Previous Issue Current Issue Main page
Fusion Authority Fusion Authority
The House of Fusion Technical Magazine
Issue: 166

April 1, 2007
April 18, 2007
This is an opt-in magazine. To join, leave or change subscription mode, please visit the signup page. All content of this magazine is copyright Fusion Authority, Inc. It may not be reproduced without permission.

Community
House of Fusion Expanding Staff
 
News
Adobe/ColdFusion News Brief: April 6, 2007
ColdFusion Community Search 23 Sites Away from the Thousand-mark!
House of Fusion Introduces New Mailing List Manager Console!
cf.Objective() Hotel Special Room Rate Available Until April 19th!
cf.Objective() Announces the Attend the Conference in Luxury Contest!
 
Security
Web Services Interoperability Organization Releases a Basic Security Profile
 

Community

House of Fusion Expanding Staff

In order to better serve the community, Fusion Authority has decided to increase its editorial staff. Our solution? Taking a cue from our upcoming Fusion Authority Quarterly Update issue, which includes the article "Growing Your Own Developers" by Doug Boude, we have decided to build our own -- from the ground up. Therefore, on Friday, April 13th, at 6:33 pm, we acquired this new member, Sarah Binah Dinowitz. More information can be found here: http://www.houseoffusion.com/sarah-binah/.

[Top]


News

Adobe/ColdFusion News Brief: April 6, 2007

by Judith Dinowitz

cf.Objective(): Conference Schedule Up and New Contest Announced

cf.Objective() has put up the schedule for the conference, including some new Top Secret Scorpio! sessions by Jason Delmore and Adam Lehman and a new session on ColdSpring by Dave Ross. They've also started running a contest that gives four lucky attendees a 4GB iPod Nano, and they've announced the first winner: Wil Genovese of WolfNet. The prize will be awarded at the conference at the first keynote. If you want to be in the drawing, just register for the conference soon!

Also, a reminder: The cf.Objective() special hotel rate is only guaranteed until April 12th, so if you're going, you might want to reserve your room now!

cf.Objective() Schedule
cf.Objective() Registration
cf.Objective() News Page

Visibone Releases New MySQL Cheat-Sheet

Those who use MySQL should be glad of this new cheat-sheet from Visibone. Here is a small preview of what you'll find:

The cheat sheet comes as a laminated card, for $10, or a wall chart, for $25, and includes:

SQL Cheat-Sheet from Visibone

ColdFusion Online Meetup Group Headed by Charlie Arehart and Raymond Camden

Steven Erat, who has headed the ColdFusion online Meetup Group for three years, has now passed on leadership to Charlie Arehart and Raymond Camden. Charlie and Raymond have put out a call for ideas on topics for meetups, and have started a new mailing list. According to Charlie, It's a great new way to stay in touch, share info with, and ask questions of each other. via email rather than having to keep checking the Meetup.com website and its message forum. Like most CF lists, the goal is that discussions be CF-related. Only list members can participate in the mailing list.

You can sign up on the site at http://www.meetup.com/account/?tab=comm.

Some quick notes on the ColdFusion Meeting mailing list:

Virtual Ubiquity Blog Announces Work on Flex-Based Real World Word Processor

I find this very exciting, because as an editor, I need a word processor that allows me to work on files both online and offline with my authors without sending umpteen different file versions back and forth. Microsoft Word just doesn't do it for me. I've been using Google Docs as a stopgap solution, but Google doesn't give me the fine control that I need to make changes, track those changes and accept them or pull back on them, while still seeing exactly how the article will look in print. Buzzword, the application that the Virtual Ubiquity folks are working on, may be just what I need. In the blog entry below, they discuss the different technologies they looked at, and why they settled on Flex and Apollo.

Flash vs. AJAX
Checking in on Apollo (InfoQ, April 6, 2007)

Call for Topics for MAX Ends April 9th

If you haven't gotten your topic in for MAX, you should do so before this Monday, April 9th. For more details, visit the MAX site: http://www.adobemax2007.com.

Is Flash Better Than Java?

This ZDNet post by Ed Burnette highlights the fact that Flash has been taking away mindshare from Java in the mobile and application space. I found it interesting to read Ed's call to Java developers, now that Java 7 is open, to work together to build an open community around a new Java-based viewer (which we might not even want to call 'Java') and to create a better Java user experience so that there won't be any needless conversions down the road for Java developers.

