XML and Web Services In The News - 8 January 2007

Provided by OASIS | Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by Innodata Isogen



HEADLINES:

 Towards an Interoperability Standard for Text and Multi-Modal Analytics
 Case Study: BPEL and B2B Synergies Reduce Supplier Enablement Costs
 Updated Bibliography: XACML References and Products
 OGC Announces Adoption of ebRIM Metamodel for Catalogues
 Subverting AJAX: Prototype Highjacking
 Configuring Single Sign-On using SAML in WebLogic Server 9.2
 Diagram Comparing Schema Languages for XML
 MS Winning Office Doc Battle
 Businesses Turn to Composite Applications on Road to SOA


Towards an Interoperability Standard for Text and Multi-Modal Analytics
David Ferrucci, Adam Lally (et al), Contribution to OASIS
A contribution from David A. Ferrucci (TC Chair, OASIS Unstructured Information Management Architecture [UIMA] Technical Committee) provides a 106-page document which "motivates and proposes elements of an architecture specification for creating and composing text and multi- modal analytics for processing unstructured information, based on the UIMA project originated at IBM Research." It proposes elements of an architecture specification for interoperable text and multi-modal analytics, based on IBM's work with UIMA, that the developers believe can provide the foundation for [an OASIS] standard. The OASIS UIMA TC was formed on November 16, 2006 and held its inaugural meeting on December 06, 2006. 'Unstructured information" is typically the direct product of human communications. Examples include natural language documents, email, speech, images and video. It is information that was not encoded for machines to understand but rather authored for humans to understand. UIMA refers to a software architecture for defining and composing interoperable text and multimodal analytics. UIMA builds on the work of prior IBM researchers and projects dedicated to advancing the state of the art in frameworks for text and multimodal analytics including TAF, TALENT and WebFountain. It has been inspired and influenced by other projects outside of IBM including TIPSTER, Mallet, GATE, OpenNLP, Atlas, and Catalyst. To help define a broader, platform independent standard that can guide the open-source collaborative development of Apache UIMA and other related frameworks, applications and tools while maintaining broad interoperability, IBM has convened a Technical Committee to develop a standard specification under the auspices of OASIS; the intent is that such a standard would allow different frameworks to emerge, while also allowing applications built on different platforms and programming models to have a standard means to share analysis data and analytic services. Such a standard would lower the barrier for getting analytics to interoperate, allowing a broader community to discover, reuse and compose independently-developed text and multi-modal analytics in UIM applications.
See also: the TC announcement

Case Study: BPEL and B2B Synergies Reduce Supplier Enablement Costs
David Webber and Nishit Rao, .NET Developer's Journal
Although organizations use multiple technologies to solve myriad business problems, integrating two or more of these technologies to derive new business benefits presents additional challenges. This is especially true when the collaboration extends beyond an organization's own systems to include those of its business partners. This article describes one such customer scenario in which Helena Chemical Company, a leading U.S. agricultural products specialist, used BPEL (Business Process Execution Language) and B2B technologies together to automate better and more productive supplier/distributor relationships. Put together, these technologies enabled a process-centric hub that provided significant business cost savings, faster supplier ramp-up, more responsive customer relations, and better process visibility both inside and outside the enterprise. Traditionally, the alignment of information and processes has proven challenging for Helena because of the vast differences in its partners' systems and the content they produce and consume. The challenge for Helena was to meet its XML and electronic data interchange (EDI) needs by balancing the right enterprise components across diverse supplier systems and to remove the administrative overhead of manual approvals, support, and data entry to streamline its seasonal order process, which processes tens of thousands of supplier interactions per partner in a four-month period. In bringing together the power of traditional B2B processing and the RAPID messaging standards defined for the chemical industry, along with the business process management tools developed in the BPEL specifications, the Helena Chemical project demonstrates the future pathway for Web Services and the business solutions built around them. The B2B approach leverages years of solid formal business experience, while the Web Service approach and BPEL provide agile adoption strategies and technologies. Clearly these tools can be combined into a solution that offers customers effective business tools that don't require extended programming and development efforts to implement, and can therefore be implemented and deployed in weeks rather than months. This scenario illustrates that the future of B2B is based on the formal business process and transaction models that have always been its strengths, and their adoption across a whole industry.

