XML and Web Services In The News - 10 January 2007
Provided by OASIS |
Edited by Robin Cover
This issue of XML Daily Newslink is sponsored by Innodata Isogen
HEADLINES:
Liberty Alliance, Microsoft Discuss Identity Protocols
Jeremy Kirk, InfoWorld
The Liberty Alliance, a consortium working on policy and technology
issues for identity management, is discussing with Microsoft how to
reconcile their competing sets of protocols for secure Web transactions.
"We have finally put down the boxing gloves and are trying to figure
out how to solve our customers' problems," said Roger Sullivan, the
newly elected president of the Liberty Alliance and vice president of
Oracle's identity management section. The Liberty Alliance, whose
participants include Hewlett-Packard, Sun Microsystems, and IBM, backs
the ID-Web Services Framework (ID-WSF), a set of protocols for Web
services. Microsoft supports another set, WS-Star. The protocols are
used for secure information exchanges over the Internet. Eventually,
the standards will likely converge, Sullivan said. But two sets of
standards create problems for enterprises who may have already invested
in infrastructure, and enterprises may delay identity projects because
of confusion. Over the next year, that will mean working with vendors
to ensure the transition is smooth and doesn't jeopardize expensive
software investments. The identity and access management field has been
hampered in the past by competing standards protocols, according to a
report released last month by analyst IDC. However, with the protocol
standards debate settling, IDC expects the revenue for identity
technologies to rise from $3 billion in 2005 to $5.1 billion in 2010. A
first step towards stability came in 2005, with the ratification of SAML
2.0 (Security Assertion Markup Language), an XML-based framework for
exchanging identity information, IDC said. SAML 2.0 was backed by the
Liberty Alliance and is now widely used in vendor products.
Speech Synthesis Markup Language (SSML) Version 1.1
Daniel C. Burnett and Zhi Wei Shuang (eds.), W3C Technical Report
W3C announced that it has taken steps to broaden support for the world's
languages in voice applications on the Web, publishing a first Working
Draft version of "Speech Synthesis Markup Language (SSML) Version 1.1."
This First Public Working Draft of Speech Synthesis Markup Language
(SSML) 1.1 incorporates important features and feedback from SSML
Workshops held in Beijing, China and Heraklion, Greece. On 13-14
January 2007, W3C conducts a third Workshop on SSML, hosted by Bhrigus
Software and the International Institute of Information Technology (IIIT)
in Hyderabad, India. This Workshop promises more expert review and
contributions to SSML, part of W3C's Speech Interface Framework, a suite
of specifications for building voice applications on the Web. The Voice
Browser Working Group has sought to develop standards to enable access
to the Web using spoken interaction. The Speech Synthesis Markup Language
Specification is one of these standards and is designed to provide a rich,
XML-based markup language for assisting the generation of synthetic
speech in Web and other applications. The essential role of the markup
language is to provide authors of synthesizable content a standard way
to control aspects of speech such as pronunciation, volume, pitch, rate,
etc. across different synthesis-capable platforms. SSML 1.1 improves on
W3C's SSML 1.0 Recommendation by adding support for more conventions
and practices of the world's languages. One new feature helps to
disambiguate word boundaries in languages that do not use whitespace as
a word boundary, including Chinese, Thai, and Japanese. SSML 1.1 allows
references to language-specific pronunciation alphabets. It clarifies
the relationship between the author's specified speaking voice and the
language being spoken. It provides finer-grained control over lexicon
activation and entry usage.
See also: the announcement
Accelerate WSS Applications with VTD-XML
Jimmy Zhang, JavaWorld.com
Web Services Security (WSS) refers to a set of XML message-level
standards designed to ensure the security of various aspects of SOA
(service-oriented architecture). Yet, due largely to the inherent issues
of DOM (Document Object Model) and SAX (Simple API for XML Processing),
the real-world implementations of WSS generally have poor performance
characteristics that often fail to meet the requirements of production
SOA deployment. With the advent of VTD-XML (Virtual Token
Descriptor-XML), this is about to change fundamentally. Still, many
problems with WSS are deeper than they appear, and overcoming them would
inevitably require changes to the problems themselves. The objectives of
this article are to analyze the performance issues of DOM for WSS
applications and look at how VTD-XML solves those issues, to introduce
XMLModifier, a new feature introduced in version 1.8 of VTD-XML, and
show some of the latest benchmark numbers of VTD-XML most relevant to
WSS, and to identify some of the technical issues in WS signing and
encryption and propose possible fixes.
Community Approach to Sun's OpenSolaris
Sean Michael Kerner, InternetNews.com
Sun is moving to open up its OpenSolaris project to allow for even more
participation from its community of users and developers in terms of both
governance and technology contributions. The OpenSolaris project first
released code in June of 2005. The effort began as a way to build the next
generation of Solaris open system in an open source-community-inspired
approach. At the project's one-year anniversary, Sun highlighted the
importance of community contributions to the effort. It's a community that
now is going to get even more opportunity to participate and shape the
future of OpenSolaris. Stephen Harpster, Director of Open Source Software,
explained that the OpenSolaris community just drafted and finalized a
constitution that describes how OpenSolaris will be governed in the future.
Currently OpenSolaris is governed by the Community Advisory Board (CAB)
made up of five members, two of whom were appointed by Sun and the rest
of whom were elected. The plan is for OpenSolaris governance to move to
a new board, which will be called the OpenSolaris Governing Board (OGB).
