There is now a new Policy subproject of Metro (see Governance email). Quoting from the project page, the project has two distict goals: • In the short term, make JAX-WS WS-policy aware by moving out the generic policy code from project Tango. • In the long term, provide a common, abstract policy API layer. The API design should be independent of any particular policy expression language. Instead it should be use case driven and ease-of-use oriented.

In an Enterprise Tech Tip, Rama describes how to use the JAX-WS Maven plugin to develop Web services. The article describes why you may be interested in the  plugin: don't have to get the JAX-WS dependencies, set up the classpath, and configure and invoke the tool tasks for compilation and packaging -- steps required by the Ant tasks.

The different tooling options around Metro are described in an Earlier  Post.

You can also subscribe to the Tech Tips as an RSS feed.

Paul is announcing the availability of JAX-RS v0.5. As with previous releases, this one is synchronized with Jersey v0.5, its Reference Implementation. Traditional delivery vehicles such a the GlassFish Update Center and NetBeans will soon follow (Maven should be already there). Among new things, Jersey has an improved deployment and configuration process (courtesy of Grizzly and asm) and a rewritten URI dispatching architecture. Paul has more details in his blog entry.

Both the JSR and the reference implementation are developed in a very collaborative way. Schedule leading up to version 1.0 is here.

Overview article about Project Tango (now part of Metro) is now available in Chinese as well. Read it at Sun Developer Network China.

I posted a tip describing how to override Metro 1.0 in GlassFish v2 UR1 with a more recent Metro 1.1. Several screencasts are available to get you started with Metro.

Two New Metro Releases: Metro 1.1 and 1.0.1. Check out • Vivek's Announcement &bull Last week's note on the Metro Roadmap

New Java Web Services Instructor-led Training Courses for GlassFish. • Creating Web Services Using Java Technology • Designing Java Web Services • Developing Secure Java Web Services These courses are for GlassFish v1 but the v2 courses are almost ready. Thanks to Arun for the tip

A tip from Krishna: How to Run Metro on Sun WebServer 7 Update 1

This takes advantage that Metro only depends on Servlet 2.4. Thanks to Vivek for the tip

Two new posts explaining advanced uses of Web Services security in Metro. First Ashutosh explains how to Run a Kerberos Token Profile based WS Security scenario as it was used at the Latest Plugfest at Redmont. This builds on an earlier entry describing earlier entry on the same topic.

Then Kumar shows how to programmatically Access the SAML Assertion in a WSIT Secure Scenario.

Heard at the JavaPosse Google group: I think JAX-WS is one of the more amazing hidden secrets of Web Services. I guess because the SOA pushers would find their business collapsing if Web Services became easy, and JAX-WS makes them incredibly easy indeed. Some might argue that contract-first is the proper methodology for web services, but I myself find JAX-WS too convenient to ignore.

Heard on the IBM's DeveloperWorks: After struggling with Eclipse and WASCE for 1 week, I've moved onto Glassfish and Netbeans. Let me just say Glassfish and Netbeans just works. I can create JAX-WS and REST web services very easily. I don't think I'll be touching WASCE for a while.

One of the components in GlassFish v2 getting great attention from both developers and architects is the Metro Web Services stack and the Microsoft interoperability it enables, specifically with .Net's 3.0 WCF. With Microsoft moving ahead to .Net 3.5, Metro is also evolving to make sure the interoperability remains first class. Harold is reporting from the recent plugfest with Microsoft engineers testing the interop level of standard versions of existing Web Services specifications. One such new standard is OASIS WS-ReliableMessaging 1.1 (vs. version 1.0 included in Metro 1.0). Obviously, there are also several security-related standards implementations being tested as explained by Jiandong.

The results are quite encouraging and the Metro version interoperable with .Net 3.5 is scheduled for 2008.
Update: Geertjan has an interview with Harold on this very same topic.

While standarda such as SAML and XACML provide flexible, interoperable frameworks for exchanging authentication and authorization data, developers are sometimes left wanting something simpler - "Just give me an easy way to authenticate a user and check if they are authorized to access a resource".

We've been working on this in OpenSSO these past few months, building a simple set of identity services; web services for authentication, authorization, attribute retrieval and logging. With SOAP and REST endpoints, just about any application can manipulate identities in a very simple, robust way. Check out Aravindan and Marina's recent article on authentication with identity services. Subscribe to the Sun Developer Network identity feed to catch further article in this series.

A tip from Jiandong: Information on Web Services Security at Metro

Here is a very nice result taking advantage of Metro's layered architecture: Use an efficient encoding (FastInfoset) and a protocol that is very good for many small packets (Stateful SOAP/TCP) and you can get as much as a 3x improvement over XML over HTTP. Click to see charts for the different tests: Small, Medium and Large. More details at Oleksiys's writeup.

Also important to point out that, thanks to Noemax, there is now SOAP/TCP Interoperability with Microsoft's Windows Communication Framework (see Announcement).