XML Daily Newslink. Wednesday, 21 March 2007

[Robin Cover <robin@oasis-open.org>]

XML Daily Newslink. Wednesday, 21 March 2007
A Cover Pages Publication http://xml.coverpages.org/
Provided by OASIS http://www.oasis-open.org
Edited by Robin Cover

====================================================

This issue of XML Daily Newslink is sponsored by
Sun Microsystems, Inc. http://sun.com

====================================================

HEADLINES:

* European W3C Symposium on eGovernment Report
* SCA BPEL White Paper
* Rethinking SOA Governance
* Liberty Alliance Struggles With Its Own Identity
* IBM Gets Serious About SOA
* DRAMA Project's Fedora Authentication Code Alpha Release
* OpenAJAX Alliance Welcomes Microsoft at AJAXWorld
* Google: AJAX is All About Abusing Standards
* Web Services Tips: Operational Risk and WS-Policy

COVER PAGES:

* Open SOA Collaboration Vendors Advance SCA and SDO Specifications
  for Standardization

----------------------------------------------------------------------

European W3C Symposium on eGovernment Report
Staff, W3C Report

On February 1 and 2, 2007, W3C Spain Office held an European W3C
Symposium on eGovernment in the Feria Internacional de Muestras de
Asturias (FIDMA) at the Palacio de Congresos (International Trade
Fair of Asturias), in Gijón, Spain, to understand specific government
and citizens' needs related to delivery of eGovernment services over
the Web, identify aspects that put Web interoperability at risk and
learn how governments can deliver better and more efficient services
through computer technologies. The symposium program had 11 invited
talks and four panels, structured into four sessions. Most speakers
came from European Governments and organizations that work closely
with them. Attendance was free and open to the public. The first
session was an introductory one and the reminding three had three
talks each showing the point of view of the governments, citizens and
organizations. After the talks there was a panel for each session to
discuss issues raised during the talks and take questions from the
audience. Participants considered a number of issues that affect
eGovernment today, mainly the lack of interoperability, Web
accessibility, need of Best Practices, privacy and identity theft
issues, and others. These issues surfaced during several talks and
panels. Some projects on how to deal with them were presented. There
is a big difference between electronic services and "old" or
"paper-based" ones. Governments seem to build the electronic ones
starting from the old ones, and this does not work as expected.
Electronic ones require a procedural change and a totally different
approach to be effective; they should not be constraint by old ones.

http://www.w3.org/2007/eGov/symposium-spain-report
See also the press release: http://www.w3.org/2007/01/egov-pressrelease

----------------------------------------------------------------------

SCA BPEL White Paper
Mike Edwards, OSOA Technical Report

WS-BPEL, much like the OSOA Service Component Architecture (SCA), is
built around the Web Services concept of separating implementation
code from service interfaces. SCA and WS-BPEL, although based on
similar concepts of connecting services together, do so in different
ways. Fortunately, it is easy to map between the two. SCA and WS-BPEL
are complementary with one another. WS-BPEL is a language for defining
a business process, which can be invoked by clients and can itself
invoke other services. These external interactions, together with the
activities that may occur inside the process, provide a business
orchestration view of a component. SCA, on the other hand, provides a
compositional view of interconnection among service components. SCA
does not in itself allow one to define business or application logic.
This is left to the implementation languages. SCA does support the
aggregation of business services without relying on application states.
It models a birds-eye-view of the system that includes WS-BPEL
processes and other components with which they interact. This overall
view provides a convenient tool to manage the deployment and
configuration of a system. The WS-BPEL Client and Implementation (C+I)
Model is designed to allow any WS-BPEL 2.0 and 1.1 process to be used
without them needing any knowledge of SCA. It allows any executable
WS-BPEL process to be deployed into the SCA runtime without change.
The SCA runtime provides features not defined by the WS-BPEL
specification such as initialization of endpoint references of
partnerLinks via wiring in SCA and initialization of WS-BPEL variable
via SCA properties. Without SCA, such features are provided by vendor
dependent mechanisms.

http://www.osoa.org/display/Main/SCA+BPEL+White+Paper
See also the related SCA news: http://xml.coverpages.org/ni2007-03-21-a.html

