open, cross-platform dynamic database of configurations, user policies, and real-time management and monitoring data. A DCML template replaces or complements previous approaches to describing the data center, such as manual documentation, ad hoc or platform-specific standards, and configuration imaging... A DCML file contains nine profiles: server configurations (hardware specifications, I/O settings, OS loads, and patch levels), software configurations (installed packages or images, installation sequences and patch levels, and so on), applications (descriptions of complete n-tier business applications across disparate servers or code), environmental lifecycle (classifying servers and code into groups such as development, build, test, staging/stress testing, and production and/or disaster recovery), networking (firmware versions, protocols, and configurations for switches, routers, bridges, access devices, and so on), security (firmware versions, flash configurations, and administrative and configuration settings for firewalls, IDS/IPSs, anti-virus solutions, and so on), storage (disk space allocation and configuration for storage arrays, NAS, and SANs), the data center itself (complete hierarchical combinations of all elements), and environmentals (enterprise requirements of the center itself, including power, cooling, floor space, and physical configurations)... It's important to note that the DCML Organization hasn't been able to enlist Microsoft, which will likely push its own Systems Definition Model (SDM). HP, IBM, and Sun Microsystems are also no-shows so far. DCML may have a fight on its hands, or else must position itself as complementary to the big boys. In any case, the organization plans to develop the specification and then merge with a larger standards group, such as OASIS, the IETF, or the DMTF. Formal ratification is expected by the end of 2004..." See the news story "Opsware and EDS Launch Data Center Markup Language (DCML) for Utility Computing."

[January 31, 2004] "Tech Giants Lock Down Wireless Content." By Ben Charny, Richard Shim, and John Borland. In CNET News.com (January 30, 2004). ['A group of technology heavyweights is expected to announce new technology for securing music and video on wireless devices. Bottom line: Development of a wireless content security specification could help spur new mobile media services -- and pose a fresh challenge to Microsoft and others developing similar technology.'] Formerly known as "Project Hudson," the DRM effort "will kick off publicly Monday [2004-02-02], with the announcement of new digital rights management (DRM) specification from industry group the Open Mobile Alliance (OMA), as well as the formation of a new licensing body led by Intel, Nokia, Panasonic and Samsung that will promote the technology, according to sources. Toshiba was originally a member of the licensing group but has since backed out. The licensing entity will be known as the Content Management License Administrator (CMLA) and will promote an implementation of the latest version of OMA's digital rights management standard... CMLA aims to ease piracy concerns among movie studios and record labels over a growing number of devices, including cell phones, capable of connecting to wireless networks. According to one source familiar with the plan, the DRM scheme will be built into mobile handsets, allowing encrypted files to be streamed onto compliant devices. Known as OMA DRM 2.0 Enabler Release, the specification could also potentially support devices connected in wireless networks based on the 802.11 standards, or Wi-Fi. Despite being a relative newcomer in the crowded DRM space, the CMLA plan has already won some early support from major content owners... Software makers hope to cash in on the media industry's demand for DRM by supplying security standards that could ultimately give them a slice of the profits every time a song or movie is bought or played online. They also stand to reap substantial fees from hardware companies that would be required to license their technology in order to legally play back most copyrighted music and videos. A wave of competing and incompatible DRM products has hit the market from Microsoft, Apple Computer, Sony, IBM, RealNetworks and others, creating interoperability headaches for consumers. For example, Apple's best-selling iPod digital-music player supports only the company's own flavor of DRM, which is used on songs purchased from its iTunes Music Store. DRM-protected songs purchased from other music download stores can't be played back on the iPod, nor will iTunes songs play on any MP3 player other than the iPod. Nokia, Motorola, Sony Ericsson Mobile Communications and Siemens make a total of 46 handsets that use an early version of OMA's DRM, while Ericsson and Openwave Systems make servers that use the technology, according to OMA's Web site..." General references in: (1) "Open Mobile Alliance: Digital Rights Management" [December 2003]; (2) "Proposed Open Mobile Alliance (OMA) Rights Expression Language Based Upon ODRL"; (3) "XML and Digital Rights Management (DRM)."

[January 30, 2004] "XML Security: The XML Key Management Specification. XKMS Helps Make Security Manageable." By Manish Verma (Second Foundation). From IBM developerWorks (January 27, 2004). "With an ever-increasing number of people and businesses relying on the Internet to exchange confidential and sensitive information, security has become a hot issue. Two security-related topics have gained significant importance: Ease of management: Making the security infrastructure's usage and integration with applications easy so that its adoption becomes widespread. Portable trust: After a trust relationship has been established with an entity, having a standard mechanism to transfer that trust to another cooperating entity. Single SignOn is a typical example of portable trust. After a user has been authenticated with a particular Web site, a standard mechanism passes that information to other cooperating sites that require the user's authentication information. This allows those sites to transparently share information about an entity without the need to request the same information from the entity again and again. For single sign-on to work, the entities must recognize each other's credentials. The XML Key Management Specification (XKMS) allows for easy management of the security infrastructure, while the Security Assertion Markup Language (SAML) makes trust portable. SAML provides a mechanism for transferring assertions about authentication of entities between various cooperating entities without forcing them to lose ownership of the information. This article discusses the role that XKMS plays in managing the security infrastructure, and provides a step-by-step guide to using XKMS... Often, good technologies fall by the wayside because they are cumbersome to use; in such cases, only a small devoted set of developers continue using the technology without it ever being adopted by average IT departments. PKI has been around for many years, but has not yet made it into typical IT departments. Now, XKMS provides an easy mechanism for using and integrating PKI with applications. In this article, I have explained the objectives of having an XKMS abstraction layer on various PKI solutions, and demonstrated how easy it is to use the XKMS service for registering and locating your key. In my next article, I will focus on explaining how to make this trust portable using SAML..." See general references in: (1) "XML Key Management Specification (XKMS)"; (2) "Security Assertion Markup Language (SAML)."

[January 30, 2004] "Systinet Broadens XML Schema for Verticals." By Rich Seeley. In Application Development Trends (January 26, 2004). "As XML Schema definitions proliferate in e-business Web services applications, developers face the almost overwhelming task of finding ways to process them, according to Peter Lacey, director of field engineering at Systinet Corp., Cambridge, Mass. Some definitions, such as Parlay X in the telecommunications industry, don't even fully adhere to the XML Schema standard, Lacey said, but developers and tools and platform vendors still need to support it. Seeking to provide broad support for emerging vertical industry standards such as Parlay X for telcos and the Financial products Markup Language (FpML) for banks, Systinet has released an enhanced version of its WASP Server for Java. WASP Server for Java 4.7 supports not only vertical industry XML Schema definitions, but can be customized as individual companies create company specific standards, Lacey said. He pointed to a banking customer of Systinet as an example. 'The bank in this case uses FpML' he said. 'But then they extended it to encompass the needs that are particular to them that are not generic to the entire financial products industry'..." From the WASP Version 4.7 announcement: "Systinet, the leading independent Web services software company, today announced the availability of Systinet WASP Server for Java, 4.7, the award-winning Web services infrastructure platform that provides a complete solution for developing and deploying enterprise Web services applications. WASP Server for Java, 4.7 makes it possible, for the first time, to deploy Web services in critical business projects that demand proven reliability and security and that require seamless integration at both the application and data levels. WASP Server for Java, 4.7 provides unique functionality for data integration with the industry's broadest support for XML Schema definitions, including FpML, OFX, ACORD, Parlay and HL7. For developers, this means they can deploy Web services applications and can confidently rely on WASP to validate XML data formats and values according to the rules encapsulated in the XML Schema. This makes the developer more productive and eliminates errors and inconsistencies..." See also: (1) the WASP Version 4.7 Overview; (2) company announcement 2004-01-29: "Systinet Closes Highly Successful 2003 with Strong Momentum and Growth. Leading Independent Web Services Software Provider Grows its Revenue 5X in 2003, Signs Over 70 Customer Deals and is Poised for Continued Growth in 2004." (3) general references in "Financial Products Markup Language (FpML)."

[January 30, 2004] "Microsoft Scraps IE Changes in Eolas Patent Dispute." By Matt Hicks. In eWEEK (January 05, 2004). "Microsoft Corp. gave Web developers a reprieve on Thursday, announcing that it had scrapped its plans to modify Internet Explorer this year in response to a patent infringement verdict against it. Microsoft in October said it would change the way the Web browser and Windows XP handle Web pages that use its ActiveX Controls, its version of an applet. The modified version of IE was expected to be out early this year to overcome the patent dispute at the heart of the $521 million verdict that Eolas Technologies Inc. won in August against Microsoft. Despite holding off on the browser modifications for now, Microsoft's decision is temporary. Whether it moves forward with IE changes in the future largely depends on the outcome of its appeal and on the results of a U.S. Patent and Trademark Office reexamination of Eolas' patent..." See also the Microsoft announcement and the W3C Summary in "Summary of 23 January 2004 HTML PAG teleconference." Background in: (1) "US Federal Trade Commission Report Calls for Patent Law and Policy Reform"; (2) "W3C Presents Prior Art Filing to USPTO and Urges Removal of Eolas Patent"; (3) "Patents and Open Standards."

[January 30, 2004] "Sun Urges Eclipse to Unify Java World." By Martin LaMonica. In CNET News.com (January 30, 2004). "Java steward Sun Microsystems has sent a letter to members of Eclipse, urging the increasingly influential open-source project to unify rather than fragment the Java-based development tool market. Sun sent the letter Thursday afternoon, only a few days before Eclipse is set to break from founder IBM as an independent open-source project. Sun also reiterated its previous decision not to join Eclipse because that would mean abandoning its NetBeans open-source Java tools initiative, which forms the basis for Sun's commercial products. Eclipse maintains a Java development tool platform -- also known as Eclipse -- that allows developers to mix and match different types of tools in a single programming application. NetBeans serves largely the same function, but has not garnered as much industry support as Eclipse. Before such software became prevalent, it was difficult, if not impossible, for many Java tools to work together... On Thursday, Sun warned that despite the change of status, a number of issues could still concentrate power in IBM's hands or serve to advance the business interests of some companies, rather than the Java industry -- Sun included -- as a whole. IBM is heavily invested in Eclipse software, which it's using across its entire software product line. Although staunch rivals, Java software companies such as IBM, Sun and Oracle have also cooperated to ensure that Java software and tools can work together. The ability to share Java products and applications from different companies, which run on different operating systems, is an important selling point against Microsoft's Windows-centric software. In particular, Sun warned that the new bylaws of Eclipse give the position of executive director, now held by an IBM employee, an "unusual amount of power" to dictate the work of the open-source group. Sun also questioned whether IBM employees will continue to make up the majority of project staffers. Finally, Sun urged Eclipse to explore and accept intellectual property from outside the membership of the open source group..." See also Eclipse.Org: "Eclipse is an open platform for tool integration built by an open community of tool providers. Operating under a open source paradigm, with a common public license that provides royalty free source code and world wide redistribution rights, the eclipse platform provides tool developers with ultimate flexibility and control over their software technology... In the Eclipse Platform, code access and use is controlled through the Common Public License, which allows individuals to create derivative works with worldwide re-distribution rights that are royalty free..." See also "Industry Reacts to Sun Eclipse Letter," by Darryl K. Taft.

