Aleksey Sanin released long waited 1.0 version of XMLSec, an open source C implementation of XML-Signature and XML Encryption.  Good job, Aleksey.  FYI, XML-Signature and XML-Encryption are used in 3D-Secure, SAML, Liberty, XKMS, and other key standards.

"The XML Security Library 1.0.0 release is the major upgrade from 0.0.X version. The new version includes multiple crypto engines support (with "out of the box" support for OpenSSL, GnuTLS and NSS); simplified and cleaned internal structure and API; several performance and memory usage improvements; new or updated documentation (tutorial, API reference manual and examples)."

NOTE: XMLSec uses LibXML2.  Canonicalization code was moved to LibXML2.

W3C has released Last Call version of XKMS 2.0 spec.  No, I haven't read it yet.  I am still reading BPEL4WS 1.1 and Liberty 1.2 specs.  *sigh*

Following BEA's foray into a language with first class XML integration, XML will be added to ECMAScript 2.0.  The work is known as E4X (ECMAScript for XML).  Brendan Eich, creator of JavaScript, has already done substantial amount of work to add XML to Mozilla's JavaScript engines.  A team of experts including both Brendan Eich (Mozilla) and Adam Bosworth (BEA) will be working on this.  This looks more promising than what Microsoft has been doing so far in this area.

Just in case you missed the announcement, BPEL4WS 1.1 spec was recently released and is located here (494K PDF) . You can provide feedback here past some legal words.  Note that this is the version being submitted to OASIS.

Eclispe team released binary and source packages for building standalone SWT applications.  Good stuff.  SWT API is a little akward compared to Swing, but not too bad considering the benefit: responsive GUI.  Downloadable packages for most of the key platforms are at bottom of the usual download page.  Enjoy.

Its a done deal.  I am still fuzzy on the exact date, but now merchants who try to verify cardholder using 3D-Secure (i.e. Visa's Verified-by-Visa, MasterCard's SecureCode) will not be liable when the transaction is disputed, even if the credit card has not yet been enrolled.  Is that great or what?  Most e-tailers literally paid through their nose every month because online credit card transactions were not considered "card present".  This means we'll see less red-ink on e-tailers' books.  How this will affect online porn and casino sites boggles my mind.

With BPEL4WS entering a new and possibly explosive phase with the move to OASIS, now is the good time for you to learn a few facts about BPEL4WS.  Check out "On BPEL4WS 1.1" by Collaxa.  Thanks to Edwin Khodabakchian, CEO of Collaxa, for the tip.

Update: the paper was taken down for a day but came back looking prettier.  Go check it out.

Liberty Alliance released a small armada of specs, collectively called Phase 2 Specs.  You can get them all in a single ZIP file here (2.27Mb).  Frankly, I am drowning in a rising sea of specs, mostly XML-based.  From a spec-slave's point of view, XML was a Pandora's Box.

While I have been unhappy with the way OASIS has been managing XML-DEV, I must say OASIS has been on a roll of late, taking thunder away from W3C.  I guess it started with DSML, gathered mass with SAML and XACML.  With Liberty and BPEL4WS coming under their influence, OASIS is now looking at a lionshare of key specs that will dominate the Internet and intranets in the near future.  Compared to them, W3C is looking pretty devastated [with disinterest and hopeless dreams] at this point.

Liberty Alliance is turning over Liberty 1.1 specs to OASIS according to Network World Fusion.  That is goodness.  At the very least, removing all the marketing bullshit out of the spec will reduce its size by half.