The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
SEARCH | ABOUT | INDEX | NEWS | CORE STANDARDS | TECHNOLOGY REPORTS | EVENTS | LIBRARY
SEARCH
Advanced Search
ABOUT
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors
NEWS
Cover Stories
Articles & Papers
Press Releases
CORE STANDARDS
XML
SGML
Schemas
XSL/XSLT/XPath
XLink
XML Query
CSS
SVG
TECHNOLOGY REPORTS
XML Applications
General Apps
Government Apps
Academic Apps
EVENTS
LIBRARY
Introductions
FAQs
Bibliography
Technology and Society
Semantics
Tech Topics
Software
Related Standards
Historic
Last modified: July 31, 2003
XML Articles and Papers July 2003

XML General Articles and Papers: Surveys, Overviews, Presentations, Introductions, Announcements

Other collections with references to general and technical publications on XML:

July 2003

  • [July 30, 2003] "MPEG Standard Addresses Rights." By Paul Festa. In CNET News.com (July 30, 2003). "The Moving Pictures Experts Group has completed an effort on two digital rights management technologies intended to increase the MPEG standard's appeal to the recording industry and Hollywood. MPEG announced the completion of parts 5 and 6 of MPEG-21, a member of the MPEG family of multimedia standards that defines how audio and video files can play in a wide range of digital environments. The digital rights management (DRM) capabilities are crucial to MPEG-21, as they are to other emerging multimedia standards, so that publishers in the recording and movie industries will adopt the standard without fear of losing control of copyrighted works. Part 5 of the standard, the Rights Expression Language (REL), lets multimedia publishers designate rights and permissions for how consumers can use their content. The REL expression 'play,' for instance, would let the consumer use the material in a 'read only' mode, while other expressions could allow more flexibility in playback and reproduction. REL also lets consumers establish privacy preferences for their personal data. Part 6 of the standard, the Rights Data Dictionary (RDD), defines terms that publishers can use when working with REL..." Other details are given in the announcment "MPEG Approves Another MPEG-21 Technology." See also the note on the relationship between MPEG-21 Part 5 (viz., Information technology -- Multimedia framework (MPEG-21) -- Part 5: Rights Expression Language ) and the XrML-based 'Rights Language' targeted for development within the OASIS Rights Language Technical Committee; the OASIS RLTC was formed in March 2002 to "use XrML as the basis in defining the industry standard rights language in order to maximize continuity with ongoing standards efforts..." Since (a) MPEG Part 5: Rights Expression Language is now (effectively) an ISO FDIS [Final Draft International Standard] and (b) is scheduled to become an ISO Standard in September 2003, and (c) no draft committee specification for an XrML-based rights language has been created within the OASIS RLTC, it appears that the MPEG-21 Part 5 document as an ISO Standard will become the reference standard for the strongly patented ContentGuard/Microsoft XrML rights language technology. References: (1) "MPEG Rights Expression Language"; (2) "Extensible Rights Markup Language (XrML)"; (3) "XML and Digital Rights Management (DRM)."

  • [July 30, 2003] "Identifying and Brokering Mathematical Web Services." By Mike Dewar (Numerical Algorithms Group, NAG). In Web Services Journal Volume 3, Issue 8 (August 2003), pages 44-46. "The MONET project is a two-year investigation into how service discovery can be performed for mathematical Web services, funded by the European Union under its Fifth Framework program. The project focuses on mathematical Web services for two reasons: first, mathematics underpins almost all areas of science, engineering, and increasingly, commerce. Therefore, a suite of sophisticated mathematical Web services will be useful across a broad range of fields and activities. Second, the language of mathematics is fairly well formalized already, and in principle it ought to be easier to work in this field than in some other, less well-specified areas... MSDL is the collective name for the language we use to describe problems and services. Strictly speaking, it is not itself an ontology but it is a framework in which information described using suitable ontologies can be embedded. One of the main languages we use is OpenMath, which is an XML format for describing the semantics of mathematical objects. Another is the Resource Description Framework Schema (RDFS), which is a well-known mechanism for describing the relationship between objects. The idea is to allow a certain amount of flexibility and redundancy so that somebody deploying a service will not need to do too much work to describe it. An MSDL description comes in four parts: (1) A functional description of what the service does; (2) An implementation description of how it does it; (3) An annotated description of the interface it exposes; (4) A collection of metadata describing the author, access policies, etc... There are two main ways in which it is possible to describe the functionality exposed by a service. The first is by reference to a suitable taxonomy such as the 'Guide to Available Mathematical Software (GAMS)' produced by NIST, a tree-based system where each child in the tree is a more specialized instance of its parent... The second way to describe the functionality exposed by a service is by reference to a Mathematical Problem Library, which describes problems in terms of their inputs, outputs, preconditions (relationships between the inputs), and post-conditions (relationships between the inputs and outputs). The MSDL Implementation Description provides information about the specific implementation that is independent of the particular task the service performs. This can include the specific algorithm used, the type of hardware the service runs on, and so on... In addition, it provides details of how the service is used. This includes the ability to control the way the algorithm works and also the abstract actions that the service supports. While in the MONET model a service described in MSDL solves only one problem, it may do so in several steps. For example, there may be an initialization phase, then an execution phase that can be repeated several times, and finally a termination phase. Each phase is regarded as a separate action supported by the service... While WSDL does a good job in describing the syntactic interface exposed by a service, it does nothing to explain the semantics of ports, operations, and messages. MSDL has facilities that relate WSDL operations to actions in the implementation description, and message parts to the components of the problem description. In fact the mechanism is not WSDL-specific and could be used with other interface description schemes such as IDL... There are many other aspects of Web services -- not least the ability to negotiate terms and conditions of access, measure the quality of the actual service provided, and choreograph multiple services to solve a single problem -- that are still being worked out. The partners in the project's ultimate goal is to develop products and services based on the MONET architecture but the viability of this depends to a large extent on solutions to the other emerging issues. While we are confident that this will happen, it is not yet clear what the timescale will be. The MONET project is currently building prototype brokers that can reason about available services using MSDL descriptions encoded in the W3C's OWL. We are also investigating the applicability of this technology to describing services deployed in the Open Grid Service Architecture (OGSA)..." [alt URL]

  • [July 30, 2003] "IBM, CA Square Up to HP on Management." By Keith Rodgers. From LooselyCoupled.com (July 30, 2003). "IBM and Computer Associates teamed up at a key web services standards meeting yesterday [2003-07-29] in a surprise rebuff to a submission by Hewlett-Packard. At stake is the future development path of IT management software. Although the initial purpose of the rival proposals is merely to establish standards that govern web services manageability, the ultimate aim is to roll out the same standards as a foundation for the entire IT management spectrum -- not just management of web services, but management of other IT assets through web services. The established systems management giants are also hoping that, by shifting the emphasis back to the wider management framework, they can recapture the market advantage they've currently ceded in web services management to smaller specialist vendors. HP had grabbed headlines on July 21 [2003], when it formally announced it would submit its Web Services Management Framework to the Web Services Distributed Management (WSDM) committee of e-business standards body OASIS. The HP submission had the backing of eight other developers on the committee, including Sun, Oracle, BEA, Iona, Tibco and webMethods... rivals IBM and CA [have] joined forces with web services management specialist Talking Blocks to present their own vision, dubbed WS-Manageability, to the OASIS meeting... The WS-Manageability proposal stems from work that IBM, Computer Associates and Talking Blocks have done for another standards group, the W3C Web Services Architecture Working Group. A primary concern is to make full use of other emerging 'WS-*' web services standards, such as WS-Policy, that form part of the generic web services platform. Any proposed management standard should not stray from its core management mission, they warn, either into defining elements of the generic infrastructure, or into specifying aspects of management applications... The irony of this particular standards battle is that none of the big three systems management vendors -- IBM, HP and CA -- can claim to be leading the field in web services management. It is specialists such as Actional, Amberpoint, Talking Blocks and Infravio who have been making all the running in terms of delivering production software into user deployments, with each of them able to point to several reference customers. [However,] by emphasizing management through web services, the established systems management giants can gain recognition in the web services arena while broadening the issue out to play to their own strengths..." See also: (1) the presentations "Web Services Manageability" and "Management and Web Service Management," referenced in the following bibliographic entry; (2) the HP framework proposal, "HP Contributes Web Services Management Framework Specification to OASIS TC."

  • [July 29, 2003] "Web Services Distributed Management (WSDM) TC Submission: Web Services Manageability." By Heather Kreger (IBM), Igor Sedukhin (Computer Associates), and Mark Potts (Talking Blocks). PDF from source .PPT. July 24, 2003. 10 pages. Posted to the OASIS WSDM TC list by Ellen Stokes (IBM). Prose adapted from the slides: "#2: As to background, the design started with active involvement of the authors on W3C Web Services Architecture Working Group Management Task Force. To avoid fragmentation of Management Standards the team co-authored a specification to facilitate development of consensus among management vendors. They considered concepts from existing work on Web services as a management platform. The specification is the agreed minimum sufficient set of information that make Web service endpoints manageable. #3: As to main considerations, the design does not imply the implementation of the manageability or the manager. It captures manageability with XML and WSDL and is consistent with existing standards based Web Service infrastructures. It is consistent with existing management models and standards, uses existing infrastructure mechanisms, has an easily extensible model, is easily implementable, reducing impact on Web service development. #4: As to the intention of the submission, the specification will define the model for the manageability of Web services and define access to this manageability. The access and model can be rendered in (a) WSDL 1.1; (b) GWSDL; (c) CIM Models; (4) WSDL 1.2. The specification identifies requirements for more general Web services standards, but does not define them. The team is submitting the Common Base Event specification (XML event format for management events)... #8: As to an extensible manageability, the topics are extensible (new topics can be created; any topic can have aspects added to them [i.e., define new properties, operations, and events]; and new aspects can be created. Manageability information is extensible. #9: As to infrastructure, the specification supports building WS-I basic profile compliant manageable Web services; it leverages non-management specific infrastructure available to us from: (a) WS* e.g., WS-addressing, WS-policy; (b) OGSI e.g., serviceData, notifications; (c) CMM e.g., lifecycle, relationships, metadata. It does not imply a specific management framework. The authorship team intends to submit this work to the OASIS WSDM TC..." See also the presentation "Management and Web Service Management" as posted 2003-07-29; this presentation "offers work to OASIS completed by IBM with contribution from CA and Talking Blocks... It details a frame of reference for Management Applications, Managers, Manageability using Web services and Manageability of Web services. The work also identifies the management concerns pertinent to each and the dependencies in terms of common description that are required..." [source .PPT, cache]

