XML and Web Services In The News - 4 October 2006

Provided by OASIS | Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by SAP


HEADLINES:

 It's a Wrap: Liberty Finalizes Web Services Schema
 AJAX: Roller skates for the Web
 W3C Publishes Working Drafts for GRDDL Primer and Use Cases
 Public Review Documents from OASIS Digital Signature Services (DSS) TC
 CollabNet Updates Team Development System
 IETF Develops New Tools Enhance Meeting Efficiencies
 AJAX Security Issues Raised
 FSF Targets Apple Stores in Anti-DRM Protests

It's a Wrap: Liberty Finalizes Web Services Schema
Clint Boulton, InternetNews.com
The Liberty Alliance, whose members include service providers like AOL and American Express, today released the final version of the Identity Web Services Framework 2.0. ID-WSF 2.0 is a schema for building secure, interoperable Web services that can be piped over the Internet. ID-WSF 2.0 was originally developed to transmit secure transactions between large businesses, such as financial firms that need to process secure online financial transactions as part of a service-oriented architecture (SOA) for distributed computing. The schema now takes social-networking sites into consideration. The new framework includes Liberty People Service, a Web services framework the group created to let consumers and organizations securely store information for blogging, photo sharing and instant messaging in a social network. Users establish privacy controls, enabling them to guard against phishing, pharming and other forms of online identity theft that have plagued the Web in the past few years. Such controls are crucial at a time when social-networking sites like MySpace.com, Flickr and others in the so-called Web 2.0 world are accruing more users at a rapid rate; businesses need to employ a trustworthy framework to safeguard the information users store on their sites. ID-WSF 2.0 is now one such option. The final version of ID-WSF 2.0 also allows SAML 2.0 assertions to be used as security tokens, and it incorporates WS-Addressing to enable asynchronous messaging capabilities.
See also: the Liberty announcement

AJAX: Roller skates for the Web
Paul Krill, InfoWorld
AJAX (Asynchronous JavaScript and XML) Web application development can be roller skates for the Web; it must be used appropriately or it can be dangerous, said Jesse James Garrett, the IT consultant credited with coining the term "AJAX." Garrett gave a keynote presentation at the AJAXWorld Conference & Expo on Tuesday morning. While noting the benefits of AJAX, chiefly its enabling of asynchronous interaction over the Web, Garrett cautioned that AJAX is not usable in all instances. It is similar to how it would not be good to roller skate around a shopping mall. Recalling the genesis of the term "AJAX," Garrett said his company was hired by a large insurance company to improve an application to capture more business. Setting about trying to find a solution for responsiveness on the Web, Flash was first thought of as a solution, he said. But it became apparent there was a different way to approach the problem. "We built a prototype of this approach, we tested it with the insurance agents, and the response was overwhelmingly positive," Garrett said. "We actually had people laughing out loud with delight at processing an insurance policy." To persuade the insurance company president to fund the project with $2 million, Garrett came to the conclusion that he needed an easier way, just one word, to encapsulate what he was trying to do. He then came up with the word, AJAX. Garrett noted that AJAX is a concept involving asynchronous interaction and the use of browser-native technologies. Communicating the importance of these applications is critical.

