|
XML and Web Services In The News - 28 July 2006
Provided by OASIS |
Edited by Robin Cover
This issue of XML Daily Newslink is sponsored by BEA
HEADLINES:
OpenID Offers Open-Source Code Bounty
Ryan Naraine, eWEEK
Looking to jumpstart widespread adoption of the OpenID online identity
system, a dozen software vendors are backing a $50,000 bounty program
to open-source developers. The OpenID Code Bounty, which is supported
by a slew of companies including VeriSign and Six Apart, offers $5,000
directly to 10 open-source projects that successfully implement OpenID
2.0 support. Others backing the program include JanRain, Four Kitchen
Studios, Cordance, OoTao, Zooomr, ClaimID, NetMesh, Sxip, and Opinity.
OpenID, which was first championed by Six Apart's LiveJournal blogging
software, is a simple identification mechanism that allows Web surfers
to use a single log-in anywhere on the Internet. It is styled as a
lightweight, decentralized authentication mechanism that allows a
blogger's online identity to be given by a URL that's verified by any
server running the protocol. OpenID is used primarily to authenticate
users on blogs and other social networking sites and is not meant to be
used on sensitive accounts like banking and e-commerce purchases. To
qualify for the bounty, an open-source program must implement OpenID 2.0
support as a relying party or identity provider and be compliant with
an OpenID compliance testing tool that is scheduled for release in
August 2006. The protocol has already been implemented in LiveJournal
and sites that use its code base (GreatestJournal, InsaneJournal, and
DeadJournal), Movable Type and TypeKey. VeriSign has implemented OpenID
in its PIP (Personal Identity Provider), which is designed to provide
a "home base" for users who want use OpenID applications.
See also: OpenID Code Bounty
WikiD: An OpenURL 1.0 Application
Jeffrey Young and Thomas Hickey, D-Lib Magazine
OpenURL was originally developed to enable link resolution of citation
information in a distributed interoperable way. We used the V1.0
framework to create WikiD (Wiki/Data), an application that has little
to do with citation link resolvers, but is instead a set of general
purpose services for managing arbitrary collections of items. The model
for this application is a wiki engine generalized to manage multiple
collections of XML records. This article describes WikiD and how it can
serve as an example for applications that can be built on the foundation
of the OpenURL framework. Although OpenURL is inherently a machine-to-
machine protocol, it is easy to create a thin overlay to handle
human-friendly URL requests that can be mechanically transformed into
standard OpenURL representations before being handed off to the resolver
for processing. Much of this functionality can be provided with the
minimal requirements of OpenURL's referent and service-type entities.
For more complex situations such as the need for authentication and
authorization, OpenURL provides a richer set of entities to represent
the subtle context in which the service is being performed. [*Ed note:
OpenURL is one of several efforts to augment the URI with additional
syntax and semantics, at the cost of requiring additional resolvers;
the blog from Norm Walsh offers arguments in counterpoint.]
See also: NWalsh
The ARK Persistent Identifier Scheme
John A. Kunze and R. P. C. Rodgers, IETF Internet Draft
The ARK (Archival Resource Key) naming scheme is designed to facilitate
the high-quality and persistent identification of information objects.
A founding principle of the ARK is that persistence is purely a matter
of service and is neither inherent in an object nor conferred on it by
a particular naming syntax. The best that an identifier can do is to
lead users to the services that support persistence. The term ARK itself
refers both to the scheme and to any single identifier that conforms to
it. An ARK has five components [http://NMAH/]ark:/NAAN/Name[Qualifier]:
an optional and mutable Name Mapping Authority Hostport, the "ark:"
label, the Name Assigning Authority Number (NAAN), the assigned Name,
and an optional and possibly mutable Qualifier supported by the NMA.
The NAAN and Name together form the immutable persistent identifier
for the object. An ARK is just a URL, distinguished by its form,
that provides some of the necessary conditions for credible persistence.