  • [July 29, 2003] "Introducing BPEL4WS 1.0. Building on WS-Transaction and WS-Coordination." By Dr. Jim Webber and Dr. Mark Little (Arjuna Technologies Limited). In Web Services Journal Volume 3, Issue 8 (August 2003), pages 28-33. With source code and 3 figures. "The value of BPEL4WS is that if a business is the sum of its processes, the orchestration and refinement of those processes is critical to an enterprise's continued viability in the marketplace. Those businesses whose processes are agile and flexible will be able to adapt rapidly to and exploit new market conditions. This article introduces the key features of Business Process Execution Language for Web Services, and shows how it builds on the features offered by WS-Coordination and WS-Transaction. The BPEL4WS model is built on a number of layers, each one building on the facilities of the previous. The fundamental components of the BPEL4WS architecture consists of the following: (1) A means of capturing enterprise interdependencies with partners and associated service links; (2) Message correlation layer that ties together messages and specific workflow instances; (3) State management features to maintain, update, and interrogate parts of process state as a workflow progresses; (4) Scopes where individual activities (workflow stages) are composed to form actual algorithmic workflows. We'll explore the features of this stack, starting with the static aspects of the application -- capturing the relationship between the Web services participating in workflows -- and on to the creation of workflows using the BPEL4WS activities... BPEL4WS is at the top of the WS-Transaction stack and utilizes WS-Transaction to ensure reliable execution of business processes over multiple workflows, which BPEL4WS logically divides into two distinct aspects. The first is a process description language with support for performing computation, synchronous and asynchronous operation invocations, control-flow patterns, structured error handling, and saga-based long-running business transactions. The second is an infrastructure layer that builds on WSDL to capture the relationships between enterprises and processes within a Web services-based environment. Taken together, these two aspects support the orchestration of Web services in a business process, where the infrastructure layer exposes Web services to the process layer, which then drives that Web services infrastructure as part of its workflow activities. The ultimate goal of business process languages like BPEL4WS is to abstract underlying Web services so that the business process language effectively becomes the Web services API. While such an abstract language may not be suitable for every possible Web services-based scenario it will certainly be useful for many, and if tool support evolves it will be able to deliver on its ambition to provide a business analyst-friendly interface to choreographing enterprise systems..." See also: "Introducing WS-Transaction Part II. Using Business Activities," in Web Services Journal Volume 3, Issue 7 (July 2003), pages 6-9. General references in "Business Process Execution Language for Web Services (BPEL4WS)." [alt URL]

  • [July 29, 2003] "Double Standards." By Sean Rhody (WSJ Editor-in-Chief). In Web Services Journal Volume 3, Issue 8 (August 2003), page 3. "In June I attended the JavaOne conference... and was reminded, once again, that the lack of a single standards body is a serious roadblock to implementation of Web services... I was further reminded of the mess we're in by some of the Web services presentations. While obviously biased toward Java (it was JavaOne, after all), what really got me was the way everyone needed to explain how this specification came from HP, that standard was developed by W3C, and OASIS has a competing specification to some other specification. It's clear that there are too many bodies producing standards, not to mention too many standards themselves. The Java model works somewhat better, with a single standards organization and the JSR process. Rather than develop competing specifications (SAML or WS-Security, for example), the JCP provides guidance from multiple companies toward the creation of a single standard that all Java vendors will comply with. No one has to decide whether to use BPML or BPEL, or the Java equivalent... I would propose that WS-I become the central Web services body, and that the members of the other bodies treat them as the Supreme Court of Web services. Once they rule on a specification, let there be no further disputes. Let's limit the number of specifications so the innovations can go toward making a smaller set of standards better. Of course the WS-I may not want to act as the final arbiter of Web services fate, and for various reasons, many vendors may not want the WS-I as currently constituted to be the sole determining body for Web services..." On WS-I, see "Web Services Interoperability Organization (WS-I)." [alt URL]

  • [July 29, 2003] "Microsoft Brings Secure Web Services Closer." By John McIntosh. In IT-Director.com (July 28, 2003). "As the noise of secure communications and identify management continues unabated and vendors clamour at the door, Microsoft's recent announcement of Web Services Enhancements 2.0 might have been missed. This is a significant announcement, not because it comes from Microsoft but because of what it potentially means to the Web Services market and the security market... WSE version 2.0 offers new security features should simplify development and deployment of secure Web Service applications that span company boundaries and trust domains, connecting and exchanging information with customer and partner systems. According to the Company, WSE 2.0 means that developers can apply security policies to Web services with minimal lines of code and support interoperability across heterogeneous systems. WSE 2.0 does this by building on the security, routing and attachment capabilities of version 1.0 and adds a foundation for building applications based on Web services specifications published by Microsoft and its industry partners including WS-Security, WS-Policy, WS-SecurityPolicy, WS-Trust, WS-SecureConversation and WS-Addressing... There is within the .NET Framework and WSE 2.0 the ability to do many interesting things in terms of secure application development to support integration and federation of security through the value chain. WSE is important because it introduces for the first time the ability to test the theories behind emerging WS-Security standards. Essentially, is it possible to build a system that can securely expose internal systems to partners as Web services, leveraging existing technology investments to generate future revenue opportunities? Without the following new [WSE] capabilities, the answer to that question would probably be no..." See details in the news story "Security Featured in Microsoft Web Services Enhancements Version 2.0 Technology Preview."

  • [July 29, 2003] "Using the WS-I Test Tools." By Yasser Shohoud (Microsoft). July 24, 2003. 18 minutes. Tutorial prepared as an MSDN TV Episode; the presentations is played using the Microsoft Windows Media Player. Summary: "The Web Services Interoperability organization (WS-I) has published a draft version of the Basic Profile Test Tools. Yasser Shohoud shows how to use these tools to test your Web service for WS-I Basic Profile conformance." Details: A Beta Release of the WS-I Testing Tools was issued in April 2003 and is available in C# and Java. The WS-I testing tools are designed to help developers determine whether their Web services are conformant with Profile Guidelines. The WS-I Testing Working Group also published draft [June 26, 2003] versions of the WS-I Monitor Tool Functional Specification and WS-I Analyzer Tool Functional Specification. The WS-I Monitor Tool specification edited by Scott Seely (Microsoft) documents the message capture and logging tool. "This tool captures messages and stores them for later analysis. The tool itself will have to capture messages traveling over different protocols and transports. The first version of this tool will focus on being able to accurately capture HTTP based SOAP messages. Also, while many interception techniques are available, this implementation uses a man in the middle approach to intercept and record messages... The Monitor has two distinct sets of functionality: (1) It is responsible for sending messages on to some other endpoint that is capable of accepting the traffic while preserving the integrity of communication between the two endpoints. (2) It is responsible for recording the messages that flow through it to a log file. One can think of these two pieces as an interceptor and a logger. For this first version of the Monitor, the interceptor and logger functionality will exist in the same application. The working group recognizes that we may later desire to separate the interceptor and the logger into two, standalone entities. This design discusses how one would go about structuring an application today that should be able to be broken into separate pieces in future versions..." The WS-I Analyzer Tool specification edited by Peter Brittenham (IBM) documents "the design for Version 1.0 of the analyzer tool, which will be used for conformance testing of WS-I profiles. The purpose of the Analyzer tool is to validate the messages that were sent to and from a Web service. The analyzer is also responsible for verifying the description of the Web service. This includes the WSDL document that describes the Web service, and the XML schema files that describe the data types used in the WSDL service definition. The analyzer tool has a defined set of input files, all of which are used to verify conformance to a profile definition: Analyzer configuration file; Test assertion definition file; Message log file; WSDL for the Web service. The analyzer configuration file and test assertion definition file are described in greater detail in the subsequent sections of the document; the message log file contains the list of messages that were captured by the monitor tool..." See also the WS-I Basic Profile Version 1.0 (Working Group Approval Draft 2003/05/20) and the WS-I Testing Working Group Charter. General references in "Web Services Interoperability Organization (WS-I)."

  • [July 29, 2003] "Understanding XML Digital Signature." By Rich Salz. In Microsoft MSDN Library (July 2003). ['This article looks at the XML Digital Signature specification, explaining its processing model and some of its capabilities. It provides a low-level understanding of how the WS-Security specification implements its message security feature. The author surveys the XML DSIG specification using the schema definition to describe the features that are available and the processing that is required to generate and verify an XML DSIG document. He starts with the basic signature element (ds:SignedInfo), looks at how it incorporates references to application content to protect that content, and looks at part of the ds:KeyInfo element to see how an application can verify a signature, and perhaps validate the signer's identity. These three aspects provide the most basic and low-level components of protecting the integrity of XML content.'] "Digital signatures are important because they provide end-to-end message integrity guarantees, and can also provide authentication information about the originator of a message. In order to be most effective, the signature must be part of the application data, so that it is generated at the time the message is created, and it can be verified at the time the message is ultimately consumed and processed. SSL/TLS also provides message integrity (as well as message privacy), but it only does this while the message is in transit. Once the message has been accepted by the server (or, more generally, the peer receiver), the SSL protection must be 'stripped off' so that the message can be processed. As a more subtle point, SSL only works between the communication endpoints. If I'm developing a new Web service and using a conventional HTTP server (such as IIS or Apache) as a gateway, or if I'm communicating with a large enterprise that has SSL accelerators, the message integrity is only good up until the SSL connection is terminated. As an analogy, consider a conventional letter. If I'm sending a check to my phone company, I sign the check -- the message -- and put it in an envelope to get privacy and delivery. Upon receipt of the mail, the phone company removes the envelope, throws it away, and then processes the check. I could make my message be part of the envelope, such as by gluing the payment to a postcard and mailing that, but that would be foolish. An XML signature would define a series of XML elements that could be embedded in, or otherwise affiliated with, any XML document. It would allow the receiver to verify that the message has not been modified from what the sender intended. The XML-Signature Syntax and Processing specification (abbreviated in this article as XML DSIG) was a joint effort of the W3C and the IETF. It's been an official W3C Recommendation since February 2002. Many implementations are available..." See general references in "XML Digital Signature (Signed XML - IETF/W3C)."

