XML Daily Newslink. Tuesday, 14 November 2006

[Robin Cover <robin@oasis-open.org>]

XML Daily Newslink. Tuesday, 14 November 2006
A Cover Pages Publication http://xml.coverpages.org/
Provided by OASIS http://www.oasis-open.org
Edited by Robin Cover

====================================================

This issue of XML Daily Newslink is sponsored by
Sun Microsystems, Inc.  http://sun.com

====================================================

HEADLINES:

* Release of Apache AXIOM (WebServices Commons) 1.2
* The Platform for Privacy Preferences 1.1 (P3P1.1) Specification
* XForms and P3P: Help Users Manage Their Privacy Preferences
* SAML Profile and Extension Specifications Issued for Review
* Five Strategies for Changing from XSLT 1.0 to 2.0
* What Is Business Process Modeling?
* Open Text Readies Livelink ECM 10
* Thinking XML: The XML Decade
* EU Funds Software Quality Observatory for Open Source Software (SQO-OSS)

----------------------------------------------------------------------

Release of Apache AXIOM (WebServices Commons) 1.2
Staff, ApacheNews.org

The Apache AXIOM development team, working as part of the Apache
WebServices Commons Subproject, has announced the release of Version
1.2 of Apache AXIOM. Apache AXIOM is a StAX-based, XML Infoset
compliant object model which supports on-demand building of the object
tree. It supports a novel "pull-through" model which allows one to
turn off the tree building and directly access the underlying pull
event stream. It also has built-in support for XML Optimized Packaging
(XOP) and MTOM, the combination of which allows XML to carry binary
data efficiently and in a transparent manner. The combination of these
results in a easy to use API with a very high performant architecture.
Key Features include: (1) Full XML Infoset compliant XML object model;
(2) StAX based builders with on-demand building and pull-through;
(3) XOP/MTOM support offering direct binary support; (4) Convenient
SOAP Infoset API on top of AXIOM; (5) Two implementations are included
[linked list based implementation; W3C DOM supporting implementation];
(6) High performant. New in the release: improved XML serialization,
improved Builder hierarchy, improved MTOM handling, numerous bug fixes.

http://www.apachenews.org/archives/000907.html
See also on the Apache Axis2 1.1 release: http://www.apachenews.org/archives/000908.html

----------------------------------------------------------------------

The Platform for Privacy Preferences 1.1 (P3P1.1) Specification
Rigo Wenning and Matthias Schunter (eds.), W3C Technical Report

W3C's P3P Specification Working Group has published "The Platform for
Privacy Preferences 1.1 (P3P1.1) Specification" as a W3C Working Group
Note. The P3P specification provides a way for a Web site to encode
its data-collection and data-use practices in a machine-readable XML
format known as a P3P policy. The P3P specification defines: (1) A
standard schema for data a Web site may wish to collect, known as the
"P3P base data schema"; (2) A standard set of uses, recipients, data
categories, and other privacy disclosures; (3) An XML format for
expressing a privacy policy; (4) A means of associating privacy
policies with Web pages or sites, and cookies; (5) A mechanism for
transporting P3P policies over HTTP. The goal of P3P is twofold. First,
it allows Web sites to present their data-collection practices in a
standardized, machine-readable, easy-to-locate manner. Second, it
enables Web users to understand what data will be collected by sites
they visit, how that data will be used, and what data/uses they may
"opt-out" of or "opt-in" to. The P3P 1.1 document, along with its
normative references, includes all the specification necessary for
the implementation of interoperable P3P 1.1 applications. P3P 1.1 is
based on the P3P 1.0 Recommendation and adds some features using the
P3P 1.0 Extension mechanism. It also contains a new binding mechanism
that can be used to bind policies for XML Applications beyond HTTP
transactions. Although W3C does not have plans at this time to advance
P3P 1.1 to Recommendation, the team anticipates more work in the area
of Web privacy and invites the P3P community to continue discussions
about P3P.

http://www.w3.org/TR/2006/NOTE-P3P11-20061113/
See also the P3P 1.1 Specification Working Group: http://www.w3.org/P3P/1.1/

----------------------------------------------------------------------

XForms and P3P: Help Users Manage Their Privacy Preferences
Nicholas Chase, IBM developerWorks

