XML and Web Services In The News - 20 June 2006
Provided by OASIS |
Edited by Robin Cover
This issue of XML Daily Newslink is sponsored by BEA Systems, Inc.
Project Bandit to Open Source Identity Management Software
Timothy Prickett Morgan, IT Jungle
Commercial Linux distributor Novell yesterday started a new open
source project called Bandit, which it hopes will become a focal point
for the development of software for managing access to computers, data,
and applications. Rather than compete with other emerging standards that
touch on identity management, the Bandit project will try to incorporate
these emerging standards and create open source implementations of the
various aspects of identity management and access control. The Bandit
open identity services that were released yesterday under GPL or LGPL
licenses include the Common Authentication Services Adapter, which
Novell created for its Novell Linux Desktop commercial desktop operating
system. CASA allows the caching of user and system credentials on a
Linux system such that applications can have single sign-on
functionality. Novell is also releasing a role engine based on the RBAC
and XACML standards that feeds into the Higgins framework and allows for
roles-based access to be integrated into any application. Bandit also
includes a program called the Audit Record Framework to keep track of
who can access what and when they did. Bandit includes a database engine
called FLAIM (Flexible Adaptable Information Management) for coping with
traditional identity data as well as for volatile and complex information;
the advent of XML and Web services based on XML requires a database
architecture for storing identity data that is a bit more flexible than
a traditional database that can process transactions, recover from a
crash, process reliably, and scale to mange users.
See also: the announcement
OASIS Ratifies Data Exchange Standard
Renee Boucher Ferguson, eWEEK
OASIS, the international standards group, announced June 20 that a new
standard has been ratified to help facilitate data sharing during times
of national or international crises. The standard, EDXL-DE (Emergency
Data Exchange Language-Distribution Element), smoothes the progress of
data exchange across local, regional, tribal, national and international
organizations in both the public and private sectors, officials said.
The 1.0 version of the standard was developed by the OASIS Emergency
Management Technical Committee, in conjunction with input from different
organizations, including the U.S. Department of Homeland Security's
Office for Interoperability and Compatibility, which itself has said
it is seeking better ways to communicate. The OASIS group is working on
more message types for the standard; the group plans to extend EDXL to
include a suite of emergency data types, such as protocols that address
resource queries and requests, situation reports, and damage assessments.
See also: the announcement
Web Services Choreography Description Language: Primer
Steve Ross-Talbot and Tony Fletcher (eds), W3C Working Draft
W3C announced that the Web Services Choreography Working Group has
released a First Public Working Draft for "Web Services Choreography
Description Language: Primer." The Web Services Choreography Description
Language (WS-CDL) is an XML-based language that describes peer-to-peer
collaborations of participants by defining, from a global viewpoint,
their common and complementary observable behavior; where ordered
message exchanges result in accomplishing a common business goal. WS-CDL
is targeted for composing interoperable, peer-to-peer collaborations
between any type of participant regardless of the supporting platform
or programming model used by the implementation of the hosting
environment. The primer is intended as an easy-to-understand tutorial on
the uses and the features of the WS-CDL specification.
See also: WS-CDL references
BEA Adds Support for Ingres 2006 Database
China Martens, InfoWorld
Open-source relational database player Ingres announced that it has
signed up middleware company BEA Systems as its first ISV (independent
software vendor) partner. The first stage in the partnership unveiled
Monday sees BEA adding support for the Ingres 2006 database to its
Workshop Studio 3.1 developer tools suite for the open-source Eclipse
environment. By teaming up, Ingres and BEA hope to provide an open-
source offering for developers looking to build a service-oriented
architecture (SOA). The companies are also looking for a way to better
compete with Oracle and IBM, which sell databases and middleware. BEA
has certified Ingres 2006 for Workshop Studio so that the two products
work well together and has designed Workshop Studio 3.1 to automatically
recognize the Ingres database. "With 64-bit architecture support,
advanced query optimization and high availability cluster support,
Ingres 2006 is fast, scalable and reliable. Additionally, Ingres 2006
supports XML and is C2 security certified, making it ideal for modern
web applications and solutions for the government sector."
See also: Workshop Studio
SIP SAML Profile and Binding
H. Tschofenig and J. Hodges et al. (eds), IETF Internet Draft
This document specifies a Session Initiation Protocol (SIP) profile
of Security Assertion Markup Language (SAML) as well as a SAML SIP
binding. It is now an official work item of the Session Initiation
Protocol Working Group of the IETF. The defined SIP SAML Profile composes
with the mechanisms defined in the SIP Identity specification, and
satisfies requirements presented in the document "Trait-based
Authorization Requirements for the Session Initiation Protocol (SIP)."
Trait-based authorization is where one is authorized to make use of
some resource based on roles or traits rather than ones identifier(s).
Security Assertion Markup Language (SAML) v2.0, "SAMLv2", is an
XML-based framework for creating and exchanging security information.
Various means of providing trait-based authorization now exist:
authorization certificates (RFC3281), SPKI (RFC2693), or extensions to
the authenticated identity body (RFC3893). The authors have selected
SAML due to its increasing use in environments such as the Liberty
Alliance, and the Internet2 project, areas where the applicability to
SIP is widely desired.
See also: SAML references
More Open Source Support For Sun's Solaris
Sean Michael Kerner, InternetNews.com
Sun is improving its Solaris OS with new support for the open source
PostgreSQL database, Xen virtualization, GRUB boot loader and the
Solaris ZettaByte File System (ZFS). The new features come as Sun is
claiming that Solaris 10 has hit 3.3 million licenses and as a new
update is expected to be released in December. And at least one of the
new features may be a boon to the open source community. ZFS has been
hailed by Sun as its next-generation file system that will replace the
nearly 25-year-old Unix File System (UFS). It is now being included in
the OpenSolaris OS and is set to be included in a May 2006 Solaris 10
update. ZFS is a 128-bit file system with enhanced error detection and
correction capabilities. ZFS removes the need for a volume manager, as
storage virtualization is built into the file system providing robust
scalability. Sun has released ZFS as open source under its CDDL license.
Sun is now also set to support the PostgreSQL open source database.
PostgreSQL was just updated to version 8.1 at the beginning of August.
The addition of the open source database comes during the same week as
Sun received an endorsement from Oracle for Solaris 10.
Virtualization in a Nutshell: A Pattern Point of View
Martin F. Maldonado, IBM developerWorks
A common interpretation is that it consists of virtual machines to
enable server consolidation. Today, however, we have network
virtualization, microprocessor virtualization, file virtualization, and
storage virtualization to name a few. If we think of virtualization in
a wider context or at higher levels of abstractions -- workload
virtualization and information virtualization, for instance -- it
becomes a powerful concept that provides many benefits to end users,
applications, and enterprises. Virtualization is the logical
representation of resources not constrained by physical limitations.
The primary purpose for virtualization is to simplify access to
resources and to manage those resources. Consumers access resources
through standard interfaces supported by the virtualized resources that
decouple the access of those resources from the physical implementation
of them. These interactions are illustrated through basic patterns for
virtualization. Virtualization allows IT infrastructure administrators
to dynamically manage the configuration of resources while mitigating
the impact of any changes to end users and applications.
XML.org is an OASIS Information Channel sponsored by BEA Systems, Inc., IBM Corporation, Innodata Isogen, SAP AG and Sun Microsystems, Inc.
Use http://www.oasis-open.org/mlmanage to unsubscribe or change an email address. See http://xml.org/xml/news_market.shtml for the list archives.