XML and Web Services In The News - 10 January 2007

Provided by OASIS | Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by Innodata Isogen



HEADLINES:

 Liberty Alliance, Microsoft Discuss Identity Protocols
 Speech Synthesis Markup Language (SSML) Version 1.1
 Accelerate WSS Applications with VTD-XML
 Community Approach to Sun's OpenSolaris
 OMB Issues Updated Enterprise Architecture Documents
 Monkfish Software Ships xmlBlueprint 4.3
 Authorization: Standards and Granularity
 Is XML 2.0 Under Development?


Liberty Alliance, Microsoft Discuss Identity Protocols
Jeremy Kirk, InfoWorld
The Liberty Alliance, a consortium working on policy and technology issues for identity management, is discussing with Microsoft how to reconcile their competing sets of protocols for secure Web transactions. "We have finally put down the boxing gloves and are trying to figure out how to solve our customers' problems," said Roger Sullivan, the newly elected president of the Liberty Alliance and vice president of Oracle's identity management section. The Liberty Alliance, whose participants include Hewlett-Packard, Sun Microsystems, and IBM, backs the ID-Web Services Framework (ID-WSF), a set of protocols for Web services. Microsoft supports another set, WS-Star. The protocols are used for secure information exchanges over the Internet. Eventually, the standards will likely converge, Sullivan said. But two sets of standards create problems for enterprises who may have already invested in infrastructure, and enterprises may delay identity projects because of confusion. Over the next year, that will mean working with vendors to ensure the transition is smooth and doesn't jeopardize expensive software investments. The identity and access management field has been hampered in the past by competing standards protocols, according to a report released last month by analyst IDC. However, with the protocol standards debate settling, IDC expects the revenue for identity technologies to rise from $3 billion in 2005 to $5.1 billion in 2010. A first step towards stability came in 2005, with the ratification of SAML 2.0 (Security Assertion Markup Language), an XML-based framework for exchanging identity information, IDC said. SAML 2.0 was backed by the Liberty Alliance and is now widely used in vendor products.

Speech Synthesis Markup Language (SSML) Version 1.1
Daniel C. Burnett and Zhi Wei Shuang (eds.), W3C Technical Report
W3C announced that it has taken steps to broaden support for the world's languages in voice applications on the Web, publishing a first Working Draft version of "Speech Synthesis Markup Language (SSML) Version 1.1." This First Public Working Draft of Speech Synthesis Markup Language (SSML) 1.1 incorporates important features and feedback from SSML Workshops held in Beijing, China and Heraklion, Greece. On 13-14 January 2007, W3C conducts a third Workshop on SSML, hosted by Bhrigus Software and the International Institute of Information Technology (IIIT) in Hyderabad, India. This Workshop promises more expert review and contributions to SSML, part of W3C's Speech Interface Framework, a suite of specifications for building voice applications on the Web. The Voice Browser Working Group has sought to develop standards to enable access to the Web using spoken interaction. The Speech Synthesis Markup Language Specification is one of these standards and is designed to provide a rich, XML-based markup language for assisting the generation of synthetic speech in Web and other applications. The essential role of the markup language is to provide authors of synthesizable content a standard way to control aspects of speech such as pronunciation, volume, pitch, rate, etc. across different synthesis-capable platforms. SSML 1.1 improves on W3C's SSML 1.0 Recommendation by adding support for more conventions and practices of the world's languages. One new feature helps to disambiguate word boundaries in languages that do not use whitespace as a word boundary, including Chinese, Thai, and Japanese. SSML 1.1 allows references to language-specific pronunciation alphabets. It clarifies the relationship between the author's specified speaking voice and the language being spoken. It provides finer-grained control over lexicon activation and entry usage.
See also: the announcement

Accelerate WSS Applications with VTD-XML
Jimmy Zhang, JavaWorld.com
Web Services Security (WSS) refers to a set of XML message-level standards designed to ensure the security of various aspects of SOA (service-oriented architecture). Yet, due largely to the inherent issues of DOM (Document Object Model) and SAX (Simple API for XML Processing), the real-world implementations of WSS generally have poor performance characteristics that often fail to meet the requirements of production SOA deployment. With the advent of VTD-XML (Virtual Token Descriptor-XML), this is about to change fundamentally. Still, many problems with WSS are deeper than they appear, and overcoming them would inevitably require changes to the problems themselves. The objectives of this article are to analyze the performance issues of DOM for WSS applications and look at how VTD-XML solves those issues, to introduce XMLModifier, a new feature introduced in version 1.8 of VTD-XML, and show some of the latest benchmark numbers of VTD-XML most relevant to WSS, and to identify some of the technical issues in WS signing and encryption and propose possible fixes.

Community Approach to Sun's OpenSolaris
Sean Michael Kerner, InternetNews.com
Sun is moving to open up its OpenSolaris project to allow for even more participation from its community of users and developers in terms of both governance and technology contributions. The OpenSolaris project first released code in June of 2005. The effort began as a way to build the next generation of Solaris open system in an open source-community-inspired approach. At the project's one-year anniversary, Sun highlighted the importance of community contributions to the effort. It's a community that now is going to get even more opportunity to participate and shape the future of OpenSolaris. Stephen Harpster, Director of Open Source Software, explained that the OpenSolaris community just drafted and finalized a constitution that describes how OpenSolaris will be governed in the future. Currently OpenSolaris is governed by the Community Advisory Board (CAB) made up of five members, two of whom were appointed by Sun and the rest of whom were elected. The plan is for OpenSolaris governance to move to a new board, which will be called the OpenSolaris Governing Board (OGB). The OGB will have seven members all of whom will be elected by members of the OpenSolaris community. Code contributors aren't the only ones that will get to vote for the new OGB either. Under the new constitution, anyone that contributes and is a member of an OpenSolaris community will get a vote. OpenSolaris is made up of a number of communities, including non-technical ones for marketing and documentation. The OpenSolaris tools community evaluated a number of different open source version control systems, including CVS and Subversion, and has decided on using Mercurial, which will be implemented this year. Harpster also explained that OpenSolaris is working on integrating more tools to improve the development environment. Efforts to integrate PHP and Ruby on Rails among other dynamic languages are under way.

