|
XML and Web Services In The News - 12 May 2006
Provided by OASIS |
Edited by Robin Cover
This issue of XML.org Daily Newslink is sponsored by SAP
HEADLINES:
W3C: WS-Addressing is Good to Go
Clint Boulton, InternetNews.com
Another brick in the wall of Web services standards has fallen into
place. The World Wide Web Consortium (W3C) ratified Web Services
Addressing 1.0 as a standard, removing another stumbling block on the
road to interoperability among distributed computing systems.
WS-Addressing introduces a way to specify the destination address,
reply messages and faults in SOAP (define) messages; specifically,
WS-Addressing promotes asynchronous message exchanges, and allows more
than two services to interact. These are both functions that enable
application-to-application communication, a hallmark of Web services.
WS-Addressing uses end-point reference markers, which work like cookies
and enable single sign-on execution. According to the announcement:
"Web Services Addressing 1.0 provides a transport-neutral mechanism
for addressing objects in Web services applications built on top of
URIs. This new method is called an endpoint reference, or EPR. EPRs
are designed to solve the issues posed by specific scenarios: (1)
Dynamic generation and customization of service endpoint descriptions,
such as those created for a session id or customer id (2) Referencing
and description of specific service instances that are created as the
result of stateful interactions (3) Flexible and dynamic exchange of
endpoint information in tightly coupled environments where
communicating parties share a set of common assumptions about specific
policies or protocols that are used during the interaction."
See also: the announcement
Advanced XML Validation
Peter Heneback, IBM developerWorks
Grammar-based validation languages such as XML Schema and DTD are well
equipped to ensure that XML documents conform to a well-defined message
structure. In many cases, validation logic that you cannot implement in
XML Schema or DTD is incorporated into application code. That solution
is relatively easy to implement, but often results in an inflexible
implementation. This article first investigates Schematron as an option
to solve the preceding problems and then highlights some of the
disadvantages of this approach. Then it explores an alternative solution
using well-established W3C standard components coupled with Java
extensions and open source XSLT processors. XSLT stylesheets are
designed to transform XML documents. Coupled with Java extensions,
stylesheets can also be a powerful complement to XML Schema when grammar-
based validation cannot cover all the constraints required. The author
presents the case for validating documents using XSLT with Java
extensions and provides practical guidance and code samples. Schematron
is a good complement to XML Schema when you deal with co-occurrence
constraints, for example, or if you require an XML reporting tool. When
performance is of a greater importance, and especially when the
validation is followed by a transformation, XSLT with Java extensions
can provide a more compact solution.
See also: Schematron references
The Use of Metadata in URIs
Noah Mendelsohn and Stuart Williams (eds.), Draft TAG Finding
On behalf of the W3C Technical Architecture Group (TAG), Noah Mendelsohn
has announced the release of an updated Editors' Draft for the TAG's
work on "The Use of Metadata in URIs." The finding addresses questions
regarding metadata in URIs such as: What information about a resource
can or should be embedded in its URI? What metadata can be reliably
determined from a URI, and in what circumstances is it appropriate to
rely on the correctness of such information? In what circumstances is
it appropriate to use information from a URI as a hint as to the nature
of a resource or its representations? The principle conclusions of this
finding are [excerpted]: (1) It is legitimate for assignment authorities
to encode static identifying properties of a resource, e.g., author,
version, or creation date, within the URIs they assign. (2) Assignment
authorities may publish specifications detailing the structure and
semantics of the URIs they assign. (3) The ability to explore and
experiment is important to Web users. Users therefore benefit from the
ability to infer either the nature of the named resource, or the likely
identity of other resources, from inspection of a URI. (4) People and
software using URIs assigned outside of their own authority should
make as few inferences as possible about a resource based on its
identity. The more dependencies a piece of software has on particular
constraints and inferences, the more fragile it becomes to change and
the lower its generic utility.
See also: the announcement
Spry: Adobe Aims to Ease AJAX Programming
Paul Krill, InfoWorld
Adobe Systems has announced technology intended to make AJAX
(Asynchronous JavaScript and XML) programming easier for Web designers.
The company will offer a free pre-release version of an AJAX framework
called Spry. The Spry framework is HTML-centric and features a
JavaScript library specifically oriented to Web designers, said
Jennifer Taylor, senior product manager for Adobe's Dreamweaver
products. Developed at Adobe Labs, the pre-release features data
capabilities to incorporate XML into HTML documents using technologies
such as HTML, Cascading Style Sheets, and a minimal amount of
JavaScript. Spry lets Web designers create AJAX-enabled Web pages
without having to learn new languages or adopt a full programming model,
Taylor said. "It's very lightweight and flexible," Taylor said. The
framework can be used with Dreamweaver or any other Web authoring tool,
according to Adobe. The company is evaluating when it will offer Spry
as a general release and will seek community feedback first. Adobe
hopes eventually to monetize Spry by incorporating support for it
into authoring tools such as Dreamweaver.
See also: Paul Gubbay's blog
Sun Launches AJAX Development Portal
Staff, SYS-CON AjaxWorld News Desk
Project jMaki and a portal dedicated to AJAX developers were among
announcements made by Sun Microsystems in its efforts to seize some
high ground in the burgeoning AJAX development world. "AJAX is
increasingly becoming a core part of how next generation Web
applications are built today, and we at Sun want to do everything we
can to help developers learn about, and be productive using, this new
pattern for development," according to Dan Roberts, Director of
Marketing, Developer Tools at Sun Microsystems. "Providing developers
with a single source for everything from code samples and blueprints
to tools and runtime support will greatly accelerate the learning curve
and provide developers access to technology from Sun faster." Sun has
actually launched two new developer Web portals; Sun says the first
of these includes everything developers need to get started with
building AJAX applications today, including technical articles, code
samples, blueprints, components, development tools, and runtime
solutions. The second site provides developers directions on how Sun
is working to embed JavaScript directly in the Java Platform. jMaki
currently provides bootstrap widgets for many components from Dojo,
Scriptaculus, and Yahoo UI Widgets. Also included in this project are
a set of AJAX widgets with a focus on Web 2.0. Included are a RSS
widget, a del.icio.us Bookmark widget, a Chat widget, and many more
to come.
