XML and Web Services In The News - 10 October 2006
Provided by OASIS |
Edited by Robin Cover
This issue of XML Daily Newslink is sponsored by Sun Microsystems
HEADLINES:
Web Services Profile of XACML (WS-XACML) Version 1.0
Anne Anderson (ed), OASIS TC Working Draft
This document constitutes a major revision of "XACML profile for
Web-services (WSPL)", designed to address the current Web Services
policy environment. It contains some core functionality from WSPL, but
confines its use to authorization, access control, and privacy
Assertions for use with WS-Policy. The document specifies ways to use
XACML in the context of Web Services for authorization, access control,
and privacy policies. It specifies three types of information. 1) An
authorization token or credential based on XACML to be used in a Web
Services context for conveying an authorization decision from a trusted
third party to a Web Service. (2) An Assertion based on XACML for use
with WS-Policy; this Assertion may be used to convey both requirements
and capabilities related to authorization, access control, and privacy
for Web Service clients and for the Services themselves. The profile
specifies standard formats, matching semantics, and usage guidelines
for this Assertion. (3) Some ways in which authenticated Attributes for
a client MAY be passed to a Web Service as part of a SOAP message. These
Attributes may be used by the Web Service in evaluating internal XACML
policies... WS-Policy provides a framework for expressing alternative
sets of policy Assertions from various domains, such as security, and
reliable messaging, that are supported by a service. But there are no
WS-Policy Assertions defined for authorization, access control, or
privacy policies. This profile defines a format for such Assertions and
describes their use in Web Services policies... The profile specifies
how to use existing XACML SAML Assertions in the context of Web
Services.
See also: OASIS XACML TC web site
Take It to the Bank
Wilson P. Dizard III, Government Computer News
Late last year, the federal bank regulatory agencies launched the first
large-scale instance in the country, and the largest worldwide, of a
cross-industry standard for representing and reporting financial data.
The agencies are using extensible business reporting language, or XBRL,
to speed access to information about banks' financial health and help
eliminate errors in data. The oversight agencies collect financial data
on some 8,000 banks across the country. Some very large banks with
balance sheets running to a trillion dollars have permanent cadres of
bank regulators on site. Smaller banks, with deposits in the $10
million to $20 million range, submit simpler reports to the regulators.
The data is intended to ensure that banks maintain adequate capital and
that they control their ratios of nonperforming loans. The three
agencies prepared their project plan for two years and decided to use
XBRL in 2003. After releasing a proposal request and receiving nine
responses, they awarded Unisys a $39 million, 10-year contract. The
agencies launched the Central Data Repository on Oct. 1, 2005, in a
'big bang' switch from two legacy mainframe systems. Before the switch
to the new system, the agencies checked out the CDR in three separate
and progressively expanded tests. The three agencies required the banks
to submit their third quarter 2005 Call Report data to the new CDR
using XBRL as the reporting language. In addition to using XBRL tags
to help validate the bank data, the CDR uses other Extensible Markup
Language (XML) specifications, such as XML Schema and Xlink, that work
together to check relationships among data elements and verify the
data's semantics. The agencies work together each quarter to tweak the
taxonomy of terms and definitions that frame the CDR data elements.
Every year, they issue a major revision of the taxonomy that reflects
new accounting rules and financial procedures. The final result of
the CDR is not only better service to the bank examiners, banks and
members of the public who use the information, but lower costs of
regulation.
Sun, Laszlo Take Java into Orbit for Devices
Paul Krill, InfoWorld
Sun Microsystems and Laszlo Systems are collaborating to enable
applications based on the OpenLaszlo rich Internet development platform
to run on devices running Java Platform ME (Micro Edition). The
collaboration is featured as part of an effort code-named Project
Orbit. From the Orbit description: "Java Platform, Micro Edition
(Java ME) is the most ubiquitous application platform for embedded
devices in the world, with more than 3.8 billion Java devices including
1.2 billion Java technology-powered phones. It provides a robust,
flexible environment for applications running on a broad range of
devices, such as mobile phones, PDAs, TV set-top boxes, and printers.
Applications based on Java ME specifications are written once for a
wide range of devices, yet exploit each device's native capabilities.
OpenLaszlo is a widely adopted open source application development
platform that uses Ajax-style programming techniques, integrating XML
and JavaScript, to create rich and robust online experiences. With
Orbit, Sun and Laszlo will work together to connect OpenLaszlo's
expressive markup language, LZX, with the ubiquity and power of the
Java ME platform."
See also: the announcement
SimpleXML: A Markup-Specific Library for XML Processing in PHP
Elliotte Rusty Harold, IBM developerWorks
This article describes the SimpleXML extension which is bundled with
PHP version 5 and enables PHP pages to query, search, modify, and
republish XML in a PHP-friendly syntax. As long as you have a good
idea of your document's structure, SimpleXML expressions are easy to
write. However, if you don't know exactly where the elements of
interest appear (as might be the case in Docbook, HTML, and similar
narrative documents), SimpleXML can use XPath expressions to find the
elements. SimpleXML is a useful addition to the PHP programmer's
toolkit provided you don't need to handle mixed content. That covers
a lot of use cases. In particular, it works well with simple, record-
like data. As long as the document isn't too deep, too complex, and
doesn't have mixed content, SimpleXML is much easier than the DOM
alternative. It also helps if you know your document structure in
advance, although XPath can go a long way toward relaxing that
requirement. The omission of validation and the lack of any support
for mixed content is troubling but not always crippling. Many simple
formats don't have mixed content, and many use cases involve only very
predictable data formats. If that describes your work, you owe it to
yourself to try SimpleXML. With a little attention to error handling
and some effort on the caching end to alleviate performance problems,
SimpleXML can be a reliable and robust means of processing XML from
within PHP.
