XML and Web Services In The News - 8 January 2007
Provided by OASIS |
Edited by Robin Cover
This issue of XML Daily Newslink is sponsored by Innodata Isogen
HEADLINES:
Towards an Interoperability Standard for Text and Multi-Modal Analytics
David Ferrucci, Adam Lally (et al), Contribution to OASIS
A contribution from David A. Ferrucci (TC Chair, OASIS Unstructured
Information Management Architecture [UIMA] Technical Committee) provides
a 106-page document which "motivates and proposes elements of an
architecture specification for creating and composing text and multi-
modal analytics for processing unstructured information, based on the
UIMA project originated at IBM Research." It proposes elements of an
architecture specification for interoperable text and multi-modal
analytics, based on IBM's work with UIMA, that the developers believe
can provide the foundation for [an OASIS] standard. The OASIS UIMA TC
was formed on November 16, 2006 and held its inaugural meeting on
December 06, 2006. 'Unstructured information" is typically the direct
product of human communications. Examples include natural language
documents, email, speech, images and video. It is information that was
not encoded for machines to understand but rather authored for humans
to understand. UIMA refers to a software architecture for defining and
composing interoperable text and multimodal analytics. UIMA builds on
the work of prior IBM researchers and projects dedicated to advancing
the state of the art in frameworks for text and multimodal analytics
including TAF, TALENT and WebFountain. It has been inspired and
influenced by other projects outside of IBM including TIPSTER, Mallet,
GATE, OpenNLP, Atlas, and Catalyst. To help define a broader, platform
independent standard that can guide the open-source collaborative
development of Apache UIMA and other related frameworks, applications
and tools while maintaining broad interoperability, IBM has convened a
Technical Committee to develop a standard specification under the
auspices of OASIS; the intent is that such a standard would allow
different frameworks to emerge, while also allowing applications built
on different platforms and programming models to have a standard means
to share analysis data and analytic services. Such a standard would
lower the barrier for getting analytics to interoperate, allowing a
broader community to discover, reuse and compose independently-developed
text and multi-modal analytics in UIM applications.
See also: the TC announcement
Case Study: BPEL and B2B Synergies Reduce Supplier Enablement Costs
David Webber and Nishit Rao, .NET Developer's Journal
Although organizations use multiple technologies to solve myriad
business problems, integrating two or more of these technologies to
derive new business benefits presents additional challenges. This is
especially true when the collaboration extends beyond an organization's
own systems to include those of its business partners. This article
describes one such customer scenario in which Helena Chemical Company,
a leading U.S. agricultural products specialist, used BPEL (Business
Process Execution Language) and B2B technologies together to automate
better and more productive supplier/distributor relationships. Put
together, these technologies enabled a process-centric hub that provided
significant business cost savings, faster supplier ramp-up, more
responsive customer relations, and better process visibility both inside
and outside the enterprise. Traditionally, the alignment of information
and processes has proven challenging for Helena because of the vast
differences in its partners' systems and the content they produce and
consume. The challenge for Helena was to meet its XML and electronic
data interchange (EDI) needs by balancing the right enterprise components
across diverse supplier systems and to remove the administrative overhead
of manual approvals, support, and data entry to streamline its seasonal
order process, which processes tens of thousands of supplier interactions
per partner in a four-month period. In bringing together the power of
traditional B2B processing and the RAPID messaging standards defined for
the chemical industry, along with the business process management tools
developed in the BPEL specifications, the Helena Chemical project
demonstrates the future pathway for Web Services and the business
solutions built around them. The B2B approach leverages years of solid
formal business experience, while the Web Service approach and BPEL
provide agile adoption strategies and technologies. Clearly these tools
can be combined into a solution that offers customers effective business
tools that don't require extended programming and development efforts to
implement, and can therefore be implemented and deployed in weeks rather
than months. This scenario illustrates that the future of B2B is based
on the formal business process and transaction models that have always
been its strengths, and their adoption across a whole industry.
