XML and Web Services In The News - 08 December 2006
Provided by OASIS |
Edited by Robin Cover
This issue of XML Daily Newslink is sponsored by Innodata Isogen
HEADLINES:
SAML 2.0 Meets Web 2.0
Rich Seeley, SearchWebServices.com
SAML 2.0, a protocol for federated single sign on, needs to lighten up
for the Web 2.0 world of agile development, says Pat Patterson,
federation architect at Sun Microsystems Inc. And that's where Sun's
Project Lightbulb comes in. The goal of project Lightbulb, which is part
of Open Single Sign-On (Open SSO) is to provide a lightweight means of
federating identities, so users can sign in with a single authentication
key and move seamlessly between all sorts of mashed up and recombined
Web services projects, Patterson explained in a Webcast today sponsored
by Liberty Alliance. The concept is to have URL-based identity where
the user is able to participate in blogs and wikis and other Web 2.0
collaborative applications without a pre-existing relationship with the
application, he explained. "The Web is very different now than it was
five years ago," Patterson said "I'm focused on participation on the
developer side to put a presence on the Web very quickly." OpenSSO is
designed to provide a way to create an federated identity via SAML 2.0
with very little coding. This would solve the problem developers of Web
2.0 applications have with the heavyweight nature of SAML 2.0
implementation. Noting that many modern Web services seem to have
settled on Linux with a lightweight language such as PHP and Ruby, the
Lightbulb project (originally a pun because it was to fit into the LAMP
stack) is intended to provide the security of SAML 2.0 implemented
through a scripting language, Patterson said. This avoids the problem
of having to maintain a repository of passwords and authentication data
on a server for a simple developer blog.
Composite Capability/Preference Profiles (CC/PP) Version 2.0
Cedric Kiss (ed), W3C Technical Report
W3C's Device Independence Working Group released a First Public Working
Draft for the of "Composite Capability/Preference Profiles (CC/PP):
Structure and Vocabularies 2.0" specification. Version 2.0 is an update
to the CC/PP 1.0 Recommendation for alignment with the Resource
Description Framework (RDF). A CC/PP profile is a description of device
capabilities and user preferences. This is often referred to as a
device's delivery context and can be used to guide the adaptation of
content presented to that device. The Resource Description Framework
(RDF) is used to create profiles that describe user agent capabilities
and preferences. The structure of a profile is discussed. Topics include:
(i) structure of client capability and preference descriptions, and (ii)
use of RDF classes to distinguish different elements of a profile, so
that a schema-aware RDF processor can handle CC/PP profiles embedded in
other XML document types. CC/PP vocabulary is identifiers (URIs) used
to refer to specific capabilities and preferences, and covers: (1) the
types of values to which CC/PP attributes may refer; (2) an appendix
describing how to introduce new vocabularies; (3) an appendix giving
an example small client vocabulary covering print and display
capabilities; (4) an appendix providing a survey of existing work from
which new vocabularies may be derived.
See also: W3C Device Independence Activity
Denmark Builds XML-based Web Services Commerce Network
Michael Meehan, SearchWebServcies.com
A return to the heady notion of business-to-business integration was
featured during a session yesterday at the XML 2006 conference. The
Danish government plans on instituting a massive service-oriented
e-commerce network by late 2007 that will generate Universal Business
Language (UBL) 2.0 business documents such as purchase orders and
invoices for both public and private sector transactions. In addition
to the XML-based UBL documents, the system will leverage Web services
standards like SOAP 1.1, UDDI 3.0, WSDL 1.1, WS-Security 1.0 and
WS-ReliableMessaging. The system will replace a proprietary Electronic
Data Interchange value-added network (VAN) currently used by the
Danish government to conduct business, saving on exorbitant per-
kilocharacter data transformation costs and opening up the e-commerce
network to any business with a Web connection. "It should be as easy
to send a business document electronically as it is to send an e-mail,"
said Mikkel Hippe Brun, chief consultant for Denmark's Center for
Service-Oriented Infrastructure, part of the national IT and telecom
agency. The new system will be required to handle more than 200
million transactions a year, offer a national services registry and
be held up to Danish businesses as a standard Web services reference
model for secure, reliable and authenticated transactions. Yet the
project has run into a major hurdle in getting its Windows toolkit,
based on .NET 3.0 and Windows Communication Foundation, to interoperate
with its Java toolkit, based on Apache initiatives like Axis 2.0,
Rampart and Sandesha. The governmental approach in Denmark also differs
greatly from the private sector initiatives in the U.S. For instance,
the WS-I profile, which the Danish project will be leveraging, was put
together by user organizations, but hasn't been able to keep up with
the rapidity of changes in the Web services/SOA marketplace. Brun
added that the government has the clout to create a reference model
that the private sector will adopt.
See also: UBL references
Better, Faster, More Secure: Who's in Charge of the Internet's Future?
Brian Carpenter, ACM Queue
This article focuses on observable challenges and trends today. Since
I started a stint as chair of the IETF (Internet Engineering Task Force)
in March 2005, I have frequently been asked, "What's coming next?" but
I have usually declined to answer. Nobody is in charge of the Internet,
which is a good thing, but it makes predictions difficult. The reason
the lack of central control is a good thing is that it has allowed the
Internet to be a laboratory for innovation throughout its life — and
it's a rare thing for a major operational system to serve as its own
development lab. As the old metaphor goes, we frequently change some
of the Internet's engines in flight. This is possible because of a few
of the Internet's basic goals: (1) Universal connectivity — anyone can
send packets to anyone; (2) Applications run at the edge — so anyone
can install and offer services; (3) "Cheap and cheerful" core technology
— so transmission is cheap; (4) Natural selection - no grand plan, but
good technology survives and the rest dies. Of course, this is an
idealistic view... the IETF considers specifications for how IP runs
over emerging hardware media, maintenance and improvements to IP itself
and to transport protocols including the ubiquitous TCP, routing
protocols, basic application protocols, network management, and security.