DIAL Part 0: Primer. Device Independent Authoring Language
Kevin Smith (ed)., W3C Technical Report
Members of W3C's Device Independence Working Group have published an
initial working draft for "DIAL Part 0: Primer" as part of the W3C
Device Independence Activity. The document provides an introduction to,
and the benefits of, DIAL (the Device Independent Authoring Language).
It summarizes the concept of device independence, the scenarios in
which it could be used, and the considerations in order to achieve
that goal. It then describes the role of DIAL in ensuring the delivery
of content suitable for the user, device and inherent circumstances in
which it was requested. The goal of DIAL is to overcome the authoring
challenges inherent in creating a web page which delivers a harmonized
user experience across multiple delivery contexts. As such, DIAL forms
a key part of the Device Independence activity "'to assist authors in
creating sites and applications that can support device independence in
ways that allow it to be widely employed'". In other words, DIAL
facilitates writing a Web page that can be presented by a range of
devices, with differing capabilities and states; and consumed by users
with differing preferences and entitlements (such varying conditions
are illustrated in 'Delivery context characteristics'). This is
achieved by allowing authors to declare authorial intent as to the
conditions under which content should be chosen or filtered. In this
simple example, the author intends that users subscribing to a service
receive a premium representation of a content item, and other users
receive just a regular representation.
See also: W3C Device Independence
Three Ways of Writing XML Transformation Programs
Rick Jelliffe, O'Reilly Blog
I made three prototype implementations of the Topologi XSD to RELAX
NG Compact Syntax translator, before adopting a particular one. First,
I used Topologi's high-level inhouse Java library for XSD, which we use
on other products. I looked at converting that into the Java API of
one of the versions of RELAX NG in James Clarks' Trang translation
software. Second, I tried using XSLT to generate RELAX NG Compact Syntax
directly. Third, I looked at using XSLT 2 (Saxon) to generate RELAX NG
as XML, then use Trang to convert from this XML to RELAX NG Compact
Syntax... All in all, I think the draft RELAX NG compact syntax schemas
for draft Ecma OOX at least show that ISO RELAX NG is a viable technical
option even for large complex documents that use XSD schemas: the choice
of a particular document type should not force your hand to adopt one
stream of schema technology — especially for grammar-based schema
languages. I'm also working recently on another project where the
independent schema consultant developers in RELAX NG and then distributes
as XSD: a nice approach, and I expect over the few years that schema-
language neutrality will become a more widely adopted stance by
buyers/developer/overseers.
See also: XML schema languages
Iona Upgrades ESB with SOA Management, Orchestration
Paul Krill, InfoWorld
Iona is introducing Version 4.1 of its Artix ESB, featuring integration
with the AmberPoint SOA management platform, as well as orchestration
capabilities. Through this integration, users can manage Aritx runtimes
in the areas of performance and logging. AmberPoint must be purchased
separately. Version 4.1's enhanced orchestration capabilities provide
the ability to pass security authentication credentials as services are
orchestrated. Quality of service capabilities are featured as well for
service orchestration. Iona describes orchestration as the ability to
manage a workflow that strings together individual applications into a
composite application or service. Version 4.1 supports the SOAP 1.2
specification and adds WS-ReliableMessaging and persistence capabilities
for SOAP 1.2. By supporting these enhancements in relation to SOAP 1.2,
messages can be sent reliably even if there is an interruption in
sending of messages. WS-ReliableMessaging and persistence are not
included in SOAP 1.2, but Artix is adding these capabilities.
"[WS-ReliableMessaging and persistence are] not literal to the spec,
but we believe it should be there," said Pat Walsh, director of product
marketing and management at Iona.
See also: reliable messaging references
Newsmaker: For Opera, Smaller Really is Better
Charles Cooper, CNET News.com
CTO Hakon Wium Lie says the company's moving faster on the tech front
than much larger rival Microsoft. "We few, we happy few, we band of
brothers," the king proclaims before his men head into battle. With
all of Microsoft's riches and power behind it, Internet Explorer has
dominated the Web browser market since Netscape's defeat in the late
1990s. But as CTO of Opera Software, Wium Lie's job is to figure out
how to incorporate the best technology possible in his company's
software — and in this, he's stolen a beat on Opera's much bigger
rival. For much of the last year, Microsoft has banged the drum for
the arrival of Internet Explorer 7. In the meantime, Wium Lie says
Opera has been able to move faster than Microsoft on sundry browser
issues such as tabbed browsing, speed, privacy and security. At last
count, Opera had only about 1 percent of the Web browser market, so
Microsoft's not exactly quaking in its boots. Lie: "10 years ago, I
took a bet with somebody about whether HTML would be around 50 years
from then. Now there are only 40 years left, but the computers we
buy years in the future are going to be able to read the HTML created
as of 1996. Formats are going to be with us. There's so much content
there, and there's really no reason to change them: HTML is here to
stay; CSS, I hope; XML — all these acronyms that we're dealing with
are here. They're going to evolve, but they're basically going to
remain part of the same functionality. The user interface — that's
the other part. I think the user interface is going to change a whole
lot. We're going to see browsers in all sorts of units, not just
mobile phones or game consoles or laptops. There's going to be a range
of products. As people get addicted to these Web sites like CNET or
Slashdot, they're going to want access to those all over. They're not
going to be tied to a stationary PC or a laptop. They want ubiquitous
access. So we're going to see browsers enter into places that we never
thought about before."
XML.org is an OASIS Information Channel
sponsored by BEA Systems, Inc., IBM Corporation, Innodata Isogen, SAP AG and Sun
Microsystems, Inc.
Use http://www.oasis-open.org/mlmanage
to unsubscribe or change an email address. See http://xml.org/xml/news_market.shtml
for the list archives. |