  • [July 29, 2003] "Sun's Proposed New Web Services Standards." By Charles Babcock. In InformationWeek (July 39, 2003). "Sun is trying to initiate a new round of Web services with a proposal for a set of standards that work on top of XML and Web Services Description Language (WSDL). But Sun and its partners have yet to say to which standards body they will submit their proposed specification... Arjuna Technologies, Fujitsu Software, Iona Technologies, Oracle, and Sun have teamed up to propose that individual Web services be called up and combined to form 'composite applications.' Through Sun's proposed set of standards, such a composite application would be given a shared runtime environment that could determine the specific systems contributing to the service. It also would be given a coordination agent that made sure applications ran in the correct sequence and a transaction manager that supervised transactions across dissimilar applications. The proposed set is called Web Services-Composite Application Framework, or WS-CAF. Today's leading Web services handle such coordination issues is 'in a very ad hoc manner, if at all,' says Mark Little, chief team architect for Arjuna. The proposed standards will take the guesswork and ambiguities out of how to coordinate services from scattered systems into one composite application, or new Web service, says Ed Julson, Sun's group manager of Web services standards and technology. The alternative, Julson says, is to go forward with competing methods of resolving service issues, as is the case with two of today's Web-services security standards: Web Services-Security proposed by IBM, Microsoft and VeriSign, and Web Services-Reliability proposed by Fujitsu, Hitachi, NEC, Oracle, Sonic Software, and Sun. Among the standards bodies that might receive the Sun proposal are the Oasis Open consortium of vendors setting XML standards; the World Wide Web Consortium; and the Internet Engineering Task Force. 'From a pure technology standpoint, the group isn't breaking new ground,' says Stephen O'Grady of Red Monk, a market research group. Sun and partners are making use of existing technologies, sometimes already in use in deployed Web services, he says. But 'it's a novel and unique approach for creating composite applications composed of distinct Web services.' The most significant part of the proposal may prove to be the way it defines a way to manage transactions in the Web-services context, O'Grady says..." See: (1) the news story "Web Services Composite Application Framework (WS-CAF) for Transaction Coordination"; (2) the Arjuna announcement "Arjuna Enables Reliable Web Services-Based Business Applications with Arjuna XTS. Technology to Address the Reliable Coordination Issues Preventing the Early Adoption of Serious E-Business Solutions Through Web Services."

  • [July 29, 2003] "XHTML-Print." Edited by Jim Bigelow (Hewlett-Packard). W3C Last Call Working Draft, 29-July-2003. Produced by members of the W3C HTML Working Group as part of the W3C HTML Activity. The Last Call review period ends on 7-September-2003. Latest version URL: http://www.w3.org/TR/xhtml-print. Also in PDF. "XHTML-Print is a member of the family of XHTML Languages defined by the W3C Recommendation Modularization of XHTML. It is designed to be appropriate for printing from mobile devices to low-cost printers that might not have a full-page buffer and that generally print from top-to-bottom and left-to-right with the paper in a portrait orientation. XHTML-Print is also targeted at printing in environments where it is not feasible or desirable to install a printer-specific driver and where some variability in the formatting of the output is acceptable... XHTML-Print is not appropriate when strict layout consistency and repeatability across printers are needed. The design objective of XHTML-Print is to provide a relatively simple, broadly supportable page description format where content preservation and reproduction are the goal, i.e., 'Content is King.' Traditional printer page description formats such as PostScript or PCL are more suitable when strict layout control is needed. XHTML-Print does not utilize bi-directional communications with the printer either for capabilities or status inquiries. This document creates a set of conformance criteria for XHTML-Print. It references style sheet constructs drawn from CSS2 and proposed for CSS3 Paged Media as defined in the CSS Print Profile to provide a strong basis for rich printing results without a detailed understanding of each individual printer's characteristics. It also defines an extension set that provides stronger layout control for the printing of mixed text and images, tables and image collections. The document type definition for XHTML-Print is implemented based on the XHTML modules defined in Modularization of XHTML." Note: this specification is based "in large part on a work by the same name XHTML-Print from the Printer Working Group (PWG), a program of the IEEE Industry Standard and Technology Organization." See general references in "XHTML and 'XML-Based' HTML Modules."

  • [July 29, 2003] "Microsoft Plays Hiring Hardball." By Darryl K. Taft. In eWEEK Volume 20, Number 30 (July 28, 2003), pages 1, 16. "Like baseball's New York Yankees, Microsoft Corp. has been paying top dollar for top talent in an effort to dominate the new playing fields of XML and Web services. During the past 18 months, the Redmond, Wash., company has gobbled up some of the best-known XML, Web services and application development brains around. Most recently it hired Cape Clear Software Inc. Chief Technology Officer Jorgen Thelin, who last week announced he would be leaving the Web services infrastructure company to join Microsoft. The effort, which runs counter to Microsoft's traditional strategy of scooping up complementary companies, has concerned developers crying foul and claiming the company is only looking to improve its standing among standards groups... Not all developers are happy about the issue, saying that once again the company is using its might irresponsibly. 'Microsoft is trying to buy the standard; you own all the soldiers, and then you win,' said one industry insider, who requested anonymity. 'I have heard hallway grumblings about Microsoft trying to corner the market on Web services experts, especially from companies looking to hire people who can represent them on Web services committees,' said Iona Technologies plc. CTO Eric Newcomer, of Waltham, Mass..."

  • [July 29, 2003] "Sun, Oracle, Others Propose Transaction Specification Middleware Vendors Publish Web Services Composite Applications Framework." By James Niccolai and Peter Sayer. In InfoWorld (July 28, 2003). "Sun Microsystems Inc., Oracle Corp., Fujitsu Software Corp., Iona Technologies PLC and Arjuna Technologies Ltd. published the Web Services Composite Applications Framework (WS-CAF), designed to solve problems that arise when groups of Web services are used in combination to complete a transaction or share information, the companies said in a joint statement Monday. They plan to submit WS-CAF to an industry standards group and will allow for its use on a royalty-free basis, moves intended to promote its broad use. The initiative appears to lack support so far from some key Web services players, however, including IBM Corp., BEA Systems Inc. and Microsoft Corp., which were not part of the announcement. Web services use standard technologies such as SOAP (Simple Object Access Protocol) and XML (Extensible Markup Language) to link disparate applications in a way that's supposed to be more affordable and flexible than using proprietary messaging systems. Some transactions, such as purchasing a book, are relatively simple to complete, in part because they can be finished instantaneously. Others, such as fulfilling a purchase order or completing an insurance claim, can take days or weeks to process and as such pose problems for Web services developers, the companies said. WS-CAF aims to solve those problems by defining a set of rules for coordinating transactions in such long-running business processes, the group said. WS-CAF actually is a collection of three specifications: Web Service Context (WS-CTX), Web Service Coordination Framework (WS-CF), and Web Service Transaction Management (WS-TXM)... The new specifications add to an already tangled clump of Web services coordination specifications with varying degrees of support from standards bodies. One such, BPEL4WS (Business Process Execution Language for Web Services), has been adopted by OASIS, the Organization for the Advancement of Structured Information Standards, but it still leaves significant gaps that need to be filled, according to [Jeff] Mischkinsky..." See details in "Web Services Composite Application Framework (WS-CAF) for Transaction Coordination."

  • [July 28, 2003] "Composite Capability/Preference Profiles (CC/PP): Structure and Vocabularies." Edited by Graham Klyne (Nine by Nine), Franklin Reynolds (Nokia Research Center), Chris Woodrow (Information Architects), Hidetaka Ohto (W3C / Panasonic), Johan Hjelm (Ericsson), Mark H. Butler (Hewlett-Packard), and Luu Tran (Sun Microsystems). W3C Working Draft 28-July-2003. Latest version URL: http://www.w3.org/TR/CCPP-struct-vocab/. "This specification was originated by the W3C CC/PP Working Group and has now been passed to the W3C Device Independence Working Group to carry forward towards a Recommendation." Summary: "This document describes CC/PP (Composite Capabilities/Preference Profiles) structure and vocabularies. A CC/PP profile is a description of device capabilities and user preferences that can be used to guide the adaptation of content presented to that device. The Resource Description Framework (RDF) is used to create profiles that describe user agent capabilities and preferences. The structure of a profile is discussed. Topics include: (1) structure of client capability and preference descriptions, AND (2) use of RDF classes to distinguish different elements of a profile, so that a schema-aware RDF processor can handle CC/PP profiles embedded in other XML document types. CC/PP vocabulary is identifiers (URIs) used to refer to specific capabilities and preferences, and covers: [1] the types of values to which CC/PP attributes may refer, [2] an appendix describing how to introduce new vocabularies, [3] an appendix giving an example small client vocabulary covering print and display capabilities, and [4] an appendix providing a survey of existing work from which new vocabularies may be derived... It is anticipated that different applications will use different vocabularies; indeed this is needed if application-specific properties are to be represented within the CC/PP framework. But for different applications to work together, some common vocabulary, or a method to convert between different vocabularies, is needed. (XML namespaces can ensure that different applications' names do not clash, but does not provide a common basis for exchanging information between different applications.) Any vocabulary that relates to the structure of a CC/PP profile must follow this specification. The appendices introduce a simple CC/PP attribute vocabulary that may be used to improve cross-application exchange of capability information, partly based on some earlier IETF work..."

  • [July 28, 2003] "IBM To Update Portal With Document Management and Collaboration Technology. New WebSphere Software to Ship Next Month." By Elizabeth Montalbano. In CRN (July 28, 2003). "IBM has unveiled an upcoming version of its WebSphere portal that the company says has new capabilities for document management and collaboration. WebSphere Portal Version 5 will feature new functionality that allows solution providers to aggregate content from various back-end resources -- such as human resources, CRM or supply chain applications -- to a single portal, according to IBM. The new software also will include out-of-the-box document management tools that allow solution providers to integrate and manage information, such as a company's financial reports or sales documents, within the portal, IBM executives said. At the same time, the document management tools also will allow end users to view, create, convert and edit basic documents, spreadsheets and other files while working within the portal. In addition, WebSphere Portal Version 5 will include a new Collaboration Center, which leverages IBM Lotus software to allow portal users to interact with various collaborative applications, such as instant messaging, team workplaces and virtual meetings. Other new features in Version 5 include performance enhancements and a simplified installation process..."

