XML and Web Services In The News - 4 October 2006
Provided by OASIS |
Edited by Robin Cover
This issue of XML Daily Newslink is sponsored by SAP
HEADLINES:
It's a Wrap: Liberty Finalizes Web Services Schema
Clint Boulton, InternetNews.com
The Liberty Alliance, whose members include service providers like
AOL and American Express, today released the final version of the
Identity Web Services Framework 2.0. ID-WSF 2.0 is a schema for
building secure, interoperable Web services that can be piped over the
Internet. ID-WSF 2.0 was originally developed to transmit secure
transactions between large businesses, such as financial firms that
need to process secure online financial transactions as part of a
service-oriented architecture (SOA) for distributed computing. The
schema now takes social-networking sites into consideration. The new
framework includes Liberty People Service, a Web services framework
the group created to let consumers and organizations securely store
information for blogging, photo sharing and instant messaging in a
social network. Users establish privacy controls, enabling them to
guard against phishing, pharming and other forms of online identity
theft that have plagued the Web in the past few years. Such controls
are crucial at a time when social-networking sites like MySpace.com,
Flickr and others in the so-called Web 2.0 world are accruing more
users at a rapid rate; businesses need to employ a trustworthy
framework to safeguard the information users store on their sites.
ID-WSF 2.0 is now one such option. The final version of
ID-WSF 2.0 also allows SAML 2.0 assertions to be used as security
tokens, and it incorporates WS-Addressing to enable asynchronous
messaging capabilities.
See also: the Liberty announcement
AJAX: Roller skates for the Web
Paul Krill, InfoWorld
AJAX (Asynchronous JavaScript and XML) Web application development can
be roller skates for the Web; it must be used appropriately or it can
be dangerous, said Jesse James Garrett, the IT consultant credited with
coining the term "AJAX." Garrett gave a keynote presentation at the
AJAXWorld Conference & Expo on Tuesday morning. While noting the
benefits of AJAX, chiefly its enabling of asynchronous interaction over
the Web, Garrett cautioned that AJAX is not usable in all instances. It
is similar to how it would not be good to roller skate around a
shopping mall. Recalling the genesis of the term "AJAX," Garrett said
his company was hired by a large insurance company to improve an
application to capture more business. Setting about trying to find a
solution for responsiveness on the Web, Flash was first thought of as
a solution, he said. But it became apparent there was a different way
to approach the problem. "We built a prototype of this approach, we
tested it with the insurance agents, and the response was overwhelmingly
positive," Garrett said. "We actually had people laughing out loud with
delight at processing an insurance policy." To persuade the insurance
company president to fund the project with $2 million, Garrett came
to the conclusion that he needed an easier way, just one word, to
encapsulate what he was trying to do. He then came up with the word,
AJAX. Garrett noted that AJAX is a concept involving asynchronous
interaction and the use of browser-native technologies. Communicating
the importance of these applications is critical.
W3C Publishes Working Drafts for GRDDL Primer and Use Cases
Ian Davis, Fabien Gandon (et al., eds), W3C Technical Report
Members of W3C's e GRDDL Working Group have released First Public
Working Draft documents on GRDDL — a mechanism for Gleaning Resource
Descriptions from Dialects of Languages. The Working Group was
chartered in July 2006 to produce specifications that aim to supplement
the RDF/XML concrete syntax with a flexible mechanism for using other
XML syntaxes with the Resource Description Framework. GRDDL binds XML
documents, especially XHTML documents, XHTML profiles and XML
namespace documents, to transformations (typically in XSLT) that relate
their syntax to RDF/XML. A body of supporting software is developing
around GRDDL, as well as a community of users. The new "GRDDL Primer"
draft introduces GRDDL concepts using a number of examples from the
GRDDL Use Cases document to illustrate in detail the techniques GRDDL
provides for associating documents with appropriate instructions for
extracting any embedded data. GRDDL provides a relatively inexpensive
set of mechanisms for bootstrapping RDF content from uniform XML
dialects in such a way as to shift the burden of formulating RDF to
transformation algorithms written specifically for these dialects.