[January 30, 2004] "Tip: Use Language-Specific Tools for XML Processing. Alternatives to SAX and DOM." By Uche Ogbuji (Principal Consultant, Fourthought, Inc). From IBM developerWorks.January 30, 2004. "DOM and SAX are the two best known systems for XML processing, but they are really compromises across programming languages. As such, they do not take advantage of any language's particular strengths. Often it is better to duck conventional wisdom and use special APIs that take advantage of particular strengths. SAX and DOM are the ruling pair of XML processing APIs. The choice developers generally know best are between the standard model of SAX (push events from the parser to a detached handler) and DOM (parse the document into a tree of readily-accessible objects). SAX generally offers better performance on sizeable documents and DOM generally offers more straightforward code. SAX was designed for the Java language, although bindings to other languages have been developed. In these other languages, however, the Java heritage of SAX generally shows through and many of the strengths of the language being used are forfeit. DOM was designed to be as language-neutral as possible, specified in ISO Interface Definition Language (IDL); standard bindings exist for the Java language and ECMAScript (JavaScript), but these still reflect the language-neutral constructs of the IDL, and all the language bindings, official or unofficial, again forfeit some strengths of the host language. To better take advantage of core language strengths, various developers have developed XML processing APIs that are native to particular languages. Almost all well-known languages have one or more toolkits offering such an API. For some time, the conventional wisdom has been that it's best to stick to SAX and DOM for maximum portability, but experience has convinced me that this is more often than not an overstated consideration. For one thing, because the language bindings for SAX and DOM have some deviations, code is rarely truly portable across languages; the work needed to adapt the code from one language to another is still considerable... So regardless of which language you prefer, you have many options for processing XML. Don't be afraid to put aside conventional wisdom and look for options besides the ruling pair..."

[January 28, 2004] "Managing Data Centers Through XML." By Patrick Thibodeau and Tim Howes. In Computerworld Australia (January 28, 2004). "Last year, some 40 management tool vendors formed the DCML Organization, a consortium committed to developing an open standard to facilitate interoperability and better integration between tools. Vendors say the the evolving Data Center Markup Language will be critical to the development of utility computing and simplify life for data center managers. The first release of DCML is scheduled this quarter, with products adapted to the specification expected by midyear. One of the leaders of the effort is Tim Howes, chief technology officer at Opsware Inc., a data center software automation vendor in Sunnyvale, Calif. He discussed the motivations for developing DCML and its technical challenges and potential user benefits with reporter Patrick Thibodeau." [Howes:] "There's a need to have all these management products communicate with one another, and that's what DCML is about -- providing a common data format for exchanging information about the environment being managed between all of these different management systems... When you provision a new machine, you want to make sure that machine is monitored, so you need to communicate to your monitoring system that there's a new machine to be monitored. Today that happens, if you are lucky, by somebody leaving a Post-it note on the monitor of the guy who runs the monitoring system. But DCML allows that to happen in a more automated fashion. Similarly, that happens with security systems, backup systems -- there are all kinds of different systems. DCML provides the vocabulary, the language if you will, for those systems to communicate with each other... We're trying to create a standard data format that can be used to exchange information between automation and utility computing systems and traditional management systems. The use cases that we have in mind are: making sure provisioning systems can communicate with the systems that manage the machines that they provision; making sure those systems can communicate with the asset-tracking, inventory and billing systems that are responsible for keeping track of what's going on in the environment; and translating that into billing for customers or cost accounting for internal purposes. We want all these things to be able to communicate with one another..." See the news story "Opsware and EDS Launch Data Center Markup Language (DCML) for Utility Computing."

[January 27, 2004] "Web Services Security Spec Moves Toward Approval. OASIS Braces for Membership Vote." By Paul Krill. In InfoWorld (January 27, 2004). "WS-Security, a widely supported proposal for securing Web services, could become an official OASIS standard by March. OASIS in mid-February anticipates a full-membership vote on the WS-Security specification, which is intended to provide critical security for Web services. If approved during a 30-day voting period, WS-Security becomes an OASIS standard. The OASIS Web Services Security Technical Committee earlier this month approved a set of documents pertaining to the specification, which is officially referred to as Web Services Security: SOAP Message Security 1.0. The specification, which was subjected to a public review as well, describes enhancements to SOAP messaging to provide for message integrity and confidentiality, according to OASIS. Related documents also approved included Username Token Profile, for using WS-Security for user names and passwords, and X.509 Certificate Token Profile, for using WS-Security to sign and encrypt messages via X.509 digital certificates, said Kelvin Lawrence, co-chairman of the OASIS committee and an IBM Distinguished Engineer. Also approved were documents pertaining to XML Schema and XML extensions pertinent to WS-Security..." See details in the news story "OASIS Web Services Security TC (WSS) Approves Committee Draft Specifications."

[January 27, 2004] "XML in Yukon: New Version Showcases Native XML Type and Advanced Data Handling." By Bob Beauchemin. In Microsoft MSDN Magazine (February 2004). "The next version of Microsoft SQL Server, code-named 'Yukon,' takes the groundbreaking XML support that was introduced in SQL Server 2000 and enhances it to include even more innovative functionality and ease of use. Yukon adds native XML data storage to the database management system (DBMS) through a new native XML data type. The introduction of this native XML data type, coupled with the emerging industry standard XQuery language, should spark a revolution in database application development. Support for the native XML data type is extensive. It includes XML Schema-based validation and additional XML-based constraints, special XML Infoset-based indexes, and queries over XML content objects using XQuery. In addition to this radical new functionality, the existing SQL Server 2000 XML functionality has been fine-tuned for better performance and ease of use. This article discusses Yukon's built-in ability to expose its data through Web services, and other XML features of Yukon... In Yukon, support is enhanced to include composition, decomposition, and distributed relational queries. It also includes native XML queries and native XML storage. The new XML data type differs from the conventional storage of an XML document in a text data type. The new data type is a first-class type; you can use it in most of the ways any other SQL Server data type can be used, including as a column in a table, a variable in T-SQL, a stored procedure or user-defined function parameter, or a user-defined function return value. The XML type is quite similar to the concept of a distinct type defined by SQL-99 (the latest version of the ANSI SQL standard) and to the character-based large object (CLOB) types varchar(max) and nvarchar(max). You must convert it to and from a varchar or nvarchar type, although the T-SQL INSERT statement will do automatic conversion from a varchar and nvarchar value used in a VALUES list to an XML data type column value. You cannot CAST or CONVERT the XML type to any type other than varchar or nvarchar. Two instances of an XML data type cannot be compared. Like a SQL-99 distinct type, the XML type has its own methods; these methods enable you to use an alternate query language, XQuery. The data in an XML type does not follow the relational data model, but it does follow the XQuery 1.0 and XPath 2.0 data model. The primary reason for having an XML data type is that when you define an XML data type column, the data in that column is stored in the database itself. The column is not a pointer to an XML document on the file system. This means that XML data is included in the backup and restore process, is subject to ordinary SQL Server security, and participates in transactions and logging. Having XML data inside a relational database may offend some relational purists, but it means that your data lives in a single repository for reasons having to do with administration, reliability, and control..."

[January 27, 2004] "Oracle to Add RFID Support to Warehouse Application." By John Pallatto. In eWEEK (January 05, 2004). "Oracle Corp. said it plans to release a new version of Oracle Warehouse Management in the summer season that will support radio frequency identification (RFID) and electronic product code (EPC) features. Oracle officials discussed the new Warehouse Management features at this week's Oracle AppsWorld conference here. The new Oracle Warehouse Management package will be based Oracle Database 10g and Oracle Application Server 10g to enable customers to automate the process of counting and tracking goods moving in and out of warehouses... The application server will include built-in RFID middleware to provide the connection-control and filtering features required to process RFID data. The warehouse management module will be able to produce and process RFID labels that are required for commodity tracking. The new version of Oracle Warehouse Management will provide compatibility with RFID tags along with the reading and printing devices produced by Alien Technology Corp., Internet Technologies Corp. and Zebra Technologies. The demand for RFID technology has been gaining momentum because major retailers, just as Wal-Mart Stores Inc. and the U.S. Department of Defense are requiring their highest volume suppliers to support RFID technology if they want to do business with them, said Jon Chorley, senior director of Oracle Inventory and Warehouse Management System. Read more here about RFID technology and both Wal-mart and DoD's requirements for it. The new version of Oracle Warehouse Management will support the RFID tagging of entire pallets of goods as well as individual cases. In addition, warehouse operators can track in-bound and outbound shipments, Chorley said. The automated tagging and reading process cuts the time it takes to track inventory, reduces costs and improves the accuracy of inventory reports, he said. The technology will also improve warehouse security because with RFID readers installed at the warehouse doors, the RFID application can watch for any outbound or even inbound shipments are authorized..." General references in "Radio Frequency Identification (RFID) Resources and Readings."

[January 27, 2004] "Inside XAML." By Ian Griffiths. From O'Reilly ONDotnet.com (January 05, 2004). "One of Longhorn's most interesting technologies for developers is its new XML-based markup language, codenamed XAML (short for eXtensible Application Markup Language, and pronounced 'Zammel'). User interfaces in Longhorn applications are typically built using XAML. In this article, we look at how XAML relates to the underlying support provided by WinFX. XAML user interfaces are built in much the same way as HTML web user interfaces -- you simply create a document with tags for each of the user interface elements you require... You might be wondering why Microsoft decided to invent a brand-new markup language for building user interfaces, rather than using HTML or SVG. One of the reasons is functionality -- Avalon provides many sophisticated user interface features that are not available in HTML, such as scaling and rotation of both text and graphics, and animation. Also, HTML has been developed primarily for use on the Web, whereas XAML's principal target is applications that run directly on Windows (i.e., 'rich clients' or 'smart clients'). But this still leaves the question of why Microsoft didn't use SVG (Scalable Vector Graphics -- a graphically rich, XML-based markup language.) After all, SVG addresses many of HTML's shortcomings as a rich-client markup language. However, the most powerful reason for devising a new markup language is the very close relationship between elements in a XAML file, and objects at runtime. Unlike any previous markup languages, XAML is designed to integrate directly with WinFX... XAML is a simple but powerful way of building trees of .NET objects. Because it is based on XML, it is straightforward to create XAML-based markup. This not only makes it easy to build user interfaces by hand, it also makes it relatively straightforward for tools to generate XAML -- in the future, design tools will emerge that are able to export documents and drawings in XAML format. It is also easy to use technologies such as XSLT to transform XML data sources into XAML documents. XAML enables a clean separation of user interface from code through the use of code-behind files, while its close integration with WinFX makes it very easy for code to manipulate the user interface elements defined in the markup..." General references in "Microsoft Extensible Application Markup Language (XAML)."

