XML and Web Services In The News - 05 July 2004

KM Tools Put Users in Control
Cathleen Moore, InfoWorld
Two upstart software vendors are aiming to break ground in KM (knowledge management) by giving workgroups and end-users more control of how information is gathered and shared. Near-Time last week launched Flow, its peer-to-peer CM (content management) and KM software that allows users to access, manage, and repurpose content using a range of standards. Support for XML, HTML, RSS, Atom FTP, WebDAV, and SMTP allows Flow to target the full information lifecycle, said Reid Conrad, president and CEO of Near-Time. Flow allows workgroups or individual users to repurpose a Weblog posting or a news feed for an internal project, or allows groups to collaborate on content to be published to the Internet. Flow's peer-to-peer collaboration engine supports shared spaces so multiple users can edit, organize, and use the same content. Learning Management Solutions introduced KnowledgeWorkshop software; the software allows users to create personally relevant associations and connections between information drawn from a variety of sources, including Web pages, e-mail, documents, PowerPoint slides, databases, and spreadsheets. These connections form an information map, called a knowledge base, that is packed down into a single XML file that can be e-mailed or exchange online.

An Approach to Extract RBAC Models from BPEL4WS Processes
Jan Mendling, et al.; Presentation at WET ICE 2004 Workshop
The Business Process Execution Language for Web Services (BPEL) has become the defacto standard for Web Service composition. Yet, it does not address security aspects. This paper is concerned with access control for BPEL based processes. We present an approach to integrate Role-Based Access Control (RBAC) and BPEL on the meta-model level. Moreover, we show that such an integration can be used to automate steps of the role engineering process. In particular, we extract RBAC models from BPEL processes and present an XSLT converter that transforms BPEL code to the XML import format of the xoRBAC software component.
See also: BPEL4WS References

Is BPEL the Real Deal?
Phillip J. Windley
BPEL (Business Process Execution Language) is an XML-based, special purpose language that many hope will provide a standard way for specifying and building sharable business processes. We could, of course, accomplish this integration using a general-purpose programming language such as Java or C# to build an application that talks SOAP and executes the business process. The problem with that approach is that the business process moves beyond the reach of the very business people who need to guide its maintenance and operation. BPEL sidesteps that issue. It can be used in two ways: to specify the behavior of a process at an abstract level or to define executable business processes. Abstract processes specify constraints on message exchange and expose the level of information necessary for a partner to interact with the process. Using BPEL at the abstract level, business- process owners can specify the process from their vantage point. This abstract specification can then be refined to create an executable business process in the same language.
See also: OASIS WSBPEL TC web site

Solutions for ESB Scenarios
Rick Robinson, IBM developerWorks
The ESB supports service, message, and event-based interactions in a heterogeneous environment, with appropriate service levels and manageability. In this Part 3 of a series on scenarios and solutions for implementing an Enterprise Service Bus, the author examines possible solutions for the various scenarios. The solution patterns examined include: Basic Adaptors; Service Gateway; Web services-compliant Broker; Enterprise Application Integration Infrastructure for Service-Oriented Architecture (EAI Infrastructure for SOA); Service Choreographer; Full Service-Oriented Architecture Infrastructure (Full SOA Infrastructure). Whichever broad approach is taken to full SOA implementation, a number of milestones will need to be passed along the way: Standards-based Security model; Enable service legacy systems and applications; Implement a high quality of service infrastructure; Identified service granularity levels.

Patch and Pray: Microsoft's Patchwork Mess
David Berlind, CNET News.com
In this article ZDNet's David Berlind explains the flaws in Microsoft's patch process. After the Download.Ject attack, Microsoft on Friday released a "configuration change" it wants people to apply to installations of the Windows XP, Windows Server 2003 and Windows 2000 operating systems. The software behemoth announced the move in a bid to shut down any additional exploitation of a vulnerability that affects Windows-based desktop and notebook PCs. Microsoft says that users who have beta versions of its forthcoming Service Pack 2 for Windows XP installed are already protected. But the latest episode also points at the time constraints of dealing with malicious code. Crucial days -- if not hours -- can elapse between the moment vulnerabilities surface on the Internet and the time vendors get around to releasing patches and configuration changes.
See also: the MS partial patch

Bottom Gear Image