An ARK invites access to not one, but to three things: to the object,
to its metadata, and to a nuanced statement of commitment from the
provider regarding the object. The form of the ARK also supports the
natural separation of naming authorities into the original name assigning
authority and the diverse multiple name mapping (or servicing)
authorities that in succession and in parallel will take over custodial
responsibilities from the original assigner for the large majority of a
long-term object's archival lifetime. The mapping authority, indicated
by the hostname part of the URL that contains the ARK, serves to launch
the ARK into cyberspace. Should it ever fail — and there is no reason
why a well-chosen hostname of a 100-year-old cultural memory institution
shouldn't last as long as the DNS), that host name is considered
disposeable and replaceable. [Note: The ARK Persistent Identifier Scheme
was approved as a NISO Registration in November 2004.]
See also: OAI-PMH
FAQ: JavaScript Insecurities
Joris Evers, CNET News.com
Web sites are becoming more interactive thanks to JavaScript, but the
increased use of the decade-old scripting language is raising security
questions. JavaScript is playing a major role in the Web 2.0 boom, which
is causing a splash as it stretches the boundaries of what Web sites
can do. But malicious JavaScript, especially in combination with
increasingly common Web site security flaws, could lead to insidious
Web-based attacks, security experts warn. avaScript is a scripting
programming language. It was developed at Netscape Communications as
a derivative of ECMAScript and first introduced in 1995 in a version
of the Netscape browser. JavaScript is best known for its use in Web
sites. Despite the name, JavaScript is only remotely related to Sun
Microsystems' Java, a programming language and software that can run
Java programs. One of the key enablers of the flashier Web sites is a
programming technique known as AJAX (Asynchronous JavaScript and XML)...
AJAX means more JavaScript. The recent Yamanner worm targeted Yahoo
Mail. It harvested e-mail addresses, sent those off to the attacker,
and forwarded itself to all contacts in a user's Yahoo address book.
The Samy worm spread on MySpace, changing profiles on the hugely
popular social-networking Web site. Both worms were created in
JavaScript. Security researchers also have recently found a way to use
JavaScript to map a home or corporate network and attack connected
servers or devices, such as routers or printers.
What Is OpenDocument?
Sam HiserO'Reilly ONLamp.com
The OpenDocument Format (ODF) is an emerging file format standard for
electronic office documents. Representing a triumph of common sense
over the methods conceived before the rise of the Internet, ODF's goals
are both exciting and controversial. Early adopters of the format
include state and municipal governments in some near- and far-flung
places, and this makes the format's progress a thing to watch. Yet
innovation theory tells us there are some hurdles we all must overcome
before ODF becomes a regular topic of conversation at the ballpark.
Those in the know, however, recognize that we're in about the second
inning of a barn-burner... OpenDocument Format is the open standard
implementation of XML for office documents. An open standard recipe
for organizing document data is very different from what we're used to.
Until now, the organizing principles for our document data have been
hidden from public view, because they were developed by a private
enterprise and used for competitive advantage. Given the obscurity of
document formats and of technical standards work, it's easy to miss
the importance of an XML-based open document format standard. With
the OpenDocument Format, we're talking about a very different way of
doing things. Documents become the center of attention, not
applications... The OpenDocument Format is bringing the world from an
application-centric model of computing to a document-centric model of
computing. This means that creating new business processes will be
as easy as typing a memo on a PC or working with a small connected
device. Application-centrism isn't necessarily bad, unless a single
company owns and hides the software application's code and all the
data created by it.
See also: ODF references
ODF v1.1 Committee Specification Available for Public Review
Peter Korn, Peter Korn's Weblog
The OASIS Open Document Technical Committee has been working on version
1.1 of the Open Document Format specification, which in large measure is
focused on addressing the accessibility concerns raised by the
accessibility subcommittee. Today OASIS has announced the public review
of the Open Document Format v1.1 specification. The 60-day review period
runs from 27 July 2006 through 25 September 2006. This marks a
significant milestone in the development of the Open Document Format
standard — open and public review of an update to the open ODF file
format, whose updates (primarily for accessibility) were themselves
developed openly with the input from experts in accessibility technology
including multiple individuals with a variety of disabilities. To my
knowledge the only similarly open process for a file format — and
specifically explicitly open to people with disabilities and experts in
accessibility technology — is that of the World Wide Web and the Web
Accessibility Initiative. Certainly no other office document file format
has had this level of public openness, nor this level of participation
by individuals with disabilities and experts in accessibility
technology.