The OGB will have seven members all of whom will be elected by members
of the OpenSolaris community. Code contributors aren't the only ones that
will get to vote for the new OGB either. Under the new constitution,
anyone that contributes and is a member of an OpenSolaris community will
get a vote. OpenSolaris is made up of a number of communities, including
non-technical ones for marketing and documentation. The OpenSolaris tools
community evaluated a number of different open source version control
systems, including CVS and Subversion, and has decided on using Mercurial,
which will be implemented this year. Harpster also explained that
OpenSolaris is working on integrating more tools to improve the
development environment. Efforts to integrate PHP and Ruby on Rails among
other dynamic languages are under way.
OMB Issues Updated Enterprise Architecture Documents
Jason Miller, Government Computer News
As agencies develop their fiscal 2008 budget requests over the next few
months, the Office of Management and Budget's Federal Enterprise
Architecture Program Management Office recently delivered a number of
updated documents to make that process easier — or at least run more
smoothly. OMB published the latest version of the Federal Transition
Framework with 15 new cross-agency initiatives for a total of 18. The
FTF gives agencies a standard way to describe cross-agency initiatives,
and makes sharing that information easier. While agencies will not have
to use the FTF until the 2009 budget cycle, it does provide a single
source of information describing these areas, said Dick Burk, OMB's chief
architect in a letter to agency CIOs and chief architects. Burk's office
also released the new EA assessment guide, which will be used as a part
of the 2008 budget process, and a FEA Practice Guide. The Practice Guide
suggests techniques for CIOs and architects to describe how their
architecture can provide business and mission value to non-IT people.
The EA Assessment Version 2.1 is more of an update than a full revision,
Burk said in another letter to agency CIOs and chief architects. Agencies
have until Feb. 28 to submit their EAs so OMB can assess them under the
new framework. OMB will score agencies' EA and include the results in
the second-quarter President's Management Agenda scorecard, Burk said.
Additionally, OMB issued a revised consolidated FEA reference model that
includes information on all five models — Business, Technical,
Performance, Data and Service Component.
Monkfish Software Ships xmlBlueprint 4.3
Staff, ProgrammersHeaven.com
Monkfish Software has released version 4.3 of xmlBlueprint XML Editor
for the Windows platform. Version 4.3 adds support for Relax NG Schemas
and an XPath Evaluator. The occasional user will enjoy its speed and
ease-of-use. Power users will appreciate its high-quality XML support,
such as context-sensitive XML completion and validation of schemas and
XML documents against any schema. All major schema types are supported
(DTD, Relax NG Schema, XML Schema). Users can configure xmlBlueprint XML
Editor to work with any third party XML validator or XSLT processor,
adding and running additional tools to further enhance functionality.
Users can collaboratively edit and manage files on remote Web servers via
FTP, HTTP, HTTPS (secure HTTP) and WebDAV. The built-in directory tree
helps the user to quickly locate and open files. MacOS, UNIX and Windows
file formats are automatically recognized. xmlBlueprint XML Editor fully
supports the Unicode UTF-8 and UTF-16 standards on all Windows versions,
including Windows '98. This allows the user to edit files for the
Asian/Pacific and Eastern European regions.
Authorization: Standards and Granularity
Gunnar Peterson, 1 Raindrop
James McGovern, whose questions in blog comments usually take me a whole
additional blog post to answer appropriately, responding to an earlier
post on security for Integrated Transactions asks "Would you agree that
enterprises need to go beyond just building better authentication
mechanisms such as support for SAML and go deeper in terms of
authorization? What would it take to get security folks to also add
XACML to their list of frequently mentioned acroynms...". I definitely
agree with this. Enterprises need to look at authentication,
authorization, and auditing as well. Plus they need to realize that
these security landscapes have fundamentally changed 2 or 3 times in the
past decades (OO, web apps, and SOA/Web Services) all require different
types of security mechanisms, but many enterprises try in vain to find
one silver bullet. So it is definitely not just about authentication,
but the larger point I think (and the one that SAML, WS-Security,
WS-Trust, and XACML all to varying degrees help you solve) is how do you
get interoperability for security tokens at runtime. A transaction can
span dozens of namespaces, technical runtimes, governance and polic
zones, etc. So job 1 is to be able to move the tokens and recognize them
on the other end (vetting them in the process).
See also: the OASIS XACML TC
Is XML 2.0 Under Development?
Micah Dubinko, XML.com
XML, one has to admit, has been pretty successful. Despite having a
sufficient quantity of annoyances to merit a dedicated column on these
pages, XML has powered applications almost anywhere -- anywhere except
the web, if recent murmurings are an indication. Douglas Crockford,
summarizing his talk and resulting hallway conversations at the XML
2006 conference, mentions numerous voices proclaiming that XML on the
Web is dead. Some accept this statement, some insist that XML is the
one metalangauge to rule them all, and others say, "It still has a role
on the server. If we go around saying it's dead, people might start
looking for better alternatives." This isn't the first time XML has
been declared dead on the Web: back in 2004, Mark Pilgrim made a
similar proclamation. One factor neglected in those statements, however,
is the mobile-centric web, where various modularization-based variants
of XHTML have quietly lived up to their original premise. Individual
browsers vary widely in quality of implementation, but the language
itself, including core concepts of strict well-formedness, distinct
layering (yeah, I'm talking about you, document.write), and
straightforward usability over the Web are alive and healthy in mobile.
In that environment, XHTML continues steady advancement, marching over
the ashes of WML. Outside of mobile, though, things look different. It
would be a gross exaggeration to say that XHTML was overtaking HTML in
practice on the general web. Why the difference? It's interesting to
ponder why the mobile corners of the Web have bought into XHTML faster
than the rest of the Web.
XML.org is an OASIS Information Channel
sponsored by BEA Systems, Inc., IBM Corporation, Innodata Isogen, SAP AG and Sun
Microsystems, Inc.
Use http://www.oasis-open.org/mlmanage
to unsubscribe or change an email address. See http://xml.org/xml/news_market.shtml
for the list archives. |