Because of the rise of identity theft, online privacy has become a big
issue. Many sites have privacy policies in place, but who has time to
read and decipher each one as you do your daily surfing? Fortunately,
there is an easier way. The Platform for Privacy Preferences, or P3P,
provides a standard way for sites to define the information they collect,
which makes it possible for tools to do the deciphering for you. Because
XForms is so often used to collect personal information, it is crucial
that it be included in this process. It would certainly be convenient
to have the ability to tell your browser to look for certain
characteristics of a privacy policy and notify you in situations in
which the privacy policy is not acceptable, or is at least questionable.
For example, you may be fine with the idea of giving out your phone
number to a company that will use it only for the current transaction
and will retain it for less than two weeks, but if the company is going
to release that information to a third party, you may want to know that
before you give your number in the first place.This article explains how
the Platform for Privacy Preferences works, and how to integrate your
XForms with it. XForms provides an easy way to specify the information
you're collecting in terms of standard data recognized by the Platform
for Privacy Preferences. By specifying your data in this way, you are
providing a service for both the user and for yourself. For the user,
you enable automated tools to provide better information about the
information you're collecting, which enables the user to make better
informed decisions about what to do and whether to provide that
information.

http://www.ibm.com/developerworks/xml/library/x-xformsp3p/
See XML and Forms: http://xml.coverpages.org/xmlForms.html

----------------------------------------------------------------------

SAML Profile and Extension Specifications Issued for Review
Members, OASIS Security Services (SAML) TC

The OASIS SSTC has published a collection of three post-SAML V2.0
profiles and extensions for public review. The public review began on
12-November-2006 and ends 27-November-2006. The "Metadata Profile for
the OASIS Security Assertion Markup Language (SAML) V1.x" document
defines a profile of the SAML V2.0 metadata specification for use in
describing SAML V1.0 and V1.1 entities and profiles. SAML profiles
require agreements between system entities regarding identifiers,
binding/profile support and endpoints, certificates and keys, and so
forth. A metadata specification is useful for describing this
information in a standardized way. Although SAML V1.0 and V1.1 did not
include such a specification, SAML V2.0 includes one. The "Metadata
Extension for SAML V2.0 and V1.x Query Requesters" specification defines
a set of role descriptor types that describe a standalone SAML query
requester for each of the three predefined query types. The profile
addresses both SAML V1.x and SAML V2.0 query requesters. It defines
new role descriptor types that support the requester role of the three
predefined SAML query types: authentication, attribute, and
authorization decision.  Protocol extensions consist of elements
defined for inclusion in the 'samlp:Extensions' markup element that
modify the behavior of SAML requesters and responders when processing
extended protocol messages. The specification "SAML V2.0 Protocol
Extension for Third-Party Requests" defines an extension to the SAML
V2.0 protocol specification that overrides the implicit relationship
between the issuer of a request and the intended response recipient.
Normally these are the same entity. The use of this extension allows
a third party to make a request on behalf of another entity to whom
the response should be delivered.

http://docs.oasis-open.org/security/saml/SpecDrafts-Post2.0/sstc-saml1x-metadata-cd-02.html
See also the announcement: http://lists.oasis-open.org/archives/tc-announce/200611/msg00005.html

----------------------------------------------------------------------

Five Strategies for Changing from XSLT 1.0 to 2.0
David Marston and Joanne Tong, IBM developerWorks

XSLT 2.0, the latest specification released by the W3C, is a language
for transforming XML documents. It includes numerous new features, with
some specifically designed to address shortcomings in XSLT 1.0. XSLT
2.0 has features that allow a gradual upgrade of 1.0 stylesheets.
However, some situations call for an overhaul, so that the whole
architecture can be reviewed and improved. Should you overhaul or try
the gradual approach? The 2.0 version of the XSLT spec introduces the
term stylesheet modules to encompass the units (typically files) that
are imported or included into the collective entity called the
stylesheet. Modules offer stronger separation than the separation
between templates, mainly because XSLT declarations are often scoped
to a single module. The author here presents five options that represent
five purified views of upgrading -- or not upgrading, because the
do-nothing option is also covered. You'll want to consider two kinds
of decision factors when you choose an option: organizational capability
factors and impact factors deriving from the 2.0 features that appeal
to you. If, after reading this article and thinking about what would
work best, you plan to upgrade incrementally, you can use modules to
separate old XSLT code from the new, in addition to whatever modularity
you already have.  This collection of articles provides a high-level
overview and an in-depth look at XSLT 2.0 from the point of view of
an XSLT 1.0 user wishing to fix old problems, learn new techniques,
and discover what to look out for. We provide examples derived from
common applications and practical suggestions for those who wish to
upgrade. To help you begin to use XSLT 2.0, migration techniques are
provided.

