XML and Web Services In The News - 31 January 2007

Provided by OASIS | Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by BEA Systems




HEADLINES:

 First Public Working Draft for W3C WSDL 1.1 Element Identifiers
 SOA Principles
 IETF Forms New Working Group on Provisioning of Symmetric Keys
 Middleware Vendors Should Standardize the WS-* Middleware Architecture
 Creating a Successful Consortium, Part II
 Brewster Kahle: Fighting to Protect Copyright 'Orphans'
 Limited EXSLT Support in Mozilla Firefox 3.0
 What is "Contradiction" of an ISO Standard?
 Web 2.0 User Interface Technologies


First Public Working Draft for W3C WSDL 1.1 Element Identifiers
David Orchard, Asir Vedamuthu, Frederick Hirsch (et al), W3C WD
W3C's Web Services Policy Working Group has released a First Public Working Draft for "WSDL 1.1 Element Identifiers." These fragment identifiers and IRI-references, designed to be easy for authors to understand and compare, are for use in Web Services Description Language (WSDL) 1.1 documents. Several issues have been filed on this document and are recorded in Bugzilla; the Working Group solicits feedback on a proposal to change the syntax of some WSDL 1.1. element identifiers. The document is primarily based upon WSDL 2.0 Core. There is a substantial difference between the WSDL 1.1 and WSDL 2.0 fragment identifiers.WSDL 2.0 defines fragment identifiers with respect to the WSDL 2.0 component model, whereas WSDL 1.1 defines XML element and attribute syntax only. Because there is no WSDL 1.1 component model, the WSDL 1.1 fragment identifiers are to the WSDL 1.1 elements. Further, the fragment identifers are to the WSDL 1.1 elements prior to any processing of the WSDL document, such as validation, inclusion, imports, schema type validation, etc. A WSDL 1.1 fragment identifier is an XPointer, augmented with WSDL 1.1 pointer parts. The pointer parts have a scheme name that corresponds to one of the standard WSDL 1.1 element names, and scheme data that is a path composed of names that identify the elements. The scheme names all begin with the prefix "wsdl11." to avoid name conflicts with other schemes. The names in the path are of type either QName, NCName, IRI, URI, or Pointer Part depending on the context. The scheme data for WSDL 1.1 extension elements is defined by the corresponding extension specification. For QNames, any prefix MUST be defined by a preceding xmlns pointer part. If a QName does not have a prefix then its namespace name is the target namespace of the WSDL 1.1 document. The fragment identifier is typically constructed from the name property of the element and the name properties of its ancestors as a path There are two main cases for WSDL 1.1 IRIs: (1) the IRI of a WSDL 1.1 document (2) the IRI of a WSDL 1.1 namespace The IRI of a WSDL 1.1 document can be dereferenced to give a resource representation that contributes elements to a single WSDL 1.1 namespace. If the media type is set to the WSDL 1.1 media type i.e., 'application/xml', then the fragment identifiers can be used to identify the main elements that are defined in the document. In keeping with WSDL 1.1, which has a recommendation that that the namespace URI be dereferencible to a WSDL 1.1 document, this document specifies the use of the namespace IRI with the WSDL 1.1 fragment identifiers to form an IRI-reference. The WG plans to publish this document as a Working Group Note.
See also: W3C Web Services Activity

SOA Principles
Dave Orchard, Blog
This document provides a technical description of SOA and what it means for Architects and developers. Readers should have some familiarity with current technologies such as Web, XML, and Web services. It document provides a view of SOA as a broad set of architecture, design principles and choices used in building distributed systems. In essence, the document views SOA as a few core principles and a set design options or 'knobs' that are set differently for each particular application depending upon the features required. There are many reasons to follow SOA design principles and options. The usual main goal is to build software that provides components that are usable by a variety of other components in a distributed environment, aka re-usable software components. Other goals include optimizing functionality, costs and non-functional requirements like scalability, performance, extensibility and security... SOA is a broad set of architecture and design principles and choices used in building distributed systems. The very fundamental part of building distributed systems is requiring that there is a described interface, or contract, between components and this contract is one step towards loose coupling. There are a variety of interface technology selections that provide further loose coupling, such as XML, WSDL and SOAP and other Web services specifications. The implementation of software, and the extent to which its internal contracts affect the published interface, has significant impacts on coupling, arguably as much as the interface technologies.

