XML and Web Services In The News - 26 January 2007

Provided by OASIS | Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by Sun Microsystems



HEADLINES:

 Semantic Annotations for WSDL and XML Schema
 DocBook Project Announces First Release of DocBook 5 XSL Stylesheets
 OASIS LegalXML eContracts TC Releases eContracts Version 1.0 for Review
 ZXID Version 0.8: A C library Implementing the Full SAML 2.0 Stack
 Implications of SOA on Business Strategy and Organizational Design
 The Geronimo Renegade: Security and Apache Geronimo's Future
 SAP Embraces On-Demand and Mass Customer Acquisition


Semantic Annotations for WSDL and XML Schema
Joel Farrell and Holger Lausen (eds.), W3C Technical Report
W3C has announced the advancement of of the "Semantic Annotations for WSDL and XML Schema" specification to the level of Candidate Recommendation. The document was produced by members of the SAWSDL Working Group as part of the W3C Web Services Activity. SAWSDL defines how to add semantic annotations to various parts of a WSDL document such as input and output message structures, interfaces and operations. The extension attributes defined in this specification fit within the WSDL 2.0 extensibility framework. For example, it defines a way to annotate WSDL interfaces and operations with categorization information that can be used to publish a Web service in a registry. The annotations on schema types can be used during Web service discovery and composition. In addition, SAWSDL defines an annotation mechanism for specifying the structural mapping of XML Schema types to and from an ontology such mappings could be used during invocation, particularly when mediation is required. To accomplish semantic annotation, SAWSDL defines extension attributes that can be applied both to WSDL elements and to XML Schema elements. Semantic annotations are references from an element within a WSDL or XML Schema document to a concept in an ontology or to a mapping. This specification defines annotation mechanisms for relating the constituent structures of WSDL input and output messages to concepts defined in an outside ontology. Similarly, it defines how to annotate WSDL operations and interfaces. Further, it defines an annotation mechanism for specifying the structural mapping of XML Schema types to and from an ontology by means of a reference to a mapping definition. The annotation mechanism is independent of the ontology expression language and this specification requires no particular ontology language. It is also independent of mapping languages and does not restrict the possible choices of such languages. The SAWSDL Working Group plans to submit this specification for consideration as a W3C Proposed Recommendation if the following exit criteria have been met: (1) At least two parsers and at least one generator tool that implements SAWSDL over WSDL 2.0. (2) At least one parser that implements SAWSDL over WSDL 1.1. (3) At least one parser that implements the 'attrExtensions' element. (4) At least one implementation of the RDF mapping. (5) For every SAWSDL feature, at least one specification that uses it for Semantic Web Services automation.
See also: the W3C Web Services Activity

DocBook Project Announces First Release of DocBook 5 XSL Stylesheets
Bob Stayton, Software Announcement
The SourceForge DocBook Project has announced the first release of the DocBook 5 XSL Stylesheets in the SourceForge downloads area. DocBook 5 differs from preceding versions of DocBook because its elements are in a namespace "http://docbook.org/ns/docbook". Because the elements are in a namespace, the regular DocBook XSL templates do not match on the elements. In XSLT, a match attribute must explicitly specify the namespace prefix to match an element in that namespace (the default namespace does not apply to pattern matches). The regular stylesheets are able to process DocBook 5 documents now, because they preprocess a DB5 document to remove the namespace. When the regular stylesheet detects that the root element is in the namespace, it processes the document with mode="stripNS" to copy all the nodes to a variable, but without the DocBook namespace. Then it converts the variable to a nodeset, and processes the nodeset with the regular templates. The alternative approach is to create a set of templates that match on the native namespace of DocBook 5 documents. These stylesheets do that. These stylesheets completely mimic the behavior of the existing stylesheets. These are not XSLT 2.0 stylesheets, and they do not have any other significant changes than handling the namespaced elements. The two main advantages of these stylesheets are: (1) You can write customization layers using the DocBook namespace; (2) The 'xml:base' of the root element is not lost during processing, so things like images and the olink database can be found more easily... [As to] DocBook V5.x "The version 5.0 release is a complete rewrite of DocBook in RELAX NG. The intent of this rewrite is to produce a schema that is true to the spirit of DocBook while simultaneously removing inconsistencies that have arisen as a natural consequence of DocBook's long, slow evolution. The Technical Committee has taken this opportunity to simplify a number of content models and tighten constraints where RELAX NG makes that possible. The Technical Committee provides the DocBook 5.0 schema in other schema languages, including W3C XML Schema and an XML DTD, but the RELAX NG Schema is the normative schema."
See also: DocBook.org

