XML and Web Services In The News - 08 December 2006

Provided by OASIS | Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by Innodata Isogen



HEADLINES:

 SAML 2.0 Meets Web 2.0
 Composite Capability/Preference Profiles (CC/PP) Version 2.0
 Denmark Builds XML-based Web Services Commerce Network
 Better, Faster, More Secure: Who's in Charge of the Internet's Future?
 Internet Identity Workshop Demonstrations Steal the Show
 Mozilla Ships Developer Release of Firefox 3.0
 Survey: Patients Want Online Health Records


SAML 2.0 Meets Web 2.0
Rich Seeley, SearchWebServices.com
SAML 2.0, a protocol for federated single sign on, needs to lighten up for the Web 2.0 world of agile development, says Pat Patterson, federation architect at Sun Microsystems Inc. And that's where Sun's Project Lightbulb comes in. The goal of project Lightbulb, which is part of Open Single Sign-On (Open SSO) is to provide a lightweight means of federating identities, so users can sign in with a single authentication key and move seamlessly between all sorts of mashed up and recombined Web services projects, Patterson explained in a Webcast today sponsored by Liberty Alliance. The concept is to have URL-based identity where the user is able to participate in blogs and wikis and other Web 2.0 collaborative applications without a pre-existing relationship with the application, he explained. "The Web is very different now than it was five years ago," Patterson said "I'm focused on participation on the developer side to put a presence on the Web very quickly." OpenSSO is designed to provide a way to create an federated identity via SAML 2.0 with very little coding. This would solve the problem developers of Web 2.0 applications have with the heavyweight nature of SAML 2.0 implementation. Noting that many modern Web services seem to have settled on Linux with a lightweight language such as PHP and Ruby, the Lightbulb project (originally a pun because it was to fit into the LAMP stack) is intended to provide the security of SAML 2.0 implemented through a scripting language, Patterson said. This avoids the problem of having to maintain a repository of passwords and authentication data on a server for a simple developer blog.

Composite Capability/Preference Profiles (CC/PP) Version 2.0
Cedric Kiss (ed), W3C Technical Report
W3C's Device Independence Working Group released a First Public Working Draft for the of "Composite Capability/Preference Profiles (CC/PP): Structure and Vocabularies 2.0" specification. Version 2.0 is an update to the CC/PP 1.0 Recommendation for alignment with the Resource Description Framework (RDF). A CC/PP profile is a description of device capabilities and user preferences. This is often referred to as a device's delivery context and can be used to guide the adaptation of content presented to that device. The Resource Description Framework (RDF) is used to create profiles that describe user agent capabilities and preferences. The structure of a profile is discussed. Topics include: (i) structure of client capability and preference descriptions, and (ii) use of RDF classes to distinguish different elements of a profile, so that a schema-aware RDF processor can handle CC/PP profiles embedded in other XML document types. CC/PP vocabulary is identifiers (URIs) used to refer to specific capabilities and preferences, and covers: (1) the types of values to which CC/PP attributes may refer; (2) an appendix describing how to introduce new vocabularies; (3) an appendix giving an example small client vocabulary covering print and display capabilities; (4) an appendix providing a survey of existing work from which new vocabularies may be derived.
See also: W3C Device Independence Activity

Denmark Builds XML-based Web Services Commerce Network
Michael Meehan, SearchWebServcies.com
A return to the heady notion of business-to-business integration was featured during a session yesterday at the XML 2006 conference. The Danish government plans on instituting a massive service-oriented e-commerce network by late 2007 that will generate Universal Business Language (UBL) 2.0 business documents such as purchase orders and invoices for both public and private sector transactions. In addition to the XML-based UBL documents, the system will leverage Web services standards like SOAP 1.1, UDDI 3.0, WSDL 1.1, WS-Security 1.0 and WS-ReliableMessaging. The system will replace a proprietary Electronic Data Interchange value-added network (VAN) currently used by the Danish government to conduct business, saving on exorbitant per- kilocharacter data transformation costs and opening up the e-commerce network to any business with a Web connection. "It should be as easy to send a business document electronically as it is to send an e-mail," said Mikkel Hippe Brun, chief consultant for Denmark's Center for Service-Oriented Infrastructure, part of the national IT and telecom agency. The new system will be required to handle more than 200 million transactions a year, offer a national services registry and be held up to Danish businesses as a standard Web services reference model for secure, reliable and authenticated transactions. Yet the project has run into a major hurdle in getting its Windows toolkit, based on .NET 3.0 and Windows Communication Foundation, to interoperate with its Java toolkit, based on Apache initiatives like Axis 2.0, Rampart and Sandesha. The governmental approach in Denmark also differs greatly from the private sector initiatives in the U.S. For instance, the WS-I profile, which the Danish project will be leveraging, was put together by user organizations, but hasn't been able to keep up with the rapidity of changes in the Web services/SOA marketplace. Brun added that the government has the clout to create a reference model that the private sector will adopt.
See also: UBL references