http://www-128.ibm.com/developerworks/library/x-xslt20pt2.html

----------------------------------------------------------------------

What Is Business Process Modeling?
Michael Havey, O'Reilly ONJava.com

Over the years, the scope of business processes and BPM has broadened.
Less than a decade ago, BPM, known then as "workflow," was a groupware
technology that helped manage and drive largely human-based, paper-
driven processes within a corporate department. For example, to handle
a claim, an insurance claims process, taking as input a scanned image
of a paper claims form, would pass the form electronically from the
mailbox (or worklist) of one claims specialist to that of another,
mimicking the traditional movement of interoffice mail from desk to
desk. BPM today is an enterprise integration technology complementing
Service-Oriented Architecture (SOA), Enterprise Application Integration
(EAI), and Enterprise Service Bus (ESB). The contemporary process
orchestrates complex system interactions, and is itself a service
capable of communicating and conversing with the processes of other
companies according to well-defined technical contracts. A retailer's
process to handle a purchase order, for example, is a service that
uses XML messages to converse with the service-based processes of
consumers and warehouses. BPM's standards are ostensibly a murky
alphabet soup, but when the best of them are combined properly, they
form a surprisingly intelligible architecture... At the heart of the
architecture [as summarized] is a runtime engine that executes
processes whose source code is written in the XML-based BPEL language,
the most famous and widely adopted BPM standard, and the best of the
BPM execution languages. These processes are designed, by business and
technical analysts, using a graphical editor that supports the visual
flowchart language BPMN, the best of BPM's graphical languages. The
editor includes an exporter that generates BPEL code (which is then
deployed to the engine) from BPMN diagrams. The BPMN-to-BPEL
development cycle is analogous to that of UML-to-Java in many current
Java development tools.

http://www.onjava.com/pub/a/onjava/2005/07/20/businessprocessmodeling.html
See also Messaging and Transaction Coordination: http://xml.coverpages.org/coordination.html

----------------------------------------------------------------------

Open Text Readies Livelink ECM 10
China Martens, InfoWorld

Amid the ongoing consolidation in the enterprise content management
(ECM) software market, Canadian player Open Text hopes to remain both
an independent entity and relevant by tightening its partnerships with
vendors that provide more base-level ECM. Open Text, in Waterloo,
Ontario, is aligning itself ever closer with Microsoft, Oracle, and SAP.
Over the course of this week at its LiveLinkUp 2006 annual user
conference in Phoenix, the ECM vendor will make announcements centered
on further integrating its Livelink products with enterprise and
desktop applications from those partners. In particular, Open Text on
Monday took the wraps off the next major release of its ECM software,
Livelink ECM 10. The company is releasing some components of the
product now with a full-blown version of the software to ship in the
first half of next year, according to Kirk Roberts, executive vice
president of products, solutions and marketing at Open Text. New
features in the upcoming release include the ability to make its
easier to institute content retention across a customer's IT systems
and to manage content stored in applications from Microsoft, SAP and
Oracle as well as that contained in Microsoft's SharePoint Portal
Server 2003 and its Outlook e-mail software. Users will also be able
to access business data that resides in ERP systems through
Microsoft's Outlook. Open Text will make Web services APIs
(application programming interfaces) for its Livelink enterprise
library and content services available to encourage its customers
and partners to both integrate Livelink ECM 10 with third-party
applications and customize the software. The vendor will also provide
a sneak peek at BI (business intelligence) functionality it gained
through the acquisition of Hummingbird in October. Open Text has
integrated the BI capabilities including enhanced reporting and
dashboard features into its Livelink ECM -- Internal Controls
governance, risk and compliance (GRC) software.