----------------------------------------------------------------------

Rethinking SOA Governance
Quinton Wall, BEA Arch2Arch Technical Paper

This article looks at the incentives for organizations to undertake an
effective SOA governance model through a pragmatic approach to
addressing cost and profit. Through the definition of five levels of
governance, pragmatic advice is given here in an attempt to address the
incentives that drive many lines of business-funded initiatives that
may undermine enterprise service adoption. The discussions provide
insight into how a centralized governance process may actually be
assisting in limiting the proliferation of non reusable services
developed by individual lines of business that, through simple cost
benefits analysis, determine it is cheaper to build their own rather
than leverage an enterprise service. Successful governance initiatives
to support SOA adoption are often detailed through two primary and
complementary factors: cost and profit. Both factors form strong
incentives for business leads to counter any governance recommendations
and must be addressed early with the SOA initiative. Many organizations,
through individual bargaining, already have established ad-hoc
processes of governance. Care must be taken when centralizing this
function to ensure both cost and profit remain on the charter of more
mature governance models. Even as organizations centralize these
governance processes, it is very difficult to sustain efficiency until
a market of demand is established to promote organic growth of shared
services and reuse. As the Law of Diminishing Returns identifies,
there will always be a portion of IT or business functions that will
not be cost-effective to transform into shared services. However, as
long as the market-based demand exists, all lines of business will
strive for reuse to increase profit and reduce costs.

http://dev2dev.bea.com/pub/a/2007/03/soa-governance.html

----------------------------------------------------------------------

Liberty Alliance Struggles With Its Own Identity
Alex Handy, SD Times

The Liberty Alliance is having an identity crisis. The group of vendors
and independent developers that came together in 2001 to build
standards and practices for digital identity management will be changing
its tactics in 2007, due to what has been described as a proliferation
of fear, uncertainty and doubt in the marketplace. The 6-year-old
project will attempt to open its processes and discussions to the
public in the coming year, something that it has not done in the past.
The alliance will also be seeking out other identity management
projects to foster collaboration and interoperability. At this year's
RSA Conference, a noticeable number of vendors were offering new
solutions to identity problems. The Liberty Alliance, however, must
fight to make its solutions known, said Roger Sullivan, Liberty
Alliance management board president and vice president of identity
management at Oracle. Among the alliance's goals for 2007 is to
collaborate with existing and new identity projects. You've got OpenID,
the Identity Commons, and the Eclipse-based Project Higgins...
Complicating the task of the Liberty Alliance has been the confusion
around Web services and the overlap between the alliance's work and
WS-* specifications, said Jason Rouault, vice president of the Liberty
Alliance and CTO of identity management at HP Software. "The WS-* set
of specifications are, in essence, plumbing for Web services. The
Liberty work in Web services is really about the efficient profiling
of how you do identity-based Web services in a secure manner.  In
some cases where specifications don't exist, then we add that into
the [WS-*] framework. They're not two separate stacks at this point,
though they might get positioned that way."

http://www.sdtimes.com/article/story-20070301-03.html

----------------------------------------------------------------------

IBM Gets Serious About SOA
Edward J. Correia, SD Times

IBM has unveiled the SOA Quality Management Portfolio, a series of new
and enhanced tools and services for end-to-end SOA testing and QA,
part of which it claims can turn BPEL code into use cases that perform
automated functional testing. Performing this feat is Tester for SOA
Quality. "The bulk of the job is automating," asserted Dave Locke,
IBM Rational's director of offerings marketing, in a phone interview
yesterday. "For business analysts using BPEL tools to illustrate their
processes, we can read BPEL in as a testing scenario and test against
it. We're the only company in the world to do that," he claimed.
Further automation, he said, includes the ability to analyze a
service's interface and, for those lacking graphical UI characteristics,
create the framework for testing them anyway. "To test a component,
you have to feed it something and get something back. Having your
developers build code for that testing is a time-consuming process.
With this capability, we generate a shell for a GUI-less component,
with all the calls and test scripts to ensure that that component
really works as advertised." Supported components include those
written to Web services standards such as SOAP, HTTP and UDDI, Locke
said. "The component has to conform to an SOA approach for us to test
it." Tester for SOA Quality begins shipping on March 27 [2007]. Also
new and shipping two weeks from today is Performance Tester Extension
for SOA Quality, a monitoring tool that Locke said can quickly
pinpoint trouble spots in an SOA.

http://www.sdtimes.com/article/TQA-20070301-03.html

----------------------------------------------------------------------

DRAMA Project's Fedora Authentication Code Alpha Release
Staff, DigitalKoans Blog

