The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Last modified: September 39, 2004
SGML and XML News July - September 2004

Quick News: Bookmark 'News Headlines' or subscribe to an XML RSS channel [RSS 0.91], also HTML-ized. See Clippings for news in the making.

Related News:   [XML Articles] -   [Press News] - [News 2004 Q2]] [News 2004 Q1] -   [News 2003 Q4] -   [News 2003 Q3] -   [News 2003 Q2] -   [News 2003 Q1] -   [News 2002 Q4] -   [News 2002 Q3] -   [News 2002 Q2] -   [News 2002 Q1] -   Earlier News Collections

  • [October 08, 2004]   AMD, Dell, Intel, Microsoft, and Sun Release Web Services for Management (WS-Management).    A new Web Services for Management (WS-Management) specification edited by Alan Geller (Microsoft) has been published. This initial joint publication of the specification names Advanced Micro Devices (AMD), Dell, Intel and Sun Microsystems as co-developers. The WS-Management specification describes a general SOAP-based protocol for managing systems such as PCs, servers, devices, Web services and other applications, and other manageable entities. According to Microsoft's announcement, WS-Management "reshapes the concept of distributed management. A key distributed application area is the management of systems and devices. Web services offer a strong foundation for building robust and interoperable systems management solutions. Designed to scale from small footprint controllers to enterprise class servers while maintaining security, WS-Management will help to create a common way of surfacing management-related operations and events within connected systems." Key terms in the WS-Management systems management model include a System as a top-level managed entity composed of one or more Resource Instances; a Resource Instance, also called a Resource or an Instance, is a single manageable item such as a disk drive or a running process. A Resource Service is a Web service that provides access to a single category of manageable items, such as disk drives or running processes, that share the same operations and representation schema. An Agent is application that provides management services for a System by exposing a set of Resource Services. A Manager is a Web service that is used to manage one or more Systems by sending messages to and/or receiving messages from an Agent for that System." The WS-Management specification is designed to satisfy basic requirements of systems management in terms of web services. It is intended to "(1) constrain Web services protocols and formats so Web services can be implemented in management agents with a small footprint, in both hardware and software; (2) define minimum requirements for compliance without constraining richer implementations; (3) ensure composability with other Web services specifications, such as WS-ReliableMessaging and WS-AtomicTransactions; (4) minimize additional mechanism beyond the current Web service architecture." Namespaces are declared in the WS-Management document for other WS-* specifications, including WS-MetadataExchange, WS-Addressing, WS-Eventing, WS-Enumeration, and WS-Transfer. [Full context]

  • [October 07, 2004]   W3C Announces Formation of New Web Services Addressing Working Group.    W3C has chartered a new Web Services Addressing Working Group as part of the W3C Web Services Activity, under the W3C Architecture Domain. The TC Chair is Mark Nottingham (BEA), while Hugo Haas and Philippe Le Hégaret have been designated as W3C Team Contacts. The charter extends through 28-February-2006. The goal of the new Working Group is to produce a W3C Recommendation for Web Services Addressing by "refining the W3C Member Submission WS-Addressing based on consideration of the importance of this component in the Web Services architecture, implementation experience, and interoperability feedback. WS-Addressing defines how message headers direct messages to a service or agent, provides an XML format for exchanging endpoint references, and defines mechanisms to direct replies or faults to a specific location." In particular, the Web Services Addressing Working Group has been chartered to "standardize the mechanisms for referencing and addressing Web services by refining WS-Addressing, which includes four principal components of the W3C's Web Services Architecture specification. These referencing and addressing mechanisms are (1) a means by which message headers are used to direct messages to a Web service or agent; (2) abstract message properties (message identifier; a URI for the destination address; a URI designating the action to be taken at the destination; correlation with other message[s]; the nature of the relationship with those messages) (3) an appropriate XML Infoset definition; (4) abstract properties to identify subsequent destinations in the message exchange, including the reply destination and the fault destination." The XML Infoset required for "communicating the information necessary to generate appropriate headers to direct messages to a service or an agent includes a URI designating the destination address; service specific message headers; interaction specific message headers; WSDL definitions relevant to this service; additional metadata as required." According to the WG Charter, these components "must be extensible to enable other mechanisms such as new kinds of relationships between correlated messages, policies, or service semantics to be built upon Web Services Addressing. The components must also be usable independently of the SOAP or WSDL version in use." Additionally, the WG will define SOAP 1.1 and WSDL 1.1 bindings (defined for backward compatibility only). It will define (1) a binding of all abstract message properties to SOAP 1.1 and SOAP 1.2 headers, (2) the use of these abstract message properties in the context of all WSDL 1.1 or WSDL 2.0 Message Exchange Patterns, including the asynchronous use of these MEPs; in particular, the relationship between message properties and WSDL 1.1 and WSDL 2.0 service descriptions will be provided if applicable, and (3) a security model for using and communicating these abstract properties." [Full context]

  • [October 06, 2004]   Legal Information Institute Releases Complete United States Code in XML Format.    Cornell Law School's Legal Information Institute has announced the release of a new online edition of the United States Code, including all the Federal law passed by Congress currently in force. For the first time, the project team is also releasing the underlying XML version as a dataset for use in research. The data set has been generated from the most recent official version made available by the US House of Representatives. The United States Code "is the official compilation of the Federal statutes of a general and permanent nature; by Federal statute, the Law Revision Counsel of the U.S. House of Representatives is the publisher and compiler of the Code, and the Counsel is an appointee of the Speaker of the House." Thomas R. Bruce, Director of the Legal Information Institute (LII), suggests that this edition of the United States Code represents perhaps the largest body of legislation ever made available online in XML format for use by researchers interested in legal text. One of the goals of the US Code project is to stimulate interest on the part of the research community in working with legal text, and to survey the uses to which people put XML versions of legislation. According to the LII's USC Bell Code Browsing Environment User Guide, the Institite is sponsoring a "continuing effort to render the United States Code as an open-source multi-use XML data set. An important part has been to develop an environment to make the raw data, and emerging interpretations of it, as visible as possible in an analytical mode. As this is primarily a laboratory artifact, not many user friendliness features have been implemented; the emphasis has been utility for someone who knows the project." The US Code supplied to the Legal Information Institute "is marked up for typesetting; the project team uses this specialized markup to help discover the structure to motivate more generalized XML elements. In a preliminary micro-translation, the control-code based input is rendered in a quite literal readable format, which is then stored as a file with the same scope as the input (title or appendix) as well as fragmented along data-natural boundaries and rendered as static HTML for easy viewing." The U.S. Code XML data is licensed under a Creative Commons License. [Full context]

  • [October 05, 2004]   OASIS Extensible Access Control Markup Language TC Approves XACML 2.0 Specifications.    Members of the OASIS Extensible Access Control Markup Language (XACML) Technical Committee have approved several Version 2.0 documents as Committee Drafts. The approved CD documents are available for public review through November 4, 2004. The motivation behind XACML is to express the well-established ideas in the field of access- control policy (e.g., rules, policies, policy sets, subjects, decision requests, authorization decisions,) using an extension language of XML. According to the Core specification, "there is a pressing need for a common language for expressing security policy. If implemented throughout an enterprise, a common policy language allows the enterprise to manage the enforcement of all the elements of its security policy in all the components of its information systems. Managing security policy may include some or all of the following steps: writing, reviewing, testing, approving, issuing, combining, analyzing, modifying, withdrawing, retrieving and enforcing policy." The XACML specification thus "enables the use of arbitrary attributes in policies, role-based access control, security labels, time/date-based policies, indexable policies, 'deny' policies, and dynamic policies — all without requiring changes to the applications that use XACML. Adoption of XACML across vendor and product platforms should provide the opportunity for organizations to perform access and access policy audits directly across such systems." The XACML 2.0 Specification Set includes a normative subset of eleven documents, including four XML Schemas and seven prose specifications. The complete distribution for public review is a ZIP archive with sixty-some files, including non-normative formats and examples. Version 2.0 provides profiles for SAML 2.0, XML Digital Signature, Privacy Policy, Hierarchical/Multiple Resources, and Role Based Access Control (RBAC). The principal features of XACML are documented in the core Extensible Access Control Markup Language (XACML) Version 2.0 specification, supported by the Core Policy Schema and Core Context Schema. This document provides the model descriptions for data-flow, XACML context (canonical representation of a decision request and an authorization decision), and policy language (rule, policy, policy set). [Full context]

