XML and Web Services In The News - 13 September 2006

Provided by OASIS | Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by BEA Systems


HEADLINES:

 An Introduction to Web Services Reliable Messaging
 NIST Guide to Secure Web Services
 MedBiquitous Healthcare Learning Object Metadata Specifications and Description Document
 Borland Positions Modeling Tool for SOA, Eclipse
 Common Sense Suggestions for Developing Multimodal User Interfaces
 Using XML Pipelines - Part 1
 Linking Alternative Representations to Enable Discovery and Publishing
 SAP Paves The Road To Services
 Generate JSON from XML to Use With Ajax

COVER PAGES:

 Microsoft's Open Specification Promise Eases Web Services Patent Concerns

An Introduction to Web Services Reliable Messaging
Paul Fremantle, InfoQ
The OASIS WS-RX Technical Committee recently released the Web Services Reliable Messaging 1.1 specification for public review. As one of the two co-chairs of the committee, this seemed like a really good time to The OASIS WS-RX Technical Committee recently released the Web Services Reliable Messaging 1.1 specification for public review. As one of the two co-chairs of the committee, this seemed like a really good time to provide an introduction to WSRM and an overview of the specification. This article provides an introduction to the specification and talks about how it might be used in real systems. It is based on the WSRM 1.1 Committee Draft 4 which is available for public review. Web Services Reliable Messaging (WSRM) is a specification that allows two systems to send messages between each other reliably. The aim of this is to ensure that messages are transferred properly from the sender to the receiver. Reliable Messaging is a complex thing to define, but you can think about WSRM as providing a similar level of guarantee for XML messaging that a JMS system provides in the Java world. There is one key difference though - JMS is a standard API or programming model, with lots of different implementations and wire-protocols underneath it. WSRM is the opposite - a standard wire-protocol with no API or programming model of its own. Instead it composes with existing SOAP- based systems. Later in the article I will address the exact meaning of reliability and what sort of guarantees the specification offers. There are a number of implementations of the existing WSRM 1.0 specification, including Microsoft WCF (formerly known as Indigo), and Apache Sandesha2. The OASIS WSRX TC hosted an interop based on the last Committee Draft earlier in 2006, and 5 companies turned up with implementations. Although the interop didn't produce 100% coverage, three companies managed to interop fully between their implementations in all scenarios. The TC is hosting a second interop during the public review period, to fully test the implementations on the latest specification. We are also expecting more companies to take part this time... Potential uses I see for WSRM: B2B messaging; Internal department-to-department or server-to-server links; JMS replacement; JMS bridge; Browser-based scenarios and notifications.
See also: the public review drafts

NIST Guide to Secure Web Services
Anoop Singhal and Theodore Winograd, Draft NIST Special Publication
The security challenges presented by the Web services approach are formidable and unavoidable. Many of the features that make Web services attractive, including greater accessibility of data, dynamic application-to-application connections, and relative autonomy (lack of human intervention) are at odds with traditional security models and controls... While many of the Web services challenges have been met with existing standards, there are a number of challenges that standards organizations are currently addressing -— particularly in the area of Web services discovery and reliability. The Web Services Interoperability (WS-I) organization acknowledges that there are many challenges that have yet to be addressed. Some examples of these challenges are: Repudiation of transactions; Secure issuance of credentials; Exploitation of covert channels; Compromised services; Spread of viruses and Trojan horses via SOAP messages; Denial of service attacks; Incorrect service implementations; Poor service designs. The NIST "Guide to Secure Web Services" publication seeks to assist organizations in understanding the challenges in integrating information security practices into Service Oriented Architecture (SOA) design and development based on Web services. It also provides practical, real-world guidance on current and emerging standards applicable to Web services, as well as background information on the most common security threats to SOAs based on Web services.
See also: security specifications

MedBiquitous Healthcare Learning Object Metadata Specifications and Description Document
Valerie Smothers, MedBiquitous Consortium Draft
This document describes Healthcare Learning Object Metadata (Healthcare LOM) in detail. It is intended for use by anyone who wants to develop tools or implement electronic systems for managing and describing healthcare education and educational assets, such as images. Healthcare LOM is based on and is a profile of the Institute of Electrical and Electronics Engineers (IEEE) 1484.12.1 — 2002 Standard for Learning Object Metadata (LOM) and the Extensible Markup Language (XML) Schema Definition Language Binding for Learning Object Metadata (IEEE P1484.12.3-2005) developed by the IEEE Learning Technology Standards Committee. LOM is one of the standards used by the SCORM reference model for interoperability of online learning content. LOM provides descriptive information about a learning object. Just as a label on a container provides information on what's inside, learning object metadata provides information on a learning module, including the title, author, description, keywords, educational objective, and other relevant information. This information helps learners and content developers to find just the right piece of instruction. Learners can use the learning object as a mini-course, and content developers can include the learning object in a new course. LOM does not address some of the special requirements for healthcare education, including disclosure of financial interests, implementation of medical taxonomies, and indication of continuing education credits. Healthcare LOM addresses these special requirements and others. Healthcare LOM extends the LOM standard and provides custom vocabularies for some metadata elements... The Healthcare LOM specification is defined technically by XML Schema Definition files, also called XSDs. Many of the XSDs used in Healthcare LOM are from the IEEE XML binding for the LOM standard, one of the component standards of SCORM. To facilitate implementation of LOM and adherence to pre-existing descriptions of the LOM schema, the LOM standard separates definitions of datatypes, elements, and vocabularies into different XSDs. Healthcare LOM incorporates additional XSDs to customize LOM for healthcare. The healthcarelom.xsd file imports the other XSDs that describe the lom datatypes, elements, vocabularies, and healthcare extensions.
See also: the announcement

