XML and Web Services In The News - 20 June 2006

Provided by OASIS | Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by BEA Systems, Inc.


 Project Bandit to Open Source Identity Management Software
 OASIS Ratifies Data Exchange Standard (EDXL)
 Web Services Choreography Description Language: Primer
 BEA Adds Support for Ingres 2006 Database
 SIP SAML Profile and Binding
 Virtualization in a Nutshell: A Pattern Point of View
 Curtain Rises on Opera 9

Project Bandit to Open Source Identity Management Software
Timothy Prickett Morgan, IT Jungle
Commercial Linux distributor Novell yesterday started a new open source project called Bandit, which it hopes will become a focal point for the development of software for managing access to computers, data, and applications. Rather than compete with other emerging standards that touch on identity management, the Bandit project will try to incorporate these emerging standards and create open source implementations of the various aspects of identity management and access control. The Bandit open identity services that were released yesterday under GPL or LGPL licenses include the Common Authentication Services Adapter, which Novell created for its Novell Linux Desktop commercial desktop operating system. CASA allows the caching of user and system credentials on a Linux system such that applications can have single sign-on functionality. Novell is also releasing a role engine based on the RBAC and XACML standards that feeds into the Higgins framework and allows for roles-based access to be integrated into any application. Bandit also includes a program called the Audit Record Framework to keep track of who can access what and when they did. Bandit includes a database engine called FLAIM (Flexible Adaptable Information Management) for coping with traditional identity data as well as for volatile and complex information; the advent of XML and Web services based on XML requires a database architecture for storing identity data that is a bit more flexible than a traditional database that can process transactions, recover from a crash, process reliably, and scale to mange users.
See also: the announcement

OASIS Ratifies Data Exchange Standard
Renee Boucher Ferguson, eWEEK
OASIS, the international standards group, announced June 20 that a new standard has been ratified to help facilitate data sharing during times of national or international crises. The standard, EDXL-DE (Emergency Data Exchange Language-Distribution Element), smoothes the progress of data exchange across local, regional, tribal, national and international organizations in both the public and private sectors, officials said. The 1.0 version of the standard was developed by the OASIS Emergency Management Technical Committee, in conjunction with input from different organizations, including the U.S. Department of Homeland Security's Office for Interoperability and Compatibility, which itself has said it is seeking better ways to communicate. The OASIS group is working on more message types for the standard; the group plans to extend EDXL to include a suite of emergency data types, such as protocols that address resource queries and requests, situation reports, and damage assessments.
See also: the announcement

Web Services Choreography Description Language: Primer
Steve Ross-Talbot and Tony Fletcher (eds), W3C Working Draft
W3C announced that the Web Services Choreography Working Group has released a First Public Working Draft for "Web Services Choreography Description Language: Primer." The Web Services Choreography Description Language (WS-CDL) is an XML-based language that describes peer-to-peer collaborations of participants by defining, from a global viewpoint, their common and complementary observable behavior; where ordered message exchanges result in accomplishing a common business goal. WS-CDL is targeted for composing interoperable, peer-to-peer collaborations between any type of participant regardless of the supporting platform or programming model used by the implementation of the hosting environment. The primer is intended as an easy-to-understand tutorial on the uses and the features of the WS-CDL specification.
See also: WS-CDL references

BEA Adds Support for Ingres 2006 Database
China Martens, InfoWorld
Open-source relational database player Ingres announced that it has signed up middleware company BEA Systems as its first ISV (independent software vendor) partner. The first stage in the partnership unveiled Monday sees BEA adding support for the Ingres 2006 database to its Workshop Studio 3.1 developer tools suite for the open-source Eclipse environment. By teaming up, Ingres and BEA hope to provide an open- source offering for developers looking to build a service-oriented architecture (SOA). The companies are also looking for a way to better compete with Oracle and IBM, which sell databases and middleware. BEA has certified Ingres 2006 for Workshop Studio so that the two products work well together and has designed Workshop Studio 3.1 to automatically recognize the Ingres database. "With 64-bit architecture support, advanced query optimization and high availability cluster support, Ingres 2006 is fast, scalable and reliable. Additionally, Ingres 2006 supports XML and is C2 security certified, making it ideal for modern web applications and solutions for the government sector."
See also: Workshop Studio

SIP SAML Profile and Binding
H. Tschofenig and J. Hodges et al. (eds), IETF Internet Draft
This document specifies a Session Initiation Protocol (SIP) profile of Security Assertion Markup Language (SAML) as well as a SAML SIP binding. It is now an official work item of the Session Initiation Protocol Working Group of the IETF. The defined SIP SAML Profile composes with the mechanisms defined in the SIP Identity specification, and satisfies requirements presented in the document "Trait-based Authorization Requirements for the Session Initiation Protocol (SIP)." Trait-based authorization is where one is authorized to make use of some resource based on roles or traits rather than ones identifier(s). Security Assertion Markup Language (SAML) v2.0, "SAMLv2", is an XML-based framework for creating and exchanging security information. Various means of providing trait-based authorization now exist: authorization certificates (RFC3281), SPKI (RFC2693), or extensions to the authenticated identity body (RFC3893). The authors have selected SAML due to its increasing use in environments such as the Liberty Alliance, and the Internet2 project, areas where the applicability to SIP is widely desired.
See also: SAML references

More Open Source Support For Sun's Solaris
Sean Michael Kerner, InternetNews.com
Sun is improving its Solaris OS with new support for the open source PostgreSQL database, Xen virtualization, GRUB boot loader and the Solaris ZettaByte File System (ZFS). The new features come as Sun is claiming that Solaris 10 has hit 3.3 million licenses and as a new update is expected to be released in December. And at least one of the new features may be a boon to the open source community. ZFS has been hailed by Sun as its next-generation file system that will replace the nearly 25-year-old Unix File System (UFS). It is now being included in the OpenSolaris OS and is set to be included in a May 2006 Solaris 10 update. ZFS is a 128-bit file system with enhanced error detection and correction capabilities. ZFS removes the need for a volume manager, as storage virtualization is built into the file system providing robust scalability. Sun has released ZFS as open source under its CDDL license. Sun is now also set to support the PostgreSQL open source database. PostgreSQL was just updated to version 8.1 at the beginning of August. The addition of the open source database comes during the same week as Sun received an endorsement from Oracle for Solaris 10.

Virtualization in a Nutshell: A Pattern Point of View
Martin F. Maldonado, IBM developerWorks
A common interpretation is that it consists of virtual machines to enable server consolidation. Today, however, we have network virtualization, microprocessor virtualization, file virtualization, and storage virtualization to name a few. If we think of virtualization in a wider context or at higher levels of abstractions -- workload virtualization and information virtualization, for instance -- it becomes a powerful concept that provides many benefits to end users, applications, and enterprises. Virtualization is the logical representation of resources not constrained by physical limitations. The primary purpose for virtualization is to simplify access to resources and to manage those resources. Consumers access resources through standard interfaces supported by the virtualized resources that decouple the access of those resources from the physical implementation of them. These interactions are illustrated through basic patterns for virtualization. Virtualization allows IT infrastructure administrators to dynamically manage the configuration of resources while mitigating the impact of any changes to end users and applications.

XML.org is an OASIS Information Channel sponsored by BEA Systems, Inc., IBM Corporation, Innodata Isogen, SAP AG and Sun Microsystems, Inc.

Use http://www.oasis-open.org/mlmanage to unsubscribe or change an email address. See http://xml.org/xml/news_market.shtml for the list archives.

Bottom Gear Image