See also: the announcement
Web Services to Aid, Not Kill, Software: Microsoft
Staff, Reuters and InfoWorld
Web services, delivered alongside classic software, will complement
rather than replace the existing software industry, Microsoft Corp.'s
chief technologist said on Thursday. Chief Software Architect Ray
Ozzie told investors and reporters attending the annual financial
analyst meeting at Microsoft's headquarters that the company is
looking to convert its existing software franchises into Web-delivered
services. Microsoft's strategy is to connect a wide range of devices
onto various networks to allow consumers to enjoy the same information
and entertainment not only on their computers but also via mobile
phones, televisions and gaming systems. Ozzie took issue with
technology purists who say Web-delivered services will completely
replace traditional computer-installed software. "Software as service"
advocates include Microsoft competitors in business and consumer
markets, including Salesforce.com, Google Inc. and thousands of Web
start-ups who are focused on market niches. Far-larger rivals such
as IBM, Oracle Corp., SAP AG are racing along with Microsoft to
allow many of their existing businesses to be delivered over networks
as services rather than as products. IBM, the world's largest
technology company, has been perhaps the most aggressive in this
transformation, reducing its focus on building its own hardware and
software to the point where it now depends on services for most of
its revenue. In response to a question, Ozzie declined to say how
much revenue per user could come from new Web services or how these
might compare to license revenue streams from Windows and Office
software that generate the bulk of Microsoft revenue.
Universal Business Language v2.0 Specification Released for Review
OASIS Universal Business Language (UBL) Technical Committee, PRD
OASIS announced the release of second Public Review Draft for the
Universal Business Language 2.0, edited by Jon Bosak, G. Ken Holman,
and Tim McGrath. The OASIS Universal Business Language (UBL) is
intended to help solve a number of problems relating to business
documents by defining a generic XML interchange format for business
documents that can be extended to meet the requirements of particular
industries. UBL provides alibrary of XML schemas for reusable data
components such as 'Address,' 'Item,' and 'Payment' — the common data
elements of everyday business documents. It also provides a set of
XML schemas for common business documents such as 'Order,' 'Despatch
Advice,' and 'Invoice' that are constructed from the UBL library
components and can be used in generic procurement and transportation
contexts. UBL schemas are modular, reusable, and extensible in XML-aware
ways. As the first standard implementation of ebXML Core Components
Technical Specification 2.01, the UBL Library is based on a conceptual
model of information components known as Business Information Entities
(BIEs). These components are assembled into specific document models
such as Order and Invoice. These document assembly models are then
transformed in accordance with UBL Naming and Design Rules into W3C
XSD schema syntax. This approach facilitates the creation of UBL-based
document types beyond those specified in this release. [Note: The
'UBL-index-2.0.pdf' file is included in the distribution ZIP file to
comply with a procedural requirement of the current OASIS Technical
Committee process and has no other function. It has no practical
purpose and should be ignored.]
See also: the UBL TC home page
Throwing Stones at People in Glass Houses
Robert WeirAn Antic Disposition (Blog)
Working on standard in OASIS is a public action, with process
transparency and public visibility. The public doesn't see merely the
end-product, or quarterly drafts, they can see (if they are so inclined)
every discussion, every disagreement and every decision made by the TC,
in near real-time. Our meeting minutes for our TC calls are posted for
public inspection. Our mailing list archives, where most of the real
work occurs, is there for the public to view. The comments submitted by
the public are also available for anyone to read. This information is
all archived from when the TC first met back in 2002, all the way to the
discussions we're having today on spreadsheet formula namespaces. One
side effect of this openness is it makes it very easy, trivial in fact,
for our critics to simply read our mailing list, look for a disgreement
or discussion of an issue, and repeat our words, usually out of context.
