XML and Web Services In The News - 26 January 2007
Provided by OASIS |
Edited by Robin Cover
This issue of XML Daily Newslink is sponsored by Sun Microsystems
HEADLINES:
Semantic Annotations for WSDL and XML Schema
Joel Farrell and Holger Lausen (eds.), W3C Technical Report
W3C has announced the advancement of of the "Semantic Annotations for
WSDL and XML Schema" specification to the level of Candidate
Recommendation. The document was produced by members of the SAWSDL
Working Group as part of the W3C Web Services Activity. SAWSDL defines
how to add semantic annotations to various parts of a WSDL document such
as input and output message structures, interfaces and operations. The
extension attributes defined in this specification fit within the WSDL
2.0 extensibility framework. For example, it defines a way to annotate
WSDL interfaces and operations with categorization information that can
be used to publish a Web service in a registry. The annotations on
schema types can be used during Web service discovery and composition.
In addition, SAWSDL defines an annotation mechanism for specifying the
structural mapping of XML Schema types to and from an ontology such
mappings could be used during invocation, particularly when mediation
is required. To accomplish semantic annotation, SAWSDL defines extension
attributes that can be applied both to WSDL elements and to XML Schema
elements. Semantic annotations are references from an element within a
WSDL or XML Schema document to a concept in an ontology or to a mapping.
This specification defines annotation mechanisms for relating the
constituent structures of WSDL input and output messages to concepts
defined in an outside ontology. Similarly, it defines how to annotate
WSDL operations and interfaces. Further, it defines an annotation
mechanism for specifying the structural mapping of XML Schema types to
and from an ontology by means of a reference to a mapping definition.
The annotation mechanism is independent of the ontology expression
language and this specification requires no particular ontology language.
It is also independent of mapping languages and does not restrict the
possible choices of such languages. The SAWSDL Working Group plans to
submit this specification for consideration as a W3C Proposed
Recommendation if the following exit criteria have been met: (1) At
least two parsers and at least one generator tool that implements
SAWSDL over WSDL 2.0. (2) At least one parser that implements SAWSDL
over WSDL 1.1. (3) At least one parser that implements the
'attrExtensions' element. (4) At least one implementation of the RDF
mapping. (5) For every SAWSDL feature, at least one specification
that uses it for Semantic Web Services automation.
See also: the W3C Web Services Activity
DocBook Project Announces First Release of DocBook 5 XSL Stylesheets
Bob Stayton, Software Announcement
The SourceForge DocBook Project has announced the first release of the
DocBook 5 XSL Stylesheets in the SourceForge downloads area. DocBook 5
differs from preceding versions of DocBook because its elements are in
a namespace "http://docbook.org/ns/docbook". Because the elements are
in a namespace, the regular DocBook XSL templates do not match on the
elements. In XSLT, a match attribute must explicitly specify the
namespace prefix to match an element in that namespace (the default
namespace does not apply to pattern matches). The regular stylesheets
are able to process DocBook 5 documents now, because they preprocess a
DB5 document to remove the namespace. When the regular stylesheet
detects that the root element is in the namespace, it processes the
document with mode="stripNS" to copy all the nodes to a variable, but
without the DocBook namespace. Then it converts the variable to a
nodeset, and processes the nodeset with the regular templates. The
alternative approach is to create a set of templates that match on the
native namespace of DocBook 5 documents. These stylesheets do that.
These stylesheets completely mimic the behavior of the existing
stylesheets. These are not XSLT 2.0 stylesheets, and they do not have
any other significant changes than handling the namespaced elements.
The two main advantages of these stylesheets are: (1) You can write
customization layers using the DocBook namespace; (2) The 'xml:base'
of the root element is not lost during processing, so things like
images and the olink database can be found more easily... [As to]
DocBook V5.x "The version 5.0 release is a complete rewrite of
DocBook in RELAX NG. The intent of this rewrite is to produce a
schema that is true to the spirit of DocBook while simultaneously
removing inconsistencies that have arisen as a natural consequence
of DocBook's long, slow evolution. The Technical Committee has taken
this opportunity to simplify a number of content models and tighten
constraints where RELAX NG makes that possible. The Technical
Committee provides the DocBook 5.0 schema in other schema languages,
including W3C XML Schema and an XML DTD, but the RELAX NG Schema is
the normative schema."
See also: DocBook.org
OASIS LegalXML eContracts TC Releases eContracts Version 1.0 for Review
Staff, OASIS Announcement
Members of the OASIS LegalXML eContracts Technical Committee have
approved a Committee Draft specification for eContracts, and have
released a public review package. Comments are inviited through March
27, 2007. The "eContracts Version 1.0" draft documents the eContracts
Schema, intended to describe the generic hierarchical structure of a
wide range of contract documents. The TC envisages that the primary
use of the eContracts Schema will be to facilitate the maintenance of
precedent or template contract documents and contract terms by persons
who wish to use them to create new contract documents with automated
tools. Use cases covered include negotiated business contracts, ticket
contracts, standard form business and consumer contracts and click-
through agreements. Contract documents are composed of paragraphs and
clauses that may be stored separately and reused in multiple documents.