W3C Publishes Working Drafts for GRDDL Primer and Use Cases
Ian Davis, Fabien Gandon (et al., eds), W3C Technical Report
Members of W3C's e GRDDL Working Group have released First Public Working Draft documents on GRDDL — a mechanism for Gleaning Resource Descriptions from Dialects of Languages. The Working Group was chartered in July 2006 to produce specifications that aim to supplement the RDF/XML concrete syntax with a flexible mechanism for using other XML syntaxes with the Resource Description Framework. GRDDL binds XML documents, especially XHTML documents, XHTML profiles and XML namespace documents, to transformations (typically in XSLT) that relate their syntax to RDF/XML. A body of supporting software is developing around GRDDL, as well as a community of users. The new "GRDDL Primer" draft introduces GRDDL concepts using a number of examples from the GRDDL Use Cases document to illustrate in detail the techniques GRDDL provides for associating documents with appropriate instructions for extracting any embedded data. GRDDL provides a relatively inexpensive set of mechanisms for bootstrapping RDF content from uniform XML dialects in such a way as to shift the burden of formulating RDF to transformation algorithms written specifically for these dialects. XML Transformation languages such as XSLT are quite versatile in their ability to process, manipulate, and generate XML and the use of XSLT to generate XHTML from single-purpose XML vocabularies is historically celebrated as a powerful idiom for separating structured content from presentation. GRDDL shifts this idiom to a different end: separating structured content from its authoritative meaning (or semantics). The new document "GRDDL Use Cases: Scenarios of Extracting RDF Data from XML documents" addresses questions like "How does software discover the author of a poem, a spreadsheet, and an ontology? And how can software determine whether authors of each are in fact the same person?" The Working Group expects to advance GRDDL to Recommendation Status, though the use cases document may end up as a separate Working Group Note.
See also: GRDDL Use Cases

Public Review Documents from OASIS Digital Signature Services (DSS) TC
Staff, OASIS Announcement
The OASIS DSS Technical Committee has approved a collection of public review documents relating to chartered activity on digital signatures. The TC's mission includes defining an interface for requesting that a web service produce and/or verify a digital signature on a given piece of data and techniques for proving that a signature was created within its key validity period. Also in scope: a protocol for a digital signature creation web service and providing digital signatures via such a web service to facilitate policy-based control of the provision of the signatures. Among the review documents: (1) Digital Signature Service Overview; (2) Digital Signature Service Core Protocols, Elements, and Bindings; (3) XML Timestamping Profile of the OASIS Digital Signature Services; (4) Signature Gateway Profile of the OASIS Digital Signature Service; (5) German Signature Law Profile of the OASIS Digital Signature Service; (6) Entity Seal Profile of the OASIS Digital Signature Service; (7) Electronic PostMark (EPM) Profile of the OASIS Digital Signature Service; (8) Abstract Code-Signing Profile of the OASIS Digital Signature Services; (9) J2ME Code-Signing Profile of the OASIS Digital Signature Services; (10) Asynchronous Processing Abstract Profile of the OASIS Digital Signature Services; (11) Advanced Electronic Signature Profiles of the OASIS Digital Signature Service. The public review period ends 2-December-2006.
See also: the TC Web site

CollabNet Updates Team Development System
Andy Patrizio, Internetnews.com
CollabNet has released an update to CollabNet Enterprise Edition, a team software development system built for geographically distributed programmers. Version 4.5 "puts a stake in the ground" when it comes to supporting any development system. The platform is open and extensible to other application development tools. Data is exchanged through SOAP interfaces, so if you have a different issue-tracking tool or a different CRM system, data is interchangeable between CollabNet and that system. Also new in 4.5 is an enhanced project workspace with a wiki-like editor for all project-tracking, portable ALM (application lifecycle management) templates, so all of the information from a project can be copied to another project. That way, similar projects can reuse templates rather than make new ones from scratch. Rounding out 4.5 of Enterprise Edition is expanded reporting capabilities that provide more in-depth reporting of the progress of a project. And it allows for queries on the project's status at any level of the CollabNet environment to be sent to any project member. CollabNet's founder, Brian Behlendorf, is one of the co-developers of the popular Apache open source Web server platform. He started CollabNet in 1999 to create software with the purpose of "figuring out how open source communities work," he told internetnews.com. That yielded CollabNet Enterprise Edition, a team system for distributed groups of programmers, with features like version control, check in/check out, and message boards, the basics of most team development systems.