[January 27, 2004] "Parasoft Touts Security, WS-I in Web Services Test Tool. Web Services Product Complies With Industry Efforts." By Paul Krill. In InfoWorld (January 27, 2004). "Parasoft on Tuesday is releasing SOAPtest 2.5, an upgrade of the company's Web services testing tool that sports security enhancements and adherence to upcoming WS-I test tool functions... Looking to prevent errors early in the development stage, the product verifies aspects of a Web service ranging from WSDL validation to functional and performance testing, according to Parasoft. Version 2.5 tests for a variety of security factors through compliance with the WS-Security specification, which includes adherence to X509, user name security tokens, and SAML, Parasoft said. Compliance with XML Digital Signature and XML Encryption also is tested, the company said. Security is critical to Web services to enable users to move from internally deployed Web services to using the services to interact with other businesses, said Jeehong Min, technical leader for software at Parasoft. "WS-Security is the standard that people have agreed upon as a security layer for Web services. It's the XML message-level security layer," Min said. The product features a WS-I Analyzer tool to verify WSDL and SOAP traffic for interoperability. The tool conforms with the upcoming WS-I Testing Tools 1.0 tools from the Web Services Interoperability Organization, Parasoft said. The WS-I tools are intended to test for compliance with the WS-I Basic Profile 1.0 guidelines for Web services interoperability. The WS-I Testing Tools 1.0, which will feature Analyzer and Monitor tools, are due in a month from the WS-I, for the C# and Java languages. Also featured in SOAPtest 2.5 is testing for MIME attachments, including meeting SOAP with Attachments and OASIS ebXML specifications and receiving both text/XML and binary attachments..." See details and references in: (1) the announcement, "Parasoft Releases SOAPtest 2.5 for Comprehensive Web Services Testing. Web Services Testing Product Now Offers Security Features, MIME Attachment Support and Enhanced Load Testing Features."; (2) "Web Services Interoperability Organization (WS-I)."

[January 27, 2004] "XForms 1.1 Requirements." Edited by John Boyer (PureEdge Solutions Inc), Roland Merrick (IBM), and Sebastian Schnitzenbaumer (SAP). Produced by members of the W3C XForms Working Group. W3C Working Group Note. 26-January-2004 Version URL: http://www.w3.org/TR/2004/NOTE-xforms-11-req-20040126/. Latest version URL: http://www.w3.org/TR/xforms-11-req/. "XForms is an XML application that represents the next generation of forms for the Web. This document specifies the requirements for XForms 1.1. XForms Version 1.1 will build upon the solid foundation set forth by XForms 1.0 -- the Next Generation of Web Forms. The 1.1 version makes incremental improvements over version 1.0 to provide expanded behaviors for the existing and established XForms Model-View-Controller Framework and by embracing SOAP. It also makes adjustments to XForms to facilitate its adoption in other host languages. The incremental improvements to XForms 1.0 include Repeat/Insert Enhancements; Bind Attribute on Bind Element; Email-address Datatype; XForms Processor as XML Editor; Power Function; Referencing Bind Sites in XPath Expressions; and Improved Search for Instance Data by Key Value... XForms expresses a processing model and user interface for the modification of data expressed in XML. Currently, the XML can be obtained from within the document or from a server. It would be useful to allow XForms processors to edit XML obtained from the local computer, and to return the edited XML to the local computer. To avoid security issues, this cannot be done by simply using a file scheme in the src attribute of the XForms instance element. [The requirement is to] allow an XForms processor to provide an XML editing capability... To increase widespread adoption of XForms in web applications, it is necessary to reduce the difficulty of authoring XForms in XHTML, which is currently hindered by the incessant need to flip between the host language namespace and the XForms namespace when authoring the user interface component of a form..." General references in "XML and Forms."

[January 27, 2004] "XML Data Formats Take Center Stage in the Financial Services Industry." By Uche Ogbuji. From XMLHack.com (January 05, 2004). "The Third Annual XML for Financial Services conference, held in New York City, USA, casts doubt on the conventional wisdom about Web services and the role of tightly-coupled middleware in real-world XML developments. This conference is dominated by technical managers from the Financial Services industry rather than the usual idealistic and diverse cadre of XML professionals. The emphasis in discussing technology is firmly on maturity, practicality, enterprise scalability, international scope and regulatory awareness. The standards organizations that convey authority are not the likes of W3C, OASIS, WS-I or the like, but rather ISO, UN and financial regulators. Under this light mainstream Web Services are a curiosity based on intriguing propositions, but not yet proving their mettle for enterprise deployment, and running out of time to prove such mettle. The package of ebXML technologies looks to be on a more solid path to enterprise deployment in this industry, but is still not convincing managers to come out of wait-and-see mode... This trend is an interesting contrast to the seeming situation in the general XML and Web services world, where toolkits and wizards for infrastructure and content are making a lot of noise in the marketplace. The invasion of the middleware crowd into XML has put off a growing number of XML purists, but it seems that the need for vendor independence, local control, document longevity, global regulation and transparency in the Financial Services world means it is a natural home for the sort of richly expressive and loosely coupled systems that were once the main promise of XML..." See also XML specifications for the financial industry.

[January 27, 2004] "IBM Patents Developer Payment Method." By Darryl K. Taft. In eWEEK (January 27, 2004). "In a nod to the open-source development model, IBM has patented a scheme that maps out a method of payment for broad numbers of developers working together on projects, a move that has upset some developers. In U.S. Patent number 6,658,642, which IBM applied for in June of 2000 and was granted last month, the systems giant identifies a 'system, method and program product for computer program development' that employs a distributed programming model, according to the documentation defining the patent. The patent describes the current software development environment, where pressure to turn out quality software quickly is pushing companies to rely on developers outside their corporate walls... 'The high-tech industry is moving very fast and the first to market has a big advantage over competitors, often deciding the early winner,' IBM said in a description of the patent. 'So, speeding up software development increases the likelihood of success. One way to speed up software development is to increase the number of programmers on the project, distributing the workload to as many programmers as possible. Unfortunately, hiring people for a very short period of time complicates rather than simplifies development.' The description cites a programmer shortage and adds: 'So, to supplement their permanent workforce, companies are forced to contract with independent contractors, delegating customized or specialized software development to the contractors. Typically, the contractors are paid either in advance or, incrementally, as the project progresses. Regardless of how much the package developer may be willing to pay, contractors still face the same programmer shortage.' The IBM 'invention' is aimed at 'reducing software development time and costs, while increasing the likelihood of software development success,' the patent said. 'As a result, with the advent of Internet, to maximize the number of programmers working on a particular project, collaborative software development projects, such as open source software development (e.g., Linux), are undertaken or initiated daily. Web based electronic businesses have formed offering contractors a solution to temporary programmer shortages,' the patent said. 'One such e-business is an auction site (www.cosource.com) for software development contracts, focusing on the needs of open source development. However, this approach matches a single programmer with each task. Money is paid in advance with the package developer bearing the risk that the project will not complete on schedule.' Yet, IBM's patent defines a mechanism for paying programmers who work in an open-source-like model... IBM issued a press release earlier this month citing the number of patents the company had been issued in 2003. According to IBM, the company was issued 3,415 patents last year by the U.S. Patent and Trademark Office. And the company had more than 1,400 software-related patents, or about 40 percent of the patents the company received last year, IBM officials said. In fact, with the 3,415 patents IBM said it broke the record for patents received in a single year. And during the past 11 years, IBM has gained more than 25,000 U.S. patents..."

[January 27, 2004] "OWL Web Ontology Language: Parsing OWL in RDF/XML." By Sean Bechhofer (University of Manchester). W3C Working Group Note. 21-January-2004. Produced by members of the W3C Web Ontology Working Group. Version URL: http://www.w3.org/TR/2004/NOTE-owl-parsing-20040121. Latest version URL: http://www.w3.org/TR/owl-parsing. "The OWL Semantics and Abstract Syntax document provides a characterisation of OWL ontologies in terms of an abstract syntax. This is a high level description of the way in which we can define the characteristics of classes and properties. In addition, S&AS gives a mapping to RDF triples. This tells us how such an abstract description of an OWL ontology can be transformed to a collection of RDF triples, which can then be represented in a concrete fashion using, for example RDF/XML. In order to parse an OWL-RDF file into some structure closer to the abstract syntax we need to reverse this mapping, i.e., determine what the class and property definitions were that lead to those particular triples. An OWL-RDF parser takes an RDF/XML file and attempts to construct an OWL ontology that corresponds to the triples represented in the RDF. This document describes a basic strategy that could be used in such a parser... Note that this is not intended as a complete specification, but hopefully provides enough information to point the way towards how one would build a parser that will deal with a majority of (valid) OWL ontologies..." See also: (1) "Ontology Web Language for Services (OWL-S) Version 1.0"; (2) general references in "OWL Web Ontology Language."

[January 27, 2004] "Use XInclude to Synchronize WSDL with Source Schemata. Importing the Payload Format for Document/Literal Message Descriptions." By Uche Ogbuji (Principal Consultant, Fourthought, Inc). From IBM developerWorks. January 22, 2004. "In the types section of a WSDL file, you provide XML schema snippets to formalize the XML that is exchanged in the Web service. In most mainstream cases, this means the contents of the SOAP body. In the RPC style of Web services, this is usually a specialized XML format that maps W3C XML Schema (WXS) constructs to the SOAP encoding. This is usually very specific to the Web service, and not really useful outside it. This separation between the XML that is likely to be used at application level at either end-point and the format that ends up being transmitted across the wire is often key to criticism of RPC-style Web services, and the basis for advocacy of document/literal style... In document/literal style, the XML format that is most immediately meaningful to the processing on either side is simply bundled into the envelope and transmitted as is. This means that the schema details that go into the types section of the WSDL are often just a part of a more generally used schema. It may even be a globally well known schema such as XHTML, Docbook, or one of the many XML formats for business interchange, such as UBL or OAGIS. This means that embedding the schema into WSDL documents could open up synchronization or consistency problems. What happens when the overall schema changes and one does not catch up to all the WSDL that needs to be touched up accordingly? It could lead to subtle problems or big failures... This article shows how to use XInclude to incorporate external schema fragments into a WSDL file... XInclude is simple and is supported by many XML tools. It is a handy tool for many situations, and can certainly help improve the maintenance of document/literal style WSDL documents..." See also XML Inclusions (XInclude) Version 1.0 [W3C Working Draft 10-November-2003].