The eContracts Schema defines these objects as containers that can be
processed as distinct objects or content chunks for storage and
retrieval in document assembly and other processing systems. The
eContracts Schema uses the XInclude standard to support content sharing
and reuse of clauses using the item element. The TC has aimed for
simplicity with the eContracts Core Schema. It defines only 51 elements.
Most content can be created with just a handful of elements: item,
title, block and text with the item element used recursively. This is
intended to make it easy to convert existing content to the eContracts
Schema and permit content components to be inserted without re-tagging
at any desired level of the document hierarchy in document assembly
applications. The eContracts Core Schema defines the generic,
hierarchical structure of contract documents. This provides the maximum
flexibility for content reuse, reliable automated processing and
transformation of eContracts XML into other formats. The eContracts
Core Schema provides a model for users to add metadata at the contract
and clause level. The schema makes provision for common metadata fields
required by document management, document assembly and publishing
applications such as: (1) document identifiers, the author, version and
dates; (2) the legal subject matter or categorisation of distinct
content objects. The eContracts Technical Committee was chartered to
develop open XML standards for the markup of contract documents to
enable the efficient creation, maintenance, management, exchange and
publication of contract documents and contract terms, with focus upon
contracts in the Anglo-American legal domain, including other common-
law based systems.
See also: the TC web site
ZXID Version 0.8: A C library Implementing the Full SAML 2.0 Stack
Sampo Kellomaki, Software Announcement
ZXID is a C library that implements the full SAML 2.0 stack and aims
to implement all popular federated ID management protocols such as
Liberty ID-FF 1.2, WS-Federation, WS- Trust, and ID Web Services such
as Liberty ID- WSF 1.1 and 2.0. It is based on schema based code
generation, resulting in an accurate implementation. SWIG is used to
offer scripting language interfaces such as Perl, PHP, and Python, as
well as Java. It can act as SP, IdP, WSC, and WSP. The ZXID project
has currently (Jan 2007) five outputs: (1) libzxid A C library for
supporting SAML 2.0, including federated Single Sign-On (SSO); (2)
zxid: A C program that implements a SAML Service Provider (SP) as a
CGI script (3) Net::SAML: A Perl module wrapping libzxid. Also zxid.pl,
that implements SP in mod_perl environment, is supplied. (4) php_zxid:
A PHP extension that wraps libzxid. Also supplied: zxid.php that
implements SP in mod_php environment. (5) libzxidjni.so: A Java JNI
extension that wraps libzxid. Also supplied: zxid.java that implements
SP as a CGI script. As a webmaster you want to enable SAML based
Single Sign-On (SSO) to your web site. In this case you would use the
zxid SP CGI script directly, only configuring it slightly or you can
go the zxid_simple() route. Otherwise you can hint your PHP or perl
developer that this functionality is available and your want it. As a
perl developer you can use the Net::SAML module to integrate SSO to
your application and web site. Given the direct perl support, this is
easier than fully understanding the C interface. Both mod_perl and
perl as CGI are supported. As a PHP developer you can use
dl("php_zxid.so") to load the module and access the high level
functionality, such as SAML 2.0 SSO. We support functionality roughly
equivalent to perl Net::SAML. The PHP module is fully ready to use for
SSO, but we expect to add a lot more, such as WSC, in future. Both
mod_php5 and php as CGI are supported. php4 should also work. As a
web developer you may want to integrate SAML based SSO to your web
site tool or product so that your customers can enjoy SSO enabled web
sites. In this case you would study zxid.c for examples and use
libzxid.a to implement the functionality in your own program. The
goals of ZXID project include: [i] SOAP 1.1 support (done); [ii] SAML
2.0 compliance (SP role - done; IdP role); [iii] Liberty ID-FF 1.2
support (SP, IdP, SAML 1.1); [iv] Liberty ID-WSF 1.1 support
(Discovery bootstrap, Discovery WSC, ID-DAP WSC, ID-DAP WSP); [iv]
Liberty ID-WSF 2.0 support (Discovery bootstrap, Discovery WSC,
ID-DAP WSC).
See also: the README
Implications of SOA on Business Strategy and Organizational Design
William Murray, SearchWebServices.com
A decade after the publication of Hammer and Champy's "Manifesto for
Business Revolution", we have reached the next tipping point marked by
the emergence of the digital market — the pervasive connectivity of
organizations, people, information and tools across the marketplace,
which is driving a fundamental shift in the way we view the corporation,
i.e. as more than a collection of processes, but as a collection of
services. As such, technology is now targeting the service-level to
significantly improve market efficiencies, bringing to the mainstream
service-oriented architectures and the concept that business services
are the new fundamental building blocks of the corporation.