IETF Forms New Working Group on Provisioning of Symmetric Keys
Staff, IESG Announcement
The IESG Secretary announced the formation of a new IETF in the Security Area: Provisioning of Symmetric Keys (keyprov). Chaired by Phillip Hallam-Baker and Hannes Tschofenig, the Working Group has been chartered to define protocols and data formats necessary for provisioning of symmetric cryptographic keys and associated attributes. The group shall consider use cases related to use of Shared Symmetric Key Tokens. Other use cases may be considered for the purpose of avoiding unnecessary restrictions in the design and ensure the potential for future extensibility. The working group will produce the following deliverables: (1) Portable Symmetric Key Container; (2) Dynamic Symmetric Key Provisioning Protocol. Current developments in deployment of Shared Symmetric Key (SSK) tokens have highlighted the need for a standard protocol for provisioning symmetric keys. The need for provisioning protocols in PKI architectures has been recognized for some time. Although the existence and architecture of these protocols provides a feasibility proof for the KEYPROV work assumptions built into these protocols mean that it is not possible to apply them to symmetric key architectures without substantial modification. In particular the ability to provision symmetric keys and associated attributes dynamically to already issued devices such as cell phones and USB drives is highly desirable. The working group will develop the necessary protocols and data formats required to support provisioning and management of symmetric key authentication tokens, both proprietary and standards based. The following Internet drafts have been proposed by their authors as input documents: [i] Dynamic Symmetric Key Provisioning Protocol; [ii] Portable Symmetric Key Container; [iii] Extensions to CT-KIP to Support.
See also: XML and Security Standards

Middleware Vendors Should Standardize the WS-* Middleware Architecture
Nick Gall, Contributed Paper
This document is a position paper prepared for the W3C "Workshop on Web of Services for Enterprise Computing," to be held 27-28 February 2007 at MITRE, Bedford, MA, USA. The workshop addresses the question "Can the Web fulfill industry and business requirements?" This contributed paper by Nick Gall asserts: " Web Services based on SOAP and WSDL are "Web" in name only. In fact, they are a hostile overlay of the Web based on traditional enterprise middleware architectural styles that has fallen far short of expectations over the past decade. The W3C should leave the work on standardizing the WS-* middleware architecture to the middleware vendors and shift its focus to standardizing aspects of Web architecture that make it easier to apply to "application to application" scenarios. The typical use case for enterprise middleware is to create applications with little emphasis on either a shared information model or process model across multiple applications (ie stovepipes). Middleware is then used to retrofit some degree of integration between applications (aka application to application or A2A integration), usually by wrappering existing applications with APIs that are often defined on an application by application basis (i.e., point to point integration). .. It is my position that the W3C should extricate itself from further direct work on SOAP, WDSL, or any other WS-* specifications and redirect its resources into evangelizing and standardizing identifiers, formats, and protocols that exemplify Web architectural principles. This includes educating enterprise application architects how to design 'applications' that are 'native' web applications."
See also: the workshop program

Creating A Successful Consortium, Part II
Andrew Updegrove, Consortium Standards Bulletin
In Part I of this article, I reviewed the key business concepts underlying the formation of a successful consortium to develop, promote and/or support standards. In this second and final installment, I discuss the most important legal considerations to consider in creating and maintaining such organizations, including: the legal issues presented by specific types of activities; common legal structures and the relative virtues and failings of each; optimal jurisdictions for formation; antitrust laws and their implications for operations; tax exemption criteria, the advantages and disadvantages of seeking exemption as a public charity as compared to a trade association, and how to evaluate the advisability of seeking exemption; and issues associated with certification and branding.
See also: Part 1