  • [September 30, 2004]   W3C Issues XML Inclusions (XInclude) Version 1.0 as a Proposed Recommendation.    Members of the W3C XML Core Working Group have produced a Proposed Recommendation version of XML Inclusions (XInclude) Version 1.0 as part of the W3C XML Activity. A Proposed Recommendation is the penultimate stage in W3C standards ratification, indicating that the specification "is a mature technical report that, after wide review for technical soundness and implementability, W3C has sent to the W3C Advisory Committee for final endorsement." XInclude specifies "a processing model and syntax for general purpose inclusion. Inclusion is accomplished by merging a number of XML information sets into a single composite infoset. Specification of the XML documents (infosets) to be merged and control over the merging process is expressed in XML-friendly syntax (elements, attributes, URI references)." The specification Introduction explains the differences between the XInclude mechanism and other markup-based mechanisms which support inclusion, transclusion, and content-merging facilities by linking and other constructs. "Many programming languages provide an inclusion mechanism to facilitate modularity, and markup languages also often have need of such a mechanism. The XInclude specification uses the standard XML syntax defined for elements, attributes, and URI references in the design of a generic inclusion mechanism. It supports merging of XML documents based upon a document's information items as represented given by the documents' XML Information Set (Infoset). The XInclude specification provides a "media-type specific (XML into XML) transformation. It defines a specific processing model for merging information sets. XInclude processing occurs at a low level, often by a generic XInclude processor which makes the resulting information set available to higher level applications." Release of the XInclude Proposed Recommendation includes an XInclude Implementation Report and XML Inclusions (XInclude) Conformance Test Suites, developed jointly with NIST, Red Hat Network, FourThought, and the University of Edinburgh. The Implementation Report is based upon tests using software from Markup Technology, Elliotte Rusty Harold's XOM (XML object model), and libxml (XML C parser and toolkit developed for the Gnome project). [Full context]

  • [September 29, 2004]   RSA Security Announces Support for OMA DRM 2.0 and Open Digital Rights Language (ODRL).    An announcement from RSA Security Inc. describes the company's plans to "offer a standards-based solution for digital rights management (DRM) that represents a consumer-friendly alternative to the DRM methods currently deployed by several major digital content providers." The RSA Security DRM solution will leverage open standards such as the Open Mobile Alliance (OMA) DRM 2.0 and the Open Digital Rights Language (ODRL) Version 1.1. The Open Mobile Alliance (OMA) Digital Rights Management technology based upon XML "enables the distribution and consumption of digital content in a controlled manner, where content is distributed and consumed on authenticated devices per the usage rights expressed by the content owners. OMA DRM work addresses the various technical aspects of this system by providing appropriate specifications for content formats, protocols, and rights expression languages." The OMA DRM Rights Expression Language (REL) V2.0 is defined as a mobile profile of the Open Digital Rights Language (ODRL). ODRL is an XML-based rights expression language free of licensing restrictions, providing a lightweight formal mechanism for specifying rights independently of the content type and transport mechanism. RSA Security's DRM solution uses the OMA model which "adds the much needed concept of consumer identity protection — something currently missing from today's DRM technologies. This DRM solution will enable several fundamental requirements for broad-based adoption and usage of both PC-based and mobile content services, including (1) an open, flexible platform built on widely-supported standards; (2) content portability through rights portability; (3) a frictionless digital content experience through transparency to consumers; (4) new revenue opportunities for content owners through support of legal peer-to-peer distribution and subscription services; (5) rights protection that can span all playback devices including mobile phones, personal computers, portable digital music players, car audio systems, and PDAs." RSA observes that the number of competing DRM implementations are problematic for users, saying that the current infighting between major content providers over technology is creating roadblocks between consumers and their content: "Apple Computer's iTunes application program uses Apple's homegrown FairPlay technology, Yahoo! and Microsoft's services use Microsoft DRM technology, and Sony's Connect service has its its own DRM technology." A superior approach, and the one advocated by RSA, is a "common DRM technology standard that is free for anyone to implement and allows both consumers and the entertainment industry to achieve common ground on a solution that works." In the model proposed by RSA Security, "both content and usage rights would be downloaded as 'rights objects' from a download service onto a user's device. Objects would be encrypted using strong encryption technology, like RSA BSAFE software." [Full context]

  • [September 29, 2004]   OASIS Forms Four Technical Committees to Advance Data Center Markup Language (DCML).    The Data Center Markup Language (DCML) Organization recently transitioned its technical activities to OASIS under a new DCML Member Section and has now formed technical committees to continue work on the DCML specification. A Call for Participation and accompanying TC Proposal has been issued for each of the four new OASIS DCML technical committees. The Data Center Markup Language (DCML) is "an XML-based specification for representing the contents of data centers and information used in managing those contents. The goal of the OASIS DCML technical committees is to support the development of a holistic set of standards related to the automated management of data center infrastructure. The TCs will promote the use of utility computing by providing a standard way to represent the IT environment and enabling data center automation and system management solutions to easily exchange information about the environment under management." A new OASIS DCML Framework TC has been chartered to "create a data model and format for exchanging information about the contents of data centers and other IT resources, and the information used in managing those contents. The OASIS DCML Framework TC will continue work on the DCML Framework specification produced by the DCML organization. An OASIS DCML Applications and Services TC has been formed to extend the [proposed] OASIS DCML Framework Specification by defining extensions to represent Applications and Services and the information necessary to manage these components. The new OASIS DCML Server TC has been chartered to "define extensions to the DCML Framework specification to facilitate the representation and management of information about servers. 'Server' refers to a logical or physical compute resource in the datacenter. An OASIS DCML Network TC has been chartered to "design a data model and XML-based format for the exchange of information about networking elements in a data center. [Full context]

  • [September 28, 2004]   W3C Publishes InkML and EMMA Working Drafts for the Multimodal Interaction Framework.    The W3C Multimodal Interaction Working Group has published revised Working Drafts for EMMA: Extensible MultiModal Annotation Markup Language and Ink Markup Language as part of the W3C Multimodal Interaction Activity. The W3C Multimodal Interaction Activity involves technical work to extend the Web user interface "to allow multiple modes of interaction (aural, visual and tactile), offering users the means to provide input using their voice or their hands via a key pad, keyboard, mouse, or stylus. For output, users will be able to listen to spoken prompts and audio, and to view information on graphical displays. The Multimodal Interaction Working Group is producing specifications intended to be implementable on a royalty-free basis." The Ink Markup Language "serves as the data format for representing ink entered with an electronic pen or stylus. The markup allows for the input and processing of handwriting, gestures, sketches, music and other notational languages in Web-based (and non Web-based) applications. It provides a common format for the exchange of ink data between components such as handwriting and gesture recognizers, signature verifiers, and other ink-aware modules." The updated EMMA: Extensible MultiModal Annotation Markup Language is also part of the W3C's set of specifications for multi-modal systems designed to enable access to the Web using multi-modal interaction. EMMA "provides details of an XML markup language for describing the interpretation of user input. Examples of interpretation of user input are a transcription into words of a raw signal, for instance derived from speech, pen or keystroke input, a set of attribute/value pairs describing their meaning, or a set of attribute/value pairs describing a gesture. The interpretation of the user's input is expected to be generated by signal interpretation processes, such as speech and ink recognition, semantic interpreters, and other types of processors for use by components that act on the user's inputs such as interaction managers." [Full context]