OMB Issues Updated Enterprise Architecture Documents
Jason Miller, Government Computer News
As agencies develop their fiscal 2008 budget requests over the next few months, the Office of Management and Budget's Federal Enterprise Architecture Program Management Office recently delivered a number of updated documents to make that process easier — or at least run more smoothly. OMB published the latest version of the Federal Transition Framework with 15 new cross-agency initiatives for a total of 18. The FTF gives agencies a standard way to describe cross-agency initiatives, and makes sharing that information easier. While agencies will not have to use the FTF until the 2009 budget cycle, it does provide a single source of information describing these areas, said Dick Burk, OMB's chief architect in a letter to agency CIOs and chief architects. Burk's office also released the new EA assessment guide, which will be used as a part of the 2008 budget process, and a FEA Practice Guide. The Practice Guide suggests techniques for CIOs and architects to describe how their architecture can provide business and mission value to non-IT people. The EA Assessment Version 2.1 is more of an update than a full revision, Burk said in another letter to agency CIOs and chief architects. Agencies have until Feb. 28 to submit their EAs so OMB can assess them under the new framework. OMB will score agencies' EA and include the results in the second-quarter President's Management Agenda scorecard, Burk said. Additionally, OMB issued a revised consolidated FEA reference model that includes information on all five models — Business, Technical, Performance, Data and Service Component.

Monkfish Software Ships xmlBlueprint 4.3
Staff, ProgrammersHeaven.com
Monkfish Software has released version 4.3 of xmlBlueprint XML Editor for the Windows platform. Version 4.3 adds support for Relax NG Schemas and an XPath Evaluator. The occasional user will enjoy its speed and ease-of-use. Power users will appreciate its high-quality XML support, such as context-sensitive XML completion and validation of schemas and XML documents against any schema. All major schema types are supported (DTD, Relax NG Schema, XML Schema). Users can configure xmlBlueprint XML Editor to work with any third party XML validator or XSLT processor, adding and running additional tools to further enhance functionality. Users can collaboratively edit and manage files on remote Web servers via FTP, HTTP, HTTPS (secure HTTP) and WebDAV. The built-in directory tree helps the user to quickly locate and open files. MacOS, UNIX and Windows file formats are automatically recognized. xmlBlueprint XML Editor fully supports the Unicode UTF-8 and UTF-16 standards on all Windows versions, including Windows '98. This allows the user to edit files for the Asian/Pacific and Eastern European regions.

Authorization: Standards and Granularity
Gunnar Peterson, 1 Raindrop
James McGovern, whose questions in blog comments usually take me a whole additional blog post to answer appropriately, responding to an earlier post on security for Integrated Transactions asks "Would you agree that enterprises need to go beyond just building better authentication mechanisms such as support for SAML and go deeper in terms of authorization? What would it take to get security folks to also add XACML to their list of frequently mentioned acroynms...". I definitely agree with this. Enterprises need to look at authentication, authorization, and auditing as well. Plus they need to realize that these security landscapes have fundamentally changed 2 or 3 times in the past decades (OO, web apps, and SOA/Web Services) all require different types of security mechanisms, but many enterprises try in vain to find one silver bullet. So it is definitely not just about authentication, but the larger point I think (and the one that SAML, WS-Security, WS-Trust, and XACML all to varying degrees help you solve) is how do you get interoperability for security tokens at runtime. A transaction can span dozens of namespaces, technical runtimes, governance and polic zones, etc. So job 1 is to be able to move the tokens and recognize them on the other end (vetting them in the process).
See also: the OASIS XACML TC

Is XML 2.0 Under Development?
Micah Dubinko, XML.com
XML, one has to admit, has been pretty successful. Despite having a sufficient quantity of annoyances to merit a dedicated column on these pages, XML has powered applications almost anywhere -- anywhere except the web, if recent murmurings are an indication. Douglas Crockford, summarizing his talk and resulting hallway conversations at the XML 2006 conference, mentions numerous voices proclaiming that XML on the Web is dead. Some accept this statement, some insist that XML is the one metalangauge to rule them all, and others say, "It still has a role on the server. If we go around saying it's dead, people might start looking for better alternatives." This isn't the first time XML has been declared dead on the Web: back in 2004, Mark Pilgrim made a similar proclamation. One factor neglected in those statements, however, is the mobile-centric web, where various modularization-based variants of XHTML have quietly lived up to their original premise. Individual browsers vary widely in quality of implementation, but the language itself, including core concepts of strict well-formedness, distinct layering (yeah, I'm talking about you, document.write), and straightforward usability over the Web are alive and healthy in mobile. In that environment, XHTML continues steady advancement, marching over the ashes of WML. Outside of mobile, though, things look different. It would be a gross exaggeration to say that XHTML was overtaking HTML in practice on the general web. Why the difference? It's interesting to ponder why the mobile corners of the Web have bought into XHTML faster than the rest of the Web.


XML.org is an OASIS Information Channel sponsored by BEA Systems, Inc., IBM Corporation, Innodata Isogen, SAP AG and Sun Microsystems, Inc.

Use http://www.oasis-open.org/mlmanage to unsubscribe or change an email address. See http://xml.org/xml/news_market.shtml for the list archives.


Bottom Gear Image