XML and Web Services In The News - 27 November 2006
Provided by OASIS |
Edited by Robin Cover
This issue of XML Daily Newslink is sponsored by BEA Systems, Inc.
HEADLINES:
Top AJAX Tools Deliver Rich GUI Goodness
Peter Wayner, InfoWorld
The buzzword AJAX (Asynchronous JavaScript and XML) is just a few months
shy of its second birthday, but it's already ubiquitous, and even the
technology itself has begun to gather steam. Backbase, Bindows, JackBe,
and Tibco General Interface are bringing AJAX fat features to enterprise
Web clients. (1) The Backbase 3.2 package was born in Amsterdam. The
product itself uses an XML-based language to link the various widgets.
You don't really write JavaScript as much as drop together XML tags to
specify everything from the event routines to the layouts. The code
looks as clean and crisp as the IDE. (2) Bindows 2.5 is the most
straightforward of the lot. You create your code in a mixture of XML
with embedded JavaScript. Most of the layout is defined by XML tags, but
some parts of the behavior are defined by creating JavaScript functions.
If you want your package to load a bit faster, you can purchase a
separate compiler that turns the XML into JavaScript. The server support
is minimal. After you build your application in XML and JavaScript, you
let your server deliver it statically. Using dynamic tools, if you needed
to do so you could wire up with little trouble the XML defining the user
interfaces. In the normal design patterns, the server will communicate
with the client via SOAP or XML-based Web services. (3) JackBeNQ Suite
4.6.1 now offers a clean, crisp IDE called the JackBuilder. Presto is
a server-based back end for the tool that will knit together a wide range
of Web services and translate the data into a simpler form that can be
sent to the client. Presto also rewrites the XML from the Web services
into the generally shorter and easier-to-parse JavaScript or JSON
(JavaScript Object Notation). Some suggest that browsers can parse this
data dramatically faster than they can parse XML, something that probably
varies significantly based on your application. (4) TibcoGeneral
Interface 3.2 3.2 looks similar to 3.0 and 3.1, giving you a browser-
based IDE that looks and feels like the IDE classics. You can develop
your interface by dragging and dropping objects around the page,
something that still seems amazing in the world of HTML. While I found
much of the IDE to be functional and useful, I grew a bit tired of the
handholding. After a few minutes, I wanted to go back to pure XML or
HTML or JavaScript mark up of the application.
Internationalize MIDlets Using JSR-238 Mobile Internationalization API
Meng Wong, IBM developerWorks
Globalization is more than just a trend — it has become an essential
requirement for application development. JSR-238 is designed to help
Java Platform, Micro Edition (Java ME) developers minimize their
internationalization efforts using Mobile Information Device Profile
(MIDP)/Connected Limited Device Configuration (CLDC). In this article
the author explores a faster and easier way to internationalize your
MIDlets using JSR-238. Until JSR-238 there was "no standard way of
internationalizing MIDP applications. The specification was designed
to determine the appropriate support for internationalization in MIDP
applications and supply a service API that is scaled down to the
capabilities of MIDP devices. MIDlet helps developers to write easily
localizable and culturally correct MIDP applications, without
resorting to proprietary solutions." The specification also defines an
API for supporting cultural conventions in applications, e.g. for
formatting dates, times, numbers, and currencies, and sorting text
strings correctly for the user's locale. The API needs to be memory-
efficient to run on resource-constrained devices such as mobile phones.
The need for this API arises from the fact that mobile devices are
personal by nature, and users expect them to conform to the cultural
conventions they are accustomed to. Users want to be able to interact
with the device in their own native language and see data rendered as
in their everyday environment. With JSR-238, one uses the ResourceManager,
Formatter, and StringComparator classes in the package
javax.microedition.global to perform localization and locale-specific
data formatting. As a reminder, JSR-238 is provided as an optional
package; make sure your device supports it.