  • [September 21, 2004]   Revised WS-MetadataExchange Specification Supported by CA, Sun, and webMethods.    Microsoft has announced the release of a second public version of Web Services Metadata Exchange (WSMetadataExchange), adding new functionality and broader industry support. The September 2004 version of WSMetadataExchange is co-authored by Computer Associates International, Sun Microsystems, and webMethods, together with authors named on the previous version of March 2004 (BEA Systems, IBM, Microsoft Corporation, and SAP AG). WSMetadataExchange is designed to define a bootstrap mechanism for metadata-driven message exchange, including XML Schema, WSDL, and WS-Policy. It is also intended to "support future versions of known metadata formats, allowing new metadata formats to be added. It is supposed to leverage other Web service specifications for secure, reliable, transacted message delivery. The design supports both SOAP 1.1 and and SOAP 1.2 Envelopes, and enables description in WSDL 1.1." The protocol binding by default is SOAP 1.1 over HTTP, and adherence to constraints expressed by the WS-I Basic Profile 1.0 is recommended as a means of bootstrapping communication. The previous version of WSMetadataExchange defined a Get Policy request, Get WSDL request, and Get Schema request as methods for retrieving metadata. These have been generalized in the updated specification to provide more flexible endpoint metadata access and to support versioning. Metadata retrieval is now implemented in WSMetadataExchange by 'Get Metadata' and 'Get': "to retrieve a service's metadata, a requester may send a Get Metadata request message to an endpoint. To retrieve a referenced Metadata Section, a requester may send a Get request message to a Metadata Reference. 'Get' fetches a one-time snapshot of the metadata, according to the metadata type (@Dialect) and identifier specified in the Metadata Section. To facilitate intelligent intermediaries, all implementations of the Get operation must be 'safe', as defined in RFC 2616; specifically, safe operations are required to have no significant semantic side-effects on the service, including such actions as the acquisition of long-lived locks." A new appendix for "Dialect URI Definitions" has been added, defining several values for @Dialect; "other specifications are expected to define values for @Dialect for other metadata formats and/or versions." [Full context]

  • [September 20, 2004]   Arbortext Version 5.1 Supports Darwin Information Typing Architecture (DITA).    Arbortext, Inc. has announced the Version 5.1 release of its enterprise publishing software with enhanced support of the Darwin Information Typing Architecture (DITA) specification. Arbortext's XML-based single-source publishing architecture "helps companies capture their information in a single media-independent form and automatically publish from XML to multiple media types, including Web, print, CD-ROM and wireless devices." Arbortext's software is applicable especially to the production of catalogs, datasheets, operating instructions, user guides, service manuals, training courses, technical journals, reference publications and other complex documents. The Arbortext Version 5.1 release features several enhancements for DITA. The Darwin Information Typing Architecture was originally designed by IBM, and is now under development in the OASIS DITA Technical Committee. DITA is an architecture for creating topic-oriented, information-typed content that can be reused and single-sourced in a variety of ways. It is also an architecture for creating new information types and describing new information domains based on existing types and domains. This allows groups to create very specific, targeted document type definitions using a process called specialization, while still sharing common output transforms and design rules developed for more general types and domains. Five new document types have been added for DITA support in Arbortext Version 5.1 (Topic, Task, Reference, Concept, and Ditabase) these types enable authors to create content based on the DITA methodology. Arbortext now also provides custom table support: "also referred to as semantic tables, Arbortext 5.1 supports custom tables, which not only conforms to DITA's table models (simpletable, choicetable) and properties, but also allows users to select their own tags to be displayed and edited in a tabular form." The Arbortext Version 5.1 software includes 'Conref' support: "Conref is DITA's inclusion method used to include content from another file, which enables efficient reuse of information." Enhanced specialization support is also feature in the Arbortext release: "With the ability to use a single stylesheet to control the style of Topic, Task, Concept, Reference and other DITA applications, users can quickly expand their publishing applications as well as easily incorporate content produced in other DITA-aware systems." [Full context]

  • [September 17, 2004]   WS-Enumeration and WS-Transfer Published as Web Services Messaging Specifications.    Two new Web Services messaging specifications have been published under terms of co-development and joint authorship by BEA Systems, Computer Associates, Microsoft, Sonic Software, and Systinet. The documents have been released as-is, for review and evaluation only, with no further warrantees or representations. Web Service Enumeration (WS-Enumeration) "describes a general SOAP-based protocol for enumerating a sequence of XML elements that is suitable for traversing logs, message queues, or other linear information models. It brings enumeration capabilities to the WS-* suite of specifications, enabling an application to ask for items from a list of data that is held by a Web service. In this way, WS-Enumeration is useful for reading event logs, message queues, or other data collections." WS-Enumeration recognizes that "there are numerous applications for which a simple single-request/single-reply metaphor is insufficient for transferring large data sets over SOAP. Applications that do not fit into this simple paradigm include streaming, traversal, query, and enumeration. In its simplest form, WS-Enumeration defines a single operation, Pull, which allows a data source, in the context of a specific enumeration, to produce a sequence of XML elements in the body of a SOAP message. Each subsequent Pull operation returns the next N elements in the aggregate sequence. The Web Service Transfer (WS-Transfer) specification "describes a general SOAP-based protocol for accessing XML representations of Web service-based resources. It enables state transfer over SOAP by defining how to invoke a simple set of familiar verbs (Get, Post, Put, and Delete) using SOAP. An application protocol may be constructed to perform these operations over resources." WS-Transfer "defines two types of entities: (1) Resources, which are entities addressable by an endpoint reference that provide an XML representation; (2) Resource factories, which are Web services that can create a new resource from an XML representation. Specifically, it defines two operations for sending and receiving the representation of a given resource and two operations for creating and deleting a resource and its corresponding representation." [Full context]

  • [September 16, 2004]   Ecma International Approves Standard ECMA-269 With Enhanced SALT-Based Voice Services.    Ecma International, producer of standards for information and communication technology (ICT) and consumer electronics (CE), has announced the approval of Standard ECMA-269: Services for Computer Supported Telecommunications Applications (CSTA) Phase III as an official standard. ECMA-269 together with a series of related publications, provides "a complete toolbox for developing a wide range of enterprise CSTA applications taking advantage of Internet technologies such as XML, SIP, and speech recognition and processing." CSTA specifies an Applications Interface and Protocols for monitoring and controlling calls and devices in a communications network. These calls and devices may support various media and can reside in various network environments such as IP, Switched Circuit Networks, and mobile networks. CSTA however, abstracts various details of underlying signalling protocols (e.g., SIP/H.323) and networks for the applications. The revised third edition of ECMA-323, XML Protocol for Computer Supported Telecommunications Applications (CSTA) Phase III, specifies a set of XML schemas for this 6th edition of Phase III Services for CSTA. The second edition of ECMA-348, Web Services Description Language (WSDL) for CSTA Phase III specifies a set of WSDL schemas for the approved 6th edition of Phase III Services for CSTA. Ecma CSTA "supports a range of application landscapes, from basic first party call control to advanced third party call control with the same standardised model. CSTA exposes advanced communication platform features to application developers without burdening them with underlying protocol specifics. All of the Standards and Technical Reports in the CSTA suite "are based on practical experience of ECMA member companies and each one represents a pragmatic and widely-based consensus." [Full context]

  • [September 14, 2004]   IBM Contributes XML-Based Speech Software to Apache and Eclipse Open Source Projects.    At the SpeechTEK 2004 Conference IBM announced a major contribution of software to open source initiatives at the Apache Software Foundation and the Eclipse Foundation. The new software projects are intended to "spur the availability of speech-enabled applications by making it easier and more attractive for developers to build and add speech recognition capability in a standardized way. Supported by more than 20 key industry players from speech vendors to platform providers, the initiative is aimed at ending the battles over competing, proprietary specifications." An Eclipse Voice Tools Project will "focus on Voice Application tools in the JSP/J2EE space, based on W3C standards, so that these standards become dominant in voice application development. It will depend on and extend the XML and Web development capabilities of the Eclipse Web Tools Platform Project, providing a set of Eclipse plugins that will provide development tools for W3C Standards/Recommendations for Voice application markup." Under the project proposal, the Voice Tools will initially "consist of editors for VoiceXML, the XML Form of SRGS (Speech Recognition Grammar Specification), and CCXML (Call Control eXtensible Markup Language). Implementations of other tools that implement W3C voice standards, such as the LexiconML (Pronunciation Markup Language), will be added as the standards solidify and the Voice Tools Eclipse community grows." IBM is also contributing its Reusable Dialog Components (RDCs) technology to the Apache Software Foundation. RDCs are "pre-built speech software components, or building blocks that handle basic functions such as date, time, currency, locations (major cities, states, zip codes). They are often-used functions in speech-enabled infrastructure applications. For example, these RDCs allow a caller to book a flight using an auto-agent over the phone. Multiple reusable dialog components can be aggregated to provide higher levels of user functionality." [Full context]