Updated Bibliography: XACML References and Products
Anne Anderson, OASIS XACML TC Contribution
An updated Version 1.73 of the "XACML References and Products" document
has been made available. Maintained by Anne Anderson (Sun Microsystems),
the resource list includes publications, standards, products, and
specifications that contain substantial information about XACML or make
use of XACML in a substantial way. These are listed here solely for the
information of parties interested in XACML, and may be modified at any
time as further information about these or other publications and
products becomes known. Additional submissions for listings and
corrections are invited by the editor. For Version 1.73, "lots of new
XACML references this time, both papers and deployments. In July '06 we
had 165 articles and papers, and 44 deployments; now we have 213 papers
and articles, and 55 products and deployments." XACML (Extensible
Access Control Markup Language) enables the use of arbitrary attributes
in policies, role-based access control, security labels, time/date-based
policies, indexable policies, "deny" policies, and dynamic policies — all
without requiring changes to the applications that use XACML. Adoption of
XACML across vendor and product platforms provides the opportunity for
organizations to perform access and access policy audits directly across
such systems.
See also: XACML references
OGC Announces Adoption of ebRIM Metamodel for Catalogues
Staff, Open Geospatial Consortium Announcement
The Open Geospatial Consortium, Inc. (OGC) announced that is has
selected the OASIS standard ebRIM (Electronic business Registry
Information Model) as the preferred cataloguing metamodel foundation
for future application profiles of the OpenGIS Catalogue Service Web
(CS-W) specification. The catalogue specification defines the
information required to support discovery and search for data and
services and ebRIM provides the requirements to support registration
of services like those specified in many OGC standards, as well as
geospatial data and other resources. The Consortium views search and
discovery frameworks such as UDDI, registry capability such as ebRIM,
and unstructured text searches to be competing for dominance in the
Service Oriented Architectures marketplace. However, none of these
three options completely satisfies the geospatial requirements defined
by the members. ebRIM was selected as the preferred metamodel because
it enables catalogs to handle services and a variety of other
supporting registry requirements such as symbol libraries, coordinate
reference systems, application profiles, and application schemas as
well as geospatial data. "This decision is non-exclusive and allows
continued development of other OGC Catalogue Specification application
profiles. OGC Catalog was written to provide Web discovery of geospatial
data and services and this decision provides direction in the
combination of discovery with registry services to manage the data and
enable machine to machine communication," according to Carl Reed, OGC
Chief Technology Officer. "The addition of the registration process
enabled by ebRIM does not deprecate the search and discovery services
provided by the Z39.50 and CORBA protocol bindings and the ISO Metadata
Application Profile." The OGC is an international industry consortium
of more than 335 companies, government agencies, research organizations,
and universities participating in a consensus process to develop
publicly available interface specifications.
See also: ebXML Registry and Repository
Subverting AJAX: Prototype Highjacking
Martin Heller and Roy M. Silvernail, InfoWorld
One of the most interesting parts of the JavaScript language is the
prototype property, which underpins the language's object-oriented
inheritance. In JavaScript, functions are a specialized kind of object;
every function (and indeed every JavaScript object) has a prototype
property that refers to a predefined prototype object, which comes into
play when the function is used as a constructor with the new operator.
Prototypes are not limited to user-defined classes. Even built-in
JavaScript classes have prototype properties, and you can assign values
to them. This is extremely powerful. It is also extremely dangerous.
Using prototyping, an attacker can hijack standard functions in a way
that breaks security without causing any error message. Browsers try
to prohibit this by dropping the prototype property for some of their
internal functions, but there's a way around that protection. At the
23rd Chaos Communication Congress, held at the end of December in Berlin,
Stefano Di Paola and Giorgio Fedon gave a talk called Subverting AJAX
(PDF), in which they explained exactly how to do this. Coupled with a
cross-site scripting attack and a cleverly crafted phishing email, such
an attack could turn an AJAX application into a keylogger with a
man-in-the-middle attack strategy.
Configuring Single Sign-On using SAML in WebLogic Server 9.2
Vikrant Sawant, BEA dev2dev
BEA WebLogic Server 9.2 provides out-of-the-box support for Security
Assertion Markup Language (SAML) to build single sign-on (SSO) solutions
with minimum or no coding, depending on your security requirements.
Using WebLogic Server 9.2, the single sign-on capability can be easily
added between multiple online applications running on trusted domains.