Brewster Kahle: Fighting to Protect Copyright 'Orphans'
Daniel Terdiman, CNET News.com
An effort among Internet activists to halt the extension of copyright protections for orphan works--out-of-print books and media -- was dealt a setback last week by a U.S. appeals court decision. The case, Kahle v. Gonzales, was filed in 2004 by, among others, Internet Archive co-founder and director Brewster Kahle. Plaintiffs argued that extending such copyrights harmed the public's ability to access orphan works. The Internet Archive has been joined by companies like Google, Yahoo and Microsoft in attempting to gain public domain status for these works. But a U.S. district court had already rejected the lawsuit, and last week, the Ninth Circuit U.S. Court of Appeals upheld the lower court's decision, saying that plaintiffs' arguments were essentially the same as those rebuffed by the U.S. Supreme Court in 2003 in Eldred v. Ashcroft, which affirmed the constitutionality of new copyright laws expanding the protections for orphaned works. For Kahle, the ruling was a blow to his goal of preserving as many forms of media as possible for posterity. But he hardly views the result as a final defeat. Kahle and the Internet Archive are also gaining momentum, and recently received a $1 million grant from the Sloan Foundation for the scanning of public domain works. Kahle: "We're out to help build the Library of Alexandria version 2, starting with humankind's published works, books, music, video, Web pages, software, and make it available to everyone anywhere at anytime, and forever. We started archiving the Web in 1996 with snapshots every two months of all publicly accessible Web pages. The "Wayback Machine" is now about 85 billion pages and 1.5 petabytes. Then we moved on to books, music and video. We work with great lawyers, the U.S. Copyright office, the Library of Congress and the American Library Association. We have 30,000 movies, 100,000 audio recordings and now we're digitizing books. We now have over 2,000 bands and 36,000 concerts. With packaged software, our lawyers told us that digital rights management (DRM) would pose a problem under the Digital Millennium Copyright Act (DMCA), so we got an exemption from the copyright office allowing us to rip software and break the copy protection for archival purposes. With books, we are starting with out-of-copyright (works) and wanting to move to orphan works, then out-of-print works, then finally in-print (works). We digitize 12,000 books a month and have 100,000 on the site now for free use and download."
See also: Internet Archive

Limited EXSLT Support in Mozilla Firefox 3.0
Kurt Cagle, O'Reilly Articles
The news from the XSLT front of late has been very good, with the release of the XSLT 2.0 standard, XPath 2 and XQuery 1 - and I just found another hopeful sign in this post from Mozilla's Jonas Sicking: "We now have code checked in to support some parts of EXSLT. These functions will be supported in the upcoming Firefox 3 release: exsl:node-set; exsl:object-type; regexp:test; regexp:match; regexp:replace; set:difference; set:distinct; set:intersection; set:distinct; set:has-same-node; set:leading; set:trailing; str:tokenize; str:concat; str:split; math:min; math:max; math:highest; math:lowest." Mozilla Firefox has definitely become my favorite browser, but I have to admit that I've long been frustrated that the browser was hampered with such a limited XSLT processor. Perhaps the chief complaint I've had comes from the lack of the node-set() method in XSLT's XPath. Node-set() isn't in XSLT 1 and it isn't in XSLT 2, but for completely different reasons. In XSLT1, there was a fundamental notion that XSLT should be completely side-effect free, to the extent that you couldn't create intermediate XML to be processed by other templates, but instead had to live with 'XML Fragments'. In XSLT2, the underlying data model was revamped to the extent, including the introduction of sequences (more about that in an upcoming post) and one immediate consequence of this was that you could get intermediate XML creation largely for free. node-set() is an evolutionary step between 1 and 2, however, and was perhaps one of the biggest driving factors in the establishment of the EXSLT library. The nodeset method takes a string representation of a well-formed XML fragment and converts it into a nodeset that can then be assigned to a variable or processed in an apply-templates or for-each statement. This lack was realized early on by Microsoft in their browser, and the Saxon 6.x libraries included an equivalent statement, to the extent that by the early years of this decade the node-set() function was considered an 'unofficial' but established XPath method.