Better, Faster, More Secure: Who's in Charge of the Internet's Future?
Brian Carpenter, ACM Queue
This article focuses on observable challenges and trends today. Since I started a stint as chair of the IETF (Internet Engineering Task Force) in March 2005, I have frequently been asked, "What's coming next?" but I have usually declined to answer. Nobody is in charge of the Internet, which is a good thing, but it makes predictions difficult. The reason the lack of central control is a good thing is that it has allowed the Internet to be a laboratory for innovation throughout its life — and it's a rare thing for a major operational system to serve as its own development lab. As the old metaphor goes, we frequently change some of the Internet's engines in flight. This is possible because of a few of the Internet's basic goals: (1) Universal connectivity — anyone can send packets to anyone; (2) Applications run at the edge — so anyone can install and offer services; (3) "Cheap and cheerful" core technology — so transmission is cheap; (4) Natural selection - no grand plan, but good technology survives and the rest dies. Of course, this is an idealistic view... the IETF considers specifications for how IP runs over emerging hardware media, maintenance and improvements to IP itself and to transport protocols including the ubiquitous TCP, routing protocols, basic application protocols, network management, and security. A host of other standards bodies operate in parallel with the IETF. To demonstrate the difficulty of prediction, let's consider only those ideas that get close enough to reality to be published within the IETF; that's about 1,400 new drafts per year, of which around 300 end up being published as IETF requests for comments (RFCs). By an optimistic rough estimate, at most 100 of these specifications will be in use 10 years later (i.e., 7 percent of the initial proposals). Of course, many other ideas are floated in other forums such as ACM SIGCOMM. So, anyone who agrees to write about emerging protocols has at least a 93 percent probability of writing nonsense... It should be clear from this superficial and partial personal survey that we are still having fun developing the technology of the Internet, and that the party is far from over. The Internet technical community has succeeded by being open — and open-minded.

Internet Identity Workshop Demonstrations Steal the Show
Phil Windley, ZDNet Blog
One of the hallmarks of the Internet Identity Workshop (IIW) is the high ratio of getting-stuff-done to idle chat and marketing drivel. I remarked at the closing session that this wasn't a workshop in the usual sense of "conference not quite grown up." This really is a workshop where people work. Probably the highlight of the workshop for me was the speed geeking and related demonstration sessions. If you've never done speed geeking, it works like speed dating or speed pitching: you put each geeker at a table, break everyone else up into the same number of groups as you have tables and rotate every five minutes. In an hour, I saw 8 or 9 demonstrations of user-centric identity tools and systems. Kaliya set it up and it was very effective. One thing I thought was pretty cool was Pat Patterson's session on the Lightbulb project. Lightbulb natively implements SAML in PHP (rather than with a PHP/Java bridge), allowing PHP Web sites to use SAML authentication services. He showed some demo sites that use Lightbulb to use a third-party, SAML-based identity provider. The best part was that the integration layer was dead simple: four functions of 3-4 lines of PHP code each. The functions tell how the user connects to the SAML authentication service for logging in and out and then tell how to map the login or logout event to the local identity system. Something else that debuted at IIW was Sxipper, a Firefox plugin for managing identity information. Sxipper features one-click logins, local storage of the identity data, form-filling, and extensibility. The extensibility was what made me take notice. Sxipper uses "semantic mapping files" that describe, for any given form, how to map the identity data Sxipper knows about onto the form.

Mozilla Ships Developer Release of Firefox 3.0
Robert McMillan, InfoWorld
Mozilla has hit an early milestone on the road to the next version of its open-source browser, but the final product is still a year away, developers say. The Mozilla team released its first alpha release of Firefox 3.0 Friday, giving Firefox and Web application developers an early look at the next-generation browser. This release is not intended for regular users, not even those who like to play around with early versions of the product. The software, code-named Gran Paradiso, comes just six weeks after Mozilla shipped version 2.0 of the browser, but it has already been more than a year in development. The final version of Firefox 3.0 is expected to be released by the end of 2007. Developers hope that it will be a major step toward making Web applications indistinguishable from programs that are installed on the desktop. Gran Paradiso features better support for a number of graphics standards, such as the Scalable Vector Graphics (SVG) language and the Canvas specification; Firefox 3.0 also supports the Cairo graphics library, which aims to make Web pages look the same whether they are being printed or viewed on a Windows PC, a Macintosh or small-screen device. The Firefox 3.0 plan calls for browsing, bookmarking and privacy enhancements to be built into the browser.

Survey: Patients Want Online Health Records
M.L. Baker, eWEEK
A survey released this week by the nonprofit Markle Foundation finds patients enthusiastic about being able to access their health information online. A vast majority say they would use this information to prevent unnecessary care and take better care of themselves. More than 95 percent of respondents in the survey of 1,000 Americans said that doctors and individuals should have access to all of an individual's medical records. Two-thirds wanted to have access to their own records electronically. More than 80 percent of respondents said that they would like to check for errors in their medical records and be able to review test results online. Nearly 70 percent said that having information available online would give them more control over their own health care. But 80 percent of those surveyed said that they were very concerned about identity theft and fraud and that their information could be used without their permission. About 75 percent said they felt that the government should help establish privacy and confidentiality standards for electronic health information. The nonprofit Robert Wood Johnson Foundation hopes to promote the use of PHRs. This week the foundation announced $4.1 million grants to create health-improvement applications that assume personal health records are commonplace and available over the Internet. These include developing a spoken interface for patients who could not manage a keyboard, as well as disease-specific programs for people with diabetes, heart failure, mental disorders, and adults and children with chronic conditions.
See also: XML and Healthcare


XML.org is an OASIS Information Channel sponsored by BEA Systems, Inc., IBM Corporation, Innodata Isogen, SAP AG and Sun Microsystems, Inc.

Use http://www.oasis-open.org/mlmanage to unsubscribe or change an email address. See http://xml.org/xml/news_market.shtml for the list archives.


Bottom Gear Image