  • [July 27, 2003] "Sun Proposes New Web Services Specifications." By Martin LaMonica. In CNET News.com (July 27, 2003). "Sun Microsystems and a handful of partners have announced they are seeking the approval of Web services specifications for coordinating electronic transactions. Sun, Oracle, Iona Technologies, Fujitsu Software and Arjuna Technologies will submit the specifications, the Web Services Composite Applications Framework (WS-CAF), to either the World Wide Web Consortium or the Organization for the Advancement of Structured Information Standards (OASIS) for development as standards in the next several weeks... WS-CAF, which comprises three individual specifications, proposes a mechanism for coordinating transactions across many machines in multistep business processes. The authors of the specifications hope simplified interactions between Web services will allow companies to assemble business applications with Web services more quickly. The WS-CAF specifications would create a prearranged way to configure systems so that Web services applications from different providers could share important transactional information. For example, administration tools based on WS-CAF would ensure that a consumer making vacation reservations online could coordinate bookings at three different Web sites for travel, car and hotel reservations at the same time. Current business systems have methods for sharing the status of ongoing transactions across different machines. The WS-CAF set of specifications seeks to improve interoperability by standardizing that capability among different providers, said Eric Newcomer, chief technology officer at Iona. The Sun-led group of companies intends to garner input from other IT providers through the standardization process, said Ed Jolson, Sun's group manager for Web services standards..." See details in "Web Services Composite Application Framework (WS-CAF) for Transaction Coordination."

  • [July 25, 2003] "The Future of XML Documents and Relational Databases. As New Species of XML Documents Are Emerging, Vendors Are Unveiling Increased RDBMS Support for XML." By Jon Udell. In InfoWorld (July 25, 2003). "Having absorbed objects, the RDBMS vendors are now working hard to absorb XML documents. Don't expect a simple rerun of the last movie, though. We've always known that most of the information that runs our businesses resides in the documents we create and exchange, and those documents have rarely been kept in our enterprise databases. Now that XML can represent both the documents that we see and touch -- such as purchase orders -- and the messages that exchange those documents on networks of Web services, it's more critical than ever that our databases can store and manage XML documents. A real summer blockbuster is in the making. No one knows exactly how it will turn out, but we can analyze the story so far and make some educated guesses. The first step in the long journey of SQL/XML hybridization was to publish relational data as XML. BEA Chief Architect Adam Bosworth, who worked on the idea's SQL Server implementation, calls it 'the consensual-hallucination approach -- we all agree to pretend there is a document.' XML publishing was the logical place to start because it's easy to represent a SQL result set in XML and because so many dynamic Web pages are fed by SQL queries. The traditional approach required programmatic access to the result set and programmatic construction of the Web page. The new approach materializes that dynamic Web page in a fully declarative way, using a SQL-to-XML query to produce an XML representation of the data and XSLT to massage the XML into the HTML delivered to the browser. Originally these virtual documents were created using proprietary SQL extensions such as SQL Server's 'FOR XML' clause. There's now an emerging ISO/ANSI standard called SQL/XML, which defines a common approach. SQL/XML is supported today by Oracle and DB2. It defines XML-oriented operators that work with the native XML data types available in these products. SQL Server does not yet support an XML data type or the SQL/XML extensions, but Tom Rizzo, SQL Server group product manager at Redmond, Wash.-based Microsoft, says that Yukon, due in 2004, will... Most of the information in an enterprise lives in documents kept in file systems, not in relational databases. There have always been reasons to move those documents into databases -- centralized administration, full-text search -- but in the absence of a way to relate the data in the documents to the data in the database, those reasons weren't compelling. XML cinches the argument. As business documents morph from existing formats to XML -- admittedly a long, slow process that has only just begun -- it becomes possible to correlate the two flavors of data..." See general references in "XML and Databases."

  • [July 25, 2003] "Interwoven Unwraps Version 6. New Versions of Platform and Server Offer Content Control for Business Users." By Cathleen Moore. In InfoWorld (July 25, 2003). "Content management vendor Interwoven has launched new versions of its platform and content server with a focus on improving business usability. Interwoven 6 introduces a new customization framework, dubbed the ContentServices UI Toolkit, which is designed to enable customized user interfaces. The release also includes a Web services-based integration toolkit via the Interwoven ContentServices SDK 2.0. The toolkit allows quick and flexible integration with business applications, according to Interwoven officials in Sunnyvale, Calif. Addressing specific business needs, Interwoven 6 also includes offerings aimed at business functions such as sales, services, marketing, and IT. Based on Web services standards, the set of solutions include a Digital Brand Management offering powered by MediaBin; Sales Excellence portals via integration with portals from IBM, BEA, SAP, Plumtree, Sun, and Oracle; and a Global Web Content Management offering for supporting hundreds of Web properties in multiple locations and languages. Meanwhile, Version 6.0 of the TeamSite content server aims to give business users more control over content via the user-friendly ContentCenter interface... The ContentCenter framework includes ContentCenter Standard, an interface designed for business users featuring customizable, portal style content management components that allow users to easily add or modify content. The ContentCenter Professional is a power user interface containing advanced features such as branching, workflow, virtualization, versioning, security, and tool integration..." See details in the announcement: "Interwoven Releases TeamSite 6.0 - The New Benchmark in the Content Management Industry. New Release Empowers Enterprises to Boost Workforce Productivity and Enable Faster, Smarter Decision-Making with an All New, Easy, and Customizable User Experience."

  • [July 25, 2003] "Standards Stupidities and Tech's Future." By Charles Cooper. In CNet News.com (July 25, 2003). "The technology business may employ more brainy people on a per capita basis than any industry in the world. But when it comes to agreeing on technical standards, the behavior of some of these very bright people more resembles the plot in Dumb and Dumber. An outsider looking in would easily assume that, with all this intellectual firepower, these folks would understand their best interests and would be able to decide how to proceed without a major struggle... when it comes to figuring out the best way to get from A to Z, bruising (and pointless) Silicon Valley clashes over standards are the norm rather than the exception. Hang around this business long enough and you realize that, while the actors change, the script lines remain much the same. And each time one of these donnybrooks erupt, the protagonists say they are only working on behalf of what's good for customers... Back on Planet Earth, however, it rates as a monumental waste of time and energy. The latest bit of grandstanding involves the move to set standards for Web services, for which -- surprise, surprise -- Microsoft and Sun Microsystems are happily bickering and backstabbing each other. This is only the latest debacle in their decades-long rivalry, but it comes at a particularly inopportune time for IT customers who are debating where Web services should fit within their operations. Although the Web services world has been inching toward resolving a lot of its issues, this has been a slow-motion story. If Web services is ever going to live up to its hype, the technology industry needs to make sure that its programming standards guarantee the reliability of XML message transmissions. The two sides agree with that notion. From there, however, it's pistols at 20 paces... Microsoft is pushing something that it calls WS-ReliableMessaging, which was co-developed with IBM, BEA Systems and Tibco. Meanwhile, a competing specification called Web Services Reliable Messaging is being backed by Sun, Oracle, Fujitsu, Hitachi, NEC and Sonic Software..."

  • [July 24, 2003] "Eve Maler of Sun Microsystems Discusses the Future of Web Services Security." By Janice J. Heiss. From WebServices.org (July 24, 2003). In this article Janice J. Heiss speaks to Sun Microsystems' Eve Maler, vice-chair of the WS-I Basic Security Profile Working Group and currently coordinating editor of the SAML (Security Assertion Markup Language) Technical Committee, seeking an update on the development of Web services security. Maler: [As to when viable Web services security standards will be established] "It's best not to think in black and white terms. There are specifications appearing on the scene that attempt to secure different facets of Web services. As each specification becomes standardized and viable over time, the operation of Web services will be better protected... This may not be fully standardized until late in 2003 and it's important for this work to reflect a clear understanding of the problem space. And after that, there's going to be a lot more work on trust management. So improvements will occur as long as these processes take place in venues that allow the right experts to look at them... Traditional technologies won't always suffice [for Web services security]. First, the trust issues still haven't been fully solved in traditional computing; they haven't scaled to meet our expectations, and Web services present an opportunity to get this right. With Web services, end to end isn't the same as point to point. Messages are going between a requester and a responding service, but they may also pass through several intermediaries, and thus, several possible hubs. Therefore, a technology that focuses solely on securing the transport channel may not be sufficient. You need security technologies that persist past that transient part; without the XML security standards, they don't take advantage of the opportunities inherent in XML's granularity... Sun Microsystems is very concerned with the open specification of standards and the specification of systems that don't rely on a single hub to do all the jobs. We have heard some intimations that a system like Passport will ultimately be a federated system so that you won't always have to go through one Web site to start your journey online. That would be a good thing. The Liberty Alliance takes exactly this federated approach to managing and using your electronic identity. What's best is for all of the relevant security infrastructure for Web services to be standardized in an open venue to be seen by all the right eyes, and especially for the IPR (intellectual property rights) terms to be open enough so that implementations can be widely accepted. This is Sun's goal in participating in Web services security standardization, and it's the key for ensuring that no one company can create lock-in..." See: (1) "Security Assertion Markup Language (SAML)"; (2) security standards reference list at "Security, Privacy, and Personalization."

  • [July 23, 2003] "Why Choose RSS 1.0?" By Tony Hammond. In XML.com News (July 23, 2003). "RSS, a set of lightweight XML syndication technologies primarily used for relaying news headlines, has been adapted to a wide range of uses from sending out web site descriptions to disseminating blogs. This article looks at a new application area for RSS: syndicating tables of contents for serials publications. Serials newsfeeds -- especially scientific newsfeeds -- differ from regular newsfeeds in that a key requirement for the reader, or more generally for the consumer, of the feed is to be able to cite, or produce a citation for, a given article within the serial. This need for additional information exists across many types of publishing activities. A user may choose not to follow a link directly to some content for whatever good reason, such as preferring to access a locally stored version of the resource. This requires that rich metadata describing the article be distributed along with the article title and link to the article. The need to include metadata within the feed raises the following questions: (1) Which version of RSS best supports the delivery of metadata to users? (2) Which metadata term sets are best employed for supply to users? This article examines both of these issues and then considers how such extensions can actually be used in practice. The primary purpose of syndicating tables of contents for serials is to provide a notification service to inform feed subscribers that a new issue has been published. There are, however, secondary uses for such a syndication service -- that is, to provide access to archival issues resident within a feed repository. The hierarchical storage arrangements for archival issues suggest that one possible resource discovery mechanism might be to have feeds of feeds whereby a feed for an archival volume of issues would syndicate the access URIs for the feeds of the respective issues contained within that volume. This arrangement could even be propagated up the hierarchy whereby a subscription year for a given serial might contain the feed URIs for the volumes within that year, or that a serial feed might contain the feed URIs for the subscription years for that serial. Another way of using a feed of feeds would be for a publisher to publish an RSS feed of all sites that it wanted to syndicate. As an example of such a feed Nature Publishing Group now has a feed which delivers the access URIs for all its current production feeds..." Related news: "RSS 2.0 Specification Published by Berkman Center Under Creative Commons License." See general references in "RDF/Rich Site Summary (RSS)."