Updated Bibliography: XACML References and Products
Anne Anderson, OASIS XACML TC Contribution
An updated Version 1.73 of the "XACML References and Products" document has been made available. Maintained by Anne Anderson (Sun Microsystems), the resource list includes publications, standards, products, and specifications that contain substantial information about XACML or make use of XACML in a substantial way. These are listed here solely for the information of parties interested in XACML, and may be modified at any time as further information about these or other publications and products becomes known. Additional submissions for listings and corrections are invited by the editor. For Version 1.73, "lots of new XACML references this time, both papers and deployments. In July '06 we had 165 articles and papers, and 44 deployments; now we have 213 papers and articles, and 55 products and deployments." XACML (Extensible Access Control Markup Language) enables the use of arbitrary attributes in policies, role-based access control, security labels, time/date-based policies, indexable policies, "deny" policies, and dynamic policies — all without requiring changes to the applications that use XACML. Adoption of XACML across vendor and product platforms provides the opportunity for organizations to perform access and access policy audits directly across such systems.
See also: XACML references

OGC Announces Adoption of ebRIM Metamodel for Catalogues
Staff, Open Geospatial Consortium Announcement
The Open Geospatial Consortium, Inc. (OGC) announced that is has selected the OASIS standard ebRIM (Electronic business Registry Information Model) as the preferred cataloguing metamodel foundation for future application profiles of the OpenGIS Catalogue Service Web (CS-W) specification. The catalogue specification defines the information required to support discovery and search for data and services and ebRIM provides the requirements to support registration of services like those specified in many OGC standards, as well as geospatial data and other resources. The Consortium views search and discovery frameworks such as UDDI, registry capability such as ebRIM, and unstructured text searches to be competing for dominance in the Service Oriented Architectures marketplace. However, none of these three options completely satisfies the geospatial requirements defined by the members. ebRIM was selected as the preferred metamodel because it enables catalogs to handle services and a variety of other supporting registry requirements such as symbol libraries, coordinate reference systems, application profiles, and application schemas as well as geospatial data. "This decision is non-exclusive and allows continued development of other OGC Catalogue Specification application profiles. OGC Catalog was written to provide Web discovery of geospatial data and services and this decision provides direction in the combination of discovery with registry services to manage the data and enable machine to machine communication," according to Carl Reed, OGC Chief Technology Officer. "The addition of the registration process enabled by ebRIM does not deprecate the search and discovery services provided by the Z39.50 and CORBA protocol bindings and the ISO Metadata Application Profile." The OGC is an international industry consortium of more than 335 companies, government agencies, research organizations, and universities participating in a consensus process to develop publicly available interface specifications.
See also: ebXML Registry and Repository

Subverting AJAX: Prototype Highjacking
Martin Heller and Roy M. Silvernail, InfoWorld
One of the most interesting parts of the JavaScript language is the prototype property, which underpins the language's object-oriented inheritance. In JavaScript, functions are a specialized kind of object; every function (and indeed every JavaScript object) has a prototype property that refers to a predefined prototype object, which comes into play when the function is used as a constructor with the new operator. Prototypes are not limited to user-defined classes. Even built-in JavaScript classes have prototype properties, and you can assign values to them. This is extremely powerful. It is also extremely dangerous. Using prototyping, an attacker can hijack standard functions in a way that breaks security without causing any error message. Browsers try to prohibit this by dropping the prototype property for some of their internal functions, but there's a way around that protection. At the 23rd Chaos Communication Congress, held at the end of December in Berlin, Stefano Di Paola and Giorgio Fedon gave a talk called Subverting AJAX (PDF), in which they explained exactly how to do this. Coupled with a cross-site scripting attack and a cleverly crafted phishing email, such an attack could turn an AJAX application into a keylogger with a man-in-the-middle attack strategy.