  • [September 10, 2004]   OASIS WSRM TC Releases Web Services Reliable Messaging (WS-Reliability) Version 1.1.    The OASIS Web Services Reliable Messaging Technical Committee has published a milestone version of its Web Services Reliable Messaging (WS-Reliability) specification, including a prose document and four supporting XML schemas. WS-Reliability is a "SOAP-based specification that fulfills reliable messaging requirements critical to some applications of Web Services. It is needed because SOAP over HTTP is not sufficient when an application-level messaging protocol must also guarantee some level of reliability and security. Reliable Messaging in this context refers to "act of processing the set of transport-agnostic SOAP Features defined by WS-Reliability, which results in a protocol supporting quality of service features such as guaranteed delivery, duplicate message elimination, and message ordering. Reliable messaging requires the definition and enforcement of contracts between (1) The Sending and Receiving message processors — contracts about the wire protocol, (2) The messaging service provider and the users of the messaging service — contracts about quality of service." WS-Reliability supports message reliability by defining: (1) Guaranteed message delivery, or At-Least-Once delivery semantics; (2) Guaranteed message duplicate elimination, or At-Most-Once delivery semantics; (3) Guaranteed message delivery and duplicate elimination, or Exactly-Once delivery semantics; (4) Guaranteed message ordering for delivery within a group of messages. The WS-Reliability specification "defines reliability in the context of current Web Services standards and has been designed for use in combination with complementary protocols. [Full context]

  • [September 08, 2004]   Speech Synthesis Markup Language (SSML) Version 1.0 Advances to W3C Recommendation.    The World Wide Web Consortium has published Speech Synthesis Markup Language (SSML) Version 1.0 as a W3C Recommendation. SSML 1.0 elevates the role of high-quality synthesized speech in Web interactions and represents a fundamental specification in the W3C Speech Interface Framework. SSML Version 1.0 has been produced by members of the W3C Voice Browser Working Group as part of the the Voice Browser Activity within W3C's Interaction Domain. W3C's Voice Browser WG seeks to "develop standards to enable access to the Web using spoken interaction. The Speech Synthesis Markup Language Specification is one of these standards and is designed to provide a rich, XML-based markup language for assisting the generation of synthetic speech in Web and other applications. The essential role of the markup language is to provide authors of synthesizable content a standard way to control aspects of speech such as pronunciation, volume, pitch, rate, etc. across different synthesis-capable platforms." The W3C announcement describes SSML 1.0 as a specification "built for integration with other Web technologies and to promote interoperability across different synthesis-capable platforms. Companion W3C Recommendations like VoiceXML 2.0 and Speech Recognition Grammar Specification (SRGS) published by the W3C Voice Browser Working Group help define "a suite of markup languages covering dialog, speech synthesis, speech recognition, call control and other aspects of interactive voice response applications. Application designers for mobile phones, personal digital assistants (PDAs), and a host of emerging technologies use SSML 1.0 to achieve both coarse- and fine-grain control of important aspects of speech synthesis." Specifications produced by the W3C Voice Browser Working Group "bring the advantages of Web-based development and content delivery to interactive voice response applications. Speech Synthesis Markup Language, Speech Recognition Grammar Specification, and Call Control XML are core technologies for describing speech synthesis, recognition grammars, and call control constructs respectively. VoiceXML is a dialog markup language that leverages the other specifications for creating dialogs that feature synthesized speech, digitized audio, recognition of spoken and DTMF key (touch tone) input, recording of spoken input, telephony, and mixed initiative conversations." In the Voice Browser Working Group, W3C is working "to expand access to the Web to allow people to interact via key pads, spoken commands, listening to prerecorded speech, synthetic speech and music. This will allow any telephone to be used to access appropriately designed Web-based services, and will be a boon to people with visual impairments or needing Web access while keeping their hands and eyes free for other things. It will also allow effective interaction with display-based Web content in the cases where the mouse and keyboard may be missing or inconvenient." [Full context]

  • [September 07, 2004]   Sonic Software and VeriSign Join as Authors on Revised WS-Policy Specifications.    Updated versions of Web Services Policy Framework (WS-Policy) and Web Services Policy Attachment (WS-PolicyAttachment) have been released, incorporating feedback from recent workshops. The September 2004 public draft releases are "provided for review and evaluation only"; the authors "hope to solicit your contributions and suggestions in the near future." The updated versions of WS-Policy and WS-PolicyAttachment are said to "refine the semantics for how to compare two policies to determine a base level of compatibility and expand on how policy is associated with Web services." Both WS-Policy and WS-PolicyAttachment are reckoned among the WS-* Metadata Specifications, according to Microsoft's classification scheme, along with WSDL, UDDI, WS-PolicyAssertions, WS-SecurityPolicy, WS-Discovery, and WS-MetadataExchange. Sonic Software and VeriSign are now listed as joint authors on the two specifications, together with BEA, IBM, Microsoft, SAP AG. The goal of WS-Policy is "to provide the mechanisms needed to enable Web services applications to specify policy information. Specifically, WS-Policy defines: (1) An XML Infoset called a policy expression that contains domain-specific, Web Service policy information; (2) A core set of constructs to indicate how choices and/or combinations of domain-specific policy assertions apply in a Web services environment. WS-Policy is designed to work with the general Web services framework, including WSDL service descriptions (Web Services Description Language Version 1.1) and UDDI service registrations, including UDDI Version 2.04 API, UDDI Version 2.03 Data Structure Reference, and UDDI Version 3.0. Where WS-Policy defines an abstract model and an XML-based expression grammar for policies, the Web Services Policy Attachment (WS-PolicyAttachment) defines "two general-purpose mechanisms for associating such policies with the subjects to which they apply. WS-PolicyAttachment also defines how these general-purpose mechanisms may be used to associate WS-Policy with WSDL and UDDI descriptions. Specifically it defines how to reference policies from WSDL definitions, how to associate policies with deployed Web service endpoints, and how to associate policies with UDDI entities." [Full context]

  • [September 03, 2004]   Apache Software Foundation Rejects Microsoft Patent License Agreement for Sender ID.    An open letter from Apache Software Foundation (ASF) to the IETF MTA Authorization Records in DNS (MARID) Working Group announces the decision of ASF projects not to implement or deploy the IETF Sender ID specification under terms required by Microsoft's Patent License Agreement. The letter from Apache also expresses concern that "no company should be permitted IP rights over core Internet infrastructure" and urges the IETF to "revamp its IPR policies to ensure that the core Internet infrastructure remain unencumbered." The IETF Sender ID specification as governed by the Microsoft Patent License Agreement includes an Internet Draft Sender ID: Authenticating E-Mail and companion I-D Purported Responsible Address in E-Mail Messages. The Sender ID specification defines mechanisms by which SMTP mail servers can determine "what email address is allegedly responsible for most proximately introducing a message into the Internet mail system, and whether that introduction is authorized by the owner of the domain contained in that email address." The PRA document defines an algorithm applicable to a given an e-mail message by which one "can extract the identity of the party that appears to have most proximately caused that message to be delivered." Microsoft has hoped for broad implementation of the Sender ID specification, said in its promotional web site to "address the widespread problem of domain spoofing. Domain spoofing refers specifically to the use of someone else's domain name when sending a message, and is part of the larger spoofing problem, the practice of forging the sender's address on e-mail messages. Eliminating domain spoofing will help legitimate senders protect their domain names and reputations, and help recipients more effectively identify and filter junk e-mail." However, legal review of the Microsoft Patent License Agreement by Larry Rosen (General Counsel, the Open Source Initiative) and others has determined that the license terms are "generally incompatible with open source, contrary to the practice of open Internet standards, and specifically incompatible with the Apache License 2.0." [Full context]

  • [September 02, 2004]   dbXML 2.0 Production Release Provides Open Source Native XML Database.    A communiqué from Tom Bradford reports on the recent production release of dbXML Version 2.0 by the dbXML Group. dbXML is a Native XML Database "capable of storing and indexing collections of XML documents in both native and mapped forms for highly efficient querying, transformation, and retrieval. In addition to these capabilities, the server may also be extended to provide business logic in the form of scripts, classes and triggers." New features in the dbXML Version 2.0 release include journaling transactions, XSLT transformations, full text indexing and full text querying, pluggable security models, a new command line system, new client/server APIs, SSL connection support, JSP Tag Library support, and embedded database APIs. dbXML 2.0 as an open source project governed by the terms of the GNU General Public License. This version of dbXML is basically "a complete rewrite of the dbXML 1.0 code, which forked into the Apache Xindice project. dbXML was developed using the Java 2 Standard Edition version 1.4, and should operate properly on all platforms to which J2SE 1.4 has been ported." The dbXML Group also "provides commercial licenses for situations where utilization under the terms of the GPL are inappropriate. Those using or deploying dbXML in a commercial environment may wish to consider contacting the group to discuss commercial licensing and support." [Full context]