The DRAMA (Digital Repository Authorization Middleware Architecture)
project has released an alpha version of its Fedora authentication
code. DRAMA is part of the RAMP (Research Activityflow and Middleware
Priorities Project) project. Here's an excerpt from the fedora-commons-
users announcement about the release's features: (1) Federated
authentication (using Shibboleth) for Fedora; (2) Extended XACML
engine support via the introduction of an XML database for storing
and querying policies and XACML requests over web services; (3) Re-
factoring of Fedora XACML authorization into an interceptor layer
which is separate from Fedora; (4) A new web GUI for Fedora nicknamed
"mura". [From the project description: "The Research Activityflow and
Middleware Priorities (RAMP) project seeks to improve national research
effectiveness by addressing two of the most challenging components of
the DEST/JISC E-Framework for Education and Research and the DEST
Accessibility Framework -- the areas of people-oriented workflows for
research processes, and open standards authorisation for protected
repositories. [One] challenging component of the E-Framework that RAMP
addresses is open standards authorisation (using XACML). There is an
increasing need for flexible management of protected content as part
of repositories such as Institutional Repositories, E-Reserves, etc,
but most approaches to protected content rely on hardwired or
proprietary authorisation mechanisms that are inefficient, costly,
inflexible and promote system lock-in. The RAMP project will address
the need for open standards authorisation through the creation of a
generalised XACML authorisation module that could potentially be
adopted by any repository system. This module will be implemented and
tested initially using the Fedora repository, based on existing work
on Fedora and XACML from MAMS and ARROW. Subsequent implementation
with other repository systems will be explored."]

http://www.escholarlypub.com/digitalkoans/2007/03/21/drama-projects-fedora-authentication-code-alpha-release/
See also RAMP: http://www.ramp.org.au/

----------------------------------------------------------------------

OpenAJAX Alliance Welcomes Microsoft at AJAXWorld
Staff, AJAXWorld

OpenAJAX Alliance, an open industry collaboration dedicated to
developing and expanding AJAX, today announced AJAXWorld Conference &
Expo in New York City that its membership has grown to 72 with the
addition of Microsoft Corporation and 30 other companies. "Microsoft
is joining the OpenAJAX Alliance to collaborate with other industry
leaders to help evolve AJAX-style development by ensuring a high
degree of interoperability," said Keith Smith, group product manager
of the Core Web Platform & Tools to UX Web/Client Platform & Tools
team at Microsoft Corp. "By joining OpenAJAX, Microsoft is continuing
its commitment to empower Web developers with technology that works
cross-browser and cross-platform." The newest OpenAjax Alliance
members include: 24SevenOffice, ActiveGrid, ActiveState, Appeon,
Aptana, Arimaan Global Consulting, Custom Credit Systems (Thinwire),
ESRI, Getahead (DWR), Global Computer Enterprises, GoETC, Helmi
Technologies, HR-XML, iPolipo, Isomorphic Software, JSSL,
Lightstreamer, Microsoft, MobileAware, NetScript Technologies,
OpenSpot, OpenSymphony (OpenQA), OpSource, OS3.IT, Redmonk, Tealeaf
Technology, Teleca Mobile, Transmend, Visible Measures, Visual
WebGui and Volantis Systems. [Bertrand Le Roy Blog: "I'm extremely
pleased to announce that we're joining OpenAjax today and that I'll
represent the company in the organization's meetings starting this
Thursday. This is a way for us to ensure that our user community
can combine the Microsoft AJAX Library and ASP.NET 2.0 AJAX
Extensions with other frameworks, today and in the future.
Interoperability in the browser is a hard problem but it opens key
Ajax scenarios. An industry-wide organization such as OpenAjax is
a great way to ensure this goal is met in the long-term."]

http://java.sys-con.com/read/351425.htm
See also the Blog: http://weblogs.asp.net/bleroy/archive/2007/03/20/microsoft-joins-openajax.aspx

----------------------------------------------------------------------

Google: AJAX is All About Abusing Standards
Sean Michael Kerner, Internetnews.com

