XML and Web Services In The News - 13 September 2006
Provided by OASIS |
Edited by Robin Cover
This issue of XML Daily Newslink is sponsored by BEA Systems
HEADLINES:
COVER PAGES:
An Introduction to Web Services Reliable Messaging
Paul Fremantle, InfoQ
The OASIS WS-RX Technical Committee recently released the Web Services
Reliable Messaging 1.1 specification for public review. As one of the
two co-chairs of the committee, this seemed like a really good time to
The OASIS WS-RX Technical Committee recently released the Web Services
Reliable Messaging 1.1 specification for public review. As one of the
two co-chairs of the committee, this seemed like a really good time to
provide an introduction to WSRM and an overview of the specification.
This article provides an introduction to the specification and talks
about how it might be used in real systems. It is based on the WSRM
1.1 Committee Draft 4 which is available for public review. Web Services
Reliable Messaging (WSRM) is a specification that allows two systems
to send messages between each other reliably. The aim of this is to
ensure that messages are transferred properly from the sender to the
receiver. Reliable Messaging is a complex thing to define, but you
can think about WSRM as providing a similar level of guarantee for XML
messaging that a JMS system provides in the Java world. There is one
key difference though - JMS is a standard API or programming model,
with lots of different implementations and wire-protocols underneath
it. WSRM is the opposite - a standard wire-protocol with no API or
programming model of its own. Instead it composes with existing SOAP-
based systems. Later in the article I will address the exact meaning
of reliability and what sort of guarantees the specification offers.
There are a number of implementations of the existing WSRM 1.0
specification, including Microsoft WCF (formerly known as Indigo), and
Apache Sandesha2. The OASIS WSRX TC hosted an interop based on the
last Committee Draft earlier in 2006, and 5 companies turned up with
implementations. Although the interop didn't produce 100% coverage,
three companies managed to interop fully between their implementations
in all scenarios. The TC is hosting a second interop during the public
review period, to fully test the implementations on the latest
specification. We are also expecting more companies to take part this
time... Potential uses I see for WSRM: B2B messaging; Internal
department-to-department or server-to-server links; JMS replacement;
JMS bridge; Browser-based scenarios and notifications.
See also: the public review drafts
NIST Guide to Secure Web Services
Anoop Singhal and Theodore Winograd, Draft NIST Special Publication
The security challenges presented by the Web services approach are
formidable and unavoidable. Many of the features that make Web services
attractive, including greater accessibility of data, dynamic
application-to-application connections, and relative autonomy (lack of
human intervention) are at odds with traditional security models and
controls... While many of the Web services challenges have been met
with existing standards, there are a number of challenges that standards
organizations are currently addressing -— particularly in the area of
Web services discovery and reliability. The Web Services
Interoperability (WS-I) organization acknowledges that there are
many challenges that have yet to be addressed. Some examples of these
challenges are: Repudiation of transactions; Secure issuance of
credentials; Exploitation of covert channels; Compromised services;
Spread of viruses and Trojan horses via SOAP messages; Denial of
service attacks; Incorrect service implementations; Poor service
designs. The NIST "Guide to Secure Web Services" publication seeks to
assist organizations in understanding the challenges in integrating
information security practices into Service Oriented Architecture (SOA)
design and development based on Web services. It also provides
practical, real-world guidance on current and emerging standards
applicable to Web services, as well as background information on the
most common security threats to SOAs based on Web services.
See also: security specifications
MedBiquitous Healthcare Learning Object Metadata Specifications and Description Document
Valerie Smothers, MedBiquitous Consortium Draft
This document describes Healthcare Learning Object Metadata (Healthcare
LOM) in detail. It is intended for use by anyone who wants to develop
tools or implement electronic systems for managing and describing
healthcare education and educational assets, such as images. Healthcare
LOM is based on and is a profile of the Institute of Electrical and
Electronics Engineers (IEEE) 1484.12.1 — 2002 Standard for
Learning Object Metadata (LOM) and the Extensible Markup Language (XML)
Schema Definition Language Binding for Learning Object Metadata (IEEE
P1484.12.3-2005) developed by the IEEE Learning Technology Standards
Committee. LOM is one of the standards used by the SCORM reference model
for interoperability of online learning content. LOM provides
descriptive information about a learning object. Just as a label on a
container provides information on what's inside, learning object
metadata provides information on a learning module, including the title,
author, description, keywords, educational objective, and other relevant
information. This information helps learners and content developers to
find just the right piece of instruction. Learners can use the learning
object as a mini-course, and content developers can include the learning
object in a new course. LOM does not address some of the special
requirements for healthcare education, including disclosure of financial
interests, implementation of medical taxonomies, and indication of
continuing education credits. Healthcare LOM addresses these special
requirements and others. Healthcare LOM extends the LOM standard and
provides custom vocabularies for some metadata elements... The
Healthcare LOM specification is defined technically by XML Schema
Definition files, also called XSDs. Many of the XSDs used in Healthcare
LOM are from the IEEE XML binding for the LOM standard, one of the
component standards of SCORM. To facilitate implementation of LOM and
adherence to pre-existing descriptions of the LOM schema, the LOM
standard separates definitions of datatypes, elements, and vocabularies
into different XSDs. Healthcare LOM incorporates additional XSDs to
customize LOM for healthcare. The healthcarelom.xsd file imports the
other XSDs that describe the lom datatypes, elements, vocabularies,
and healthcare extensions.
