XML and Web Services In The News - 27 November 2006

Provided by OASIS | Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by BEA Systems, Inc.



HEADLINES:

 Top AJAX Tools Deliver Rich GUI Goodness
 Internationalize MIDlets Using JSR-238 Mobile Internationalization API
 Web Services Security Standards Aren't Enough
 Supreme Court to Examine 'obviousness' of Patents
 Open Source Consortium: UK 'Pays Lip Service' to Open Source in Schools


Top AJAX Tools Deliver Rich GUI Goodness
Peter Wayner, InfoWorld
The buzzword AJAX (Asynchronous JavaScript and XML) is just a few months shy of its second birthday, but it's already ubiquitous, and even the technology itself has begun to gather steam. Backbase, Bindows, JackBe, and Tibco General Interface are bringing AJAX fat features to enterprise Web clients. (1) The Backbase 3.2 package was born in Amsterdam. The product itself uses an XML-based language to link the various widgets. You don't really write JavaScript as much as drop together XML tags to specify everything from the event routines to the layouts. The code looks as clean and crisp as the IDE. (2) Bindows 2.5 is the most straightforward of the lot. You create your code in a mixture of XML with embedded JavaScript. Most of the layout is defined by XML tags, but some parts of the behavior are defined by creating JavaScript functions. If you want your package to load a bit faster, you can purchase a separate compiler that turns the XML into JavaScript. The server support is minimal. After you build your application in XML and JavaScript, you let your server deliver it statically. Using dynamic tools, if you needed to do so you could wire up with little trouble the XML defining the user interfaces. In the normal design patterns, the server will communicate with the client via SOAP or XML-based Web services. (3) JackBeNQ Suite 4.6.1 now offers a clean, crisp IDE called the JackBuilder. Presto is a server-based back end for the tool that will knit together a wide range of Web services and translate the data into a simpler form that can be sent to the client. Presto also rewrites the XML from the Web services into the generally shorter and easier-to-parse JavaScript or JSON (JavaScript Object Notation). Some suggest that browsers can parse this data dramatically faster than they can parse XML, something that probably varies significantly based on your application. (4) TibcoGeneral Interface 3.2 3.2 looks similar to 3.0 and 3.1, giving you a browser- based IDE that looks and feels like the IDE classics. You can develop your interface by dragging and dropping objects around the page, something that still seems amazing in the world of HTML. While I found much of the IDE to be functional and useful, I grew a bit tired of the handholding. After a few minutes, I wanted to go back to pure XML or HTML or JavaScript mark up of the application.

Internationalize MIDlets Using JSR-238 Mobile Internationalization API
Meng Wong, IBM developerWorks
Globalization is more than just a trend — it has become an essential requirement for application development. JSR-238 is designed to help Java Platform, Micro Edition (Java ME) developers minimize their internationalization efforts using Mobile Information Device Profile (MIDP)/Connected Limited Device Configuration (CLDC). In this article the author explores a faster and easier way to internationalize your MIDlets using JSR-238. Until JSR-238 there was "no standard way of internationalizing MIDP applications. The specification was designed to determine the appropriate support for internationalization in MIDP applications and supply a service API that is scaled down to the capabilities of MIDP devices. MIDlet helps developers to write easily localizable and culturally correct MIDP applications, without resorting to proprietary solutions." The specification also defines an API for supporting cultural conventions in applications, e.g. for formatting dates, times, numbers, and currencies, and sorting text strings correctly for the user's locale. The API needs to be memory- efficient to run on resource-constrained devices such as mobile phones. The need for this API arises from the fact that mobile devices are personal by nature, and users expect them to conform to the cultural conventions they are accustomed to. Users want to be able to interact with the device in their own native language and see data rendered as in their everyday environment. With JSR-238, one uses the ResourceManager, Formatter, and StringComparator classes in the package javax.microedition.global to perform localization and locale-specific data formatting. As a reminder, JSR-238 is provided as an optional package; make sure your device supports it.
See also: the Mobile Internationalization API

