|
XML and Web Services In The News - 29 June 2006
Provided by OASIS |
Edited by Robin Cover
This issue of XML Daily Newslink is sponsored by IBM Corporation
HEADLINES:
Apply Schematron Constraints to XForms Documents Automatically
J.J. Kratky, K.E. Kelly, S. Speicher, K. Wells, IBM developerWorks
IBM alphaWorks has released a new round of free tools, including the
XML Forms Generator, to accelerate the development of forms that comply
to the W3C XForms standard. The recent update lets you apply constraints
defined in a Schematron 1.5 document to the generated form. Itself an
XML markup, Schematron provides for the specification of business rules
and data relationships that XML Schema cannot. While XForms natively
provides for validation against XML Schema, any use of Schematron
constraints must be built into the form itself. With development efforts
already under way to integrate Schematron constraints with XForms,
automation of the application of these constraints is a natural next
step. W3C XML Schema is widely used and well-suited for statically
describing the structure and content of XML. It is, however, limited in
terms of more-dynamic analysis of instances. For example, in XML Schema,
you cannot constrain an XML document in this way: "The sum of the values
of elements A and B must be equal to 100." In Schematron, you can specify
a constraint such as that easily. Like XML Schema, Schematron is itself
XML, and is therefore a natural fit for XForms, which is itself an XML
markup for manipulating XML data. With its small tag set and use of
familiar syntax such as XPath, Schematron is easy to learn and write,
yet powerful. The International Organization for Standardization (ISO)
is working toward the standardization of Schematron; a draft
specification is available.
See also: Schematron references
Open Government Meets IT
Jon Udell, InfoWorld
Dan Thomas, director of the DCStat program in Washingon's Office of the
CTO, reports that starting in mid-June, the District of Columbia will
begin releasing operational data from a variety of city agencies to the
Internet in several XML formats, including RSS and Atom. If you've ever
visited Adrian Holovaty's award-winning ChicagoCrime.org, you can see what
this might mean for Washington. Here's a critical difference, though.
Holovaty had to devote a considerable amount of effort to screen scraping
the Chicago Police Department's Citizen ICAM Web site in order to extract
the data -- and still more effort to geocode it. I'm sure that while he
was writing that screen scraper he was mentally screaming: 'Just give
me the data!' DCStat is doing just that. The Atom and RSS feeds summarize
activity, and all the details -- including latitude and longitude -- are
included in DCStat's own XML format. Following the initial launch of the
service request feed, new ones will appear at roughly two-week intervals
throughout the summer and fall. These feeds will contain raw operational
data about crime, property, housing code enforcement, and business and
liquor licensing. From one perspective this is a great SOA success
story. In a description of the DCStat architecture, Dan Thomas mentioned
many of the buzzwords familiar to cognoscenti: EAI, ETL (extraction,
transformation, and loading), GIS (Geographic Information System), ESB,
XML, RSS. But these are all just means to an end. And in this case, it's
a particularly inspiring end: government services that are open and
accountable, the performance of which can be measured.
W3C Issues "Mobile Web Best Practices" Call for Implementations
Jo Rabin and Charles McCathieNevile (eds), W3C Candidate Recommendation
W3C has announced the advancement of "Mobile Web Best Practices 1.0"
the level of to Candidate Recommendation. Written for designers of
Web sites and content management systems, these guidelines describe
how to author Web content that works well on mobile devices. Thirty
(30) organizations participating in the Mobile Web Initiative have
achieved consensus and encourage adoption and implementation of these
guidelines to improve user experience and to achieve the goal of
"One Web." The "Mobile Web Best Practices 1.0" document condenses
the experience of many mobile Web stakeholders into practical advice
on creating content that will work well on mobile devices. Authors
and other content producers can find instructions on how to create
content that makes browsing convenient on mobile devices and avoids
known pitfalls, such as pop-ups and page-scrolling. An online
'Guidelines Checker' and 'Techniques Wiki' are available: W3C invites
the designers of Web sites and content management systems to read the
guidelines, make implementations, and test their results with the
alpha version of the guidelines checker.
See also: W3C Mobile Web Initiative
Toward Integration: Scripting JAX-WS
Steve Vinoski, IEEE Internet Computing
The author describes an integration of the ECMAScript programming
language (more commonly known as JavaScript) with an implementation of
the Java API for XML Web Services (JAX-WS) 2.0. This integration lets
developers implement JAX-WS services using either plain JavaScript or
its XML-oriented counterpart, the ECMAScript for XML (E4X) language.
The JAX-WS 2.0 specification -- the new version of the Java API for
XML-Based RPC (JAX-RPC) -- defines standard APIs and approaches for
building Java-based Web services. As its name implies, JAX-RPC was
concerned mostly with how to implement RPC-oriented Web services in
Java. JAX-WS expands and improves on the specification in several ways,
including (1) tying together and updating its support for several base
Web services specifications, such as SOAP 1.2 (2) providing a coherent
design for using Java annotations to specify Web services metadata; (3)
providing support for document-oriented Web services, asynchronous
services, and services that use transports other than HTTP; (4)
addressing implementation issues surrounding handlers, which are
interceptors that provide hooks into message flows between senders and
receivers; and (5) describing practices for dealing with versioning in
Web services. The JavaScript and E4X approaches to implementing JAX-WS
services provide several benefits over traditional Java or C++
approaches. First, manipulating XML documents completely avoids X/O
impedance-mismatch problems. Next, service implementation modifications
require no recompilation; just modify your JavaScript or E4X code and
rerun the application.