[January 27, 2004] "A Standards-Based Registry/Repository Using UK MOD Requirements as a Basis." By Paul Spencer (with OASIS TC Members). Version 0.3 (draft). January 22, 2004. 13 pages. "This paper is the result of a joint study by Paul Spencer and three OASIS Technical Committees -- the ebXML Registry TC (regrep), the Content Assembly Mechanism (CAM) TC and the e-Government TC. The intention is to consider whether and how the standards being developed by the regrep and CAM TCs can help meet the needs of the MOD, and wider Government needs, for managing schema components. This management involves: registering proposed schema components as drafts; reviewing proposed schema components; registering approved schema components; assembling complete schemas from components; and managing the lifecycle of the components and schemas. ... The MOD has a sophisticated data dictionary developed in-house using a SQL Server database. The dictionary is referred to as the DDR, and the System on which it runs is called Accord. This dictionary currently has over 4000 entries, with an expectation that it will grow substantially, possibly to around 100,000 entries. Accord includes support for proposing, reviewing and signing off dictionary entries. The following screen shots give a feel for the system... The MOD is starting to use XML widely, and has adopted a set of policies in use throughout the organization. It is some of these policies that simplify the management of XML artifacts within the MOD, allowing the present management system and making this a useful case study for use of OASIS regrep and CAM standards... There are three main issues of XML management in the MOD: (1) proposing and approving XML data types and elements; (2) version management of XML data types; and (3) assembling data types into schemas for message types..." The OASIS TCs include: Content Assembly Mechanism TC [Wiki], ebXML Registry TC, and e-Government TC. [cache]

[January 27, 2004] "Lightweight XML Search Servers." By Jon Udell. In XML.com (January 21, 2004). "In earlier installments of this column, I made the case for exploiting the combination of XHTML and CSS, and I demonstrated a browser-based technique for searching XHTML/CSS content using XPath. I've been using a variation of this technique on my weblog. It works, and it's been a revelation to see what's possible using nothing but JavaScript, the DOM, and the XML and XSLT processors embedded in both MSIE and Mozilla. But as my corpus of well-formed content grew it became impractical to load it into a browser in order to perform structured searches. In the spirit of the lightweight browser-based solution, I decided to create an equally lightweight server-based version based on Python and libxml2/libxslt. I'm also working on a slightly heftier, but more powerful variation based on Berkeley DB XML; we'll explore that one next time. The minimal search server is packaged into a single Python script which contains: [1] A mini-httpd that extends Python's BaseHTTPServer class; [2] An XSLT stylesheet, with markers for a replaceable XPath query; [3] Various search-page elements: HTML forms, CSS stylesheet, JavaScript helper... In the next installment we'll look at a database-backed alternative based on Sleepycat's Berkeley DB XML..."

[January 27, 2004] "Web Services Make Enterprise Strides." By Peter Coffee. In eWEEK (January 19, 2004). "Web services crossed key thresholds of enterprise acceptance during the last months of 2003, with corporate IT builders expressing dramatically greater interest in using the model for transactions up and down the supply chain as well as for in-house applications. Last fall, Forrester Research Inc. found almost three-fifths of a sample of 75 large corporate sites planning customer service initiatives and more than two-fifths planning supply chain projects using Web services technologies. Crucially, the same study found comparable or greater percentages of these sites migrating customer and product/service data to XML-based formats, an important precursor to broader use of Web services models. Gartner Inc., of Stamford, Conn., went further, projecting that Web services would be the dominant model -- used for at least two-thirds of all new development projects -- by next year. Conventional wisdom has been that outward-facing Web services would not gain momentum until key security issues were addressed directly by Web services standards... it would be nice to have agreement on where the destination lies. Web services can be defined in the affirmative -- what they are, or in the negative, what they are not. The easiest way to describe a Web service is to say that if it's done on the Internet, using Web protocols, and it doesn't involve a live user operating a Web browser, then it's a Web service. Microsoft Corp. CEO Steve Ballmer has called the result 'the programmable Web,' emphasizing the evolution from a Web of people clicking on hyperlinks to a Web of applications accessing standards-based interfaces. This definition encourages a focus on the benefits of the model: the growing ubiquity of a standards-based network of wired and wireless connections, the exploding resource base of data and functions accessible on that network, and the proliferation of convenient tools for leveraging those assets into a supporting background or a foreground user interface in a custom application..."

[January 27, 2004] "A Survey of XML Standards. Part 1: The Core Standards." By Uche Ogbuji (Principal Consultant, Fourthought, Inc). From IBM developerWorks. January 20, 2004. ['The world of XML is vast and growing, with a huge variety of standards and technologies that interact in complex ways. It can be difficult for beginners to navigate the most important aspects of XML, and for users to keep track of new entries and changes in the space. In this series of articles, Uche Ogbuji provides a guide to XML standards, including a wide range of recommended resources for further information.'] "XML started strong and has grown quite rapidly. It has proven itself a very valuable technology, but it can be an intimidating one, when one considers all the moving parts that fall under the term 'XML.' In this series of articles, I provide a summary of what I see as the most important XML technologies, and discuss how they each fit into the greater scope of things in the XML world. I also recommend tutorials and other useful resources for evaluating and learning to use each technology. All the technologies presented here are standards, although that word is itself a bit slippery. Standards come in all forms, and multiple standards often compete in the same space. I follow the practical approach of defining a standard as any specification that is significantly adopted by a diversity of vendors, or is recommended by a respectable, vendor-neutral organization... In Part 2, I shall survey standards important to those using XML in applications processing..."

[January 27, 2004] "Eclipse 3.0 Upgrade Demos on Tap at EclipseCon." By Vance McCarthy. From Integration Developer News (January 09, 2004). "Eclipse committers are hard at work on upgrade features for Eclipse 3.0, slated for release in summer 2004. Key improvements will include a generalized Eclipse platform for building non-IDE applications, increased UI responsiveness, improved user experience, and generalized Java tools to support Java like languages. To get a closer look at Eclipse 3.0, OET spoke with Erich Gamma, one of the Eclipse Project Leads. Gamma will be surveying the latest progress on Eclipse 3.0 at February's EclipseCon event. While the Eclipse download for Windows is still the most popular, there is a growing interest in Eclipse on other platforms like Linux and MacOS X... To enable rich client application development the IDE-specific features were separated into a new plug-in. With Eclipse 3.0's "generic workbench... Rather than re-invent the wheel and implement yet another run-time with dynamic component deployment support, the Eclipse team will build on top of the OSGi standard component framework. This OSGi based approach will be mostly hidden to clients and existing Eclipse plug-ins continue to work... The Eclipse 3.0 Java tools will be opened-up so that other parties can participate in search and refactoring operations. Beyond that, the Java tools will be opened so that contributors can participate in some key productivity features like quick fix and quick assist. This change would mean that a developer could contribute additional checks and fix suggestions to support EJB development, for example..." See also the EclipseCon 2004 conference.

[January 27, 2004] "Learn XForms Today: XForms Institute." By Micah Dubinko. In O'Reilly ONLamp.com (January 18, 2004). "Readers have asked for a gentler tutorial to W3C XForms, and others have asked to see some examples of 'real-world' XForms. Here are both, together on one fun site, XForms Institute (Interactive XForms School). The XForms web site has what you'd expect from a tutorial: progressive lessons, each building upon the last. It also has interactive quizzes, written without script in XForms. These run fine in nearly any browser, thanks to a remarkable Flash program called DENG, the Desktop Engine. In a mere 120k of SWF files, this small applet implements a huge swipe of XForms, XHTML, and CSS level 3. Each live example includes a 'View Source' link so that you can see how it works in the full context of a complete document..." See also: (1) the XForms Institute RSS Channel and the online book XForms Essentials. General references in "XML and Forms."

[January 27, 2004] "RSS for President." By Steve Gillmor. In eWEEK (January 20, 2004). "The Net has enormously accelerated the conversation that the aggregated campaigns have joined. A range of collaboration software, from sales force automation to wikis to the nascent social software tools, has compressed the electorate into rapidly forming affinity groups. Once in place, these groups become a dynamic type of focus group, with the enhanced ability to create, test-market, refine and deploy strategic muscle at lightning speed. It's difficult to catch this change at the surface level -- where network and even cable news operations can only sound-bite the dynamics. But the RSS space -- as a synthesis of both a filtered mainstream media and the bottom-up drivers of the blogosphere -- is the quickest way to take the pulse, and affect (or reinfect) the process in return... But if Iowa is any indication, the conversation has been altered by the presence of the network -- and RSS..." General references in See "RDF Site Summary" | "Really Simple Syndication" (RSS)."

[January 27, 2004] "Telco Punts $2.5m on Interactive-Voice XML." By Julian Bajkowski. In ComputerWorld Australia (January 20, 2004). "AAPT [Australian telecommunication company, owned by New Zealand's largest telecommunications company, Telecom New Zealand] will invest more than $2.5 million on a new, retail-customer interactive voice project that ports directly back into its mainframe billing and transaction systems in an effort to reduce call centre and administration costs. Based on a VeCommerce natural speech recognition engine and SOAP/XML interface, the solution will allow customers a voice interface directly into the telco's billing system to perform transactions -- rather than waiting for a call centre employee to do the same thing. While AAPT says that inbound customers will still be able to speak to staff, under the new system, the voice-driven, self-serve regime is clearly designed to eliminate both customer-service bottlenecks and cut the call centre staff costs that go with them. Analysts say such systems may offer competitive advantages because of operational cost reductions through shifting inbound call centre functions from a human base to robotic base. Gartner's vice president of research for enterprise networks, Geoff Johnson, confirmed that the uptake of voice-driven XML (or VXML) has been swift over the last 18 months, largely led by investments in VoIP infrastructure and voice engine and application improvements. 'It's the diplomacy and sophistication along with fluency and fault tolerance that is driving this. It's the personal productivity [to the customer] that makes this attractive,' Johnson said Despite obvious pay offs, Johnson warned risks still existed in deploying voice-driven XML systems, noting some cultures (like Japan) simply do not tolerate non-human interfaces. Johnson said rollouts can come unstuck if enterprises attempted to port 'too many complex functions' to such systems..." General references in "VoiceXML Forum."

[January 27, 2004] "Red Hat Offers Software Warranty." By Stephen Shankland. In CNET News.com (January 19, 2004). "In response to SCO Group's legal action against Linux, Red Hat is offering new legal protection that guarantees the company will replace any code found to infringe copyrights. The warranty, part of a new project called the Open Source Assurance Program, is for all existing and future customers of the Raleigh, N.C.-based company's Red Hat Enterprise Linux operating system products, the company said in an announcement Monday night, shortly before the LinuxWorld Conference and Expo that begins Wednesday in New York. SCO alleges that IBM improperly moved Unix intellectual property into Linux and, independently, that Linux infringes on the company's Unix copyrights. But offers of legal defense are sprouting all over the Linux landscape as advocates try to defuse threats from SCO, which has sued IBM for breach of contract and has promised to sue a Linux user for copyright infringement... Novell, the No. 2 Linux seller after Red Hat by virtue of its acquisition of SuSE Linux, began indemnifying its Linux customers last week, following in the footsteps of Hewlett-Packard. The Open Source Development Labs, a multi-company Linux consortium, began a a $10 million legal defense fund last week. And Montavista Software, which sells Linux for "embedded" computing devices such as consumer electronics or telecommunications gear, like Red Hat has a warrantee program. And at the last LinuxWorld show, in August, Red Hat began a legal defense fund to protect open-source programmers... Open-source software such as Linux is developed by a multitude of programmers, many not working for the company selling a product such as a version of Linux or a server that includes the operating system. That collaborative programming method, while leading programmers from competing companies to cooperate, makes it harder for a single company to control what's in a specific software package..."