A host of other standards bodies operate in parallel with the IETF. To
demonstrate the difficulty of prediction, let's consider only those
ideas that get close enough to reality to be published within the IETF;
that's about 1,400 new drafts per year, of which around 300 end up being
published as IETF requests for comments (RFCs). By an optimistic rough
estimate, at most 100 of these specifications will be in use 10 years
later (i.e., 7 percent of the initial proposals). Of course, many other
ideas are floated in other forums such as ACM SIGCOMM. So, anyone who
agrees to write about emerging protocols has at least a 93 percent
probability of writing nonsense... It should be clear from this
superficial and partial personal survey that we are still having fun
developing the technology of the Internet, and that the party is far
from over. The Internet technical community has succeeded by being open
— and open-minded.
Internet Identity Workshop Demonstrations Steal the Show
Phil Windley, ZDNet Blog
One of the hallmarks of the Internet Identity Workshop (IIW) is the
high ratio of getting-stuff-done to idle chat and marketing drivel. I
remarked at the closing session that this wasn't a workshop in the
usual sense of "conference not quite grown up." This really is a
workshop where people work. Probably the highlight of the workshop
for me was the speed geeking and related demonstration sessions. If
you've never done speed geeking, it works like speed dating or speed
pitching: you put each geeker at a table, break everyone else up into
the same number of groups as you have tables and rotate every five
minutes. In an hour, I saw 8 or 9 demonstrations of user-centric
identity tools and systems. Kaliya set it up and it was very effective.
One thing I thought was pretty cool was Pat Patterson's session on
the Lightbulb project. Lightbulb natively implements SAML in PHP
(rather than with a PHP/Java bridge), allowing PHP Web sites to use
SAML authentication services. He showed some demo sites that use
Lightbulb to use a third-party, SAML-based identity provider. The
best part was that the integration layer was dead simple: four
functions of 3-4 lines of PHP code each. The functions tell how the
user connects to the SAML authentication service for logging in and
out and then tell how to map the login or logout event to the local
identity system. Something else that debuted at IIW was Sxipper, a
Firefox plugin for managing identity information. Sxipper features
one-click logins, local storage of the identity data, form-filling,
and extensibility. The extensibility was what made me take notice.
Sxipper uses "semantic mapping files" that describe, for any given
form, how to map the identity data Sxipper knows about onto the form.
Mozilla Ships Developer Release of Firefox 3.0
Robert McMillan, InfoWorld
Mozilla has hit an early milestone on the road to the next version of
its open-source browser, but the final product is still a year away,
developers say. The Mozilla team released its first alpha release of
Firefox 3.0 Friday, giving Firefox and Web application developers an
early look at the next-generation browser. This release is not intended
for regular users, not even those who like to play around with early
versions of the product. The software, code-named Gran Paradiso, comes
just six weeks after Mozilla shipped version 2.0 of the browser, but
it has already been more than a year in development. The final version
of Firefox 3.0 is expected to be released by the end of 2007.
Developers hope that it will be a major step toward making Web
applications indistinguishable from programs that are installed on the
desktop. Gran Paradiso features better support for a number of graphics
standards, such as the Scalable Vector Graphics (SVG) language and the
Canvas specification; Firefox 3.0 also supports the Cairo graphics
library, which aims to make Web pages look the same whether they are
being printed or viewed on a Windows PC, a Macintosh or small-screen
device. The Firefox 3.0 plan calls for browsing, bookmarking and privacy
enhancements to be built into the browser.
Survey: Patients Want Online Health Records
M.L. Baker, eWEEK
A survey released this week by the nonprofit Markle Foundation finds
patients enthusiastic about being able to access their health
information online. A vast majority say they would use this information
to prevent unnecessary care and take better care of themselves. More
than 95 percent of respondents in the survey of 1,000 Americans said
that doctors and individuals should have access to all of an
individual's medical records. Two-thirds wanted to have access to their
own records electronically. More than 80 percent of respondents said
that they would like to check for errors in their medical records and
be able to review test results online. Nearly 70 percent said that
having information available online would give them more control over
their own health care. But 80 percent of those surveyed said that they
were very concerned about identity theft and fraud and that their
information could be used without their permission. About 75 percent
said they felt that the government should help establish privacy and
confidentiality standards for electronic health information. The
nonprofit Robert Wood Johnson Foundation hopes to promote the use of
PHRs. This week the foundation announced $4.1 million grants to create
health-improvement applications that assume personal health records
are commonplace and available over the Internet. These include
developing a spoken interface for patients who could not manage a
keyboard, as well as disease-specific programs for people with
diabetes, heart failure, mental disorders, and adults and children
with chronic conditions.
See also: XML and Healthcare
XML.org is an OASIS Information Channel
sponsored by BEA Systems, Inc., IBM Corporation, Innodata Isogen, SAP AG and Sun
Microsystems, Inc.
Use http://www.oasis-open.org/mlmanage
to unsubscribe or change an email address. See http://xml.org/xml/news_market.shtml
for the list archives. |