Borland Positions Modeling Tool for SOA, Eclipse
Paul Krill
Borland Software is rolling out an upgrade to its Together enterprise modeling tool for the Eclipse platform, featuring SOA capabilities. Borland Together 2006 for Eclipse Release 2 boosts its usefulness for SOA by enabling a UML-based (Unified Modeling Language) view of dependencies in an entire system. This lets developers understand where services are being invoked and helps them gauge the impact of changes. Also featured is support for the Eclipse 3.2 platform and C++ projects and integration with the company's requirements definition package. Together 2006 for Eclipse Release 2 plugs into the Eclipse shell. With C++ backing, models and code in C++ applications are synchronized automatically when developers make changes to diagrams or code. This synchronization is based on Borland's LiveSource technology. Borland sees itself competing with IBM Rational and Telelogic. But those vendors do not have UML modeling, data modeling, and business-process modeling integrated into a single tool, Hauck said. BPMN (Business Process Modeling Notation) capabilities have been improved in the new product, enabling the import of BPEL (Business Process Execution Language for Web Services). Also further compliance with the BPMN specification and diagram improvements are included. Model-Driven Architecture capabilities have been bolstered, as well, with the product offering enhanced transformation authoring, XSL (Extensible Stylesheet Language) transformation types and examples for getting started. Model and code quality assurance functions have been improved, too.

Common Sense Suggestions for Developing Multimodal User Interfaces
Jim Larson, Intel (ed), W3C Working Group Note
W3C's Multimodal Interaction Working Group has published "Common Sense Suggestions for Developing Multimodal User Interfaces" as a Working Group Note, written for interface designers and developers. With the introduction of multiple modes of input-voice, pen, and keys- inexperienced developers may design loud, confusing, and annoying user interfaces that result in low user performance and high user discontent. "This document attempts to enumerate a collection of commonsense suggestions for developing high performance and high preference multimodal user interfaces. We have collected suggestions, techniques, and principles from many diverse disciplines to generate the following suggestions for developing multimodal user interfaces. The suggestions are organized into four major principles of user interface design. The following four principles determine how quickly users are able to learn and how effectively they are able to perform desired tasks with the user interface: (1) Satisfy real-world constraints (2) Communicate clearly, concisely, and consistently with users (3) Help users recover quickly and efficiently from errors (4)Make users comfortable Multimodal user interface developers should follow the above four principles and apply the following suggestions to avoid many of the potential usability problems caused by using modes incorrectly. Use these suggestions as a checklist when you first construct a multimodal user interface. However, the final decisions about the usefulness and friendliness of the user interface rest in an abundance of iterative usability testing. If users do not like or cannot use the user interface, it does not matter if the suggestions were followed. The user interface needs to be changed so users will like and be productive with it, even when some suggestion may not have been followed. The users' needs should be the foremost concern for multimodal user interface designers and developers.
See also: W3C Multimodal Interaction Activity

Using XML Pipelines - Part 1
William Brogden, SearchWebServices.com
Mechanical assembly lines achieve efficiency by moving product through a series of fixed machines, each one specialized to do one function very efficiently. This familiar image has inspired software designers to attempt something similar. The first example I can think of is the Unix toolkit for pipeline processing of text. At a higher level of abstraction, application architects use concepts such "workflow" or "dataflow" to describe the movement of information as documents or messages through a set of processes. These days more and more documents and messages are formatted in XML, so why not an XML pipeline? XML pipeline components can be designed to do one thing and do it well. I think there is reason to believe that we could evolve a set of pipeline components that could be configured and plugged together to accomplish processing tasks rapidly and with minimum resource use. Here are some of the tasks a single component can accomplish. Some of these I have coded myself, others come from published examples. (1) Extracting Statistics - using the startElement method, a component can keep a count of various elements and the frequency of various attribute values. (2) Removing Elements - a component can selectively remove specified elements so that one master XML document can serve many purposes. (3) Adding elements or attributes based on computation - for example you could do a database query to look up a part number and add a part description to a purchase order.