Is Flash Better than Java? (ZDNet, April 5, 2007)


Judith Dinowitz is Editor-in-Chief of Fusion Authority, the House of Fusion Technical Magazine, and the Fusion Authority Quarterly Update. She is well-known as the CFEditor, having worked on many articles and books for other publications.

[Top]

ColdFusion Community Search 23 Sites Away from the Thousand-mark!

The ColdFusion Community Search on House of Fusion has 977 ColdFusion-focused sites and we just need 23 more to hit a cool 1,000. If you'd like to suggest a site, you can send it to us directly using the House of Fusion contact form or by joining as a ColdFusion Community Search contributor.

We can easily hit 1,000 on our own, but we want to make this a community affair.

Thanks for your help and suggestions.

[Top]

House of Fusion Introduces New Mailing List Manager Console!

We've been working hard on making House of Fusion even better and more usable. One of the features we've had on our to-do list was a central Mailing List Manager Console, so that all subscribers could see all of the mailing lists on the site, and their current subscription status.

We are always open to suggestions on how to make any feature of our site more user-friendly. If you have any suggestions for this, or any other feature, you can use our House of Fusion contact form and let us know what you'd like to see.

[Top]

cf.Objective() Hotel Special Room Rate Available Until April 19th!

cf.Objective() has announced that the original cutoff date for the guaranteed hotel rate of $109.00 a night has been extended to April 19th, a week past the original deadline of April 12th. So those who are registered for the conference might want to reserve their hotel rooms this week.

cf.Objective() 2007 Venue Page

[Top]

cf.Objective() Announces the Attend the Conference in Luxury Contest!

Anyone who is registered by April 19, 2007 for the cf.Objective 2007 Conference will be entered in the "Attend the Conference in Luxury!" Contest.

You will Enjoy:

So Register Now at www.cfobjective.com!

Sofitel Minneapolis Presidential Suite

The Sofitel Minneapolis Presidential Suite is luxury as only Sofitel can present. Relax in the 900 sq ft. Contemporary European setting of lush furnishings and décor. The Parlor offers exquisite design and functionality. A comfortable seating area and 42" Flat Panel LG TV creates the perfect setting for relaxation. Need to get down to business? The oversized Executive Desk and T-Mobile wireless internet capabilities provide the ideal setting for all of your business needs. The luxury bathroom of marble and granite, as well as the beautiful French doors make the Presidential Parlor a room all its own.

Beyond the French doors, enter into true relaxation and pampering. The King sized bed features the Sofitel "MyBed". This hypo-allergenic down sleep system envelops you with a down mattress, comforter, and over-sized pillows. We recommend two wake-up calls! The bathroom will delight your senses and ease your mind after a busy day. The Whirlpool Tub, candles and luxurious bath linens and amenities will take the stress of the day away. The walk-in Rain Shower, just beyond the Whirlpool Tub, is a shower experience like no other! Granite, marble, and unique accessories make this a fantastic area to relax and pamper

Terms and Conditions

To qualify for this contest, you must register for the conference and book your hotel room by April 19th. The winner will stay in the Presidential Suite but will only pay the regular room rate ($109 + tax per night).

So Register Now at www.cfobjective.com!

[Top]


Security

Web Services Interoperability Organization Releases a Basic Security Profile

by Russel Madere

On Tuesday, April 3, 2007 I attended a webcast press briefing by the Web Services Interoperability Organization (WS-I), where they announced the release of their Basic Security Profile. The event was primarily a high-level view of the Basic Security Profile, but also provided background information on the organization and their work. There were three presenters: Anne Thomas Manes (Vice President and Research Director, Burton Group), Michael Bechauf (President and Chair, WS-I) and Paul Cotton (Chair, Basic Security Profile Working Group, WS-I).

Manes opened the conference by discussing the need for the work of WS-I. The current web service standards can be confusing, especially when applied to interoperability and security. WS-I clears up this confusion by publishing their profiles.

Bechauf then provided more detailed information on the WS-I, explaining that the goal of the organization is to give practical guidance on implementing the various standards, suggest best practices and provide additional resources for implementation. Its primary product is a series of profiles which take the published IETF and OASIS (Organization for the Advancement of Structured Information Standards) standards and discuss practical implementations.