http://www.infoworld.com/article/06/11/13/HNlivelinkecm10_1.html

----------------------------------------------------------------------

Thinking XML: The XML Decade
Uche Ogbuji, IBM developerWorks

XML is approaching 10 years old. How closely depends on how you're
counting. The W3C Recommendation Extensible Markup Language (XML) 1.0
was published on 10-February-1998. Work on XML started around 1996,
however, rooted in almost thirty years of SGML. The design principles
for XML, which guided its development were published on 25 August 1996.
The first working draft, published on 14-November-1996 defined
documents very similar to the majority of XML you might see today.
Many of the changes between that first draft and the final
recommendation were in more obscure areas of the standard. The basic
idea of labeled, balanced, hierarchical tags and clearly defined text
encoding were well in place in 1996, and so IBM Systems Journal accounts
2006 the year of XML's decade. Regardless of whether you agree with
their counting, it is a volume well worth a thorough read by all XML
professionals as it combines an interesting retrospective of XML with
some useful articles discussing specific techniques and development,
providing a glimpse into the future of the technology, and thus our
profession. The ubiquity of XML leads programmers, database analysts,
technical writers, systems integrators and more run towards requirements
for processing XML in the normal course of their business. If XML is
to stay relevant across the changing face of technology, it's important
to educate newcomers of its fundamental goals. XML is about durable
data, but adopting XML by itself does not necessarily make data durable.
This ten-year milestone (give or take) is a good occasion to examine
how to ensure that we will see the long-term benefits from having
entrusted so much data to the XML sphere of technologies. I look
forward to seeing further technical and non-technical assessments of
XML's past, present and future over the next couple of years. [Ed.
note: this special issue contains one of the finest essay collections
on XML that I've seen in recent years. -rcc]

http://www-128.ibm.com/developerworks/library/x-think38.html
See also Celebrating 10 Years of XML: http://www.research.ibm.com/journal/sj45-2.html

----------------------------------------------------------------------

EU Funds Software Quality Observatory for Open Source Software (SQO-OSS)
European Communities, eGovernment News

The European Commission has awarded 1.6 million euro in funding to a
consortium of leading European consultants and research bodies: the
Software Quality Observatory for Open Source Software (SQO-OSS). The
project teams will analyse and benchmark the quality of open source
software and prove its suitability for use in European business. The
aim of the SQO-OSS project is to develop a suite of software quality-
assessment tools to analyse and benchmark the quality of source code
and prove its suitability for use in a business environment. In so
doing, it hopes to address one of the perceived barriers to the
adoption of OSS solutions -- proof that free and open software can
effectively compete with and even, in some cases, outperform,
proprietary brand-marketed software. More specifically, the project
will deliver a plug-in based quality-assessment platform, featuring a
web and an IDE front end, and develop a set of software metrics that
will take into account quality indicators from data that is present in
an Open Source project's repository. It will also publish a league of
Open Source software applications, categorised by their quality. The
core products of the project will be released as Open Source under
the BSD licence to stimulate business interest. Lead by the Athens
University of Economics and Business, consortium participants include
UK-based Sirius Corporation, KDE e.V. and ProSyst in Germany, KDAB in
Sweden and the Aristotle University of Thessaloniki, Greece.

http://ec.europa.eu/idabc/en/document/6269/194
See also the SQO-OSS web site: http://www.sqo-oss.eu/

----------------------------------------------------------------------


XML Daily Newslink and Cover Pages are sponsored by:

BEA Systems, Inc.         http://www.bea.com
IBM Corporation           http://www.ibm.com
Innodata Isogen           http://www.innodata-isogen.com
SAP AG                    http://www.sap.com
Sun Microsystems, Inc.    http://sun.com

----------------------------------------------------------------------

Newsletter subscribe: xml-dailynews-subscribe@lists.xml.org
Newsletter unsubscribe: xml-dailynews-unsubscribe@lists.xml.org
Newsletter help: xml-dailynews-help@lists.xml.org
Cover Pages: http://xml.coverpages.org/

----------------------------------------------------------------------