Configuring Single Sign-On using SAML in WebLogic Server 9.2
Vikrant Sawant, BEA dev2dev
BEA WebLogic Server 9.2 provides out-of-the-box support for Security Assertion Markup Language (SAML) to build single sign-on (SSO) solutions with minimum or no coding, depending on your security requirements. Using WebLogic Server 9.2, the single sign-on capability can be easily added between multiple online applications running on trusted domains. The SAML standard defines a framework for exchanging security information between the federation of trusted servers. The primary function of the security framework is to provide configuration tools and APIs to secure your applications. This tutorial provides step by step instructions to configure the single sign-on capability between two simple Java EE Web applications running on two different WebLogic domains. The SAML configuration for single sign-on is performed using the WebLogic Server 9.2 Administration Console with no programming involved. The tutorial also briefly introduces the basic interactions between WebLogic containers, the security providers, and the security framework during the single sign-on process.
See also: SAML references

Diagram Comparing Schema Languages for XML
Rick Jelliffe, O'Reilly Articles
Simple overlapping Venn-like diagrams that people use to express the relative power of schema languages can mislead as well as inform. Instead, [see the article] here's a kind of diagram with shaded edges: light grey represent capabilities that are possible but inconvenient, and darker grey represent capabilities that are possible but only if you organize your schema in a certain way. XSD extensibility is an example of the darker grey capability: unless you organize your (base) schemas properly, you may easily find extensibility is not possible. It is very common to compare schema languages using a Venn-like diagram with concentric circles showing, for example, that XSD grammars are more powerful than DTD grammars but that RELAX NG grammars are more powerful than XSD. Or that RELAX NG provides more powerful construction capabilities than DTDs, but that XSD provides more powerful capabilities than RELAX NG. Or whatever the author wants to show... A good example of this simpler kind of diagram is in Janus Dam Nielson's very readable master's thesis Relations between Schema Languages for XML at page 52. I recommend any student wanting to get a grip surveying the capabilities of schemas and the classes of grammars involved should start with this thesis: well done Janus (and Anders!). The thesis surveys different schema languages with a nice approach of seeing how well each supports the kind of underlying concern of each (Schematron, for example, really is based on the notion that expressing the constraints in natural language is the entry point to constraints: humans first, computers second: to what extent do other schema languages support this?) , looks at the capabilities of each language, and has a really nice section on inter-translatability.
See also: XML Schema languages

MS Winning Office Doc Battle
Scott Gilbertson, Wired News
As Microsoft prepares the biggest update ever of its ubiquitous Office software suite, it is once again fending off charges of using hardball business tactics to muscle out competitors. Office 2007, due out Jan. 30, is a crucial product release for the software giant. Its Office franchise — Microsoft's second-biggest cash cow behind Windows — is facing greater competition than ever before from open-source and web-based rivals. Even more importantly, the update is being billed as the "killer app" for Windows Vista, its long-overdue operating system overhaul. It is no overstatement to say that the future of the company hinges on the success of these two products. Much is hanging in the balance, and some critics allege that Microsoft is once again rigging the game to ensure customer loyalty. The international community has yet to decide on a standard document format, though recent trends see ODF gaining ground. Seven nations (Brazil, France, Germany, Belgium, Croatia, Norway and Demark) have recognized ODF and the need for open standards for all government documents. Microsoft's intentions notwithstanding, multiple standards mean added headaches for the competition. Rival online productivity suites like Zoho and Google Docs and Spreadsheets, which are quickly gaining popularity, and Sun Microsystems' open-source desktop app OpenOffice, all currently support ODF and not OOXML.

Businesses Turn to Composite Applications on Road to SOA
Staff, GRID Today
As businesses trudge toward installing service-oriented architectures (SOA) to serve as their information technology platforms, they're keeping up with more rapid business change by using composite applications as a halfway point toward adopting SOAs, according to the results of a benchmark survey by Aberdeen Group, a Harte-Hanks Company. Composite applications contain logic and data collected from multiple IT sources and harnessed with web services standards such as XML, SOAP, and WS-*. They can be built and implemented even if the organization has yet to fully develop an SOA. The survey found that most companies that build and deploy these applications are seeing higher satisfaction among end users. A substantial number of leading, or what Aberdeen calls "best-in-class," companies cite lower costs and quick business reaction to competitive pressures as chief benefits from these applications.
See also: the Aberdeen Group


XML.org is an OASIS Information Channel sponsored by BEA Systems, Inc., IBM Corporation, Innodata Isogen, SAP AG and Sun Microsystems, Inc.

Use http://www.oasis-open.org/mlmanage to unsubscribe or change an email address. See http://xml.org/xml/news_market.shtml for the list archives.


Bottom Gear Image