  • [September 01, 2004]   W3C Publishes Initial Working Draft for SVG's XML Binding Language (sXBL).    A First Public Working Draft of SVG's XML Binding Language (sXBL) has been released by members of the W3C Scalable Vector Graphics (SVG) Working Group and the CSS Working Group. The sXBL language defines the presentation and interactive behavior of elements outside the SVG namepace. sXBL is intended to be used to enable XML vocabularies (sometimes called tag sets) "to be implemented in terms of SVG markup elements. For instance, a tag set describing a flowchart could be mapped to low-level SVG path and text elements, possibly including interactivity and animation." sXML is thus "an SVG-specific first version of a more general-purpose XBL specification. In the future, a general-purpose and modularly-defined XBL specification will be developed which will replace this initial Working Draft specification; it will define additional features that are necessary to support scenarios beyond SVG, such as integration into web browsers that support CSS. Once a general-purpose XBL is defined, sXBL will become an SVG-specific subset or profile of the larger XBL specification." The feature set in sXBL represents a "repackaging and generalization of the Rendering Custom Content (RCC) feature described in previous SVG 1.2 specifications. Features that were formerly in RCC have been factored out into sXBL as a separate specification, reformulated for more general applicability for possible future use with other markup languages and moved into an XBL-specific namespace." Refactoring of RCC into sXBL is meant to ensure that RCC/sXBL would be forward-looking and can "develop into a future modularly-defined and general-purpose XBL specification which met the needs of multiple XML markup languages, not just SVG." Although refactoring has involved renaming of elements and major changes in syntax, "the resulting sXBL feature set performs the same operations and satisfies the same requirements as RCC. Sometimes it is possible to migrate RCC-based widget definitions to XBL-based widget definitions after some global search and replace string substitutions." Members of the XBL task force consider this sXBL specification "nearly ready for Last Call" and explicitly invite comments on the specification. "After evaluating public feedback on this draft, the next public draft might be a Last Call working draft." [Full context]

  • [August 31, 2004]   BEA, CA, IBM, Microsoft, Sun, and Tibco Release Updated WS-Eventing Specification.    A revised version of the Web Services Eventing (WS-Eventing) specification has been published by BEA Systems Inc., Computer Associates International Inc., International Business Machines Corporation, Microsoft Corporation, Inc, Sun Microsystems, Inc, and TIBCO Software Inc. This draft version provided for public review and evaluation updates the earlier draft of WS-Eventing released by BEA, Microsoft, and TIBCO in January 2004. The WS-Eventing specification describes a protocol that allows Web services to subscribe to or accept subscriptions for event notification messages. It defines a single delivery mode, Push Mode, which is simple asynchronous messaging. WS-Eventing is designed as part of the WS-* composable architecture , viz., intended to to be composed with other WS-* specifications "to provide a rich set of tools to provide security in the Web services environment; the specification specifically relies on other Web service specifications to provide secure, reliable, and/or transacted message delivery and to express Web service and client policy." WS-Eventing "defines a protocol for one Web service (called a 'subscriber') to register interest (called a 'subscription') with another Web service (called an 'event source') in receiving messages about events (called 'notifications' or 'event messages'). The subscriber may manage the subscription by interacting with a Web service (called the 'subscription manager') designated by the event source." While many mechanisms are available by which event sources may deliver events to event sinks, the WS-Eventing specification "provides an extensible way for subscribers to identify the delivery mechanism they prefer. While asynchronous, pushed delivery is defined in WS-Eventing, the intent is that there should be no limitation or restriction on the delivery mechanisms capable of being supported by this specification." [Full context]

  • [August 30, 2004]   Data Center Markup Language (DCML) Organization Transitions to OASIS Member Section.    The DCML Organization has announced a decision to move its technical and marketing activities to OASIS, organized as a new OASIS Member Section. DCML is "an open coalition of vendors and users working to advance utility computing through the development and adoption of the XML-based Data Center Markup Language." Data Center Markup Language (DCML) is an open, vendor-neutral language used "to describe data center environments, dependencies between data center components and the policies governing management and construction of those environments. DCML provides a structured data format to describe, construct, replicate, recover and communicate about data center environments. DCML encompasses a wide array of data center elements, including UNIX, Linux, Windows and other servers, software infrastructure and applications, network components, and storage components." A version 1.1 Data Center Markup Language Framework Specification has already been published by members of the DCML Organization, which includes over 20 of the world's leading software, service provider, and systems vendors. The current DCML Framework Specification "defines the DCML data oriented framework for use by all DCML sub-specifications and DCML compliant management systems and tools. It utilizes a data oriented approach to solve the problem of large scale systems management, particularly in a data center environment. DCML stitches together multiple management systems and tools to form a unified management view of the environment." Transitioning the activities of the DCML Organization to an OASIS DCML Member Section is designed to "promote the use of utility computing by providing a standard way to represent the IT environment and enabling data center automation and system management solutions to easily exchange information about the environment under management. The OASIS DCML Member Section will be managed by a Steering Committee made up of the existing DCML board of directors that includes Louis Blatt of Computer Associates, Darrel Thomas of EDS, and Sharmila Shahani of Opsware Inc." [Full context]

  • [August 25, 2004]   UN/CEFACT Applied Technologies Group Releases XML Naming and Design Rules Specification.    The Applied Technologies Group (ATG) of the United Nations Centre for Trade Facilitation and Electronic Business (UN/CEFACT) has announced the release of a UN/CEFACT XML Naming and Design Rules (NDR) specification for public review. The UN/CEFACT — XML Naming and Design Rules "describes and specifies the rules and guidelines that will be applied by UN/CEFACT when developing XML schema specifications. It provides a way to identify, capture and maximize the re-use of business information expressed as XML schema components to support and enhance information interoperability across multiple business situations." According to the design goals, the XML Naming and Design Rules specification "can be employed wherever business information is being shared or exchanged amongst and between enterprises, governmental agencies, and/or other organisations in an open and worldwide environment using the XML schema language for defining the content of the information exchange. This specification will form the basis for standards development work of technical experts developing XML schema specifications based on information models developed in accordance with the UN/CEFACT — Core Components Technical Specification — Part 8 of the ebXML Technical Framework (ISO 15000-5 Candidate)." Included in this specification is a "normative schema for the XML expression of ebXML Core Component Types (CCTs) and Unqualified Data Types (UDTs). These two schemas can be used by anyone interested in fostering international standardization of the use of ebXML core components." The NDR document has been developed "in accordance with the UN/CEFACT/TRADE/22 Open Development Process (ODP) for Technical Specifications and has been approved by the United Nations Centre for Trade Facilitation and Electronic Business (UN/CEFACT) Applied Techniques Group (ATG) for promulgation for public review in accordance with Step 5 of the ODP." [Full context]

  • [August 24, 2004]   Beta Release of Encoded Archival Context (EAC) for Name Authority Control.    Members of the Ad Hoc Working Group on Encoded Archival Context (EAC) have released a Beta version of the EAC XML DTDs, Schemas, Tag Library, and other documentation, requesting feedback from projects that implement this specification on an experimental basis. The Encoded Archival Context specification provides a formal method of "encoding descriptions of persons, corporate bodies, and families responsible for the creation of records and other resources, where such descriptions provide context for understanding and interpreting the records and resources." Edited by Daniel V. Pitti (Institute for Advanced Technology in the Humanities, University of Virginia), this proposed metadata standard complements other standard formalisms governing name authority control for personal and corporate entities. EAC data are designed for use in federated database applications and collaborative research across a broad range of domains, including prosopographical research and genealogical studies. The designers intend that intellectual content of EAC records comply with the International Standard Archival Authority Record for Corporate Bodies, Persons, and Families. EAC is also "complementary to the UNIMARC/Authorities format, combining bibliographic authority records and archival authority records, which give information both about the creator and the context of creation of archival material." The authoritative version of EAC Beta is in the form of an XML DTD. Alternatively, a W3C Schema and a Relax NG Schema are available for use. The EAC Tag Library provides a structural overview and definitions and descriptions of elements and attributes. The EAC is intended to be the second of three apparatus that "together form a complete archival description and access system. The Encoded Archival Description (EAD) Version 2002, used for encoding the description of records, is the first of these apparatus. The third apparatus, for the description of functions and activities performed by creating entities, is under discussion." The XML DTD and the Tag Library documentation "have been developed in cooperation and with support from the LEAF project. [Full context]