[January 23, 2004] "Software Patents 'Threaten Linux'." By Clark Boyd and Bruce Perens. In BBC News, UK Edition (January 23, 2004). ['Open source advocate Bruce Perens tells BBC technology correspondent Clark Boyd why the real threat to Linux and the open source movement is not from the SCO lawsuits, but from software patents. Perens: We're looking at a future where only the very largest companies will be able to implement software, and it will technically be illegal for other people to do so.'] "The good news is that SCO has pretty much exhausted any chance of being successful in court. Their legal discovery documents have not yielded sufficient evidence. But, let's go on to the future beyond SCO. The biggest challenge that will face us after that is software patenting. Software patents that are being accepted are not necessarily inventions, their definitions are overbroad. And you can never finish a patent search. The definitions are so broad, you can't ever be sure a company would or would not assert their patent on what you are doing. You have to consider engineers today spend their entire careers combining other people's intellectual property. And every small and medium sized enterprise is at risk regarding software patenting. That is a problem in Europe, because representatives to the European Parliament are pushing very hard for software patenting that would indeed shut out all small and medium businesses from the software development business, not just open source. We're looking at a future where only the very largest companies will be able to implement software, and it will technically be illegal for other people to do so. That's a very, very bad situation developing. We must do something so that there is reason for people to innovate, there is reason for people to invent, but that companies can execute without this constant fear that we will be sued into the ground regarding software patenting... We have all of the Linux-based software we need for 80% of the people in the world. The other 20% may use specialised applications that are not yet available in open source. And when I say 80%, that's all free software. What we're doing in 2004 is some bug removal, and some integration, not additional features, because the features are all already there... We are facing a problem in that there are two dominant companies in Linux distribution - Red Hat and Novell, which just purchased SuSE. We do not intend to let it stay that way. I'm leading a project called User Linux. The project aims to make a zero-cost Linux distribution, where people, if they want service, will pay for service on a services rendered basis. And we're establishing a global support network made of small companies, more than large ones, to make that work. And if we take the open source paradigm, which is a lot of little guys all around the world collaborating to make an organisation bigger than IBM or Microsoft, and we take that to the business sector, we may really invent something new here, taking open source into the economy to a degree it has never gone before..." General references in "Patents and Open Standards."

[January 23, 2004] "Next-Generation E-Forms." By Jon Udell. In InfoWorld (January 23, 2004). ['Paper will never die. Instead, it's going digital and providing a better, XML-enabled way to enter critical data.'] "The transition from paper to electronic forms seems like a no-brainer. Who wouldn't want to abolish the anachronism of paper forms in capturing and relaying business-critical information? ... E-forms provide a more accurate, intuitive replacement for paper forms than plain HTML forms or antiseptic data entry screens -- and in the latest e-forms software, they wrap captured data in XML format. These products also provide design tools that allow you to build attractive XML-enabled forms quickly and easily. Microsoft's XML-oriented InfoPath, which shipped with Office 2003 in October, is now deployed and in use. Adobe plans to ship a beta version of its PDF- and XML-oriented forms designer in the first quarter of this year. And e-forms veterans such as PureEdge and Cardiff, whose offerings are built on an XML core, are lining up behind XForms, an e-forms specification that became an official W3C recommendation in October 2003. Common to all these vendors' approaches is the use of XML as the bridge between applications that gather data from end-users and the back-office systems that absorb that data... Within this broad XML consensus, there are differences that reflect the legacies of Microsoft, Adobe, the e-forms vendors, and the customers they serve. The relationship of e-forms solutions to printed forms, and to the processes that surround them, is a major source of differentiation. For all their inefficiency as data-gathering instruments, printed forms are highly engineered information displays. People who scan and process forms often rely on their layout and typography, which is why some industries -- insurance, for example -- standardize the look and feel of forms as well as their content... XForms, which can be thought of as HTML forms on steroids, specifies a processing model and set of user-interface controls that are device-neutral and platform-independent. So a form's interactive behavior and to some extent its business logic can be made portable, too. A key aspect of that portability is the relationship of XForms to its so-called host markup language. In one implementation, the XML syntax defining an XForms form might be embedded in a Web page, using HTML as its host language, and a list of choices would be rendered as an HTML pick list. In another implementation, the same form definition might be embedded in a smartphone application, using VoiceXML as its host language, and the same list of choices would be rendered as on a voice menu..." See general references in "XML and Forms."

[January 23, 2004] "SAML Tops Federation Projects Survey." By Dave Kearns. In Network World (January 09, 2004). Ping Identity, sponsor of the SourceID Web site, recently surveyed folks who downloaded its open-source Liberty Alliance tool kit. "When asked about the priority of federation protocols, it wasn't surprising that the Liberty Alliance protocols out-polled the WS-Federation protocol (favored by IBM and Microsoft) since the respondents were specifically those who downloaded a Liberty Alliance tool kit. But even adding together those who preferred Liberty phase II with those who preferred Liberty phase I (a total of 42% of the respondents) they were still outweighed (at 49%) by those who favored Versions 1.0, 1.1 and 2.0 of the Security Assertion Markup Language (SAML). SAML is the transport mechanism for the Liberty Alliance proposals, and one of the allowed transports for WS-Federation, but it appears that a number of projects are working directly with SAML and by-passing the 'higher' layers of the two competing standards. It might be that the projects being talked about are all early stage developments, with the SAML parts being worked on now while the developers look to see which of the two competing standards will emerge with an edge -- or, perhaps, a consolidation or merger might occur with one standard being created from the two we currently have. If you think that's a likely scenario, then it would be wise to put off any development at that upper level until the parameters of the eventual standard begin to take shape. Another of the survey questions asked downloaders what additional protocols were 'of interest' to them vis-à-vis federation. The big winner there was OASIS' Extensible Access Control Markup Language (XACML), with 49%, followed by Service Provisioning Markup Language (SPML) at 29%, and Extensible Resource Identifier (XRI) with 14%. A scattering of other protocols took 8% of the responses. XRI could be considered a competitor to Universal Description, Discovery and Integration..." On Liberty, see "Liberty Alliance Specifications for Federated Network Identification and Authorization." General references in: (1) "Security Assertion Markup Language (SAML)"; (2) "Extensible Access Control Markup Language (XACML)"; (3) "XML-Based Provisioning Services"; (4) "OASIS TC Promotes Extensible Resource Identifier (XRI) Specification."

[January 23, 2004] "ebXML Adoption Update." By Monica Martin (Sun Microsystems) and others, ebXML MARKETING. December 22, 2003. 44 pages. "The OASIS ebXML Awareness Team has prepared this document in collaboration with OASIS member organizations and partners to give a global picture of the current status of ebXML adoption. Our aim is to increase awareness of the substantial amount of ebXML-related activity occurring throughout the world today. This report -- which represents our best initial and ongoing research at this time and may not be exhaustive -- summarizes the status of close to 100 completed, ongoing or progressive ebXML-related projects. ebXML is unique in the breadth of its standards vision and arguably represents the culmination of all previous standards efforts toward a shared global Internet-based B2B framework. ebXML is complementary to many existing standards, such as legacy EDI, XML-based business document standards, and Web Services. Decision makers, involved in global B2B commerce and responsible for making B2B infrastructure investments must evaluate their business strategies and consider the likely need to support trading partners who will want to engage electronically using ebXML protocols. No truly successful technology or standard is an island. It is therefore exciting to witness ebXML adapting, evolving and growing through research and deployment around the world. Over 2,000 people contributed to the original ebXML development efforts, made public in May 2001. Since then, continuing standards development, pursued jointly by OASIS and UN/CEFEACT, has being augmented by creative real world projects applying ebXML with other technologies such as Web Services, XML as a whole, as well as legacy EDI. Major vendors have developed ebXML support into their flagship products and new ebXML vendors are emerging. Key industry sectors and government entities are deploying new eBusiness applications that are serving as benchmarks in the adoption of ebXML globally. Industry groups and standards bodies are working to bring their vocabularies into alignment around ebXML, promising a new level of interoperability that industry has been seeking for more than a decade..." General references in "Electronic Business XML Initiative (ebXML)."

[January 23, 2004] "Multimodal Interaction on the Web." By Peter Mikhalenko. In XML.com (January 21, 2004). "The W3C Multimodal Interaction Activity is developing specifications as a basis for a new breed of Web application with multiple modes of interaction. Consider applications which use speech, hand writing, and key presses for input, and spoken prompts, audio and visual displays for output. It is implemented by several drafts, which we will briefly review in this article. These include InkML, a language that serves as the data exchange format for representing ink entered with an electronic pen or stylus; and EMMA, a data exchange format for representing application specific interpretations of user input together with annotations such as confidence scores, time stamps, and input medium. Multimodal interactions are the center of multimodal systems, systems that support communication with the user through different modes, including voice, gesture, handwriting, and typing. In multimodal systems an event is a representation of some occurrence of interest to the multimodal system. Examples include mouse clicks, hanging up the phone, speech recognition results or errors. Events may be associated with information about the user interaction e.g. the location the mouse was clicked. Interaction (input, output) between the user and the application may often be conceptualized as a series of dialogs, managed by an interaction manager. A dialog is an interaction between the user and the application that involves turn-taking. In each turn, the interaction manager manager working on behalf of the application collects input from the user, processes it using the session context and possibly external knowledge sources, computes a response and updates the presentation for the user. The field of potential use cases of multimodal interaction is very broad. Devices deployed in different use cases can be classified from the point of view of 'thickness': a thin client is a device with little processing power and capabilities that can be used to capture user input (microphone, touch display, stylus, etc.) as well as non-user input such as GPS; a thick client such as PDA or notebook; and a medium client: a device capable of input capture and some degree of interpretation. Processing is distributed in a client-server or a multidevice architecture..." See: (1) W3C Multimodal Interaction Activity; (2) W3C Releases Public Working Draft for the Ink Markup Language (InkML)"; (3) "EMMA: Extensible MultiModal Annotation Markup Language" [W3C Working Draft 18-December-2003].