See also: the JSR
OASIS Forms Biometric Identity Assurance Services (BIAS) Integration TC
OASIS Staff, Announcement
Members of the Organization for the Advancement of Structured
Information Standards (OASIS) have formed a new technical committee to
develop a standard for invoking biometrics-based identity assurance
using Web services and service oriented architectures (SOA). The
Biometric Identity Assurance Services (BIAS) Integration Technical
Committee will complement the efforts of the InterNational Committee
for Information Technology Standards (INCITS), a standards development
organization accredited by the American National Standards Institute
(ANSI). Where INCITS is working to define the taxonomy of functions
that form a framework for deploying identity assurance in the biometrics
and security industries, OASIS will define the methods and bindings by
which that framework can be used within XML-based transactional services.
The two companion standards are expected to reference one another. Karen
Higgenbottom, chair of the INCITS executive board, which also serves as
ANSI's Technical Advisory Group for ISO/IEC Joint Technical Committee 1
noted: "We expect that the INCITS and OASIS initiatives will inform and
improve on one another... BIAS should significantly increase the
opportunities for implementing biometric functions in XML-based systems.
Likewise, current SOA methods for exchanging information and transactions
data may provide useful parameters and patterns for the broader
application of BIAS data in the security industry."
See also: OASIS XCBF
IBM-Led Storage Coalition Starts Aperi Open-Source Project
Chris Preimesberger, eWEEK
An IBM-led group of 10 data storage vendors has initiated an open-source
project on the Eclipse Foundation community Web site to build a new API
for developing software that manages storage devices and the networks in
which they reside. The group, Aperi (from the Latin, meaning "to open"),
was founded in the fall of 2005 and aims to establish this new API as an
industry standard and have it accepted by the SNIA (Storage Networking
Industry Association), the standards organization for the data storage
business. Aperi includes Brocade Communication Systems, Cisco Systems, CA,
Emulex, LSI Logic, Fujitsu, IBM, McData Network Appliance, and Novell.
While SMI-S is the open-standard specification that SNIA members support
and drive, Aperi will be the open-source implementation of that standard.
By providing a tested implementation of SMI-S, which standardizes storage
management software for storage hardware interfaces, Aperi aims to drive
greater industry support and wider adoption of SMI-S. Earlier Eclipse-
affiliated projects include Project Higgins (which allows people to gain
more control over their digital identities), the AJAX Toolkit Framework
(which simplifies the browsing experience and make it easier for users
to shop, work, plan, correspond and navigate online), and the BIRT project
(business intelligence and reporting software tools that help customers
analyze and track loads of business data).
See also: Aperi Storage Management Project
SAMLv2 Lightweight Web Browser SSO Profile
Jeff Hodges and Scott Cantor, IETF Internet Draft
This document specifies a SAMLv2 lightweight Web Browser Single
Sign-On Profile. This profile is modeled on the OASIS SAMLv2 Web Browser
SSO profile, adding various constraints, and using a new lightweight
SAMLv2 HTTP POST binding which does not rely on XML Digital Signature
-- relying on a more simple-to-implement signature approach instead.
In the scenario supported by the web browser SSO profile, a web user
either accesses a resource at a service provider, or accesses an
identity provider such that the service provider and desired resource
are understood or implicit. The web user authenticates (or has already
authenticated) to the identity provider, which then produces an
authentication assertion (possibly with input from the service provider)
and the service provider consumes the assertion to establish a security
context for the web user. During this process, a name identifier might
also be established between the providers for the principal, subject to
the parameters of the interaction and the consent of the parties. To
implement this scenario, a profile of the SAML Authentication Request
protocol is used ("Assertions and Protocol for the OASIS Security
Assertion Markup Language (SAML) V2.0"), in conjunction with the HTTP
POST-NoXMLdsig binding.
See also: SAML references
Using WS-I's wsi:swaRef XML Type
Russell Butek, IBM developerWorks
WS-I created an XML type for attachments since none existed. The WSDL
specification contains a definition for attachments, but it falls short
for a number of reasons: (1) Attachments are not visible in the
interface; (2) Only message parts can contain attachments; (3)
Attachments and document/literal wrapped don't mix well. Because WSDL's
attachment definition has some problems, the WS-I organization created
the new attachment type wsi:swaRef. This maps into the SOAP message in
a similar manner as a standard WSDL attachment does; and this maps to
Java as an unknown MIME type. that is, javax.activation.DataHandler.
By creating an XML attachment type, WS-I has alleviated the problems.
A wsi:swaRef is visible in a WSDL 'interface'. A wsi:swaRef's location
is not limited to a message part, it could be an element of a
complexType. As an XML type, wsi:swaRef fits nicely into the document/
literal wrapped pattern, which requires parameters to be elements of a
complexType.
See also: WS-I references
XML.org is an OASIS Information Channel sponsored by BEA Systems, Inc., IBM Corporation, Innodata Isogen, SAP AG and Sun Microsystems, Inc.
Use http://www.oasis-open.org/mlmanage to unsubscribe or change an email address. See http://xml.org/xml/news_market.shtml for the list archives. |