These profiles provide guidelines and conventions for the implementations. A good description is that the profile limits or removes optionality for assorted features. Additionally, the profiles are designed to meet customer requirements, as defined by the assorted WS-I working groups. The WS-I Sample Applications and Testing Tools Working Groups also provide sample code, implementation and test cases for the profiles. Finally, no profile is considered final until there are at least four "real world" implementations available.

The announced profile, the Basic Security Profile 1.0, was the product of the Basic Security Profile Working Group. The profile is based upon their Basic Profile 1.0 and 1.1 and the Simple SOAP Binding Profile 1.0.

Additionally, Bechauf said that the WS-I is pursuing ISO Standard certification on their profiles. The Basic Profile 1.0 and 1.1 were submitted in August 2006.

Cotton stepped up to provide specific information on the Basic Security Profile (BSP). His working group had three deliverables: the Security Challenges, Threats and Countermeasures document, the Basic Security Profile 1.0 on WSS 1.0 and the Basic Security Profile 1.1 on WSS 1.1. Of these, the Security Challenges, Threats and Countermeasures document and the Basic Security Profile 1.0 have been finalized.

The BSP is available on the WS-I web site, and covers Transport Layer Security, the OASIS Web Service Security 1.0 Core, WSS 1.0 tokens (username, X.509, REL and SAML), WSS 1.1 tokens (Kerberos), XML signatures and XML encryption.

The BSP is a general implementation with a number of options. However, the working group tried to take all of the MAY and SHOULD statements from WSS 1.0 turn them into MUST statements. They also applied the same process to the normative, associated documents and the WSS tokens, including the WSS 1.1 Kerberos token. To bring the BSP into alignment with the Attachments Profile, they profiled SOAP with Attachments 1.1. They provided an extensive list of security considerations, and the BSP addresses the "Out of Scope" extensibility points.

Cotton said his working group will continue to work on the BSP Errata 1.0 and to complete the BSP 1.1, and will continue to collaborate with Sample Applications and the Testing Tools Working Groups on version 1.1 tools and applications.

Manes concluded the webcast by explaining the importance of web service security and interoperability. The Basic Security Profile can be used as a blueprint to implement the assorted security options. There is no one way to do this, but she suggested using both Transport (SSL) and Application (WSS token) security.

The presentation was followed by a brief question and answer session. Only two questions were asked and they were technical questions concerning the BPS working with other standards or profiles, specifically the WS-I Reliable Secure Profile (RSP) and the RosettaNet Multiple Messaging System(MMS). The answers provided the most applicable information of the webcast.

The BSP and the RSP are different, distantly-related profiles. The BSP deals exclusively with securing access to a web service while the RSP deals with securing the conversation between a web service and a consumer. The two profiles are meant to work together with the Basic Profile to guarantee interoperability and eliminate ambiguity in the standards.

The MMS describes how to conduct Business to Business transactions. It seems to be an attempt to replace the RosettaNet RNIF protocol with web services. The MMS would rely on the BSP to conduct the transactions across the different proprietary RosettaNet formats. More information on the MMS can be found on the RosettaNet website.

This question led to the most important revelation of the webcast, that B2B transactions with web services would rely on the WS-I Basic Profile, BSP and RSP to guarantee secure and reliable data exchange.

Though the press briefing lack a great deal of technical detail, it provided enough to tantalize me. I would recommend that any developer needing to produce a secured web service read the Security Challenges, Threats and Countermeasures document and the Basic Security Profile 1.0 on WSS 1.0.

Links:

Web Service Interoperability Organization
Security challenges, Threats and Countermeasures document:
Basic Security Profile 1.0 on WSS 1.0
Basic Security Profile Working Group Deliverables
WS-I Press Briefing Recording on Basic Security Profile Announcement
Organization for the Advancement of Structures Information Structures


Russel Madere has been a web developer for over a decade and using ColdFusion for 9 years. After being relocated by Hurricane Katrina, he expanded his horizons to include desktop and .Net application development. He is currently helping consolidate his development team with the AT&T Procurements and Systems Performance development team after the Recent AT&T/BellSouth merger.

[Top]


This is an opt-in magazine. To join, leave or change subscription mode, please visit the signup page. All content of this magazine is copyright Fusion Authority, Inc. It may not be reproduced without permission.