  • [August 23, 2004]   IDEAlliance PRISM Working Group Issues Request for Comment on Metadata Specification.    The IDEAlliance PRISM Working Group has issued a request for comment on the Version 1.2 PRISM: Publishing Requirements for Industry Standard Metadata specification for a 45-day review and comment period. PRISM "defines a set of XML metadata vocabularies that assist in automating repetitive tasks that are used in accessing, managing, tracking and repurposing content. The PRISM Specification and the PRISM Aggregator DTD, which is an application of the PRISM Specification, provide tools for interoperability so that organizations can easily and automatically syndicate, acquire, exchange and find magazine and mainstream journal articles, catalogs, images, and other types of content across multiple repositories." The PRISM specification "recommends the use of certain existing standards, such as XML, RDF, the Dublin Core, and various ISO specifications for locations, languages, and date/time formats. Additionally, it defines a small number of XML namespaces and controlled vocabularies of values." The Version 1.2 PRISM specification will replace the PRISM Vesion 1.1 specification published in 2002, featuring updates and additions resulting from the growing number of production implementations. Supporting specifications include an RSS (RDF Site Summary) 1.0 module for PRISM 1.2 and an RDF schema for PRISM 1.2. These documents were developed by Nature Publishing Group and are said to be applicable to multiple publishing domains, including scientific, educational, or trade. The PRISM working group is a joint effort of representatives from publishers and vendors organized under IDEAlliance (International Digital Enterprise Alliance, Inc). [Full context]

  • [August 20, 2004]   Health Level Seven Releases Updated Clinical Document Architecture (CDA) Specification.    Members of the Health Level Seven (HL7) Structured Documents Technical Committee have announced the publication of a revised HL7 Clinical Document Architecture specification. CDA Release 2.0 currently being balloted within the HL7 committee and is available for public review. The HL7 Clinical Document Architecture is an XML-based document markup standard that specifies the structure and semantics of clinical documents for the purpose of exchange. Known earlier as the Patient Record Architecture (PRA), CDA "provides an exchange model for clinical documents such as discharge summaries and progress notes, and brings the healthcare industry closer to the realization of an electronic medical record. By leveraging the use of XML, the HL7 Reference Information Model (RIM) and coded vocabularies, the CDA makes documents both machine-readable (so they are easily parsed and processed electronically) and human-readable so they can be easily retrieved and used by the people who need them. CDA documents can be displayed using XML-aware Web browsers or wireless applications such as cell phones..." The HL7 CDA was designed to "give priority to delivery of patient care. It provides cost effective implementation across as wide a spectrum of systems as possible. It supports exchange of human-readable documents between users, including those with different levels of technical sophistication, and promotes longevity of all information encoded according to this architecture. CDA enables a wide range of post-exchange processing applications and is compatible with a wide range of document creation applications." A CDA document is a defined and complete information object that can exist outside of a messaging context and/or can be a MIME-encoded payload within an HL7 message; thus, the CDA complements HL7 messaging specifications. The CDA specification prescribes XML markup for CDA Documents: CDA instances must valid against the CDA Schema and may be subject to additional validation, as described in the conformance section. "There is no prohibition against multiple schema languages (e.g., W3C, DTD, RELAXNG), as long as conforming instances are compatible. The CDA Schema conforms to the HL7 Version 3 Implementation Technology Specification (ITS). This Schema describes the style of XML markup of CDA instances for the purpose of exchange and thus cannot be understood outside the context of this defining specification including the normative R-MIM and Hierarchical Description. Semantic interoperability of CDA instances requires use and knowledge of the CDA Schema, R-MIM and HD as well as the corresponding RIM." The CDA Release 2.0 distribution includes a prose document in HTML, XML schemas, data dictionary, and sample CDA documents. [Full context]

  • [August 19, 2004]   OASIS Security Services TC Releases Approved SAML 2.0 Committee Drafts for Review.    Version 2.0 Committee Draft specifications for Security Assertion Markup Language (SAML) have been approved for public review by the OASIS Security Services Technical Committee. SAML (Security Assertion Markup Language) "defines the syntax and processing semantics of assertions made about a subject by a system entity. In the course of making, or relying upon such assertions, SAML system entities may use other protocols to communicate either regarding an assertion itself, or the subject of an assertion. The specification defines both the structure of SAML assertions, and an associated set of protocols, in addition to the processing rules involved in managing a SAML system. SAML assertions and protocol messages are encoded in XML and use XML namespaces." SAML assertions "are typically embedded in other structures for transport, such as HTTP POST requests or XML-encoded SOAP messages. The SAML bindings specification provides frameworks for the embedding and transport of SAML protocol messages. The SAML profiles specification provides a baseline set of profiles for the use of SAML assertions and protocols to accomplish specific use cases or achieve interoperability when using SAML features." The OASIS SAML Version 2.0 effort "addresses issues and enhancement requests that have arisen from experience with real-world SAML implementations and with standards architectures that use SAML, such as the OASIS WSS and XACML work. It adds support for features that were deferred from previous versions of SAML for schedule reasons, such as session support, the exchange of metadata to ensure more interoperable interactions, and collection of credentials. It seeks convergence on a unified technology approach for identity federation by integrating the specifications contributed by the Liberty Alliance." SAML is a flexible and extensible protocol designed to be used by other by other standards.The Liberty Alliance, the Internet2 Shibboleth project, and OASIS Web Services Security (WS-Security) have all adopted SAML as a technological underpinning to varying degrees. Public review of the SAML Version 2.0 Committee Draft documents begins on 2004-08-19 and ends 2004-09-19. Comments may be submitted to the TC using the online comment forms. [Full context]

  • [August 18, 2004]   IESG Announces Last Call Review for IETF Internet Drafts on URIs and IRIs.    Recent 'Last Call' postings from the Internet Engineering Steering Group announce the IESG's intention to make decisions on the approval of two URI-related IETF Internet Drafts within the next few weeks. The Internationalized Resource Identifiers (IRIs) draft is being considered for approval as an IETF Proposed Standard. The IESG solicits final comments on the proposed action by 2004-09-08. Uniform Resource Identifier (URI): Generic Syntax is under consideration for approval as an IETF Full Standard. Comments on this Internet Draft are invited through 2004-09-13. The IRI document defines a new protocol element named the Internationalized Resource Identifier (IRI) "as a complement to the Uniform Resource Identifier (URI)." URIs are composed of sequence of characters chosen from a limited subset of the repertoire of US-ASCII characters. The IRI design is motivated by a need to accommodate non-English languages in which natural scripts use characters other than simply 'A-Z' to compose URIs. An IRI is a "sequence of characters from the Universal Character Set (Unicode/ISO 10646). A mapping from IRIs to URIs is defined, which means that IRIs can be used instead of URIs where appropriate to identify resources. The approach of defining a new protocol element was chosen, instead of extending or changing the definition of URIs, to allow a clear distinction and to avoid incompatibilities with existing software. Guidelines for the use and deployment of IRIs in various protocols, formats, and software components that now deal with URIs are provided." The World Wide Web, according to W3C's Uniform Resource Identifier (URI) Activity Statement, is a "universal, all-encompassing space containing all Internet resources referenced by Uniform Resource Identifier (URI). The Web is dominated today by relatively few technologies, including the HyperText Transfer Protocol (HTTP) and the HyperText Markup Language (HTML). Perhaps more fundamental than either HTTP or HTML are the URIs, which are simple text strings that refer to Internet resources. URIs may refer to documents, resources, to people, and indirectly to anything. Document formats and protocols may come and go, but URIs will remain as the glue that binds the Web together." The new URI Generic Syntax document, if approved, will update IETF RFC 1738 and obsolete RFCs 2732, 2396, 1808. A Uniform Resource Identifier (URI) is "a compact sequence of characters for identifying an abstract or physical resource. The Generic Syntax specification "defines the generic URI syntax and a process for resolving URI references that might be in relative form, along with guidelines and security considerations for the use of URIs on the Internet. The URI syntax defines a grammar that is a superset of all valid URIs, such that an implementation can parse the common components of a URI reference without knowing the scheme-specific requirements of every possible identifier." [Full context]