  • [July 23, 2003] "Extending RSS." By Danny Ayers. In XML.com News (July 23, 2003). "The boom of weblogs has boosted interest in techniques for syndicating news-like material. In response a family of applications, known as aggregators or newsreaders, have been developed. Aggregators or newsreaders consume and display metadata feeds derived from the content. Currently there are two major formats for these data feeds: RSS 1.0 and RSS 2.0... The names are misleading -- the specifications differ not only in version number but also in philosophy and implementation. If you want to syndicate simple news items there is little difference between the formats in terms of capability or implementation requirement. However, if you want to extend into distributing more sophisticated or diverse forms of material, then the differences become more apparent. The decision over which RSS version to favor really boils down to a single trade-off: syntactic complexity versus descriptive power. RSS 2.0 is extremely easy for humans to read and generate manually. RSS 1.0 isn't quite so easy, as it uses RDF. It is, however, interoperable with other RDF languages and is eminently readable and processible by machines. This article shows how the RDF foundation of RSS 1.0 helps when you want to extend RSS 1.0 for uses outside of strict news item syndication, and how existing RDF vocabularies can be incorporated into RSS 1.0. It concludes by providing a way to reuse these developments in RSS 2.0 feeds while keeping the formal definitions made with RDF... RSS 1.0's strong point is its use of the RDF model, which enables information to be represented in a consistent fashion. This model is backed by a formal specification which provides well-defined semantics. From this point of view, RSS 1.0 becomes just another vocabulary that uses the framework. In contrast, outside of the relationships between the handful of syndication-specific terms defined in its specification, RSS 2.0 simply doesn't have a model. There's no consistent means of interpreting material from other namespaces that may appear in an RSS 2.0 document. It's a semantic void. But it doesn't have to be that way since it's relatively straightforward to map to the RDF framework and use that model. The scope of applications is often extended, and depending on how you look at it, it's either enhancement or feature creep. Either way, it usually means diminishing returns -- the greater distance from the core domain you get, the more additional work is required for every new piece of functionality. But if you look at the web as one big application, then we can to get a lot more functionality with only a little more effort..." General references in "RDF/Rich Site Summary (RSS)."

  • [July 23, 2003] "HP Buys Swedish VoiceXML Company. HP to Expand OpenCall Unit With Purchase of PipeBeach." By Gillian Law. In InfoWorld (July 23, 2003). "Hewlett-Packard plans to expand its OpenCall business unit with the purchase of Swedish VoiceXML company PipeBeach... PipeBeach of Stockholm makes interactive voice products for speech-based information portals, such as sports and traffic information systems and phone banking. Ed Verney, director of interactive media platforms in HP's OpenCall unit, said HP has been working in the VoiceXML area for some time, but that it would have taken a further two years to develop products of a similar quality to PipeBeach's technology. HP will take PipeBeach's principal products, including SpeechWeb and SpeechWeb Portal, and integrate them into its own OpenCall suite of telecommunication software, it said in a statement. SpeechWeb is a VoiceXML platform that lets applications and services, located on standard Web servers, be accessed over the phone. It can automatically understand speech in 30 languages, and can also turn text in those languages into speech, according to PipeBeach's Web site. SpeechWeb Portal makes it easier to give access to different information databases through one phone number, and to personalize services, according to PipeBeach. A provider just has to link the SpeechWeb Portal software to a database to produce a voice service, Verney said. 'It's removed a lot of the guess-work'..." See: (1) details in the announcement "HP Acquires PipeBeach to Strengthen Leadership in Growing VoiceXML Interactive Voice Market. Standards-based Products from PipeBeach Bolster HP OpenCall Portfolio and Enhance HP's Ability to Deliver Speech-based Solutions."; (2) general references in "VoiceXML Forum."

  • [July 22, 2003] Scalable Vector Graphics (SVG) 1.2. Edited by Dean Jackson (W3C). W3C Working Draft 15-July-2003. Latest version URL: http://www.w3.org/TR/SVG12/. Third public working draft of the SVG 1.2 specification, produced by the W3C SVG Working Group as part of the W3C Graphics Activity within the Interaction Domain. "This document specifies version 1.2 of the Scalable Vector Graphics (SVG) Language, a modularized language for describing two-dimensional vector and mixed vector/raster graphics in XML. This draft of SVG 1.2 is a snapshot of a work-in-progress. The SVG Working Group believe the most of the features here are complete and stable enough for implementors to begin work and provide feedback. Some features already have multiple implementations. [The WD] lists the potential areas of new work in version 1.2 of SVG and is not a complete language description. In some cases, the descriptions in this document are incomplete and simply show the current thoughts of the SVG Working Group on the feature. This document should in no way be considered stable. This version does not include the implementations of SVG 1.2 in either DTD or XML Schema form. Those will be included in subsequent versions, once the content of the SVG 1.2 language stabilizes. This document references a draft RelaxNG schema for SVG 1.1..." See details in the news story "New Scalable Vector Graphics 1.2 Working Draft Positions SVG as an Application Platform ."

  • [July 22, 2003] "Dynamic Scalable Vector Graphics (dSVG) 1.1 Specification." Edited by Gordon G. Bowman. July 09, 2003. Copyright (c) 2003 Corel Corporation. See the expanded Table of Contents and file listing from the distribution package. "This specification defines the features and syntax for Dynamic Scalable Vector Graphics (dSVG), an XML language that extends SVG, providing enhanced dynamic and interactive capabilities that were previously only available via scripting. dSVG is a language for describing UI controls and behaviors in XML [XML10]. It contains eleven types of UI controls ('button', 'checkBox', 'radioButton', 'contextMenu', 'comboBox', 'listBox', 'listView', 'slider', 'spinBox', 'textBox' and 'window'), six categories of behaviors (DOM manipulation, viewer manipulation, coordinate conversion, constraints, flow control and selection ability), and two container elements ('action' and 'share'). dSVG UI controls have instrinsic states (up, down, hover, focus and disabled), which change according to mouse and keyboard events. Their appearances are defined in skins that are completely customizable. These skins can also contain dSVG constraints, which allow the UI controls to be 'intelligently' resized. SVG files with dSVG elements are interactive and dynamic. Behaviors can be directly or indirectly associated to SVG elements or to dSVG UI controls and triggered by specified events. Sophisticated applications of SVG are possible by use of a supplemental scripting language which accesses the SVG Document Object Model (DOM), which provides complete access to all elements, attributes and properties. A rich set of event handlers such as onmouseover and onclick can be assigned to any SVG graphical object. However, scripting has many downsides Note: The distribution file "contains the proposal submitted to the World Wide Web Consortium (W3C) SVG Working Group to enhance SVG's support of enterprise application development for dynamic interfaces. It is a technical specification intended for developers, the SVG community, and the SVG working group to access the content in the proposed changes. It also contains a test suite that includes code not intended for commercial purposes, but provided by Corel to help developers test the specification..." See: (1) details in Dynamic Scalable Vector Graphics (dSVG); (2) "Corel Smart Graphics Studio 1.1 Update Now Available."

  • [July 22, 2003] "SOAP Message Transmission Optimization Mechanism." Edited by Noah Mendelsohn (IBM), Mark Nottingham (BEA), and Hervi Ruellan (Canon). W3C Working Draft 21-July-2003. Latest version URL: http://www.w3.org/TR/soap12-mtom. ['The W3C XML Protocol Working Group has released the first public Working Draft of the SOAP Message Transmission Optimization Mechanism. Inspired by PASWA and enhancing the SOAP HTTP Binding, this technical report presents a mechanism for improving SOAP performance in the abstract and in a concrete implementation.'] "The first part of this document ('Abstract Transmission Optimization Feature') describes an abstract feature for optimizing the transmission and/or wire format of a SOAP message by selectively re-encoding portions of the message, while still presenting an XML Infoset to the SOAP application. This Abstract Transmission Optimization Feature is intended to be implemented by SOAP bindings, however nothing precludes implementation as a SOAP module. The usage of the Abstract Transmission Optimization Feature is a hop-by-hop contract between a SOAP node and the next SOAP node in the SOAP message path, providing no normative convention for optimization of SOAP transmission through intermediaries. Additional specifications could in principle be written to provide for optimized multi-hop facilities provided herein, or in other ways that build on this specification (e.g., by providing for transparent passthrough of optimized messages). The second part ('Inclusion Mechanism') describes an Inclusion Mechanism implementing part of the Abstract Transmission Optimization Feature in a binding-independant way. The third part ('HTTP Transmission Optimization Feature') uses this Inclusion Mechanism for implementing the Abstract Transmission Optimization Feature for an HTTP binding. This document represents a transmission optimization mechanism which was inspired by a similar mechanism in the PASWA document ('Proposed Infoset Addendum to SOAP Messages with Attachments'). The WG plans to work later on the other parts of that document (assigning media types to binary data in XML infosets and including representations of Web resources in SOAP messages) and to publish other drafts which will include such mechanisms... This specification has currently no well-defined relation with the 'SOAP 1.2 Attachment Feature' specification. However, it may be expected that this specification will supersede the SOAP-AF specification once this specification has reached a stable state..." See also "SOAP 1.2 Attachment Feature, W3C Working Draft 24-September-2002. General references in "Simple Object Access Protocol (SOAP)."

  • [July 22, 2003] "Web Services Security, Part 4." By Bilal Siddiq. In O'Reilly WebServices.xml.com (July 21, 2003). "In this fourth article of the series, the author puts the pieces together to demonstrate the simultaneous use of all four of the XML security standards (XML signature, XML encryption, WSS, and SAML) in one application. He discusses two important and typical web services security application scenarios and presents two topics: first, how the different web services security standards work together in an XML firewall to protect SOAP servers; second, what the different types of security tokens that you can use in WSS messages are and how they are related to digital signatures and encrypted data... [In this series] We have discussed four XML security standards and two application scenarios (direct authentication and sharing of authentication data) in this series of articles. Before we conclude this series, we would like to point at another important XML security standard being developed by W3C and two other application scenarios of web services security. We have also discussed cryptographic keys in this series of articles. In fact the whole concept of security over the Internet is based on the use of cryptographic keys. The management of cryptographic keys is itself a whole topic, which is of paramount importance. Keeping in mind the importance of key management, W3C is currently developing an XML-based key management standard known as XML Key Management Services (XKMS). Refer to the XKMS page at W3C for further details. Transactions in web services is an important web service application. WS-Transaction is an attempt to standardize the transactional framework in web services. You can download the WS-Transaction specification and check the security considerations section of the specification to see that WS-Transaction uses WSS to secure transactional web services. SOAP-based messaging is another important application of web services. The ebXML Messaging Services (ebMS) standard by OASIS defines the messaging framework for web services. You can download the ebMS specification from the ebXML Messaging page to see how it uses XML signatures..." See also: (1) Part 3, Part 2, and Part 1.