See also: the Project jMaki web site
Coming Soon: The AJAX-based OS
Andy Patrizio, InternetNews.com
So, what's one more operating system between friends? Linspire is
preparing a new Linux-based operating system that uses AJAX as the
interface for all of its applications and documents. The value of
ajaxOS is that it is AJAX-aware, so any compatible file will be
recognized by AJAX (define) applications. Double-clicking on any known
file type will launch an AJAX application to edit the document. All
of this is available now, except this also means any browser that can
support AJAX can also support these applications. What makes it unique
is that Linspire is also offering online storage, called a locker,
where files can be saved, so a person can work on their files or play
back MP3 files from any device with a browser. This eliminates the need
to take both applications and data on the road. While ajaxOS runs on
a modified version of the Linux-based Linspire operating system, APIs
are available so an AJAX developer can interface with the core
technology when writing new applications. Linspire already has some
AJAX-based applications, including AjaxWrite, a word processor, and
AjaxSketch, a graphics editor.
Global Grid Forum's Resource Management Standards Wiki
Eric Seymour, GGF Announcement
A communication from Eric Seymour of GGF announces that the Global Grid
Forum has launched an online reference guide of specifications and
standards for the management of networked resources. The assocciated
Wiki has been created within Global Grid Forum's working group known as
the Standards Development Organization Collaboration on Networked
Resources Management (SCRM-WG). The SCRM-WG has adopted work that
focuses on standards associated with the management of resources, used
in a network or individually, by means of structured data standards.
'Management' includes the functions of discovery, deployment, resource
availability, statefulness, event coordination, notification and
lifecycle tracking. 'Resources' to be managed include data objects as
well as physical objects like devices. Compiled by experts from cross
institutional standards bodies throughout the world, the new reference
guide is designed to grow and develop with the industry. The wiki is
available to view by anyone involved in grid or management technologies,
free-of-charge, and does not require registration. Developed in wiki
form, the information will be continuously updated by grid and resource
management professionals throughout the world. Experts and institutions
interested in adopting or researching these technologies are encouraged
to submit additional information as appropriate. The Global Grid Forum
and the various standards bodies have established strict submission,
data review and publishing requirements to maintain the integrity and
legitimacy of information posted to this wiki.
See also: local references
Public Review for SAML Profiles and Extensions
OASIS Staff and Security Services TC, Announcement
The OASIS Security Services TC recently has approved the five new
specifications as Committee Drafts and approved the package for public
review. The first specification defines a profile of the OASIS SAML
V2.0 metadata specification for use in describing SAML V1.0 and V1.1
entities. SAML profiles require agreements between system entities
regarding identifiers, binding/profile support and endpoints,
certificates and keys, and so forth; a metadata specification is
useful for describing this information in a standardized way. (1)
Metadata Profile for the OASIS Security Assertion Markup Language
(SAML); (2) SAML Attribute Sharing Profile for X.509 Authentication-
Based Systems; (3) SAML XPath Attribute Profile; (4) SAML Metadata
Extension for Query Requesters; (5) SAML Protocol Extension for
Third-Party Requests. The public review starts 11 May 2006 and ends
10 July 2006 Public review from potential users, developers and
stakeholders is an important part of the OASIS process to assure
interoperability and quality. Comments are solicited from all
interested parties.
See also: SAML references
RSA Security Issues Non-Assertion Covenant for SAML-based Technologies
Robert Philpott, Communication to OASIS
On behalf of RSA Security, Robert Philpott has communicated the text of
a revised declaration about SAML-related patents. He notes that
previously "RSA Security's IP declaration for SAML described a
licensing process that required downloading a license from the RSA
Security web site, getting it signed, and mailing it back to RSA's legal
office. I've been working on getting this changed for quite a long time
(months) and finally achieved success last week!" The new statement says,
in part: "In the interest of encouraging deployment of SAML-based
technologies, RSA hereby covenants, free of any royalty, that it will
not assert any claims in the RSA Patents which may be essential to the
SAML standard v1.0, 1.1 and 2.0 (hereinafter 'NECESSARY CLAIMS') against
any other entity with respect to any implementation conforming to the
SAML standard v1.0, 1.1 and/or 2.0. This covenant shall become null and
void with respect to any entity that asserts, either directly or
indirectly (e.g. through an affiliate), any patent claims or threatens
or initiates any patent infringement suit against RSA and/or its
subsidiaries or affiliates. The revocation of the covenant shall extend
to all prior use by the entity asserting the claim." This declaration
by RSA Security is similar to the IPR statement from Sun Microsystems
relating to the OASIS OpenDocument Standard. Such public non-assertion
declarations for standards help create in a zero-bureaucracy waiver
model which makes patent searches irrelevant and license-transaction
paperwork a non-issue.
See also: Sun's Covenant
XML.org is an OASIS Information Channel sponsored by Innodata Isogen and SAP.
Use http://www.oasis-open.org/mlmanage to unsubscribe or change an email address. See http://xml.org/xml/news_market.shtml for the list archives. |