  • [August 13, 2004]   OASIS Web Services Security TC Prepares Additional WSS Profiles.    Members of the OASIS Web Services Security Technical Committee are completing new work in the form of WSS profile specifications. The five profiles under development and review will complement the documents published as WSS 1.0 in April 2004. The OASIS Web Services Security (WSS) specification is an approved OASIS Standard that "builds upon existing security technologies such as XML Digital Signature, XML Encryption and X.509 Certificates to deliver an industry standard way of securing Web services message exchanges. Providing a framework within which authentication and authorization take place, WSS lets user apply existing security technology and infrastructure in a Web services environment. WSS handles complex confidentiality and integrity for SOAP (Simple Object Access Protocol) messages, providing a general-purpose mechanism for associating security tokens with message content. Designed to be extensible, WSS supports multiple security token formats." The WSS SAML Token Profile approved as an OASIS Committee Draft in July 2004 describes how to use Security Assertion Markup Language (SAML) Version 1.1 assertions with the Web Services Security (WSS): SOAP Message Security specification. It defines how SAML assertions are carried in and referenced from <wsse:security> headers and describes how SAML assertions are used with XML Signature to bind the statements of the assertions (i.e., the claims) to a SOAP message. The Rights Expression Language (REL) Token Profile is a Committee Draft which describes the use of ISO/IEC 21000-5 Rights Expressions with respect to the SOAP Message Security 1.0 specification. SOAP Messages with Attachments (SwA) Profile 1.0 is an OASIS TC Working Draft which defines how to use the OASIS Web Services Security: SOAP Message Security standard with SOAP Messages with Attachments (SwA). It "describes how a web service consumer can secure SOAP attachments using SOAP Message Security for attachment integrity, confidentiality and origin authentication, and how a receiver may process such a message." The Kerberos Token Profile 1.0 Working Draft document "defines how to encode Kerberos tickets and attach them to SOAP messages. It also specifies how to add signatures and encryption to the SOAP message, in 50 accordance with WS-Security, which uses and references the Kerberos tokens." The WSS TC's Minimalist Profile (MProf) "defines a subset of OASIS WSS: SOAP Message Security features. The subset is "intended to minimize the resource requirements of its implementation and maximize the performance, while keeping the interoperability with the base specification." [Full context]

  • [August 11, 2004]   WS-I Board of Directors Releases Three WS-I Approval Draft Profiles for Review.    Board Approval Drafts have been issued for WS-I Basic Profile Version 1.1, WS-I Simple SOAP Binding Profile Version 1.0, and WS-I Attachments Profile Version 1.0. In the WS-I (Web Services Interoperability Organization) specification development process, a Board Approval Draft is a draft that "has been approved for publication by the Board of Directors, and is submitted for consideration by the Membership, and for public comment; it is a work in progress, and should not be considered as final; other documents may supersede this document." According to an overview from Christopher Ferris (IBM; co-editor on two of the Approval Drafts), the approved documents "are now before the WS-I membership for review" and are expected to reach final approval later in August 2004. Once approved by the WS-I membership, the documents becomes WS-I Final Material. Testing Tools and Sample Application implementations for these profiles will enter their own approval cycles in the near future." The WS-I Basic Profile 1.1 consists of "a set of non-proprietary Web services specifications, along with clarifications, refinements, interpretations and amplifications of those specifications which promote interoperability." The WS-I Simple SOAP Binding Profile 1.0 "is derived from those Basic Profile 1.0 requirements related to the serialization of the envelope and its representation in the message, incorporating any errata to date. These requirements have been factored out of the Basic Profile 1.1 to enable other Profiles to be composable with it." Attachments Profile Version 1.0 profile "complements the WS-I Basic Profile 1.1 to add support for conveying interoperable SOAP Messages with Attachments-based attachments with SOAP messages." The overview provided by Ferris clarifies that WS-I "did not choose to produce multiple profiles arbitrarily. The initial intent was to add support for SOAP with Attachments to the Basic Profile 1.0 and to call the new profile Basic Profile 1.1. However, for a variety of reasons this approach proved to be infeasible. The three new profiles address both the need to address the customer requirement to provide guidance on the interoperable use of attachments today and the need to accommodate future bindings for technologies such as the W3C XML Protocol WG's MTOM and XOP." In essence, "the Basic Profile was re-architected to enable the composition of profiles that supported multiple bindings such as SOAP over HTTP, SOAP Messages with Attachments over HTTP and eventually MTOM/XOP over HTTP. It is conceivable that there might be other bindings in the future. The binding-specific requirements have been separated into their own profiles, each with its own conformance claim, and the testing tools have been modified to enable composition of the Test Assertion Documents (TAD) such that conformance to a set of relevant profiles can be measured." [Full context]

  • [August 10, 2004]   WS-Addressing Specification Presented to W3C as a Member Submission.    The Web Services Addressing (WS-Addressing) specification has been presented to W3C as a Member Submission by BEA, IBM, Microsoft, SAP AG, and Sun Microsystems. WS-Addressing provides transport-neutral mechanisms to address Web services and messages. Specifically, the specification defines XML elements to identify Web service endpoints and to secure end-to-end endpoint identification in messages. The specification enables messaging systems to support message transmission through networks that include processing nodes such as endpoint managers, firewalls, and gateways in a transport-neutral manner." The endpoint references defined in the specification serve to "identify the message destination; the message information headers allow the specification of endpoint references within messages, along with a way to relate messages to each other." The authors of the submission request that the W3C Consortium "start a Working Group whose mission is to produce a W3C Recommendation for Web Services Addressing by refining WS-Addressing based on consideration of the importance of this component in the Web services architecture, implementation experience, and interoperability feedback." The five companies identified as copyright holders have agreed to "offer licenses according to the W3C Royalty-Free licensing requirements for any portion of the Submission that is subsequently incorporated in a W3C Recommendation." According to the W3C Staff Comment, the new submission on the topic of Web services references and message delivery highlights the community's interest in this area; the W3C is considering creating a Working Group to address this important area of the Web services architecture." W3C invites feedback on this technology contribution. [Full context]

  • [August 06, 2004]   W3C Public Workshop on Semantic Web and Life Sciences Features OWL, RDF, and LSID.    W3C has announced a call for participation in a public W3C Workshop on Semantic Web for Life Sciences, to be held October 27-28, 2004 in Cambridge, Massachusetts, USA. Position papers published in advance of the Workshop will form the basis of the discussion. Workshop attendees will discuss "how Semantic Web technologies such as RDF, OWL and the Life Sciences Identifier (LSID) help to manage modern life sciences research, enable disease understanding, and accelerate the development of therapies." The workshop is free and open to the public, but will be limited to 100 participants; companies, government agencies, or individuals wishing to participate must submit a position paper by September 6, 2004. The scope of the workshop includes technology considerations and application use cases including new features or applications of Resource Description Framework (RDF), the Web Ontology Language (OWL), or OMG Life Sciences Identifiers Specification (LSID). Workshop papers may also address technical implementation problems with RDF/OWL/LSID, or requirements unmet by these specifications, including Semantic Web Advanced Development questions that have arisen as a result of SW-LS implementation. Proposals regarding intellectual property issues arising from SW-LS (Semantic Web and Life Sciences) adoption will also be considered. Technology papers are expected to "propose a new application of RDF/OWL/LSID in Life Sciences or identify a technical problem, explaining how the new feature or application might be achieved technically, or how the technical problem might be addressed. New features proposed may enable RDF/OWL/LSID to function better in new application contexts such as knowledge aggregation, scientifically relevant search or pharmaceutical decision support." [Full context]