  • [July 22, 2003] "Groove Tackles Project Management. Workspace Project Edition Taps TeamDirection Tools." By Cathleen Moore. In InfoWorld (July 22, 2003). "Groove Networks has rolled out a project management version of its desktop collaboration software designed to help distributed project teams work together more effectively. Groove Workspace Project Edition bundles project-based collaboration tools from Bellevue, Wash.-based TeamDirection. TeamDirection's Project offering includes project creation tools, status view, role-based permissions, and integration with Microsoft Project. TeamDirection Dashboard, meanwhile, provides cross-project views, filtering and sorting capabilities, and related discussion access. Because project management tools are separate from collaboration and communication products, cross-team and cross-company projects usually require the use of multiple, disconnected applications. This often forces project managers to manually re-enter project updates into a static project document, which is then distributed to team members, according to officials at Groove, in Beverly, Mass. To improve and simplify that process, the Project Edition of Groove Workspace lets project managers create a workspace, and add data manually or through a link to an existing project template or Microsoft Project plan. Team members, who are invited to the workspace via e-mail or instant messaging, each receive a shared, synchronized copy of the tools and project data. Groove software's multi-level presence awareness shows which team members are online and active in the workspace, allowing immediate decision making and problem resolution..." See the product description.

  • [July 22, 2003] "XML Watch: Tracking Provenance of RDF Data. RDF Tools Are Beginning to Come of Age." By Edd Dumbill (Editor and publisher, xmlhack.com). In IBM DeveloperWorks (July 21, 2003). ['When you start aggregating data from around the Web, keeping track of where it came from is vital. In this article, Edd Dumbill looks into the contexts feature of the Redland Resource Description Format (RDF) application framework and creates an RDF Site Summary (RSS) 1.0 aggregator as a demonstration.'] "A year ago, I wrote a couple articles for developerWorks about the Friend-of-a-Friend (FOAF) project. FOAF is an XML/RDF vocabulary used to describe -- in computer-readable form -- the sort of personal information that you might normally put on a home Web page, such as your name, instant messenger nicknames, place of work, and so on... I demonstrated FOAFbot, a community support agent I wrote that aggregates people's FOAF files and answers questions about them. FOAFbot has the ability to record who said what about whom... The idea behind FOAFbot is that if you can verify that a fact is recorded by several different people (whom you trust), you are more likely to believe it to be true. Here's another use for tracking provenance of such metadata. One of the major abuses of search engines early on in their history was meta tag spamming. Web sites would put false metadata into their pages to boost their search engine ranking... I won't go into detail on the various security and trust mechanisms that will prevent this sort of semantic vandalism, but I will focus on the foundation that will make them possible: tracking provenance... To demonstrate, I'll show you how to use a simple RSS 1.0 document as test data. Recently I set up a weblog site where I force my opinions on the unsuspecting public... Though RSS feeds of weblogs and other Internet sites are interesting from a browse-around, ego-surfing perspective, I believe the real value of a project like this is likely to be within the enterprise. Organizations are excellent at generating vast flows of time-sequenced data. To take a simple example, URIs are allotted for things like customers or projects, then RSS flows of activity could be generated and aggregated. Such aggregated data could then be easily sliced and diced for whoever was interested. For instance, administrators might wish to find out what each worker has been doing, project managers might want the last three status updates, higher-level management might want a snapshot view of the entire department, and so on. It is not hard to imagine how customer relationship management (CRM) might prove to be an area where tools of this sort would yield great benefits... The simple example demonstrated in this article only scratches the surface of provenance tracking with RDF. On the Web, where information comes from is just as important as the information itself. Provenance-tracking RDF tools are just beginning to emerge, and as they become more widely used they will no doubt become more sophisticated in their abilities. The Redland RDF application framework is a toolkit that's definitely worth further investigation. It has interfaces to your favorite scripting language; it runs on UNIX, Windows, and Mac OS X..." See general references in: (1) "Resource Description Framework (RDF)"; (2) "RDF Site Summary (RSS)."

  • [July 22, 2003] "IBM Adds Grid Computing to WebSphere." By Peter Sayer. In ComputerWorld (July 22, 2003). "IBM will add some grid-computing capabilities to the enterprise edition of its WebSphere Application Server, allowing companies to squeeze more performance from disparate Web applications running on clusters of servers through better load balancing, it announced Monday. 'This is something to bring grid capabilities to commercial customers. It's about the ability to balance Web server workloads in a more dynamic way than has ever been possible before,' said Dan Powers, IBM's vice president of grid computing strategy. Grid computing is seen as a way to deliver computing power to applications as it is needed, in much the same way that the power grid delivers electricity from many sources to where it is needed. In this case, rather than assigning fixed functions, such as serving up Web pages or handling back-office transactions, to particular machines in a cluster running WebSphere software, the software update allows each server to take on any task, depending on workload.."

  • [July 22, 2003] "WSRP: The Web Services Standard for Portals." By Lowell Rapaport. In Transform Magazine (July 2003). "Let's say you have a Web portal that distributes data originating from a remote third party. If the remote application is a Web service, then the portal application can address the service's API. Formatting and displaying the data returned from the Web service is the responsibility of the portal. This is fine if you have just one or two remote Web services to incorporate into your portal, but what happens if you have a dozen? The greater the number of Web services, the higher the cost of integration. Web Services for Remote Portals (WSRP) is an emerging standard designed to simplify integration. WSRP is expected to cut portal development costs by standardizing the way a remotely executed portlet integrates with a portal. WSRP specifies how a Web service downloads its results to a portal in HTML via simple object access protocol (SOAP. The specification's goals are similar to JSR 168: both promote the standardization of portlets. 'JSR 168 and WSRP are closely related,' says Carol Jones, chief architect of the WebSphere Portal at IBM. 'Portlets written in JSR 168 will be WSRP compatible. 168 deals with the life cycle of a portlet -- what gets called when it's time for it to render itself. WSRP addresses how you take a portlet and use it on a different portal. Once WSRP is adopted, users should be able to take a portlet from one company's product and install it in another.' JSR 168 integrates portals and portlets at the application layer while WSRP works at the communications layer. Based on XML and SOAP, WSRP portlets are transferred over the Internet using hypertext transfer protocol and don't require any special programming or security changes to a consumer's firewall. If a JSR 168 portlet is run remotely, the consumer's firewall has to be modified to support distributed Java applications. WSRP is inherently distributed..." See: (1) OASIS Web Services for Remote Portlets TC; (2) WSRP specification advances toward an OASIS Open Standard; (3) "JSR 168 Portlet API Specification 1.0 Released for Public Review." General references in "Web Services for Remote Portals (WSRP)."

  • [July 22, 2003] "Web Services Spending Down But Not Out." By Martin LaMonica. In BusinessWeek Online (July 22, 2003). ['A new Gartner survey finds that Web services projects remain a top priority for corporations despite budget cutbacks that are due to the economic downturn.'] "Shrinking IT budgets have forced corporations to cut back on Web services spending, but such projects still remain a top priority, according to a Gartner report released Wednesday. Web services is an umbrella term for a set of XML-based standards and programming techniques that make it simpler to share information between applications. Once touted as a boon to consumers conducting transactions with e-commerce providers, Web services have instead resonated with corporations as a relatively cost-effective way to integrate disparate systems. In an Internet survey of 111 North American companies, Gartner found that 48 percent of respondents have had to pare back spending on Web services application development projects because of the economic slowdown. A full one-third of survey participants said they are continuing to invest in Web services over the next two years despite the grim economic environment... The findings indicate that corporate America has a strong commitment to using Web services, according to Gartner analysts. Web services development projects are at the top of the list of company priorities and are one of the last budgets to be raided when budget cuts are made. The survey found that in the next 12 months, 39 percent of respondents plan to use Web services to share data between internal applications, such as sales automation and order management systems. And 54 percent expect to use Web services for both internal applications and to share information with outside business partners in the next year..." See details in the Gartner Survey announcement: "Gartner Survey Shows Despite U.S. Economic Slowdown Companies Continuing Web Services Development."

  • [July 22, 2003] "WSDL First." By Will Provost. In O'Reilly WebServices.xml.com (July 22, 2003). "Web services vendors will tell you a story if you let them. 'Web services are a cinch,' they'll say. 'Just write the same code you always do, and then press this button; presto, it's now a web service, deployed to the application server, with SOAP serializers, and a WSDL descriptor all written out.' They'll tell you a lot of things, but probably most glorious among them will be the claim that you can develop web services effectively without hand-editing SOAP or WSDL. Does this sound too good to be true? Perhaps the case can be made that in some cases SOAP has been relegated to the role of RPC encoding, that it's no more relevant to the application developer than IIOP or the DCOM transport. When it comes to WSDL, though, don't buy it. If you're serious about developing RPC-style services, you should know WSDL as well as you know WXS [W3C XML Schema]; you should be creating and editing descriptors frequently. More importantly, a WSDL descriptor should be the source document for your web service build process, for a number of reasons, including anticipating industry standardization, maintaining fidelity in transmitting service semantics, and achieving the best interoperability through strong typing and WXS. The willingness in some quarters to minimize the visibility of service description betrays a more basic and troubling bias, one which has to do with code-generation paths and development process. It assumes that service semantics are derived entirely from application source code. There are two viable development paths for RPC-style service development: from implementation language to WSDL and vice-versa. In fact, to start from the implementation language is the weaker strategy... WSDL first offers a clear advantage in interoperability of generated components. Under the WS-I Basic Profile, and in all typical practice, web services rely on WXS as the fundamental type model. This is a potent choice. WXS offers a great range of primitive types, simple-type derivation techniques such as enumerations and regular expressions, lists, unions, extension and restriction of complex types, and many other advanced features. To put it simply, WXS is by far the most powerful type model available in the XML world. It's more flexible than relational DDLs and much more precise and sophisticated than the type system of many programming languages. Why would we choose to use anything else to express service semantics? What good are WXS's advanced features if they can't be mapped to the implementation language?... For new service development, and even for most adaptations of existing enterprise code assets, the WSDL-to-Impl path is the most robust and reliable; it also fits the consensus vision for widely available services based on progressively more vertical standards. It does a better job of preserving service semantics as designed, and it offers best interoperability based on the rich type model of WXS..." General references in "Web Services Description Language (WSDL)" and "XML Schemas."