[January 23, 2004] "Tags for Identifying Languages." By Addison Phillips (Editor, webMethods, Inc) and Mark Davis (IBM). IETF Network Working Group, Internet Draft. Reference: 'draft-phillips-langtags-02'. December 17, 2003; expires June 16, 2004. 29 pages. "This document describes a language tag for use in cases where it is desired to indicate the language used in an information object, how to register values for use in this language tag, and a construct for matching such language tags, including user defined extensions for private interchange..." The ABNF formally specifies the syntax in which "the language tag is composed of one or more parts: A primary language subtag and a (possibly empty) series of subsequent subtags. The sequence of subtags has a specific structure that depends on the length of the subtag to distinguish each tag type." This Internet draft is based upon the earlier RFC 3066: "The main goals were to maintain backward compatibility (so that all previous codes would remain valid); reduce the need for large numbers of registrations; to provide a more formal structure to allow parsing into subtags even where software does not have the latest registrations; to provide stability in the face of potential instability in ISO 639, 3166, and 15924 codes (demonstrated instability in the case of ISO 3166); and to allow for external extension mechanisms. [The specification;] (1) Allows ISO15924 script code subtags and allows them to be used generatively. (2) Adds the concept of a variant subtag and allows variants to be used generatively. (3) Adds an extension mechanism which does not require registration to use. (4) Defines the private use tags in ISO639, ISO15924, and ISO3166 as the mechanism for creating private use language, script, and region subtags respectively. (5) Defines a syntax for private use variant subtags which can be used without registration. (6) Defines a process for handling reuse of values by ISO639, ISO15924, and ISO3166 in the event that they register a previously used value for a new purpose. (7) Changes the IANA language tag registry to a language subtag registry..." Note on the "demonstrated instability" of ISO 3166: see the entry "Stability of ISO 3166 and other infrastructure standards" under Unicode Technical Committee Public Positions and UTC Resolution 96-M5 (August 26, 2003): "The recent decision by the maintenance agency for ISO 3166 to re-assign 'cs' (formerly Czechoslovakia) to Serbia and Montenegro can cause severe problems. Country codes are a fundamental component of modern computing infrastructure: major operating systems, postal services, business applications, identification and security systems, to name a few. Their stability must be guaranteed. Data that is identified by these codes has a shelf life of decades, not five years. [Recommended corrective actions to take include: (1) Rescind the re-assignment of the code 'cs' to Serbia and Montenegro at the earliest opportunity available, to minimize the impact; (2) Change the policy to allow the re-use of codes only after a long period of time, such as 100 years..." Davis wrote (2003-08-05) "The major computer systems and standards around the world, including most operating systems, use the two letter country codes. These codes must be stable and unique or data corruption will occur. Simply because a country ceases to exist does not mean that data for that country ceases to exist, nor that new data referring to that previous country cannot be created..." IAB Chair memo to Oliver Smoot and IAB's request that ICANN not delegate .cs to represent Serbia Montenegro. General references in: (1) "Language Identifiers in the Markup Context"; (2) "Markup and Multilingualism."

[January 23, 2004] [Apropos of Localization:] "GDP by Language." By Mark Davis (President, The Unicode Consortium; IBM Corporation). Unicode Technical Note #13, Version 1 (first public version). 2003-01-22. Latest Version URL: http://www.unicode.org/notes/tn13. ['While English is a major language, it only accounts for around 30% of the world Gross Domestic Product (GDP), and is likely to account for less in the future.'] "Many people in the software industry don't realize how important it is to localize products for different languages around the world. While English is a major language, it only accounts for around 30% of the world Gross Domestic Product (GDP), and is likely to account for less in the future. Neglecting other languages means ignoring quite significant potential markets. This short article provides one picture of the economic significance of different languages, with a breakdown of the percentages of world GDP by language. Not only does it show the current breakdown, but it also provides data for the years 1975 to 2002 to show modern trends. The most notable feature is the steady rise of Chinese and slow relative decline of Japanese and most European languages. Korean and Indic languages also show growth over that period, though slower than Chinese." Figure 1 portrays GDP by Language for 1975-2002. Figure 2 shows projected GDP by Language, 2003-2010. A paper from Goldman Sachs ('DreamingWith BRICs: The Path to 2050') projects that "the combined GDP of the BRIC countries (Brazil, Russia, India, and China) will exceed that of the current G6 (United States, Japan, Germany, France, United Kingdom, and Italy) before the year 2050. The chart [Figure 2] uses that data to extrapolate what the GDP by Language breakdown would be over the coming years. Chinese would have increasing weight; Russian, Portuguese, and Indic would all increase as well, but most significantly after 2010..." Note: This Unicode Technical Note is supplied purely for informational purposes and publication does not imply any endorsement by the Unicode Consortium. Mark Davis is co-author of the proposed revision to RFC 3066, "Tags for Identifying Languages"; see the preceding bibliographic reference. General references in: (1) "Language Identifiers in the Markup Context"; (2) "Markup and Multilingualism."

[January 23, 2004] "Microsoft Seeks XML-Related Patents." By David Becker. From CNET News.com (January 23, 2004) ['Microsoft applies for patents that could prevent competing applications from reading documents created with the latest version of Office. XML capabilities have been one of the main selling points for Office 2003. The patents could create a barrier for competing software, such as future versions of OpenOffice and StarOffice, from working with Microsoft's XML format.'] "Microsoft has applied for patents that could prevent competing applications from processing documents created with the latest version of the software giant's Office program. The company filed patent applications in New Zealand and the European Union that cover word processing documents stored in the XML (Extensible Markup Language) format. The proposed patent would cover methods for an application other than the original word processor to access data in the document. The U.S. Patent Office had no record of a similar application... The proposed patents apparently seek to protect methods other applications could use to interpret the XML dialect, or schema, Office uses to describe and organize information in documents. Microsoft recently agreed to publish those schemas and is looking at opening other chunks of Office code. Despite those moves toward openness, the patents could create a barrier to competing software, said Rob Helm, an analyst for research firm Directions on Microsoft. 'This is a direct challenge to software vendors who want to interoperate with Word through XML,' he said. 'For example, if Corel wanted to improve WordPerfect's support of Word by adopting its XML format...for import/export, they'd probably have to license this patent.' The patents likely wouldn't immediately affect the open-source software package OpenOffice, which uses different XML techniques to describe a document, Helm said. But they could prevent future versions of OpenOffice and StarOffice, its proprietary sibling, from working with Microsoft's XML format. Analyst Matt Rosoff, also with Directions on Microsoft, said the proposed patents fit with recent moves by Microsoft -- such as the licensing of FAT (file allocation table) systems and ClearType font technology -- to be more aggressive in licensing its intellectual property. 'In the last few months, we're sort of seeing more emphasis from Microsoft on turning its patents into a revenue source,' Rosoff said..." See details in the news story: "Microsoft Files for Patents Related to XML Parsing and Word Processing."

[January 23, 2004] "Word-Processing Document Stored in a Single XML File." European Patent Office. Patent Number: EP1376387. [Register] Publication Date: 2004-01-02. Date of filing: April 30, 2003. Inventor(s): Krueger Anthony D (US); Jones Brian M (US); Bishop Andrew K (US); Little Robert A (US); Sawicki Marcin (US); Snyder Daniel R (US) Applicant(S): Microsoft Corp (US). "A word processor including a native XML file format is provided. The well formed XML file fully represents the the word-processor document, and fully supports 100% of the word-processor's rich formatting. There are no feature losses when saving the word-processor document as XML. A published XSD file defines all the rules behind the word-processor's XML file format. Hints may be provided within the XML associated files providing applications that understand XML a shortcut to understanding some of the features provided by the word-processor. The word-processing document is stored in a single XML file. Additionally, manipulation of word-processing documents may be done on computing devices that do not include the word-processor itself." Claims include "a computer-readable medium having computer-executable components, comprising: a first component for reading a word-processor document stored as a single XML file; a second component that utilizes an XSD for interpreting the word-processor document, and a third component for performing an action on the word-processor document... A method for handling a word-processing document, comprising: parsing the document, wherein the document is contained within a single XML file and includes all of the instructions necessary to display the document according to how a word-processor would display the document; and interpreting the document according to an XSD... A system for creating, interpreting, and modifying a word-processor document stored as as single WPML file, comprising: a WPML file; a validation engine configured to validate the WPML file; and a word processor configured to read a WPML file created in accordance with a schema..." [see the "Claims" text]. See more complete description via the "esp@cenet database", including (1) description, (2) claims, (3) figures, and (4) original document (PDF, 109 pages). Also the archived/unofficial screen-scraped information and in the news story: "Microsoft Files for Patents Related to XML Parsing and Word Processing."

[January 23, 2004] "System and Method for Validating an XML Document and Reporting Schema Violations." United States Patent Application #20040006744. Assignee: Microsoft Corporation. Application publication date: January 8, 2004. "Inventors: Jones, Brian M. (Redmond, WA); Sawicki, Marcin (Kirkland, WA); Little, Robert A. (Redmond, WA)." Patent application filed: June 27, 2002. Abstract: "A system and method for validating an extensible markup language (XML) document and reporting schema violations in real time. A parallel tree is maintained that includes nodes corresponding to non-native XML elements of the XML document. When changes occur to the XML document, the non-native XML elements corresponding to the changes are marked. The nodes corresponding the marked non-native XML elements are validated against an XML schema that corresponds to the non-native XML markup. The elements and nodes corresponding to errors in the non-native XML markup are then reported to the user according to display indicators in the XML document and the parallel tree. [A claim for] a method for validation and reporting of schema violations for an extensible markup language (XML) document, wherein the XML document includes native XML and non-native XML, the method comprising: locating a change to a non-native XML element within the XML document; marking a portion of the XML document to signify that the change has occurred with relation to that portion of the XML document; marking a node within a parallel tree to signify that the change has occurred, wherein the node corresponds to the portion of the XML document where the change occurred; validating the node of the parallel tree against a corresponding non-native XML schema; determining if an error in the non-native XML element exists from error data supplied in response to validating the node; and displaying an error notification within the XML document and the parallel tree if the error occurred..." See: "Microsoft Files for Patents Related to XML Parsing and Word Processing."

[January 23, 2004] "Microsoft Justifies Its XML Patent Moves." By Mary Jo Foley. From Microsoft Watch (January 23, 2004). ['Microsoft's Not-So-Secret Plot to Overthrow XML? Microsoft is seeking to patent XML interoperability technology around Word. The company claims it isn't seeking to derail XML. And it denies that its patent moves contradict its decision last fall to open up its XML schemas for Word, Excel and InfoPath. Is Microsoft within its rights to seek protection for technology that rides above the XML standard? Or is this just another example of Microsoft seeking to monkey with standards?'] "Redmond claims its decisions to open its XML schemas, while seeking patents for elements of its XML implementations, are not as contradictory as they appear. Microsoft watchers are questioning yet again Microsoft's intentions around XML, the Worldwide Web Consortium (W3C) Extensible Markup Language standard. Last year, Microsoft released publicly its Word 2003, Excel 2003 and InfoPath 2003 XML schemas. The company made the schemas freely downloadable from its own Web site, and in the case of WordXML, also via a central repository hosted by the Danish government. Microsoft said it did so as a gesture of goodwill, rather than as a response to criticism regarding its promises to open up its XML schemas. But on the heels of that move, Microsoft has sought patent protection in Europe and New Zealand for word processing documents stored in XML format. The European application is dated January 2, 2004. The New Zealand one is dated April 24, 2003. Neither patent has been granted yet. It's not clear exactly what Microsoft is seeking to patent. But some company watchers claim that the company's patent is attempt to prohibit competing desktop word-processing applications, such as those from Sun Microsystems, Corel and others, from being able to access Microsoft Word 2003 data stored in the XML format... This isn't the first time that Microsoft has sought patent protection for technologies that are W3C standards. For example, the Redmond software company was granted a patent for the W3C cascading-style-sheet technology in 1999..." See "Microsoft Files for Patents Related to XML Parsing and Word Processing."