Understanding the historical context is useful as it helps to expose
the underlying pattern that exists in the evolution of technology and
corporate strategy. Technology is enabling in so much as it creates
efficiencies in the current business context. But more importantly, it
is disruptive because it leads to seismic shifts in thinking that are
the result of accumulated pressures from technology build-up over
time which displace the current order, creating a new competitive
landscape. The threats and opportunities that exist — and therefore
types of strategies required to succeed in each — are markedly
different. The IT Utility Curve oscillates between phases where
technology is applied to extend existing business models (enabling)
and periods where it displaces them (disruptive). Overlaying this
are three distinct modes that characterize the way in which technology
is exploited within the corporation: experimentation, innovation, and
commoditization. Together, these form a useful framework for
differentiating between strategic and tactical opportunities from a
corporate planning perspective. We are approaching a new turning point
precipitated by the arrival of the digital market. This milestone is
marked by a shift in mindset and focus from processes to services,
from organizational efficiencies to market efficiencies. It represents
a transition to a disruptive period that will level the current business
landscape and create new markets and market opportunities. SOA is an
incredibly important landmark in this emerging landscape. The digital
market speaks only to market efficiency — it does not address product
efficiency. The principles of SOA design target product efficiency by
driving product commoditization. They alone are not enough however.
The SOA world must also create the necessary business context to be
successful.
The Geronimo Renegade: Security and Apache Geronimo's Future
Nicholas Chase, IBM developerWorks
This article presents information about Apache Geronimo server security,
based upon an interview with David Jencks. The goal of the Geronimo
project is to produce a server runtime framework that pulls together
the best Open Source alternatives to create runtimes that meet the
needs of developers and system administrators. The most popular
distribution is a fully certified J2EE 1.4 application server runtime,
and developers are are working on the next version of the server which
is based on Java EE 5. A full-service application server like Apache
Geronimo needs to have a full-service security implementation, and
that means more than just supporting SSL connections. It means
securing the internal requests made within an application. Jencks:
"Right now I am working on finishing JPA support with container-managed
persistence; we have the Daytrader sample application working in
Geronimo using OpenJPA. I'm quite excited by this; JPA looks like it
will be a much better persistence solution than entity beans or even
JDO1 (I haven't had a chance to work with JDO2 yet). I'm also working
on integrating Apache CXF for the JEE5 JAX-WS support, and hope to get
to Axis2 integration soon. I'm also trying to figure out how to
refactor the deployment system to make it more extensible and simpler.
And I'm hoping to find the time to actually demonstrate pluggable JACC.
And if I get any free time I hope to get back to the Jetspeed 2
integration I started last year... We learned quite a bit implementing
CORBA CSIV2 and from talking to some CORBA and XACML experts, and that
has led us to re-evaluate some of the non-CORBA authentication model.
With authentication, the simplest situation is where you have a dumb
client, such as a Web browser, and all it does is forward the user [and]
password to the actual server; this is basically the same situation as
running a program locally. Here, the server just checks to see if it
knows about the user [and] password, and it's done. However, as soon
as you get into more complicated situations in which the client isn't
quite so dumb or is another server, you need a more sophisticated
approach...I think both the security assertion-based authentication
and XACML or other rule-based authorization systems are fascinating
and would love to work on them, but in the past year I've only managed
to spend a few days on security making JACC pluggable. Our XACML expert,
Simon Godik, has pointed out several other improvements that we could
make, short of a complete rewrite, but no one has had time to put them
into practice. This year I'm hoping we can leverage some other
communities, such as Apache Directory with TripleSec, to get some
exciting features in without having to do all the work ourselves. One
promising sign is that one of our new committers, Vamsavardhana Reddy,
has been making a lot of progress on improving administration of some
security features, such as the keystore."
See also: XACML references
SAP Embraces On-Demand and Mass Customer Acquisition
Staff, Computer Business Review Online
SAP AG used its fourth-quarter conference call to trickle out more
details about its forthcoming mid-market product, promising a 'game-
changing' offering that combines SOA technology with a new business
model. SAP described the planned product, which is slated for release
in March [2007], as an "enterprise service-oriented architecture by
design" platform because it has been developed around SOA concepts using
SAP's SOA technology. It will be a high-volume product, offered for
sale via the internet or telesales channels, built for low cost of
ownership, including the ability to ne managed remotely. More
significantly, it will be offered as a subscription-based on-demand
product in the first instance. SAP's intention is to swoop in with a
simple but complete business application suite covering all critical
business functions and a choice of deployment models, of which on-demand
is likely to be key, before existing players can take market share.
Despite attracting more attention, the needs of small businesses and
the lower end of the mid-market are still underserved. NetSuite offers
an integrated ERP/CRM/e-commerce on-demand suite, and Sage is just
starting to bring integrated suites to market. SAP expects the new
product to contribute significantly to its target of raising its
customer base to 100,000 by 2010, and believes it could deliver 10,000
new customers per year.
XML.org is an OASIS Information Channel
sponsored by BEA Systems, Inc., IBM Corporation, Innodata Isogen, SAP AG and Sun
Microsystems, Inc.
Use http://www.oasis-open.org/mlmanage
to unsubscribe or change an email address. See http://xml.org/xml/news_market.shtml
for the list archives. |