If there is one application that propelled the term AJAX into the
mainstream it is Google Maps. Before Google Maps, the Internet
world was a flat place without dragable maps and without online
mailboxes that looked like their desktop counterparts. Google
project manager Bret Taylor said AJAX has become a mainstream
development approach since he and his team rolled out the first
AJAX version of Google Maps in 2005, with sites big and small
implementing the technology. "AJAX has revolutionized the way
people expect Web applications to behave," Taylor told a capacity
crowd at the AjaxWorld conference here. "Users now expect the same
level of interactivity as the desktop." Two years ago, a WSDL would
have been necessary to enable mash-ups; today, using AJAX-friendly
APIs, a developer can embed a Google map with just three lines of
JavaScript. What, besides Google Maps, helped AJAX use grow? Taylor
argued that it wasn't standards, as most people might think. After
all, HTTP, CSS, JavaScript, XML and DOM were all kicking around at
the time and had not changed in years. "AJAX is not defined by
standards but by abusing standards," Taylor boldly proclaimed. DOM,
for example, which is supposed to be about documents, is "abused"
in Google Maps because it does something it was never intended to
do with graphics: cross host communication. This, Taylor explained,
is achieved by abusing the JavaScript script tag injection feature...

http://www.internetnews.com/dev-news/article.php/3666586

----------------------------------------------------------------------

Web Services Tips: Operational Risk and WS-Policy
Mark R. Temple-Raston

WS-Policy is a soon-to-be proposed W3C standard that has received a
great deal of focus from both technology product vendors and their
customers. As is often the case, the vendor provides one useful view,
and the customer provides another. Occasionally they agree. There
seems to be agreement on the importance of a policy standard for Web
architectures. This is not surprising for two reasons. One, from a
business perspective, policy is how a company is managed. Two, Web
architectures are an increasingly important part of the global
business architecture. We note that operational risk is distributed
by nature -- and therefore can benefit from Web architecture. Other
types of financial risk, like market and credit risk, tend towards
centralization and remote procedure-like calls. Service-oriented
architectures must, of course, operate usefully and effectively in
both environments. WS-Policy introduces a standard policy formulation
that can be correctly interpreted (in other words, inter-operable)
and enforced across various elements of the infrastructure. WS-Policies
are expressed as valid intersections of constraints and conditions
that govern how a Web service and its consumers interact. A given
policy assertion in WS-Policy identifies a domain (e.g. security,
messaging, reliability and transaction) and a required behavior that
can be effectively managed across departments, business units and
partners. Compare the WS-Policy domains just mentioned with the first
five operational risk loss categories defined by the regulators. They
align. It seems quite possible that the link between Operational
Risk Policy and WS-Policy will yield insights into the evolution of
business IT infrastructure, governance and WS-Policy.

http://searchwebservices.techtarget.com/tip/0,289483,sid26_gci1246911,00.html
See also Web Services Policy: http://www.w3.org/TR/ws-policy

======================================================================
Selected From The Cover Pages, by Robin Cover
======================================================================

Open SOA Collaboration Vendors Advance SCA and SDO Specifications for
Standardization

The OSOA Collaboration represented by eighteen leading technology
vendors announced that key Service Component Architecture (SCA) and
Service Data Objects (SDO) specifications have completed incubation
and will be submitted to OASIS and the Java Community Process for
advancement through formal standardization processes.  The vendors
include BEA Systems, Cape Clear, IBM Corporation, Interface21, IONA,
Oracle, Primeton Technologies, Progress Software, Red Hat, Rogue Wave
Software, SAP AG, Siemens AG, Software AG, Sun Microsystems, Sybase,
TIBCO Software, Xcalia, and Zend. The Service Component Architecture
(SCA) specifications have been in progress since 2005, and are now
considered mature; the industry partners intend to turn over their
standardization process to OASIS.  Additionally, the partners have
completed work on the SDO specifications, designed to enable uniform
access to data residing in multiple locations and formats, and will
turn over stewardship of SDO/Java work to the Java Community Process
(JCP), and non-Java (C++) work to OASIS. The OSOA industry partners
will continue to incubate and drive technology initiatives focused
on simplifying SOA application development. Additionally, the group's
vendor-neutral Web site (www.OSOA.org) will continue to serve as an
information resource for access to draft specifications and white
papers, and provide a forum for industry input and feedback.

http://xml.coverpages.org/ni2007-03-21-a.html

----------------------------------------------------------------------

XML Daily Newslink and Cover Pages are sponsored by:

BEA Systems, Inc.         http://www.bea.com
IBM Corporation           http://www.ibm.com
Innodata Isogen           http://www.innodata-isogen.com
SAP AG                    http://www.sap.com
Sun Microsystems, Inc.    http://sun.com

----------------------------------------------------------------------

Newsletter subscribe: xml-dailynews-subscribe@lists.xml.org
Newsletter unsubscribe: xml-dailynews-unsubscribe@lists.xml.org
Newsletter help: xml-dailynews-help@lists.xml.org
Cover Pages: http://xml.coverpages.org/

----------------------------------------------------------------------