XML Transformation languages such as XSLT are quite versatile in their
ability to process, manipulate, and generate XML and the use of XSLT
to generate XHTML from single-purpose XML vocabularies is historically
celebrated as a powerful idiom for separating structured content from
presentation. GRDDL shifts this idiom to a different end: separating
structured content from its authoritative meaning (or semantics). The
new document "GRDDL Use Cases: Scenarios of Extracting RDF Data from
XML documents" addresses questions like "How does software discover
the author of a poem, a spreadsheet, and an ontology? And how can
software determine whether authors of each are in fact the same
person?" The Working Group expects to advance GRDDL to Recommendation
Status, though the use cases document may end up as a separate Working
Group Note.
See also: GRDDL Use Cases
Public Review Documents from OASIS Digital Signature Services (DSS) TC
Staff, OASIS Announcement
The OASIS DSS Technical Committee has approved a collection of public
review documents relating to chartered activity on digital signatures.
The TC's mission includes defining an interface for requesting that a
web service produce and/or verify a digital signature on a given piece
of data and techniques for proving that a signature was created within
its key validity period. Also in scope: a protocol for a digital
signature creation web service and providing digital signatures via
such a web service to facilitate policy-based control of the provision
of the signatures. Among the review documents: (1) Digital Signature
Service Overview; (2) Digital Signature Service Core Protocols, Elements,
and Bindings; (3) XML Timestamping Profile of the OASIS Digital
Signature Services; (4) Signature Gateway Profile of the OASIS Digital
Signature Service; (5) German Signature Law Profile of the OASIS
Digital Signature Service; (6) Entity Seal Profile of the OASIS Digital
Signature Service; (7) Electronic PostMark (EPM) Profile of the OASIS
Digital Signature Service; (8) Abstract Code-Signing Profile of the
OASIS Digital Signature Services; (9) J2ME Code-Signing Profile of the
OASIS Digital Signature Services; (10) Asynchronous Processing Abstract
Profile of the OASIS Digital Signature Services; (11) Advanced
Electronic Signature Profiles of the OASIS Digital Signature Service.
The public review period ends 2-December-2006.
See also: the TC Web site
CollabNet Updates Team Development System
Andy Patrizio, Internetnews.com
CollabNet has released an update to CollabNet Enterprise Edition, a
team software development system built for geographically distributed
programmers. Version 4.5 "puts a stake in the ground" when it comes to
supporting any development system. The platform is open and extensible
to other application development tools. Data is exchanged through SOAP
interfaces, so if you have a different issue-tracking tool or a
different CRM system, data is interchangeable between CollabNet and
that system. Also new in 4.5 is an enhanced project workspace with a
wiki-like editor for all project-tracking, portable ALM (application
lifecycle management) templates, so all of the information from a
project can be copied to another project. That way, similar projects
can reuse templates rather than make new ones from scratch. Rounding
out 4.5 of Enterprise Edition is expanded reporting capabilities that
provide more in-depth reporting of the progress of a project. And it
allows for queries on the project's status at any level of the CollabNet
environment to be sent to any project member. CollabNet's founder,
Brian Behlendorf, is one of the co-developers of the popular Apache
open source Web server platform. He started CollabNet in 1999 to create
software with the purpose of "figuring out how open source communities
work," he told internetnews.com. That yielded CollabNet Enterprise
Edition, a team system for distributed groups of programmers, with
features like version control, check in/check out, and message boards,
the basics of most team development systems.