OASIS LegalXML eContracts TC Releases eContracts Version 1.0 for Review
Staff, OASIS Announcement
Members of the OASIS LegalXML eContracts Technical Committee have approved a Committee Draft specification for eContracts, and have released a public review package. Comments are inviited through March 27, 2007. The "eContracts Version 1.0" draft documents the eContracts Schema, intended to describe the generic hierarchical structure of a wide range of contract documents. The TC envisages that the primary use of the eContracts Schema will be to facilitate the maintenance of precedent or template contract documents and contract terms by persons who wish to use them to create new contract documents with automated tools. Use cases covered include negotiated business contracts, ticket contracts, standard form business and consumer contracts and click- through agreements. Contract documents are composed of paragraphs and clauses that may be stored separately and reused in multiple documents. The eContracts Schema defines these objects as containers that can be processed as distinct objects or content chunks for storage and retrieval in document assembly and other processing systems. The eContracts Schema uses the XInclude standard to support content sharing and reuse of clauses using the item element. The TC has aimed for simplicity with the eContracts Core Schema. It defines only 51 elements. Most content can be created with just a handful of elements: item, title, block and text with the item element used recursively. This is intended to make it easy to convert existing content to the eContracts Schema and permit content components to be inserted without re-tagging at any desired level of the document hierarchy in document assembly applications. The eContracts Core Schema defines the generic, hierarchical structure of contract documents. This provides the maximum flexibility for content reuse, reliable automated processing and transformation of eContracts XML into other formats. The eContracts Core Schema provides a model for users to add metadata at the contract and clause level. The schema makes provision for common metadata fields required by document management, document assembly and publishing applications such as: (1) document identifiers, the author, version and dates; (2) the legal subject matter or categorisation of distinct content objects. The eContracts Technical Committee was chartered to develop open XML standards for the markup of contract documents to enable the efficient creation, maintenance, management, exchange and publication of contract documents and contract terms, with focus upon contracts in the Anglo-American legal domain, including other common- law based systems.
See also: the TC web site

ZXID Version 0.8: A C library Implementing the Full SAML 2.0 Stack
Sampo Kellomaki, Software Announcement
ZXID is a C library that implements the full SAML 2.0 stack and aims to implement all popular federated ID management protocols such as Liberty ID-FF 1.2, WS-Federation, WS- Trust, and ID Web Services such as Liberty ID- WSF 1.1 and 2.0. It is based on schema based code generation, resulting in an accurate implementation. SWIG is used to offer scripting language interfaces such as Perl, PHP, and Python, as well as Java. It can act as SP, IdP, WSC, and WSP. The ZXID project has currently (Jan 2007) five outputs: (1) libzxid A C library for supporting SAML 2.0, including federated Single Sign-On (SSO); (2) zxid: A C program that implements a SAML Service Provider (SP) as a CGI script (3) Net::SAML: A Perl module wrapping libzxid. Also zxid.pl, that implements SP in mod_perl environment, is supplied. (4) php_zxid: A PHP extension that wraps libzxid. Also supplied: zxid.php that implements SP in mod_php environment. (5) libzxidjni.so: A Java JNI extension that wraps libzxid. Also supplied: zxid.java that implements SP as a CGI script. As a webmaster you want to enable SAML based Single Sign-On (SSO) to your web site. In this case you would use the zxid SP CGI script directly, only configuring it slightly or you can go the zxid_simple() route. Otherwise you can hint your PHP or perl developer that this functionality is available and your want it. As a perl developer you can use the Net::SAML module to integrate SSO to your application and web site. Given the direct perl support, this is easier than fully understanding the C interface. Both mod_perl and perl as CGI are supported. As a PHP developer you can use dl("php_zxid.so") to load the module and access the high level functionality, such as SAML 2.0 SSO. We support functionality roughly equivalent to perl Net::SAML. The PHP module is fully ready to use for SSO, but we expect to add a lot more, such as WSC, in future. Both mod_php5 and php as CGI are supported. php4 should also work. As a web developer you may want to integrate SAML based SSO to your web site tool or product so that your customers can enjoy SSO enabled web sites. In this case you would study zxid.c for examples and use libzxid.a to implement the functionality in your own program. The goals of ZXID project include: [i] SOAP 1.1 support (done); [ii] SAML 2.0 compliance (SP role - done; IdP role); [iii] Liberty ID-FF 1.2 support (SP, IdP, SAML 1.1); [iv] Liberty ID-WSF 1.1 support (Discovery bootstrap, Discovery WSC, ID-DAP WSC, ID-DAP WSP); [iv] Liberty ID-WSF 2.0 support (Discovery bootstrap, Discovery WSC, ID-DAP WSC).
See also: the README