Web Services Security Standards Aren't Enough
Dan Goodin, InfoWorld
Enterprise professionals comforted by Web services security standards — proposed or established — may want to think again. Although useful for securing Web services messages, the specifications do little to safeguard against SOAP array overflow attacks and other ways of penetrating the back-end systems of an enterprise. With names such as WS-Security and SAML (Security Assertion Markup Language), it's understandable that practitioners might expect these standards to provide a framework for locking down their Web services applications. For the most part, however, they don't. "These standards do not deal with how you prevent attacks from happening," says Tony Baer, principal at onStrategies. "Standards are all about how you define the policy. Its all about handshaking." WS-Security, among the most popular and mature of the standards, was developed by a coalition of vendors under the umbrella of OASIS, the prime standards body for Web services. It specifies the types of encryption and authentication that messages need — for instance, SAML tokens, PKI, or Kerberos — before they will be accepted and acted on. That ought to give the payment department at a large insurance company more confidence that the XML message requesting a $250,000 claim check is, in fact, from a trusted party. But security experts hold little hope that WS-Security — or any of its brethren, including WS-Trust or WS-SecurityPolicy — will be enough to secure Web services, particularly if developers continue to write insecure code.

Supreme Court to Examine 'obviousness' of Patents
Anne Broache, CNET News.com
One key gripe about the patent process is expected to take center stage before the U.S. Supreme Court on Tuesday morning. In their third major patent case this year, the justices are scheduled to hear arguments about what courts should consider when deciding whether an invention is too "obvious" to warrant protection. The case has its roots in an obscure patent spat about vehicle gas pedal designs involving two companies without mainstream name recognition: the Canadian company KSR International and Limerick, Penn.-based Teleflex. Teleflex had sued KSR for infringement of its patent on a gas pedal design that KSR contends is no more than an obvious melding of two existing inventions. High-tech companies say there's much at stake for them in the court's ruling. For ent claimed to cover browser plug-ins and applets, one of the arguments lodged by the software giant and Web technologists was that the existence of old technology showed the Eolas idea was a no-brainer to anyone knowledgeable in the field. Seven years later, the saga continues to wend its way through the courts. Unless the court raises the bar for obviousness, high-tech companies, whose products often depend on combinations of thousands of patents, fear they can count on many more years of costly litigation against ideas they believe never deserved protection in the first place. Some hardware and software makers have argued they're especially threatened by the standard because their products frequently include thousands of pre-existing components that they would like to be able to rearrange at will. Some say the lax rules have fueled the rise of patent speculators—disparagingly known as "patent trolls" — who make a living off predicting those incremental changes to existing high-tech inventions, landing patents and then going after companies for infringement.
See also: Patents and Open Standards

Open Source Consortium: UK 'Pays Lip Service' to Open Source in Schools
Matthew Aslett, ComputerBusiness Review Online
The UK's Open Source Consortium has joined criticism of UK government education policy towards open source software, maintaining that the British Education Communications and Technology Agency 'pays lip service' to open source while effectively excluding it from purchasing frameworks. "The essence of our concern is that they're saying one thing and actually pursuing policies that are exclusive," Mark Taylor, OSC president, told Computer Business Review. "Becta's own research shows there are major benefits with open source. However, the reality of the framework is that it excludes both products and services." Becta last week hit back at an early day motion tabled by John Pugh MP, which expressed concern that "Becta and the Department for Education and Skills, through the use of outdated purchasing frameworks, are effectively denying schools the option of benefiting from both free and open source." The agency, which represents the government on defining its e-learning strategy and educational information and communication technology purchasing, maintained that its "procurement frameworks are based on functional requirements and open standards and are aimed at companies offering either proprietary or open source solutions."


XML.org is an OASIS Information Channel sponsored by BEA Systems, Inc., IBM Corporation, Innodata Isogen, SAP AG and Sun Microsystems, Inc.

Use http://www.oasis-open.org/mlmanage to unsubscribe or change an email address. See http://xml.org/xml/news_market.shtml for the list archives.


Bottom Gear Image