See also: the Mobile Internationalization API
Web Services Security Standards Aren't Enough
Dan Goodin, InfoWorld
Enterprise professionals comforted by Web services security standards —
proposed or established — may want to think again. Although useful for
securing Web services messages, the specifications do little to
safeguard against SOAP array overflow attacks and other ways of
penetrating the back-end systems of an enterprise. With names such as
WS-Security and SAML (Security Assertion Markup Language), it's
understandable that practitioners might expect these standards to
provide a framework for locking down their Web services applications.
For the most part, however, they don't. "These standards do not deal
with how you prevent attacks from happening," says Tony Baer, principal
at onStrategies. "Standards are all about how you define the policy.
Its all about handshaking." WS-Security, among the most popular and
mature of the standards, was developed by a coalition of vendors under
the umbrella of OASIS, the prime standards body for Web services. It
specifies the types of encryption and authentication that messages need
— for instance, SAML tokens, PKI, or Kerberos — before they will be
accepted and acted on. That ought to give the payment department at a
large insurance company more confidence that the XML message requesting
a $250,000 claim check is, in fact, from a trusted party. But security
experts hold little hope that WS-Security — or any of its brethren,
including WS-Trust or WS-SecurityPolicy — will be enough to secure Web
services, particularly if developers continue to write insecure code.
Supreme Court to Examine 'obviousness' of Patents
Anne Broache, CNET News.com
One key gripe about the patent process is expected to take center stage
before the U.S. Supreme Court on Tuesday morning. In their third major
patent case this year, the justices are scheduled to hear arguments
about what courts should consider when deciding whether an invention is
too "obvious" to warrant protection. The case has its roots in an
obscure patent spat about vehicle gas pedal designs involving two
companies without mainstream name recognition: the Canadian company KSR
International and Limerick, Penn.-based Teleflex. Teleflex had sued KSR
for infringement of its patent on a gas pedal design that KSR contends
is no more than an obvious melding of two existing inventions. High-tech
companies say there's much at stake for them in the court's ruling. For
ent claimed to cover browser plug-ins and applets, one of the arguments
lodged by the software giant and Web technologists was that the existence
of old technology showed the Eolas idea was a no-brainer to anyone
knowledgeable in the field. Seven years later, the saga continues to
wend its way through the courts. Unless the court raises the bar for
obviousness, high-tech companies, whose products often depend on
combinations of thousands of patents, fear they can count on many more
years of costly litigation against ideas they believe never deserved
protection in the first place. Some hardware and software makers have
argued they're especially threatened by the standard because their
products frequently include thousands of pre-existing components that
they would like to be able to rearrange at will. Some say the lax rules
have fueled the rise of patent speculators—disparagingly known as
"patent trolls" — who make a living off predicting those incremental
changes to existing high-tech inventions, landing patents and then
going after companies for infringement.
See also: Patents and Open Standards
Open Source Consortium: UK 'Pays Lip Service' to Open Source in Schools
Matthew Aslett, ComputerBusiness Review Online
The UK's Open Source Consortium has joined criticism of UK government
education policy towards open source software, maintaining that the
British Education Communications and Technology Agency 'pays lip service'
to open source while effectively excluding it from purchasing frameworks.
"The essence of our concern is that they're saying one thing and actually
pursuing policies that are exclusive," Mark Taylor, OSC president, told
Computer Business Review. "Becta's own research shows there are major
benefits with open source. However, the reality of the framework is that
it excludes both products and services." Becta last week hit back at an
early day motion tabled by John Pugh MP, which expressed concern that
"Becta and the Department for Education and Skills, through the use of
outdated purchasing frameworks, are effectively denying schools the option
of benefiting from both free and open source." The agency, which
represents the government on defining its e-learning strategy and
educational information and communication technology purchasing,
maintained that its "procurement frameworks are based on functional
requirements and open standards and are aimed at companies offering
either proprietary or open source solutions."
XML.org is an OASIS Information Channel
sponsored by BEA Systems, Inc., IBM Corporation, Innodata Isogen, SAP AG and Sun
Microsystems, Inc.
Use http://www.oasis-open.org/mlmanage
to unsubscribe or change an email address. See http://xml.org/xml/news_market.shtml
for the list archives. |