What is "Contradiction" of an ISO Standard?
Rick Jelliffe, O'Reilly Opinion
Patrick Durusau, editor of ODF, asked me to restate my thoughts on what "contradiction" should mean at ISO. I had mentioned my views in an SC34 meeting last year. This topic is, of course, of interest right at the moment, because the Ecma proposal for OOXML is at the stage in its acceptance process where the process says it should be checked to make sure it doesn't contradict other standards. I take a fairly strict view of "contradiction". Anything else works against fairness of process. A contradiction is where [extract]: (1) One standard attempts to redefine another, or is a rival standard for exactly the same named thing but is different in some aspect... (2) One standard disrupts another — the precedent for this is the IEEE 802 WAPI issue in which the claim was that the changes would make existing conforming implementations non-conforming... (3) One standard pretends to be another... (4) One standard incorrectly uses another — for example, if a standard said it used ISO SGML but allowed that to be invalid for no intrinsic reason. A contradiction may have negative effects, such as user confusion, but it is not the negative effects that cause that there is a contradiction; a highly technical standard will confuse anyone. It is the direct contradictions int he text of the standards that is involved. So what, in those terms, are not contradictions? [extract]: [i] overlap — for example, there are two to five (depending on how you count them) standards for grammar-based schema languages at ISO (SGML/XML DTDs, Architectural Forms, RELAX NG, RELAX NG compact syntax, namespace-aware DTDs) let alone considering W3C XML Schemas as a standard schema language; [ii] using a profile; [iii] doing your own thing within a specification; [iv] reserved-but-unused or deprecated keywords with inadequate explaination of the operation that the keywords would have if they were allowed-for-use and not deprecated.
See also: Andy Updegrove

Web 2.0 User Interface Technologies
Sam Thompson, IBM developerWorks
This article explores a series of Web 2.0 user interface technologies that enable you to build applications with better-than-browser user experiences. As a result, you can centrally deploy and manage them just like any other Java 2 Enterprise Edition (Java EE) application. Web 2.0 applications provide the best of both worlds: the cost- effective, server-based deployment model combined with rich user experiences that are comparable to most user experiences with client- resident applications. Here are the different technology options for you to create compelling user experiences for today's Java EE applications: (1) Flex and OpenLaszlo; (2) IBM Workplace Managed Client and the IBM Lotus Expeditor; (3) Faces Client Components; (4) Ajax; (5) HTML. The strong momentum in the industry today is to improve the user experience of server-delivered applications. Ajax, while still a bit immature, has gathered tremendous momentum and many enterprises, both small and large, are starting to use it in production. The other technologies mentioned in this paper have small pockets of support, but none have emerged as a sure bet at this point. Other user interface technologies, both commercial and open source (such as Nexaweb, Backbase, and JackBE) also exist, but were not mentioned in this paper to keep the paper reasonably concise. The key is that none of these technologies is one size fits all, and thus, none is a perfect fit for all situations. Each of the above technologies has its own merits and can be a good fit depending on the circumstances. So how to choose? For starters, nothing can beat good old HTML if the driving force behind your technology selection is to reach as many users as possible. At the opposite extreme, if you require disconnected operations and you can install your application's software on the user's machine, one of the EclipseRPC-based alternatives, Workplace Managed Client or Lotus Expeditor, is the best fit. If you require a rich user experience that you can only deliver through the fidelity of Flash Player, you can probably justify using Flex or OpenLaszlo. If you build the application using JavaServer Faces, you're better off using some Faces Client Components. Lastly, if your goal is simply to attack some usability hot spots in an existing HTML-based user interface or to deliver a standards-based, plug-in-free, better-than- browser user experience, Ajax is the way to go. At this point in the hype cycle, Ajax seems to be emerging as the most popular Web 2.0 technology choice.


XML.org is an OASIS Information Channel sponsored by BEA Systems, Inc., IBM Corporation, Innodata Isogen, SAP AG and Sun Microsystems, Inc.

Use http://www.oasis-open.org/mlmanage to unsubscribe or change an email address. See http://xml.org/xml/news_market.shtml for the list archives.


Bottom Gear Image