  • [July 22, 2003] "Web Services and Sessions." By Sergey Beryozkin. In O'Reilly WebServices.xml.com (July 22, 2003). "Web services are becoming an important tool for solving enterprise application and business-to-business integration problems. An enterprise application is usually exposed to the outside world as a single monolithic service, which can receive request messages and possibly return response messages, as determined by some contract. Such services are designed according to the principles of a service-oriented architecture. They can be either stateless or stateful. Stateful services can be useful, for example, for supporting conversational message exchange patterns and are usually instance or session-based, but they are monolithic in the sense that the session instantiation is always implicit. In general, a service-oriented approach (simple interactions, complex messages) may be better suited to building stateful web services, especially in the bigger B2B world, where integration is normally achieved through an exchange of XML documents. Coarse-grained services, with their API expressed in terms of the document exchange, are likely to be more suitable for creating loosely coupled, scalable and easily composable systems. Yet there still exists a certain class of applications which might be better exposed in a traditional session-oriented manner. Sometimes a cleaner design can be achieved by assigning orthogonal sets of functionality to separate services, and using thus simpler XML messages as a result. Such web services are fine-grained... If you believe that for a particular use case a fine grained design can result in a better interface, and that a reasonable compromise with respect to those problems can be achieved, then such a route should at least be explored. It is likely we'll see some standardization efforts in this area of state and resource management in the near future. Meanwhile, this article will look at ways of building stateful web services. In particular we highlight different ways of defining service references and identifying individual sessions..."

  • [July 21, 2003] "Introduction to JSR 168 - The Java Portlet Specification." From Sun Microsystems. Whitepaper. 19 pages. "The Java Specification Request 168 Portlet Specification (JSR 168) standardizes how components for portal servers are to be developed. This standard has industry backing from major portal server vendors. The specification defines a common Portlet API and infrastructure that provides facilities for personalization, presentation, and security. Portlets using this API and adhering to the specification will be product agnostic, and may be deployed to any portal product that conforms to the specification. An example, the Weather Portlet, is provided by Sun to demonstrate the key functionality offered by the Portlet API: action request handling, render request handling, render parameters, dispatching to JavaServer Pages (JSP) technology, portlet tag library, portlet URLs, portlet modes, portlet cache and portlet preferences... The specification defines a common Portlet API and infrastructure that provides facilities for personalization, presentation, and security. Portlets using this API and adhering to the specification will be product agnostic, and may be deployed to any portal product that conforms to the specification. IT Managers benefit from the ability to support multiple portal products, thus accommodating the unique business needs of various departments and audiences. The compliant portlets can be deployed to all compliant portal frameworks without extensive engineering changes. For developers, the specification offers code reusability. Developers who want to portal enable their applications can create and maintain one set of JSR 168 compliant portlets. These portlets can be run on any JSR 168 Portlet Specification compliant portal server with few, if any, modifications. The Portlet Specification addresses the following topics: The portlet container contract and portlet life cycle management; The definition of window states and portlet modes; Portlet preferences management; User information; Packaging and deployment; Security; JSP tags to aid portlet development..." See also the sample portlet code supplied by Sun. Details in the news story "JSR 168 Portlet API Specification 1.0 Released for Public Review." [cache]

  • [July 21, 2003] "Identity-Management Plans Draw Praise." By Steven Marlin. In InformationWeek (July 17, 2003). "Liberty Alliance and SAML earn plaudits from the Financial Services Technology Consortium for making single sign-on easier for customers. The Financial Services Technology Consortium, a financial-services research group, last week praised two identity-management proposals, Liberty Alliance and Security Assertion Markup Language, for sparing customers the chore of maintaining multiple sets of IDs and passwords. By supporting single sign-on, Liberty Alliance and SAML have the potential to advance Web services initiatives, the FSTC says. Web services -- online applications that invoke other applications via standard protocols--now require that users authenticate themselves to each application, analogous to someone having to present a building pass at the front entrance to a building and then again at the elevator, the office door, the lavatory, etc. SAML, an XML-based specification of the Organization of Structured Information Standards, defines messages known as assertions containing information such as whether a person has already authenticated himself and whether the person has authority to access a particular resource. By exchanging assertions, online applications verify that users are who they claim to be without requiring them to log in. Liberty Alliance, a 2-year-old project backed by 170 companies, has published a set of technical and business guidelines for a 'federated' identity model in which the user logs in once at the beginning of a transaction and SAML assertions provide authentication at the intermediate stages. By enabling companies to automate the task of authenticating customers, employees, suppliers, and partners, the Liberty Alliance and SAML remove an obstacle to the adoption of Web services. Web services' potential can't be realized until organizations can manage trusted relationships without human intervention, says Michael Barrett, president of Liberty Alliance and VP of Internet strategy at American Express... A four-month review by the financial consortium concluded that Liberty Alliance and SAML have the potential to quell consumer fears over identity theft. The review was backed by Bank of America, Citigroup, Fidelity Investments, Glenview State Bank, J P. Morgan Chase & Co., National City Bank, University Bank, and Wells Fargo Bank. Although banks have moved to protect themselves against attacks from hackers, viruses, and network sabotage, they've been poor at communicating the steps they've taken to protect customers from online fraud, says George Tubin, a senior analyst in TowerGroup's delivery-channels service..." See: (1) "Liberty Alliance Publishes Business Requirements and Guidelines for Identity Federation"; (2) general references in "Liberty Alliance Specifications for Federated Network Identification and Authorization."

  • [July 21, 2003] "SPML Passes Demo As Multi-Platform Provisioning Specification." By Vance McCarthy. In Enterprise Developer News (July 15, 2003). "OASIS execs passed a hurdle last week, as they successfully demoed the Service Provisioning Markup Language (SPML) as an XML-derived standard for multi-platform provisioning during last week's Catalyst Conference. SPML 1.0 is an XML-derivative that proposes to enable organizations to automate, centralize, and manage the process of provisioning user access to internal and external corporate systems and data. SPML was designed to work with the W3C's recently ratified SOAP 1.2 and the OASIS SAML and WS-Security specifications. Just published on June 1, SPML is now out of OASIS technical committee consideration, and being reviewed by OASIS at large membership, which could approve the standard in late August. In the demo, a fictitious PeopleSoft employee was remotely created, sending an SPML 'document' via SOAP to the PeopleSoft application. Before arriving directly at the PeopleSoft, the document -- or the XML schema -- was sent through a messaging multiplexer, which created a duplicate (or 'sub-document') and sent it to other privileged systems. The implication is that vendor-specific adapters could be replaced by open, standard XML schema which would allow different enterprise systems to more easily, and cost-effectively interoperate and keep one another in synch. Aside from PeopleSoft, supporters of SPML include BMC Software, BEA Systems, Novell, Sun Microsystems, Business Layers, Entrust, OpenNetwork, Waveset, Thor Technologies, and TruLogica... SPML was designed to work with the W3C's recently ratified SOAP 1.2 and the OASIS SAML and WS-Security specifications. Other security standards in process at OASIS include WS-Security for high-level security services, XACML for access control, XCBF for describing biometrics data and SAML for exchanging authentication and authorization information..." See: (1) "OASIS Member Companies Host SPML Identity Management Interoperability Event"; (2) "Sun and Waveset Provide Identity Management Solution for PeopleSoft Using SPML"; (3) general references in "XML-Based Provisioning Services."

  • [July 21, 2003] "XSLT Performance in .NET." By Dan Frumin. In O'Reilly ONDotnet.com (July 14, 2003). "The Microsoft .NET Framework brings with it many new tools and improvements for developers. Among them is a very rich and powerful set of XML classes that allow the developer to tap into XML and XSLT in their applications. By now, everyone is familiar with XML, the markup language that is the basis for so many other standards. XSLT is a transformation-based formatter. You can use it to convert structured XML documents into some other form of text output -- quite often HTML, though it can also generate regular text, comma-separated output, more XML, and so on... Before the Microsoft .NET Framework was released, Microsoft published the XML SDK, now in version 4.0. The XML SDK is COM-based, and so can be used from any development language, not just Microsoft .NET. Its object model is also a little different than the .NET implementation, and therefore requires a bit of learning to use. But in the end, the XML SDK can do the same things for XSLT that the .NET Framework offers. Which raises the question: how do these two engines compare to each other in performance? This article will answer that question... Looking at the results, we can see that in a single end-to-end operation, the cost of the COM overhead can offset the advantages gained in transformation. This is especially true for smaller XML files (20 to 40 nodes). However, the margin of difference grows as the input files grow in size and as the transformation grows in complexity. When dealing with these scenarios, developers should consider using MSXML as well as two techniques to optimize their applications. First, consider storing the XSLT transform objects (including IXSLProcessor) in some shared location (e.g., a static member) for future use. This eliminates the cost of creating and preparing the XSLT objects and allows for a reusable transformation object that can simply be applied to XML input. Second, developers should consider creating their own COM object garbage collector for the XML files, especially if they are large in size..."

  • [July 21, 2003] "An XML Fragment Reader." By William Brogden. In XML.com (July 21, 2003). ['A lot of XML parsing deals with document fragments, as opposed to complete documents. Unfortunately, XML parsers prefer to deal with entire documents. A Java solution turns out to be simple and quite flexible. It enables you to combine many bits of XML formatted character streams to feed an XML parser.'] "With the release of the Java SDK 1.4, XML parser classes joined the standard Java release, creating a standard API for parser access. Thus, in the org.xml.sax package, you'll find the InputSource class. An InputSource object can feed a character stream to either a SAX or a DOM parser. You can create an InputSource from a Reader, the basic Java class for streams of characters. A workable plan of attack is to create a class extending Reader that can supply characters to an InputStream from a sequence of character stream sources..."