So clearly, this openness at OASIS has its downside. But honestly, I
wouldn't trade it for any alternative. Making a standard, especially
one this important, is a privilege, not a right. The public deserves
to know what goes into a standard, the same way and for the same reasons
they deserve to know what goes into legislation. I relish this scrutiny
because I know it makes us stronger.
See also: OASIS TC visibility
Publishing JSR 168 Portlets as Remote Portlets With WSRP
Manish K. Gupta and Marina Sum, Sun Developer Network
Java Specification Request (JSR) 168: Portlet Specification enables
interoperability among portlets and portals by defining the APIs that
standardize preferences, security, and other configurations. By taking
advantage of the Web Services for Remote Portlets (WSRP) capability
in Sun Java System Portal Server 7, you can publish a locally deployed
JSR 168 portlet as a remote one and consume or display other remotely
published portlets in Portal Server. This article describes the
publication procedure with an example portlet and offers troubleshooting
tips. Similar to Java servlets, JSR 168 portlets require a runtime
environment, called the portlet container, and you must deploy them by
means of portlet container-specific utilities. You can deploy portlets
in Portal Server from either the command-line interface (CLI) or the
Portal Server admin console. Next [you would] make the locally deployed
portlet available for publishing with WSRP by creating a channel for
the portlet. A channel is a portal window that shows a portlet's
content, which might originate from a locally deployed portlet or from
a remote portlet. To publish a local portlet as a remote portlet with
WSRP, you first create a WSRP producer -" a Web service that offers one
or more locally deployed portlets as remote portlets " by implementing
WSRP interfaces and operations. You can create multiple producers to
offer unique portlets to different consumers. For example, one producer
could produce portlets for an intranet and another producer could
produce portlets for an extranet. A WSRP consumer is a Web-service
client, typically a portal, that invokes producer-offered WSRP Web
services and that provides an environment for users to interact with
portlets offered by one or more producers. Publishing a local JSR 168
portlet as a remote portlet with WSRP in Portal Server is a simple
process that requires no programming efforts. Your portal can then
consume or display other remote portlets and become much more versatile.
See also: the OASIS TC
Loop with Recursion in XSLT
Elliotte Rusty Harold, IBM developerWorks
XSLT is a functional programming language like Haskell or Scheme, and
unlike C or Fortran. Thus it has no loops and no mutable variables.
Instead, you must replace these constructs with recursion and parameters.
This tip demonstrates how to provide this functionality using named
templates and the xsl:call-template, xsl:with-param, and xsl:param
elements. But XSLT is Turing complete: this means that given sufficient
memory, XSLT can calculate anything any other Turing-complete language
(such as C++) can calculate. This comes as a bit of a surprise to
programmers who are accustomed to more traditional languages. After all,
XSLT is missing some features that are important to a lot of algorithms,
including loops and mutable variables. What XSLT calls variables are
called constants in most other languages. They're more like algebraic
variables than traditional programming variables. The omissions just
mentioned aren't oversights. XSLT is a functional language rather than
a procedural one. In a procedural language such as C or Pascal, a
program is defined as a sequence of steps, the execution of which in
the specified order produces the final result as the last step in the
sequence. In a functional language, a program is defined as a function
composed of other functions, the evaluation of which leads to the final
result. The big advantage of functional languages is that the order of
execution doesn't matter. Replacing loops with recursion, whether in C,
XSLT, or Scheme, takes some getting used to. However, this technique
has a certain elegance. You don't need to use it often in XSLT, but it
lets you accomplish tricky tasks that you can't do any other way in
standard XSLT.
XML.org is an OASIS Information Channel
sponsored by BEA Systems, Inc., IBM Corporation, Innodata Isogen, SAP AG and Sun
Microsystems, Inc.
Use http://www.oasis-open.org/mlmanage
to unsubscribe or change an email address. See http://xml.org/xml/news_market.shtml
for the list archives. |