Implications of SOA on Business Strategy and Organizational Design
William Murray, SearchWebServices.com
A decade after the publication of Hammer and Champy's "Manifesto for Business Revolution", we have reached the next tipping point marked by the emergence of the digital market — the pervasive connectivity of organizations, people, information and tools across the marketplace, which is driving a fundamental shift in the way we view the corporation, i.e. as more than a collection of processes, but as a collection of services. As such, technology is now targeting the service-level to significantly improve market efficiencies, bringing to the mainstream service-oriented architectures and the concept that business services are the new fundamental building blocks of the corporation. Understanding the historical context is useful as it helps to expose the underlying pattern that exists in the evolution of technology and corporate strategy. Technology is enabling in so much as it creates efficiencies in the current business context. But more importantly, it is disruptive because it leads to seismic shifts in thinking that are the result of accumulated pressures from technology build-up over time which displace the current order, creating a new competitive landscape. The threats and opportunities that exist — and therefore types of strategies required to succeed in each — are markedly different. The IT Utility Curve oscillates between phases where technology is applied to extend existing business models (enabling) and periods where it displaces them (disruptive). Overlaying this are three distinct modes that characterize the way in which technology is exploited within the corporation: experimentation, innovation, and commoditization. Together, these form a useful framework for differentiating between strategic and tactical opportunities from a corporate planning perspective. We are approaching a new turning point precipitated by the arrival of the digital market. This milestone is marked by a shift in mindset and focus from processes to services, from organizational efficiencies to market efficiencies. It represents a transition to a disruptive period that will level the current business landscape and create new markets and market opportunities. SOA is an incredibly important landmark in this emerging landscape. The digital market speaks only to market efficiency — it does not address product efficiency. The principles of SOA design target product efficiency by driving product commoditization. They alone are not enough however. The SOA world must also create the necessary business context to be successful.

The Geronimo Renegade: Security and Apache Geronimo's Future
Nicholas Chase, IBM developerWorks
This article presents information about Apache Geronimo server security, based upon an interview with David Jencks. The goal of the Geronimo project is to produce a server runtime framework that pulls together the best Open Source alternatives to create runtimes that meet the needs of developers and system administrators. The most popular distribution is a fully certified J2EE 1.4 application server runtime, and developers are are working on the next version of the server which is based on Java EE 5. A full-service application server like Apache Geronimo needs to have a full-service security implementation, and that means more than just supporting SSL connections. It means securing the internal requests made within an application. Jencks: "Right now I am working on finishing JPA support with container-managed persistence; we have the Daytrader sample application working in Geronimo using OpenJPA. I'm quite excited by this; JPA looks like it will be a much better persistence solution than entity beans or even JDO1 (I haven't had a chance to work with JDO2 yet). I'm also working on integrating Apache CXF for the JEE5 JAX-WS support, and hope to get to Axis2 integration soon. I'm also trying to figure out how to refactor the deployment system to make it more extensible and simpler. And I'm hoping to find the time to actually demonstrate pluggable JACC. And if I get any free time I hope to get back to the Jetspeed 2 integration I started last year... We learned quite a bit implementing CORBA CSIV2 and from talking to some CORBA and XACML experts, and that has led us to re-evaluate some of the non-CORBA authentication model. With authentication, the simplest situation is where you have a dumb client, such as a Web browser, and all it does is forward the user [and] password to the actual server; this is basically the same situation as running a program locally. Here, the server just checks to see if it knows about the user [and] password, and it's done. However, as soon as you get into more complicated situations in which the client isn't quite so dumb or is another server, you need a more sophisticated approach...I think both the security assertion-based authentication and XACML or other rule-based authorization systems are fascinating and would love to work on them, but in the past year I've only managed to spend a few days on security making JACC pluggable. Our XACML expert, Simon Godik, has pointed out several other improvements that we could make, short of a complete rewrite, but no one has had time to put them into practice. This year I'm hoping we can leverage some other communities, such as Apache Directory with TripleSec, to get some exciting features in without having to do all the work ourselves. One promising sign is that one of our new committers, Vamsavardhana Reddy, has been making a lot of progress on improving administration of some security features, such as the keystore."
See also: XACML references

SAP Embraces On-Demand and Mass Customer Acquisition
Staff, Computer Business Review Online
SAP AG used its fourth-quarter conference call to trickle out more details about its forthcoming mid-market product, promising a 'game- changing' offering that combines SOA technology with a new business model. SAP described the planned product, which is slated for release in March [2007], as an "enterprise service-oriented architecture by design" platform because it has been developed around SOA concepts using SAP's SOA technology. It will be a high-volume product, offered for sale via the internet or telesales channels, built for low cost of ownership, including the ability to ne managed remotely. More significantly, it will be offered as a subscription-based on-demand product in the first instance. SAP's intention is to swoop in with a simple but complete business application suite covering all critical business functions and a choice of deployment models, of which on-demand is likely to be key, before existing players can take market share. Despite attracting more attention, the needs of small businesses and the lower end of the mid-market are still underserved. NetSuite offers an integrated ERP/CRM/e-commerce on-demand suite, and Sage is just starting to bring integrated suites to market. SAP expects the new product to contribute significantly to its target of raising its customer base to 100,000 by 2010, and believes it could deliver 10,000 new customers per year.


XML.org is an OASIS Information Channel sponsored by BEA Systems, Inc., IBM Corporation, Innodata Isogen, SAP AG and Sun Microsystems, Inc.

Use http://www.oasis-open.org/mlmanage to unsubscribe or change an email address. See http://xml.org/xml/news_market.shtml for the list archives.


Bottom Gear Image