See also: the announcement
Borland Positions Modeling Tool for SOA, Eclipse
Paul Krill
Borland Software is rolling out an upgrade to its Together enterprise
modeling tool for the Eclipse platform, featuring SOA capabilities.
Borland Together 2006 for Eclipse Release 2 boosts its usefulness for
SOA by enabling a UML-based (Unified Modeling Language) view of
dependencies in an entire system. This lets developers understand where
services are being invoked and helps them gauge the impact of changes.
Also featured is support for the Eclipse 3.2 platform and C++ projects
and integration with the company's requirements definition package.
Together 2006 for Eclipse Release 2 plugs into the Eclipse shell. With
C++ backing, models and code in C++ applications are synchronized
automatically when developers make changes to diagrams or code. This
synchronization is based on Borland's LiveSource technology. Borland
sees itself competing with IBM Rational and Telelogic. But those
vendors do not have UML modeling, data modeling, and business-process
modeling integrated into a single tool, Hauck said. BPMN (Business
Process Modeling Notation) capabilities have been improved in the new
product, enabling the import of BPEL (Business Process Execution
Language for Web Services). Also further compliance with the BPMN
specification and diagram improvements are included. Model-Driven
Architecture capabilities have been bolstered, as well, with the
product offering enhanced transformation authoring, XSL (Extensible
Stylesheet Language) transformation types and examples for getting
started. Model and code quality assurance functions have been
improved, too.
Common Sense Suggestions for Developing Multimodal User Interfaces
Jim Larson, Intel (ed), W3C Working Group Note
W3C's Multimodal Interaction Working Group has published "Common Sense
Suggestions for Developing Multimodal User Interfaces" as a Working
Group Note, written for interface designers and developers. With the
introduction of multiple modes of input-voice, pen, and keys-
inexperienced developers may design loud, confusing, and annoying user
interfaces that result in low user performance and high user discontent.
"This document attempts to enumerate a collection of commonsense
suggestions for developing high performance and high preference
multimodal user interfaces. We have collected suggestions, techniques,
and principles from many diverse disciplines to generate the following
suggestions for developing multimodal user interfaces. The suggestions
are organized into four major principles of user interface design. The
following four principles determine how quickly users are able to learn
and how effectively they are able to perform desired tasks with the
user interface: (1) Satisfy real-world constraints (2) Communicate
clearly, concisely, and consistently with users (3) Help users recover
quickly and efficiently from errors (4)Make users comfortable Multimodal
user interface developers should follow the above four principles and
apply the following suggestions to avoid many of the potential usability
problems caused by using modes incorrectly. Use these suggestions as a
checklist when you first construct a multimodal user interface. However,
the final decisions about the usefulness and friendliness of the user
interface rest in an abundance of iterative usability testing. If users
do not like or cannot use the user interface, it does not matter if the
suggestions were followed. The user interface needs to be changed so
users will like and be productive with it, even when some suggestion
may not have been followed. The users' needs should be the foremost
concern for multimodal user interface designers and developers.
See also: W3C Multimodal Interaction Activity
Using XML Pipelines - Part 1
William Brogden, SearchWebServices.com
Mechanical assembly lines achieve efficiency by moving product through
a series of fixed machines, each one specialized to do one function
very efficiently. This familiar image has inspired software designers
to attempt something similar. The first example I can think of is the
Unix toolkit for pipeline processing of text. At a higher level of
abstraction, application architects use concepts such "workflow" or
"dataflow" to describe the movement of information as documents or
messages through a set of processes. These days more and more documents
and messages are formatted in XML, so why not an XML pipeline? XML
pipeline components can be designed to do one thing and do it well. I
think there is reason to believe that we could evolve a set of pipeline
components that could be configured and plugged together to accomplish
processing tasks rapidly and with minimum resource use. Here are some
of the tasks a single component can accomplish. Some of these I have
coded myself, others come from published examples. (1) Extracting
Statistics - using the startElement method, a component can keep a
count of various elements and the frequency of various attribute
values. (2) Removing Elements - a component can selectively remove
specified elements so that one master XML document can serve many
purposes. (3) Adding elements or attributes based on computation -
for example you could do a database query to look up a part number
and add a part description to a purchase order.