[January 23, 2004] "Globus Details Roadmap for Toolkit. Grid Computing Software to Gain Performance, Reliability and Usability." By Joris Evers. In InfoWorld (January 22, 2004). "The Globus Alliance in March [2004] plans to release an updated version of its Globus Toolkit for grid computing, adding performance, reliability and usability improvements and bug fixes since the 3.0 release last year, the group's co-leader said Wednesday. After the March release of version 3.2 the Globus Alliance plans to release version 4.0 in the third quarter, said Ian Foster, speaking at the GlobusWorld 2004 conference in San Francisco. A beta for the 3.2 release is set to start soon, he said. The 4.0 release of the Globus Toolkit will include draft WS Resource Framework (WSRF) specifications, announced earlier this week at the GlobusWorld event. WSRF encompasses the WS-Resource Lifetime and WS-Resource Properties specifications introduced at the GlobusWorld event and intended to converge Web services and grid computing. WS-Resource Lifetime allows a user to specify a period during which a resource definition is valid and WS-Resource Properties defines how data associated with a stateful resource can be queried and changed using Web services technologies, according to a statement released Tuesday at GlobusWorld. 'We don't believe it is appropriate to wait for the specifications to wind their way through the standardization process to start implementing them,' Foster said. However, this does mean that the toolkit software will need revision when the final standards arrive, probably some time next year, but the toolkit will always offer backwards compatibility, he said. 'We are very concerned with supporting our existing user base and improving our software,' Foster said. The open source Globus Toolkit is a bundle of software to enable grid computing. It includes software services and libraries for resource monitoring, discovery and management, plus security and file management. The toolkit is a central part of science and engineering grid projects and used by IT vendors for commercial grid products..." See the following entry and Globus Toolkit web site. Other details in the news story "Web Services Notification and Web Services Resource Framework."

[January 23, 2004] "WS-Resource Framework:Globus Alliance Perspectives." By Ian Foster [WWW] (Argonne National Laboratory / University of Chicago / Globus Alliance). Presentation January 20, 2004 at GlobusWORLD 2004. See especially slide #9, "From OGSI to WSRF:Refactoring and Evolution." "... Despite enthusiasm for OGSI [Open Grid Services Infrastructure (OGSI) Version 1.0], adoption within Web community turned out to be problematic: Too much stuff in one specification, does not work well with existing Web services tooling, Too 'object oriented'. The solution: WSRF partitions OGSI version 1.0 functionality into a family of composable specifications, tones down the usage of XML Schema, and makes an explicit distinction between the 'service' and the stateful 'resources' acted upon by that service..." Other details in the news story "Web Services Notification and Web Services Resource Framework." [source .PPT, cache]

[January 23, 2004] "Grid and Web Services to Converge." By Peter Abrahams (Bloor Research). In IT-Analysis (January 23, 2004). "The two big computing ideas of the twenty first century grid computing and web services were brought closer together by an announcement this week at GlobusWorld the grid conference run by Globus Alliance. The Globus Alliance is a research and development project focused on enabling the application of Grid concepts to scientific and engineering computing and has developed the toolkit used by most scientific and university grid computing projects. It is an alliance between several university and laboratories in the US and Europe including Edinburgh. Web services have concentrated on creating an environment for 'applications on-demand' whereas grid has concentrated on providing 'computer-resources on-demand'. The announcement is made up of two new web services specifications that are necessary to make the grid computer resources available to the applications without the applications having to be grid aware. The two are the WS-Resource Framework and the WS-Notification specifications... WS-Resource Framework specification was contributed to by IBM, Globus and HP. It defines how to access a WS Resource through a web service. A web service is stateless whereas a WS-Resource is stateful, the state could be such things as data in a purchase order, current usage agreement for resources on a grid, or metrics associated with work load on a Web server. The framework describes a standard way to access a WS-resource by referencing it through an endpoint reference made up of the web services address and a resource id. It also defines how a web service can access or create new WS resources. The WS-Notification specification was contributed to by IBM, Globus, Akamai, HP, SAP, Tibco and Sonic. It provides a publish-subscribe messaging capability for Web Services. It enables changes or events to be published in a standard way and then notification send directly or via a broker. This is bringing some of Sonic's Enterprise Service Bus (ESB) concepts into a standards specification. WS-Notification is important for grid computing because it provides a standard way for grid resources such as web servers to notify grid schedulers of changes in state. Changes in state include coming on and off stream, being fully loaded or having spare capacity, having a fault that needs attention etc. All of this information is required for a grid scheduler to make informed decision on what resources to use next..." Details in the news story "Web Services Notification and Web Services Resource Framework."

[January 22, 2004] "HP, IBM and Akamai Bring Web Services to Grid Computing." By Jay Lyman. From TechNewsWorld (January 21, 2004). "Rob Batchelder, industry analyst and president of IT consultancy Relevance, said that joining grid computing with Web services makes perfect sense... In an effort to pair and propel two emerging technologies, IBM, HP, Akamai, and other tech companies have proposed new specs to integrate grid computing with Web services. The companies, which announced the new WS-Notification and WS-Resource Framework specs, said the proposed standards represent the first availability of a common, standards-based infrastructure designed for business applications working in conjunction with grid resources... The proposed Web services specifications -- backed by IBM, HP, Akamai, the Globus Alliance, Sonic Software and Tibco -- are intended to define a scalable architecture that has the ability to connect resources (such as servers) to logical constructs (such as business agreements and contracts). The new standard would let customers perform just-in-time procurement with multiple suppliers who all adhere to the same specifications. Plus, the system would allow for grid-based workload balancing and the ability to detect system outages and recover from those outages automatically. One example of the standard in action would be suppliers automatically getting notified to replenish inventory once current inventory drops to a certain level. 'These new Web services specifications will significantly extend the types of enterprise solutions customers can easily deploy,' said IBM director of dynamic e-business technologies Karla Norsworthy. 'These new specifications provide customers with the ability to use a common Web-services-based infrastructure that supports grid- and management-based solutions'... While some observers pointed out that the Web services standards proposed by IBM, HP and the others differ from similar standards advanced by Microsoft and partners, Batchelder said all of the parties promoting Web services realize that 'everybody needs to do this'..." See details in the news story "Web Services Notification and Web Services Resource Framework."

[January 06, 2004] WS-I Basic Profile: Not Just Another Web Service Specification." By Christopher Ferris (IBM). In Web Services Journal Volume 4, Issue 1 (January 2003). "The Final Material version of the WS-I Basic Profile 1.0 specification released by the Web Services Interoperability Organization (WS-I) represents an important milestone for WS-I and the Web services community as a whole. It specifies the standards and technologies required for interoperability between Web services implementations running on different software and operating system platforms... The promise of interoperability is possibly the most important aspect of Web services technologies. That promise stems from the fact that Web services has its foundations in XML, which itself is interoperable across all platforms and programming languages. However, because Web services leverages heavily on the extensible nature of XML, the interoperability aspect of Web services is significantly challenged. While most, if not all, vendors provide support for the established Web services standards, they are still motivated to provide added value to their customers in the form of advanced feature support for things such as security, reliability, transactions, and business process orchestration. Because many of the advanced Web services features are still in the early stages of development and adoption, developers and IT managers need more than just a checklist of (emerging) standards when making project implementation or product purchasing decisions. They need help in being able to determine when they are 'coloring outside the lines' so that they can weigh the merits of incorporating these advanced features against the importance of ensuring broad interoperability of the deployed solution. WS-I was founded with a mission to provide users of Web services technology with the guidance and tools that help them better understand where the boundary lies between the interoperable and not-necessarily-interoperable solution spaces so that they can make well-informed decisions. The WS-I Basic Profile 1.0 is, of course, just the tip of the iceberg. WS-I has already begun work on a number of follow-on profiles for Web services, including Attachments and Basic Security. Work will begin on future profiles, tackling some of the more advanced Web services features as the various specifications upon which they are based mature and stabilize and as the interoperability requirements associated with these advanced features are better understood by the community..." General references in "Web Services Interoperability Organization (WS-I)."

[January 06, 2004] "Java Tools Community Formed. Sun-Led Group Looks to Boost Interoperability, but Borland, IBM are Absent." By Paul Krill and Tom Sullivan. In InfoWorld (January 06, 2004). "Eleven software companies, led by Sun Microsystems and BEA Systems, on Tuesday unveiled the Java Tools Community (JTC), which is intended to promote interoperability of Java-based tools... Featuring members of the Java Community Process (JCP), the JTC is touting the concept of 'toolability,' which is being defined as a measurement of how easy it is to build tools around a particular standard or technology. Developers through the work of the JTC will be able to more easily use Java technology to build Java applications, thus increasing the rate of Java adoption, according to JTC... The JTC will work to make standard Java technology APIs friendlier for tool development and will promote adoption and advancement of Java Specification Requests. JSR 198, pertaining to a standard for plug-ins to Java IDEs, is one technology proposal that will be reviewed by the JTC. The organization will seek to resolve the issue of proprietary techniques hindering use of tools. Initially, the JTC will begin deliberations in an online community fashion, but formal meetings also may be scheduled. 'What's been missing is a forum for tool community members to get together to talk about all the JRS' that go on,' said Sun's Joe Keller, vice president of marketing for Java, Web services, and tools. The JTC will seek to boost communications across the 'design-time' community, allowing tools vendors, customers, and developers to access information and provide input when building or extending design-time standards via the JCP. As the JTC proceeds, there will be discussions of product deliverables based on the organization's work, said Dave Cotter, director of developer marketing at BEA... Eclipse and JTC serve different purposes, JTC members stressed. While JTC is focused on Java standards, Eclipse is about building an open source toolset, Keller said. Sun last month declined an invitation to join Eclipse, saying the company was not offered 'an equitable share in mutual development.' Sun lobbied IBM about supporting the JTC, but IBM company officials declined the offer believing that Eclipse, with 56 companies now on its board of stewards, already has the necessary momentum to compete effectively against Visual Studio. 'We think Eclipse has a tremendous amount of momentum. We do not see a lot of obstacles standing in its [Eclipse's] way,' said Bob Sutor, IBM's director of WebSphere Software. 'Frankly, we are more focused on working against our number one competitor, Microsoft. We see it boiling down to more of an Eclipse-based IDE world vs. Visual Studio,' he said. Sutor added he does not believe there will be much self-destructive competition between the Eclipse and JTC camps and is confident both sides will work to make it clear that each will serve to complement the other..." See references in the news story "Java Tools Community (JTC) Formed to Support Design-Time Java Standards Interoperability."