CollabNet Updates Team Development System
Andy Patrizio, Internetnews.com
CollabNet has released an update to CollabNet Enterprise Edition, a team software development system built for geographically distributed programmers. Version 4.5 "puts a stake in the ground" when it comes to supporting any development system. The platform is open and extensible to other application development tools. Data is exchanged through SOAP interfaces, so if you have a different issue-tracking tool or a different CRM system, data is interchangeable between CollabNet and that system. Also new in 4.5 is an enhanced project workspace with a wiki-like editor for all project-tracking, portable ALM (application lifecycle management) templates, so all of the information from a project can be copied to another project. That way, similar projects can reuse templates rather than make new ones from scratch. Rounding out 4.5 of Enterprise Edition is expanded reporting capabilities that provide more in-depth reporting of the progress of a project. And it allows for queries on the project's status at any level of the CollabNet environment to be sent to any project member. CollabNet's founder, Brian Behlendorf, is one of the co-developers of the popular Apache open source Web server platform. He started CollabNet in 1999 to create software with the purpose of "figuring out how open source communities work," he told internetnews.com. That yielded CollabNet Enterprise Edition, a team system for distributed groups of programmers, with features like version control, check in/check out, and message boards, the basics of most team development systems.

IETF Develops New Tools Enhance Meeting Efficiencies
Henrik Levkowetz, IETF Tools Team Report
The IETF Tools Team reports on the delivery of a few different tools related to the IETF meetings avalable during the first part of this year. The working pages provide HTML versions of all the WG agendas, including links to uploaded slides. The overall meeting agenda has been enhanced so that IETF meeting attendees are able to view the layout of the meeting venue online and locate WG meeting rooms by clicking on the room number next to the WG meeting time. Later this summer the Tools Team hopes to release a Notification Service ('send me e-mail when this draft or charter changes'), which is intended to make it easier to keep track of changes in documents or WG charters. This tool will provide a selective notification mechanism for general use, complementing the IETF announcement mailing lists. It will include RSS and ATOM feeds from the available XML meta-information about Internet-Drafts, RFCs, and WGs. This format will make it possible for individuals and tool-builders to better interface with information from the IETF standards process in a well-defined manner. Over time, the notification tool will produce a complete history of document and charter changes, WG agendas, and minutes.
See also: IETF Tools Team - What's New

AJAX Security Issues Raised
Paul Krill, InfoWorld
AJAX (Asynchronous JavaScript and XML) may be popular for building Web applications, but it is still beset with security issues, experts agreed at the AJAXWorld Conference & Expo in Santa Clara. AJAX does not change Web security, said Billy Hoffman, lead risk researcher at SPI Dynamics. "It makes traditional Web attacks much, much worse." Intrusion detection systems are ineffective for this problem and SSL also can be of no help, he stressed. Hoffman also cited issues with inexperienced developers building Web applications. Hoffman presented a litany of potential security issues with JavaScript and AJAX, including the use of user-supplied content, cross-site scripting and rapid application development. Web services calls also can be a hazard, according to Hoffman. Web 2.0 and potential profit are driving the quick development of applications, presenting risks, he said. "There's this rush to Web 2.0-ize all these apps with no thought," said Hoffman. The question needs to be asked about potential exposures of an AJAX application. [Also:] The Mozilla foundation, has updated its toolkits with IBM contributions. IBM's technologies allow ATF to debug AJAX applications running ATF that utilize Mozilla's XulRunner Rhino embeddable browser code, IBM said. This creates a more efficient Firefox browser for AJAX development, according to IBM. The company also is opening a Web development zone on its developerWorks site. Technical resources are featured for AJAX, PHP (Hypertext Preprocessor), RSS and Ruby. Web development frameworks such as Spring, Shale, Struts and Tapestry also are featured.


XML.org is an OASIS Information Channel sponsored by BEA Systems, Inc., IBM Corporation, Innodata Isogen, SAP AG and Sun Microsystems, Inc.

Use http://www.oasis-open.org/mlmanage to unsubscribe or change an email address. See http://xml.org/xml/news_market.shtml for the list archives.


Bottom Gear Image