The SAML standard defines a framework for exchanging security
information between the federation of trusted servers. The primary
function of the security framework is to provide configuration tools and
APIs to secure your applications. This tutorial provides step by step
instructions to configure the single sign-on capability between two
simple Java EE Web applications running on two different WebLogic
domains. The SAML configuration for single sign-on is performed using
the WebLogic Server 9.2 Administration Console with no programming
involved. The tutorial also briefly introduces the basic interactions
between WebLogic containers, the security providers, and the security
framework during the single sign-on process.
See also: SAML references
Diagram Comparing Schema Languages for XML
Rick Jelliffe, O'Reilly Articles
Simple overlapping Venn-like diagrams that people use to express the
relative power of schema languages can mislead as well as inform.
Instead, [see the article] here's a kind of diagram with shaded edges:
light grey represent capabilities that are possible but inconvenient,
and darker grey represent capabilities that are possible but only if
you organize your schema in a certain way. XSD extensibility is an
example of the darker grey capability: unless you organize your (base)
schemas properly, you may easily find extensibility is not possible. It
is very common to compare schema languages using a Venn-like diagram
with concentric circles showing, for example, that XSD grammars are
more powerful than DTD grammars but that RELAX NG grammars are more
powerful than XSD. Or that RELAX NG provides more powerful construction
capabilities than DTDs, but that XSD provides more powerful capabilities
than RELAX NG. Or whatever the author wants to show... A good example
of this simpler kind of diagram is in Janus Dam Nielson's very readable
master's thesis Relations between Schema Languages for XML at page 52.
I recommend any student wanting to get a grip surveying the
capabilities of schemas and the classes of grammars involved should
start with this thesis: well done Janus (and Anders!). The thesis
surveys different schema languages with a nice approach of seeing how
well each supports the kind of underlying concern of each (Schematron,
for example, really is based on the notion that expressing the
constraints in natural language is the entry point to constraints:
humans first, computers second: to what extent do other schema
languages support this?) , looks at the capabilities of each language,
and has a really nice section on inter-translatability.
See also: XML Schema languages
MS Winning Office Doc Battle
Scott Gilbertson, Wired News
As Microsoft prepares the biggest update ever of its ubiquitous Office
software suite, it is once again fending off charges of using hardball
business tactics to muscle out competitors. Office 2007, due out Jan.
30, is a crucial product release for the software giant. Its Office
franchise — Microsoft's second-biggest cash cow behind Windows — is
facing greater competition than ever before from open-source and
web-based rivals. Even more importantly, the update is being billed as
the "killer app" for Windows Vista, its long-overdue operating system
overhaul. It is no overstatement to say that the future of the company
hinges on the success of these two products. Much is hanging in the
balance, and some critics allege that Microsoft is once again rigging
the game to ensure customer loyalty. The international community has
yet to decide on a standard document format, though recent trends see
ODF gaining ground. Seven nations (Brazil, France, Germany, Belgium,
Croatia, Norway and Demark) have recognized ODF and the need for open
standards for all government documents. Microsoft's intentions
notwithstanding, multiple standards mean added headaches for the
competition. Rival online productivity suites like Zoho and Google
Docs and Spreadsheets, which are quickly gaining popularity, and Sun
Microsystems' open-source desktop app OpenOffice, all currently support
ODF and not OOXML.
Businesses Turn to Composite Applications on Road to SOA
Staff, GRID Today
As businesses trudge toward installing service-oriented architectures
(SOA) to serve as their information technology platforms, they're
keeping up with more rapid business change by using composite
applications as a halfway point toward adopting SOAs, according to the
results of a benchmark survey by Aberdeen Group, a Harte-Hanks Company.
Composite applications contain logic and data collected from multiple IT
sources and harnessed with web services standards such as XML, SOAP, and
WS-*. They can be built and implemented even if the organization has yet
to fully develop an SOA. The survey found that most companies that build
and deploy these applications are seeing higher satisfaction among end
users. A substantial number of leading, or what Aberdeen calls
"best-in-class," companies cite lower costs and quick business reaction
to competitive pressures as chief benefits from these applications.
See also: the Aberdeen Group
XML.org is an OASIS Information Channel
sponsored by BEA Systems, Inc., IBM Corporation, Innodata Isogen, SAP AG and Sun
Microsystems, Inc.
Use http://www.oasis-open.org/mlmanage
to unsubscribe or change an email address. See http://xml.org/xml/news_market.shtml
for the list archives. |