XML and Web Services In The News - 15 February 2006
OASIS Stamps Approval on WS-Security 1.1
John Fontana, NetworkWorld
OASIS has announced the approval of WS-Security v1.1 as an OASIS Standard. The 1.1 specification, crafted by the Web Services Security (WSS) Technical Committee, is highlighted by enhancements to security token support, message attachments and rights management. The 1.0 version became a formal standard in April 2004. The 1.1 specification includes the core WS-Security specification and the Username Token Profile 1.1, X.509 Token Profile 1.1, Kerberos Token Profile 1.1, SAML Token Profile 1.1, Rights Expression (REL) Token Profile 1.1, SOAP With Attachments (SWA) Profile 1.1 and Schema 1.1. With WS-Security, users have a general-purpose method for building integrity, confidentiality and authentication into the message exchanges between or among Web services applications. The protocol fosters integration of technology used to secure messages, including X.509 certificates and Kerberos. Coupled with extensions such as WS-Policy, WS-Trust and WS-Secure Conversation, the specification allows more sophisticated and secure ways for Web services to interact.
See also: The announcement
Infravio Takes Metadata to SOA Governance
Vance McCarthy, Integration Developer News
EJB 3.0 isn't the only mega-trend in metadata. SOA governance provider Infravio says metadata applied to registry and tooling will empower integration devs to play a more visible role when it comes to aligning IT with business needs. Infravio's X-Registry 5 uses metadata techniques to provide a contracts-based view a company's rules, data and workflows which company execs hope will deliver a more value-based view of Services Oriented Architecture (SOA) governance. Among the common SOA tasks Infravio's approach allows are: (1) Create policy contracts -- define, publish, promote, and authorize; (2) Execute contract functions -- search, find, demo, refine, and (3) Provide secure on-demand access through request for access, role-based viewing.
Ping Identity and MedCommons Use SAML 2.0 for Electronic Health Record Access
Staff, Ping Identity Announcement
Ping Identity and MedCommons have announced a partnership to develop secure, standards-based, single sign-on solutions for multi-location electronic health record access and storage. Both Ping Identity and MedCommons are committed to SAML 2.0 as the standard of choice for secure authentication precisely because it provides for the convergence of non-interoperable standards that support Web SSO. After significant testing of alternative providers, MedCommons determined that PingFederate Version 3 was the easiest SAML 2.0 product to acquire, install, configure, integrate, and deploy. MedCommons quickly integrated PingFederate v3 into their medical data network and secure storage solution, enabling Web SSO using SAML 2.0. "Ping Identity's products and services help organizations easily and cost effectively bridge security domains across partner, supplier and customer organizations by providing secure Web SSO. MedCommons has developed the first standards-based system capable of communicating with and transferring image and non-image data among Personal Health Records, Electronic Health Records (EHR) and national healthcare IT systems."
See also: The PingTrust announcement
Sun Saddles up Java 'Mustang'
Steven J. Vaughan-Nichols, eWEEK
See also: The PR
Device Description Landscape
W3C Mobile Web Initiative, Device Description Working Group, WD
W3C's Device Description Working Group has released a First Public Working Draft of "Device Description Landscape", companion to "Device Description Ecosystem." Developing Web content for mobile devices is more challenging than developing for the desktop Web. Compared to desktop Web clients, mobile Web devices come in a much wider range of shapes, sizes and capabilities. The mobile Web developer relies upon accurate device descriptions in order to dynamically adapt content to suit the client. The W3C document describes what efforts the W3C and other organizations are doing in order to provide accurate device descriptions. Web access from mobile devices suffers from problems that make the Web unattractive for most mobile users. W3C's Mobile Web Initiative (MWI) proposes to address these issues through a concerted effort of key players in the mobile value chain, including authoring tool vendors, content providers, handset manufacturers, browser vendors and mobile operators.
See also: The W3C news item
Open Source Eclipse/SWT XForms Engine Released
Stefane Fermigier and Eric Barroca, EclipseZone Blog
Nuxeo , a french open source ISV specialised in Enterprise Content Management, has just published the code for an XForms engine for SWT and Eclipse. This engine will be used in the Apogee project recently submitted as a proposal to the Eclipse Foundation. Apogee aims at building a framework to create ECM-oriented desktop applications, independent from vendor or technologies. This framework could be used to create applications that will be integrated with Documentum, Interwoven, Nuxeo CPS or any ECM platform. The XForms engine is generating Eclipse/SWT Forms from an XHTML/XForms document and an optional XML Schema and CSS stylesheet. This first release supports only a subset of the XForms standard is supported for now (more feature will be added in future), but still, it's really usable and useful for many needs. The XML Schema is used for automatically validation of the generated forms. The Nuxeo XForms engine allows one to generate Eclipse/SWT forms from a XForms document and dynamically validate inputs against an XML Schema without generating an XML document.
See also: XML and Forms
Getting to Know Xindice, an Open Source Native XML Database
Selim Mimaroglu, SOA Web Services Journal
Apache Software Foundation's Xindice is an open source native XML database. Apache provides great software to developers such as the Apache Web Server, Tomcat Application Server, Cocoon Web Development Framework, Struts Framework, Ant, and many more under an open source license. Apache Web Server is an industrial-strength product that is used by many high-traffic Web sites. Apache Tomcat is a servlet container that implements both Java Servlets and Java Server Pages. The fact that Xindice is a member of the Apache Software Foundation gives it substantial credibility, because Apache produces well-known, well-respected software. In this product review the author explores the Xindice native XML database, beginning with its installation and advancing step by step. Xindice provides the XML:DB API for Java programmers. XML:DB is a very popular API, which is supported by many native XML databases such as eXist and Tamino. Xindice also provides XML-RPC API for non-Java programmers.
See also: XML and Databases
OMG Announces SOA, MDA and Web Services Workshop
Staff, Application Development Trends
The Object Management Group has announced the program for its Service Oriented Architecture, Model Driven Architecture and Web Services Workshop: 'Integrating the Enterprise and Beyond'. Today's state-of- the-art infrastructure couples Web services (WS) loosely into an SOA, designed and built with the assistance of OMG's MDA, since model-driven development is a necessity for these large and complex systems. During the workshop, tutorials and technical talks will cover the state of the art in design, implementation and execution of WS/SOA systems that cover the enterprise and extend out through the firewall. Industry experts will describe best practices at every stage of the application lifecycle, from modeling for requirements gathering and design, through WS and SOA for implementation and deployment, to the latest work in security and semantic interoperability. Case studies by early adopters, presentations by tool developers, and demonstrations will combine to show how SOA, WS and MDA combine to build an interoperability environment that extends business automation beyond the firewall to encompass the enterprise's customers and suppliers.