CollabNet Updates Team Development System
Andy Patrizio, Internetnews.com
CollabNet has released an update to CollabNet Enterprise Edition, a
team software development system built for geographically distributed
programmers. Version 4.5 "puts a stake in the ground" when it comes to
supporting any development system. The platform is open and extensible
to other application development tools. Data is exchanged through SOAP
interfaces, so if you have a different issue-tracking tool or a
different CRM system, data is interchangeable between CollabNet and
that system. Also new in 4.5 is an enhanced project workspace with a
wiki-like editor for all project-tracking, portable ALM (application
lifecycle management) templates, so all of the information from a
project can be copied to another project. That way, similar projects
can reuse templates rather than make new ones from scratch. Rounding
out 4.5 of Enterprise Edition is expanded reporting capabilities that
provide more in-depth reporting of the progress of a project. And it
allows for queries on the project's status at any level of the CollabNet
environment to be sent to any project member. CollabNet's founder,
Brian Behlendorf, is one of the co-developers of the popular Apache
open source Web server platform. He started CollabNet in 1999 to create
software with the purpose of "figuring out how open source communities
work," he told internetnews.com. That yielded CollabNet Enterprise
Edition, a team system for distributed groups of programmers, with
features like version control, check in/check out, and message boards,
the basics of most team development systems.
IETF Develops New Tools Enhance Meeting Efficiencies
Henrik Levkowetz, IETF Tools Team Report
The IETF Tools Team reports on the delivery of a few different tools
related to the IETF meetings avalable during the first part of this year.
The working pages provide HTML versions of all the WG agendas, including
links to uploaded slides. The overall meeting agenda has been enhanced
so that IETF meeting attendees are able to view the layout of the meeting
venue online and locate WG meeting rooms by clicking on the room number
next to the WG meeting time. Later this summer the Tools Team hopes to
release a Notification Service ('send me e-mail when this draft or
charter changes'), which is intended to make it easier to keep track of
changes in documents or WG charters. This tool will provide a selective
notification mechanism for general use, complementing the IETF
announcement mailing lists. It will include RSS and ATOM feeds from the
available XML meta-information about Internet-Drafts, RFCs, and WGs.
This format will make it possible for individuals and tool-builders to
better interface with information from the IETF standards process in a
well-defined manner. Over time, the notification tool will produce a
complete history of document and charter changes, WG agendas, and
minutes.
See also: IETF Tools Team - What's New
AJAX Security Issues Raised
Paul Krill, InfoWorld
AJAX (Asynchronous JavaScript and XML) may be popular for building Web
applications, but it is still beset with security issues, experts
agreed at the AJAXWorld Conference & Expo in Santa Clara. AJAX does not
change Web security, said Billy Hoffman, lead risk researcher at SPI
Dynamics. "It makes traditional Web attacks much, much worse." Intrusion
detection systems are ineffective for this problem and SSL also can be
of no help, he stressed. Hoffman also cited issues with inexperienced
developers building Web applications. Hoffman presented a litany of
potential security issues with JavaScript and AJAX, including the use
of user-supplied content, cross-site scripting and rapid application
development. Web services calls also can be a hazard, according to
Hoffman. Web 2.0 and potential profit are driving the quick development
of applications, presenting risks, he said. "There's this rush to Web
2.0-ize all these apps with no thought," said Hoffman. The question
needs to be asked about potential exposures of an AJAX application.
[Also:] The Mozilla foundation, has updated its toolkits with IBM
contributions. IBM's technologies allow ATF to debug AJAX applications
running ATF that utilize Mozilla's XulRunner Rhino embeddable browser
code, IBM said. This creates a more efficient Firefox browser for AJAX
development, according to IBM. The company also is opening a Web
development zone on its developerWorks site. Technical resources are
featured for AJAX, PHP (Hypertext Preprocessor), RSS and Ruby. Web
development frameworks such as Spring, Shale, Struts and Tapestry also
are featured.
XML.org is an OASIS Information Channel
sponsored by BEA Systems, Inc., IBM Corporation, Innodata Isogen, SAP AG and Sun
Microsystems, Inc.
Use http://www.oasis-open.org/mlmanage
to unsubscribe or change an email address. See http://xml.org/xml/news_market.shtml
for the list archives. |