[January 05, 2004] "OpenOffice Finds Sweet Spot with Governments." By Sean Michael Kerner. From InternetNews.com (January 01, 2003). "Following a trend by foreign administrations, the Israeli government this week suspended its acquisitions of new computer software from Microsoft. Price issues and the U.S. company's refusal to sell individual programs from its standard software package are cited as the main reason behind the switch, according Associated Press reports. Instead, Israeli news outlet Arutz Sheva said Wednesday that the Israeli Ministry of Finance will begin distributing Openoffice.org to its users beginning this week. The Israeli government plans to begin distributing Openoffice.org software on CD-ROM to public access points across the country in 2004. The Hebrew version of Openoffice.org was translated by Sun Microsystems and IBM with the support and assistance of the Israeli Finance Ministry... The Open Office software suite (properly referred to as Openoffice.org or OOo) is one of the better-known applications of the open source movement. It provides an alternative to Microsoft's ubiquitous Office application with similar word processing, spreadsheet and presentation software... Governments around the world appear to be taking an interest in Openoffice.org and open source software in general. The city of Austin, Texas recently adopted openoffice.org software and governments in Germany, France, Brazil and China to name of few have stated interest in going the open source route as well. In the U.K Scottish Public Libraries have made Openoffice.org software available for lending to the public... In the case of governments, open standards may potentially be viewed as a necessary form of democratic pluralism themselves. 'Should governments be using a format that is unique to a particular vendor to talk to its citizens? 'Noted Linux Guru and author of the Open Source Definition Bruce Perens asks. 'The government should not be saying you can only drive up to a government office in a particular brand of car. In the same sense the government should not be saying you can only talk to your government if you have Microsoft Windows software on your computer'..." See also: (1) "OpenOffice.org XML File Format"; (2) the news story "Danish Board of Technology Report Recommends Open Source Software for E-Government."

[January 05, 2004] "How to Make a Faceted Classification and Put It On the Web." By William Denton (Toronto, Canada). Student essay. "Faceted classifications are increasingly common on the World Wide Web, especially on commercial web sites... This is not surprising, as facets are a natural way of organizing things. Many web designers have probably rediscovered them independently by asking, 'What other ways would people want to view this data? What's another way to slice it?' A survey of the literature on applying facets on the web shows that librarians think it a good idea but are unsure how to do it, while the web people who are already doing it are often unaware of S.R. Ranganathan, the Classification Research Group, and the decades of history behind facets. This paper will attempt to bridge the gap by giving procedures and advice on all the steps involved in making a faceted classification and putting it on the web. Web people will benefit by having a rigorous seven-step process to follow for creating faceted classifications, and librarians will benefit by understanding how to store such a classification on a computer and make it available on the web. The paper is meant for both webmasters and information architects who do not know a lot about library and information science, and librarians who do not know a lot about building databases and web sites. The classifications are meant for small or medium-sized sets of things, meant to go on public or private web sites, when there is a need to organize items for which no existing classification will do... Kwasnick (Barbara H. Kwasnick, "The role of classification in knowledge representation and discovery," Library Trends 48/1, 1999, pages 22-47) identifies four classificatory structures: hierarchies, trees, paradigms, and facets. When one of the first three works, use it. If some other organizing principle, such as a timeline or ordering by size, works, use it. The design of the classification must follow its purpose, and different things can be classified in different ways for different purposes, requiring different structures. If the others are insufficient, look to facets..." Author's introduction: "[Here's] an essay for library school about how to make faceted classifications... I take Louise Spiteri's stripped-down set of principles, based on Ranganathan's and the CRG's canons and so on, and set out a seven-step method for making a new classification... One thing I had fun with was coming up with a fresh example to demonstrate the method I propose for making a classification. I use dishwashing detergents. A faceted system suits them very nicely..." See also: (1) "Putting Facets on the Web: An Annotated Bibliography"; (2) "Resource Description and Classification."

[January 05, 2004] "Web Services Composite Application Framework: Key Messages and FAQ." [Draft] Submitted 2004-01-05 by Martin Chapman (Oracle) to the OASIS Web Services Composite Application Framework TC document repository. "Composite applications have unique requirements that are not yet addressed in a standard way, such as a method for sharing common information (context) and enabling the success or failure of individual Web services to be tied to the success or failure of a larger unit of work comprising multiple Web services. Thus, WS-CAF addresses some of the last remaining items to be standardized for Web services -- a generic context mechanism, a context management service, and asynchronous multi-protocol transactions. Shared context in a composite Web services application could include items such as security credentials -- so that a person could log in once and invoke multiple Web services without having to log in again -- a database connection over which to perform multiple operations from multiple Web services without having to establish a new connection each time, or a device address to which to post results from multiple Web services without having to search for the device's network address each time. Shared context can also be viewed as context that needs to be 'carried' across multiple operations..." The purpose of the OASIS WS-CAF TC is to "define a royalty-free, generic and open framework for supporting applications that contain multiple Web services used in combination (composite applications)." See also: (1) "OASIS Forms Web Services Composite Application Framework Technical Committee"; "Introducing WS-CAF: More Than Just Transactions," by Mark Little and Jim Webber (Web Services Journal); (3) WS-CAF Technical Committee web site.

[January 05, 2004] "Context, Coordinators, and Transactions - The Importance of WS-CAF." By Eric Newcomer. From Webservices.org (January 02, 2004). ['Eric Newcomer discusses the OASIS Web Services-Composite Application Framework (WS-CAF) which defines a new and unique context management service for composite Web services applications, and enhances related Web services coordination and transaction specifications such as WS-T and WS-C.'] "In the evolving world of Web services specifications, WS-CAF fits in and supports other specifications, both open and proprietary. In particular, WS-CAF addresses the lack of a generic context management mechanism, and defines a way to coordinate the results of composite Web services, including those that are mapped to disparate software systems as part of a long-running business process execution. Without a generic context management service, specifications such as WS-Security and WS-BPEL manage shared context independently and therefore inefficiently when used in combination. And without adapting transaction management to Web technologies, it is impossible to reliably determine the outcome of a set of composite Web services when one or more of the services fail. WS-CAF's context management provides a mechanism for Web services to share persistent state, which is required to support conversational interactions, single sign-on, transaction coordination, and other features dependent upon system-level data items such as IDs, tokens, and file and device addresses. Context provides a way to correlate a set of messages into a larger unit of work by sharing common information such as a security token exchanged within a single sign on session. Because distributed computing systems depend upon a variety of IDs, tokens, channels, and addresses, which are a part of every software infrastructure, and because Web services are independent of any particular execution environment, this type of system level information needs to be organized and managed in a persistent, shared context structure. Applications need a service to manage the lifecycle of the shared context, and to ensure the context structure is kept up to date and accessible. Web services executing within a composite application also need a way to define the scope of context sharing relative to the purpose of the composite. In other words, the scope of context sharing is also a way of identifying the Web services that participate in the same application instance..." See the WS-CAF Technical Committee web site.

[January 05, 2004] "Open-Source Databases Gaining Favor." By Martin LaMonica. In CNET News.com (January 05, 2004). "Big companies are warming up to open-source database software, according to a new study. The open-source database MySQL grew rapidly in popularity over the last year, according to results from a survey released Monday by research company Evans Data. Usage of MySQL for developing applications rose 30 percent over the past year, while usage of Microsoft's SQL Server and Access databases increased 6 percent, according to the survey of 550 developers conducted last month... Database buying patterns have shifted significantly in the past few years, with a sharp focus on cost-effectiveness. Database companies, which once touted speed and the ability to handle very demanding processing tasks, have boosted efforts to make databases more reliable and cheaper to operate. The Evans Data study found that interest in low cost spilled over to the choice of operating system as well, with 62 percent of database developers expecting some cost savings by using Linux... Developers are also keen to string together several cheaper database servers in a grid configuration as a cheaper alternative to pricier high-end database servers. Twelve percent of companies in the Evans Data survey said they have deployed or plan to implement grid computing within the next year..."

[January 05, 2004] "WASP UDDI 4.6: Extra Features Add to a Solid Product." Reviewed by Brian R. Barbash (Computer Sciences Corporation, Consulting Group). In Web Services Journal Volume 4, Issue 1 (January 2004). "If you're looking to deploy a UDDI registry that provides strong standards support, a capable API, and security and management capabilities, look no further than Systinet's WASP UDDI version 4.6. WASP UDDI is a UDDI server that supports UDDI specification versions 1 and 2 as well as the version 3 subscription API. Systinet has also added extensions to the core UDDI specification to provide additional functionality around management, security, inquiries, and other operations. The server can run on top of a number of databases, including Oracle, SQL Server, DB2, PostgreSQL, Sybase, Cloudscape, PointBase, and Hypersonic SQL (included)... Along with a full-featured Web interface, Systinet's WASP UDDI provides a rich, open-source client API written in Java that developers may leverage to create applications that interact with the UDDI repository. For this review, I will be focusing on the supplied Java API and exploring various pieces of the UDDI server's functionality... Both the Web interface and the Java API for the UDDI registry allow elements to be published to the registry. Out of the box, the UDDI registry is populated with sample data and a set of common taxonomies to support the tutorials and exercises in the documentation and allow services to be classified with existing industry standards... Systinet's WASP UDDI server is an easy-to-use, full-featured UDDI registry. In addition to providing support for versions 1 and 2, as well as parts of the version 3 UDDI specification, several enhancements have been provided. The Java API is full featured and does an excellent job of hiding the communications details of interacting with the registry. The additional security and administrative functions provide unique management capabilities for the product. Overall, Systinet's WASP UDDI server is a very solid product..." General references in "Universal Description, Discovery, and Integration (UDDI)." [print view]

[January 02, 2004] "Horses for Courses: Services, Objects, and Loose Coupling - Integration Without Compromise." By Jim Webber and Savas Parastatidis. In Web Services Journal Volume 4, Issue 1 (January 2004). "Object-oriented technologies are used today in the design and development processes for many computer systems; it is a proven paradigm and has made possible the development of large and complex software systems. Enabling platforms and tools for building and consuming Web services will not be an exception. However, how a service is implemented using objects and the way in which it interacts with other services via message exchanges require very different approaches. Today, most tools represent Web services to application developers as objects. Such an approach carries the danger of underperformance and fragile applications with too tight a level of coupling, which loses the benefits of service orientation. This article shows you how objects and services should be integrated to build loosely coupled, performant, and reusable services without compromising either paradigm... Building object-like systems on top of Web services specifications is a strategy that leads to tightly coupled, brittle, and underperforming systems. While the current crop of tool support implicitly advocates this approach to the unwary, a far better solution is to think of an application in terms of services and the messages that those services exchange. When building code for those service implementations don't be tempted to bind directly to a Web service, but instead bind to the messages that the service produces and consumes. Such an approach promotes loose coupling; your applications will be able to transcend changes in the service they consume and will be much easier to maintain..." [print view]