On Linking Alternative Representations to Enable Discovery and Publishing
T.V. Raman (ed)., W3C Draft TAG Finding
The W3C Technical Architecture Group (TAG) has released an updated draft TAG finding "On Linking Alternative Representations to Enable Discovery and Publishing." Content creators wishing to publish multiple versions of a given resource on the Web face a number of questions with respect to how such URIs are created, published and discovered. If a resource has a multiplicity of representations, how should one publish the relevant URIs to enable automatic discovery of these representations? How does one ensure that the alternative relationship amongst these various representations is available in a machine readable form, and consequently discoverable? Multiple representations might include (a) representations appropriate for different delivery contexts, (b) representations in different languages. There has always been a need to serve user-agent specific contents for a given URI — thus highlighting the distinction between Resource and Representation on the Web. The increasing importance of the mobile, multilingual Web makes this requirement even stronger. At the same time, published content (and its various representations) needs to be discoverable on the Web; as an example, crawlers and web-bots need to be able to discover the availability of alternative representations of a given resource. Documents published on the Web become discoverable via the hyperlinked structure of the Web; to enable discovery of alternative representations, the relation between the multiple representations needs to be captured by the hyperlink structure of the Web. This finding enumerates some of the issues faced by content creators on the Web today and proposes a sequence of best practices to foster the following long-term goals: (1) Preserve a Single Web i.e., a Web where content is universally accessible from a variety of end-user devices. (2) Ensure that the One Web enables the easy exchange of resources (and pointers to resources) across its different facets, i.e., mobile and desktop users should be able to share references to Web Resources (URIs) with the accessing user being able to retrieve an appropriate representation. (3) Ensure that contents published to a given facet of the Web are linkable, discoverable, crawlable, searchable and browsable from any of its other facets.
See also: W3C TAG Findings

SAP Paves The Road To Services
Martin LaMonica, CNET News.com
SAP has detailed product developments meant to smooth the process of upgrading to the latest generation of its modular business applications. Shai Agassi, president of SAP's product and technology group, outlined the software maker's plans to technical executives and developers at its TechEd conference in Las Vegas. He announced SAP Discovery System, a collection of software components meant as a "starting point" for a services-oriented architecture, a system design meant to make SAP's applications more modular and flexible. In addition, he said, the company will shift its product release method to make upgrades faster. Rather than release large-scale updates of closely interlinked components, SAP will release more narrowly defined packages every quarter or two. SAP Discovery System is meant to be a relatively simple way for customers to start adopting SAP's latest service- oriented suite of applications. It includes the NetWeaver infrastructure software, Java-based tools for creating services, and a set of sample applications. SAP released a preview version of the package Tuesday, Agassi said. Also at the event, the company's executives gave updates on products under development, including a search engine called SAP Enterprise Search. The next version of SAP's portal, code-named Project Muse, will use AJAX-style development to improve the navigation of SAP application's screens.

Generate JSON from XML to Use With Ajax
Jack D Herrington, IBM developerWorks
The use of JavaScript code to add interactivity to your data-driven Web applications is hot nowadays. If you can encode your data as JavaScript Object Notation (JSON), you'll simplify it's use with the JavaScript language. A couple of years ago, many developers bet their futures on XML, XSLT, Extensible HTML (XHTML), and a host of tag-based "X" languages. Now, the new rage is Asynchronous JavaScript and XML (AJAX), and investors' eyes are turning toward data-driven Rich Internet Applications that use JavaScript code. But have developers bridged the gap between XML and this new technology? Sure, you could use the XML parser in a Web client to read the data, but two problems arise with that approach. First, for security reasons, XML data can only be read from the same domain as the page. That's not a huge limiting factor, but it does cause some headaches in deployment and impedes the creation of DHTML widgets. Second, reading and parsing XML is slow. Another option is to let the server do the work of parsing the XML by configuring it to send the data to the browser encoded as JavaScript code or, in the more trendy parlance, JavaScript Object Notation (JSON). In this article, I demonstrate three techniques for you to generate JSON from XML data using the XSLT V2 language and the Saxon XSLT V2 processor: (1) Simple encoding; (2) Loading data through function calls; (3) Encoding objects. You can use any of several techniques to encode data stored in XML as JavaScript code. How you encode the data depends on the design of your Web 2.0 application and what you intend to do with the data after it's on the page. The key is to make the best use of the dynamic JavaScript language that you generate.


Selected From The Cover Pages, by Robin Cover

Microsoft's Open Specification Promise Eases Web Services Patent Concerns
Microsoft has announced a broad irrevocable declaration promising not to assert Microsoft patent claims against anyone developing or distributing implementations for key Web Services specifications. The "Microsoft Open Specification Promise" applies individually to each of thirty-five (35) Covered Specifications, including many being developed at OASIS, W3C, WS-I, and elsewhere. The OSP addresses several concerns voiced by open-source software developers.


XML.org is an OASIS Information Channel sponsored by BEA Systems, Inc., IBM Corporation, Innodata Isogen, SAP AG and Sun Microsystems, Inc.

Use http://www.oasis-open.org/mlmanage to unsubscribe or change an email address. See http://xml.org/xml/news_market.shtml for the list archives.


Bottom Gear Image