On Linking Alternative Representations to Enable Discovery and Publishing
T.V. Raman (ed)., W3C Draft TAG Finding
The W3C Technical Architecture Group (TAG) has released an updated
draft TAG finding "On Linking Alternative Representations to Enable
Discovery and Publishing." Content creators wishing to publish multiple
versions of a given resource on the Web face a number of questions with
respect to how such URIs are created, published and discovered. If a
resource has a multiplicity of representations, how should one publish
the relevant URIs to enable automatic discovery of these
representations? How does one ensure that the alternative relationship
amongst these various representations is available in a machine readable
form, and consequently discoverable? Multiple representations might
include (a) representations appropriate for different delivery contexts,
(b) representations in different languages. There has always been a
need to serve user-agent specific contents for a given URI — thus
highlighting the distinction between Resource and Representation on the
Web. The increasing importance of the mobile, multilingual Web makes
this requirement even stronger. At the same time, published content
(and its various representations) needs to be discoverable on the Web;
as an example, crawlers and web-bots need to be able to discover the
availability of alternative representations of a given resource.
Documents published on the Web become discoverable via the hyperlinked
structure of the Web; to enable discovery of alternative representations,
the relation between the multiple representations needs to be captured
by the hyperlink structure of the Web. This finding enumerates some of
the issues faced by content creators on the Web today and proposes a
sequence of best practices to foster the following long-term goals:
(1) Preserve a Single Web i.e., a Web where content is universally
accessible from a variety of end-user devices. (2) Ensure that the One
Web enables the easy exchange of resources (and pointers to resources)
across its different facets, i.e., mobile and desktop users should be
able to share references to Web Resources (URIs) with the accessing
user being able to retrieve an appropriate representation. (3) Ensure
that contents published to a given facet of the Web are linkable,
discoverable, crawlable, searchable and browsable from any of its
other facets.
See also: W3C TAG Findings
SAP Paves The Road To Services
Martin LaMonica, CNET News.com
SAP has detailed product developments meant to smooth the process of
upgrading to the latest generation of its modular business applications.
Shai Agassi, president of SAP's product and technology group, outlined
the software maker's plans to technical executives and developers at
its TechEd conference in Las Vegas. He announced SAP Discovery System,
a collection of software components meant as a "starting point" for
a services-oriented architecture, a system design meant to make SAP's
applications more modular and flexible. In addition, he said, the
company will shift its product release method to make upgrades faster.
Rather than release large-scale updates of closely interlinked
components, SAP will release more narrowly defined packages every
quarter or two. SAP Discovery System is meant to be a relatively
simple way for customers to start adopting SAP's latest service-
oriented suite of applications. It includes the NetWeaver
infrastructure software, Java-based tools for creating services, and
a set of sample applications. SAP released a preview version of the
package Tuesday, Agassi said. Also at the event, the company's
executives gave updates on products under development, including a
search engine called SAP Enterprise Search. The next version of SAP's
portal, code-named Project Muse, will use AJAX-style development to
improve the navigation of SAP application's screens.
Generate JSON from XML to Use With Ajax
Jack D Herrington, IBM developerWorks
The use of JavaScript code to add interactivity to your data-driven
Web applications is hot nowadays. If you can encode your data as
JavaScript Object Notation (JSON), you'll simplify it's use with the
JavaScript language. A couple of years ago, many developers bet their
futures on XML, XSLT, Extensible HTML (XHTML), and a host of tag-based
"X" languages. Now, the new rage is Asynchronous JavaScript and XML
(AJAX), and investors' eyes are turning toward data-driven Rich
Internet Applications that use JavaScript code. But have developers
bridged the gap between XML and this new technology? Sure, you could
use the XML parser in a Web client to read the data, but two problems
arise with that approach. First, for security reasons, XML data can
only be read from the same domain as the page. That's not a huge
limiting factor, but it does cause some headaches in deployment and
impedes the creation of DHTML widgets. Second, reading and parsing
XML is slow. Another option is to let the server do the work of
parsing the XML by configuring it to send the data to the browser
encoded as JavaScript code or, in the more trendy parlance, JavaScript
Object Notation (JSON). In this article, I demonstrate three
techniques for you to generate JSON from XML data using the XSLT V2
language and the Saxon XSLT V2 processor: (1) Simple encoding; (2)
Loading data through function calls; (3) Encoding objects. You can
use any of several techniques to encode data stored in XML as
JavaScript code. How you encode the data depends on the design of your
Web 2.0 application and what you intend to do with the data after it's
on the page. The key is to make the best use of the dynamic JavaScript
language that you generate.
Selected From The Cover Pages, by Robin Cover
Microsoft's Open Specification Promise Eases Web Services
Patent Concerns
Microsoft has announced a broad irrevocable declaration promising not
to assert Microsoft patent claims against anyone developing or
distributing implementations for key Web Services specifications. The
"Microsoft Open Specification Promise" applies individually to each
of thirty-five (35) Covered Specifications, including many being
developed at OASIS, W3C, WS-I, and elsewhere. The OSP addresses several
concerns voiced by open-source software developers.
XML.org is an OASIS Information Channel
sponsored by BEA Systems, Inc., IBM Corporation, Innodata Isogen, SAP AG and Sun
Microsystems, Inc.
Use http://www.oasis-open.org/mlmanage
to unsubscribe or change an email address. See http://xml.org/xml/news_market.shtml
for the list archives. |