  • [July 21, 2003] "From XML to Wireless, Office Suites Move With the Times. Enhanced Basics and Added Features Change the Dynamics of Office Suites " By Cecil Wooley. In Government Computer News Volume 22, Number 19 (July 21, 2003). "Office suites are even more indispensable than paper at government agencies. Probably 90 percent of every work task starts within an office suite and combines elements of e-mail, word processing, databases, graphics, spreadsheets, networking, instant messaging and presentations... [In this review] I tested four leading office suites, grading them for quality, ease of use and price. I looked for applications that could interact with each another and, to a lesser extent, with programs that were not in suites. When multiple versions of a suite were available, I chose the version with the most components not designed for specific users -- for example, accountants or Web developers. Microsoft Office, the king of office suites, has by far the largest market share. Office 11, originally due last month, won't arrive until August because of the large number of new features. Microsoft Corp. submitted a late beta version of Office 11 for this review... Overall, Office 11 represents a minor upgrade. The functions that changed since Office XP, especially XML compatibility and the integration of SharePoint Team software, were necessary. The rest was mostly cosmetic. Office remains the top suite for good reason: simple functions, tight integration and excellent business tools for users at all skill levels. Corel WordPerfect Office 11, with mainstays WordPerfect 11, Quattro Pro 11, Presentations 11 and Paradox 10, has run a distant second to Microsoft Office 11 for some time. But since the early 1980s WordPerfect has retained many loyal government users, particularly in legal offices... The WordPerfect file format has changed little since Version 6.1, so archived data is still compatible. There was even a tool to convert older documents to XML format plus an XML editor that made using the converted work simple. Corel apparently has embraced XML even more thoroughly than Microsoft has. Corel also stuck to its strengths. I could print documents with all their coding and save them in Adobe Portable Document Format without any additional steps. For the legal community, there's a wizard to draw up court pleadings... I found StarOffice completely functional though lacking many extras such as document sharing. The drawbacks: no contact manager, scheduler or e-mail client. You could always use Microsoft Outlook Express for e-mail, but that would mean adding programs to the suite and eliminating the plug-and-play advantage... If you need a basic office suite and have little to spend, StarOffice 6 can do the job. Just don't look for the extras that most users have come to expect from other office suites..."

  • [July 21, 2003] "BEA Ships WebLogic Platform 8.1. The Suite Includes BEA's Application Server and JRockit Java Virtual Machine." By James Niccolai. In ComputerWorld (July 18, 2003). "BEA Systems Inc. has announced the general availability of WebLogic Platform 8.1, the latest edition of its suite of Java server software for developing, deploying and integrating business applications. The suite includes BEA's application server and JRockit Java virtual machine, which were released in March 2003, as well as new editions of its portal server, integration server and Workshop development environment. The products can be downloaded together or separately from BEA's Web site. See the annnouncement: "BEA WebLogic Platform 8.1 Ships. New Products Offer Faster Time to Value by Converging the Development and Integration of Applications, Portals and Business Processes."

  • [July 21, 2003] "EIPs More Compelling Than Ever." By Jim Rapoza. In eWEEK (July 21, 2003). "While interest in many enterprise applications has cooled in the last few years, companies remain hot on enterprise information portals. And why not? Portals provide the much-needed ability to integrate and unify access to a company's applications, back-end systems, data sources and content repositories. And unlike many other pricey enterprise applications, EIPs continue to show an excellent return on investment. However, although the attractiveness of portals hasn't changed much, the applications themselves -- as well as the companies that provide them -- have changed a great deal. In eWEEK Labs' last big comparison of EIPs almost two years ago, many of the products we reviewed were moving toward greater use of XML and Java. Based on the products we review here and on other recent stand-alone portal reviews, that move now appears to be complete. In fact, all six of the EIPs we tested this time around are based on Java server technology and use XML heavily in their data structures. Not surprisingly, then, they all did a good job of consuming and creating Web services during our tests. For this eValuation, eWEEK Labs tested many of the major EIPs, which have all been revised during the last few months: Art Technology Group Inc.'s ATG 6.0, BEA Systems Inc.'s WebLogic Portal 8.1, Computer Associates International Inc.'s CleverPath Portal 4.51, Plumtree Software Inc.'s Corporate Portal 5.0, Sybase Inc.'s Enterprise Portal 5.1 and Vignette Corp.'s Application Portal 4.5. We decided not to include in this review portals that are tightly tied to specific back-end applications, such as SAP AG's MySAP... Portal consolidation may be easier now, given that all the systems are similar in their underlying architecture. These similarities will also prove to be a boon to companies implementing EIPs: Just a couple of years ago, implementing portals often meant learning new portlet languages and dealing with unfamiliar server applications. Now, expertise in Java and XML is enough to develop for any portal application. Still, these things are far from commodity products. Companies need to answer questions such as the following to ensure that the portal they're buying will meet their needs. Does the portal make application integration simple? Can multiple portal implementations work together? Does the portal integrate well with existing security infrastructures? Can portal systems be easily managed and monitored? When doing a large comparative review such as this one, one product sometimes jumps clearly to the fore -- either through superior capabilities in all areas or a high level of innovation. In our EIP review, no one product was clearly superior to the others, and all of the products did well in our tests. However, several of the products we tested excelled in specific areas. In development of portlets and Web applications, BEA's WebLogic Portal and its WebLogic Workshop provided one of the best environments we've seen for creating these applications. Plumtree Corporate Portal offered very high levels of customization and design flexibility. And Vignette's Application Portal provided the best and most detailed portal administration interface we've seen..." See the annnouncement on BEA: "BEA WebLogic Platform 8.1 Ships. New Products Offer Faster Time to Value by Converging the Development and Integration of Applications, Portals and Business Processes."

  • [July 21, 2003] "The Security Components Exchange Protocol (SCXP)." By Yixian Yang (Information Security Center, Beijing University of Posts and Telecom, BUPT). IETF Internet Draft. Reference: draft-yang-scxp-00. June 2003, expires December 2003. Section 7 supplies the SCXP XML DTDs (SCXP DTD, channelType Option DTD, channelPRI Option DTD). "This document describes the Security Components Exchange Protocol (SCXP), an application-level protocol for exchanging data between security components. SCXP supports mutual-authentication, integrity, confidentiality and replay protection over a connection-oriented protocol. SCXP is designed on Blocks Extensible Exchange Protocol (BEEP), and it can be looked upon a profile of BEEP in a way. BEEP is a generic application protocol framework for connection-oriented, asynchronous interactions. Within BEEP, features such as authentication, privacy, and reliability through retransmission are provided. A chief objective of this protocol is to exchange data between security components..." See also: "Blocks eXtensible eXchange Protocol Framework (BEEP)."

  • [July 21, 2003] "SCO Takes Aim at Linux Users." By Stephen Shankland and Lisa M. Bowman. In CNET News.com (July 21, 2003). "SCO Group, a company that says Linux infringes on its Unix intellectual property, announced on Monday that it has been granted key Unix copyrights and will start a program to let companies that run Linux avoid litigation by paying licensing fees. The company, which is at the heart of a controversial lawsuit over Linux code, said it plans to offer licenses that will support run-time, binary use of Linux to all companies that use Linux kernel versions 2.4 and later SCO sparked a major controversy in the Linux world in March, when it sued IBM, saying the company had incorporated SCO's Unix code into Linux and seeking $1 billion in damages. The company alleged, among other things, trade secret theft and breach of contract. SCO then updated its demands in June, saying IBM owed it $3 billion. In the meantime, it sent out letters to about 1,500 Linux customers, warning them that their use of Linux could infringe on SCO's intellectual property. The claim of copyrights on the Unix code in question may raise the stakes in the dispute. Some attorneys say a copyright claim, which was not included in the earlier allegations against IBM, could be easier for the company to prove. SCO said prices for licensing its Unix System V source code would be announced in coming weeks. Pricing will be based on the cost of UnixWare 7.13, the company's current Unix product. SCO, at least initially, isn't directly targeting home users of Linux, McBride said..."

  • [July 21, 2003] "XQuery and SQL: Vive la Différence." By Ken North. In DB2 Magazine (Quarter 3, 2003). "Sometimes SQL and XML documents get along fine. Sometimes they don't. A new query language developed by SQL veterans is promising to smooth things over and get everything talking again. It's impossible to discuss the future of the software industry without discussing XML. XML has become so important that SQL is no longer the stock reply to the question, 'What query language is supported by all the major database software companiesfi' The new kid on the block is XQuery, a language for running queries against XML-tagged documents in files and databases. A specification published by the World Wide Web Consortium (W3C) and developed by veterans of the SQL standards process, XQuery emerged because SQL -- which was designed for querying relational data -- isn't a perfect match for XML documents. Although SQL works quite well for XML data when there's a suitable mapping between SQL tables and XML documents, it isn't a universal solution. Some XML documents don't reside in SQL databases. Some are shredded or decomposed before their content is inserted into an SQL database. Others are stored in native XML format, with no decomposition. And the nature of XML documents themselves poses other challenges for SQL. XML documents are hierarchical or tree-structured data. They're self-describing in that they consist of content and markup (tags that identify the content). In SQL databases, such as DB2, individual rows don't contain column names or types because that information is in the system catalog. The XML model is different. As with SQL, schemas that are external to the content they describe define names and type information. However, it's possible to process XML documents without using schemas. XML documents contain embedded tags that label the content. But unlike SQL, order is important when storing and querying XML documents. The nesting and order of elements in a document must be preserved in XML documents. Many queries against documents require positional logic to navigate to the correct node in a document tree. When shredding documents and mapping them to columns, it's necessary to store information about the document structure. Even mapping XML content to SQL columns often requires navigational logic to traverse a document tree. Other requirements for querying XML documents include pattern matching, calculations, expressions, functions, and working with namespaces and schemas... For these and other reasons, the W3C in 1998 convened a workshop to discuss proposals for querying XML and chartered the XML Query Working Group..." General references in XML and Databases."

  • [July 21, 2003] "Foundry Networks Launches XML Switching for Load Balancer. TrafficWorks Ironware OS is Used in its Upper-Layer Load Balancing Switches." By Matt Hamblen. In ComputerWorld (July 21, 2003). "Foundry Networks Inc. today will release a new version of its TrafficWorks Ironware operating system, which is used in its upper-layer load-balancing switches. A key ingredient of Version 9.0 is XML switching capability to control and direct traffic based on XML tags, which should make it easier to control e-commerce traffic over extranets connected to suppliers and customers, Foundry executives said. Among other features, 9.0 also includes an enhancement to provide denial-of-service (DOS) protection, which protects servers against TCP SYN and TCP ACK attacks, according to San Jose-based Foundry. This protection comes at 1.5 million packets/sec., a 15-fold increase over previous versions. Bryan A. Larrieu, vice president of voice, data and system security at CheckFree Corp. in Atlanta, has been testing Version 9.0 and is especially pleased with the DOS protection improvements. He said he has used prior version and had hoped for such an enhancement..."

  • [July 21, 2003] "Content-Centric XML: Coming Soon to an Intranet Near You?" By Robert J. Boeri. In (July 20, 2003). "Content-centric XML hasn't followed its original five-year s