  • [August 04, 2004]   W3C Issues Last Call Working Drafts for WSDL Version 2.0 Specifications.    W3C Last Call Working Draft documents have been released for the Web Services Description Language (WSDL) specification Version 2.0. The documents have been authored by members of the Web Services Description Working Group, produced as part of the W3C Web Services Activity. The WSDL 2.0 Core Language (Part 1) document describes the Web Services Description Language (WSDL) Version 2.0, "an XML language for describing Web services. This Part 1 specification defines the core language which can be used to describe Web services based on an abstract model of what the service offers. It also defines criteria for a conformant processor of this language. WSDL enables one to separate the description of the abstract functionality offered by a service from concrete details of a service description such as 'how' and 'where' that functionality is offered." The WSDL 2.0 Predefined Extensions (Part 2) document "describes extensions for the Web Services Description Language (WSDL) Version 2.0 . These extensions include Message Exchange Patterns (MEPs), features, SOAP modules, and bindings of features. The Working Group has discussed and approved these extensions, and recommends their use with WSDL. The WSDL Version 2.0 Bindings (Part 3) specification describes how to use WSDL in conjunction with SOAP 1.2 Part 1: Messaging Framework.MIME, and and HTTP/1.1, as well as other versions of HTTP. This Bindings specification depends on WSDL Version 2.0 Core Language. The W3C Web Services Description Working Group received three formal objections from Working Group participants against portions of the WSDL 2.0 specification draft. The WG especially invites feedback on these minority opinions as part of the Last Call review. The three objections pertain to compositors, feature and properties, and requiring unique GEDs or required feature to distinguish operations. The Web Services Description Working Group welcomes public comment on the WSDL Version 2.0 drafts through October 4, 2004. [Full context]

  • [August 03, 2004]   US Securities and Exchange Commission Evaluates XBRL for SEC Financial Data Filing.    Announcements from the US Securities and Exchange Commission (SEC) and XBRL-US describe a new initiative of the SEC regulatory body to assess the benefits of XML-tagged data and consider a proposal to accept voluntary supplemental filings of financial data using the XML-based Extensible Business Reporting Language (XBRL). The goal of using XML-tagged financial reporting data is to provide "greater context for data through standard definitions, enabling investors and other marketplace participants to analyze data from different sources and to support automatic exchange of financial information across various software platforms, including web services." XBRL is a "royalty-free, open specification for software that uses XML data tags to describe financial information for public and private companies and other organizations. It supports all members of the financial information supply chain by utilizing a standards-based method with which users can prepare, publish in a variety of formats, exchange and analyze financial statements and the information they contain. XBRL is being developed by an international non-profit consortium of approximately 250 major companies, organisations and government agencies." SEC's new initiative is being developed by the SEC Division of Corporation Finance, Office of the Chief Accountant, Division of Investment Management, and Office of Information Technology. The initiative is aimed at determining "the benefits of tagging to reporting quality and efficiency, the implications of tagging data for filers, investors, the Commission and other market participants, and the compatibility of existing tag definitions with current disclosure requirements." In its own announcement, XBRL-US expressed confidence in the SEC initiative "to leverage this private sector collaboration consisting of companies, financial data providers, accounting firms, standard setters, investors and all participants in the business information supply chain." [Full context]

  • [August 02, 2004]   Web3D Consortium Forms Working Group to Develop X3D Binary File Format Encoding.    The Web3D Consortium and Sun Microsystems have announced the creation of a new X3D Binary Format Working Group. X3D is an "Open Standards XML-enabled 3D file format to enable real-time communication of 3D data across all applications and network applications. It has a rich set of features for use in engineering and scientific visualization, CAD and Architecture, Medical visualization, Training and simulation, multimedia, entertainment, educational, and more." Other development initiatives within the Web3D Consortium include an X3D GeoSpatial Working Group, X3D Programmable Shaders WG, Web3D Consortium Medical Working Group (MedX3D), CAD3D Working Group, and Visual Simulation (XMSF) WG, and Humanoid Animation WG. The Consortium's new X3D Binary Format Working Group has been chartered to "develop both an encoding of X3D to enable advanced compression of 3D data to shorten the transmission time of models and scenes across a network and a data encryption scheme to protect sensitive model information. The working group is open to any member of the Web3D Consortium and has already received significant contributions, including patented, advanced geometry compression technology from Sun." The X3D Binary Format "will be extensible through the use of a pluggable architecture to enable specialized compression techniques on a per-node or per-geometry type basis. This flexibility can be used to deploy highly efficient mesh compression regimes that are ideally suited to a particular model. X3D's encryption scheme will leverage the XML encryption work at the World Wide Web Consortium (W3C), further strengthening the ongoing liaison between the two standards bodies." The X3D binary format is expected to be completed in the first quarter of 2005, and will be an open, royalty-free specification. X3D itself is "an open standard that has no royalties associated with it; the Web3D Consortium has a strict policy about not requiring any IP encumbered technologies to be required, and a long-standing agreement with ISO to release the X3D specifications fee-free to the public." The X3D Consortium is currently "advancing X3D as an integrated 3D graphics and multimedia framework in the ISO process for Information technology — Computer graphics and image processing." [Full context]

  • [July 30, 2004]   W3C and Open Mobile Alliance (OMA) Cooperate on Mobile Web Specifications.    A joint announcement from the World Wide Web Consortium (W3C) and the Open Mobile Alliance (OMA) describes approval of a formalized relationship that "will enable both organizations to collaborate on specifications for mobile access to the Web." The Memorandum of Understanding (MoU) outlines how the two organizations may "collaboratively engage in exchange of technical information and contributions. The result will benefit developers, product and service providers and others, by providing standardized technology at their disposal to accelerate the development and deployment of new mobile applications and services." The MOU is motivated by a goal of rapidly developing the Mobile Web Access infrastructure and providing for interoperability as a key feature of future mobile applications. The agreement "will further solidify the foundation for faster development, adoption, and standardization of new features and functions for mobile devices that connect to the Web." The W3C-OMA agreement establishes specific guidelines regarding the sharing of documents and the participation by observers in designated meetings. Observers are those persons "representing their respective parties from either the Open Mobile Alliance or W3C, who may attend the other party's meetings. Observers may only act as liaison officers and may not bind either the host organization or any other member organization. An observer may be permitted to attend and participate in the other party's relevant specification/expert groups, technical body or relevant subordinate technical groups/bodies," subject to applicable terms. [Full context]

  • [July 30, 2004]   OASIS Members Form International Health Continuum Technical Committee.    OASIS has announced the creation of a new International Health Continuum Technical Committee as a "forum for companies on the Healthcare continuum internationally to voice their needs and requirements with respect to XML and Web Services." OASIS member sponsors of the IHC TC include CommerceNet, BT, National Insurance Administration of Norway, ReadiMinds, Webify Solutions, and SeeBeyond. DeLeys Brandman (CommerceNet Consortium) is the TC Convener and Proposed TC Chair. A principal motivation for the TC activity is that many standards organizations are working to standardize transactions in the healthcare vertical space but "little attention is being paid to the continuum of health, viz., to horizontal standards allowing all related verticals to interoperate through the use of web services tools and technologies." A secondary motivation identified by the TC proposers is the problem of competing international standards in vertical healthcare industry domains. "International healthcare standards may diverge toward regional preferences. A goal of the committee will be to promote international healthcare standards interoperability regardless of geographic location. This is particularly important to OASIS membership since many are global organizations who will not want standards to be regional or national." Initial goals of the OASIS TC include the creation of a healthcare interoperability report providing a process map of healthcare processes, a list of existing standards for addressing the processes, and gap analysis. The TC will also create liaisons with each of the major health continuum standards organizations. [Full context]

  • [July 28, 2004]   FIATECH AEX Project Publishes XML Schemas for Construction and Buildings Industry.    The Automating Equipment Information Exchange (AEX) Project management has announced the public release of Version 1.0 XML schemas for the exchange of information about capital facilities equipment and operations. The schemas cover both project and technical information, and "are designed to be used to support multi-party collaboration work processes for the entire life cycle, including design, procurement, delivery, installation, operations and maintenance of facility equipment." FIATECH is a non-profit consortium "focused on fast-track development and deployment of technologies to substantially improve how capital projects and facilities are designed, engineered, built and maintained." The AEX Project was chartered to "provide the technology needed to enable both internal and external automated information exchanges among the multiple software systems and collaborating companies associated with design, procurement, fabrication, delivery, installation, operation and maintenance of engineered equipment items." The AEX Version 1.0 public release includes a user guide that summarizes the business drivers and provides an overview of the schema architecture; it supplies descriptions of the XML schemas and includes a tutorial for getting started with software implementations. The ZIP archive with 67 files provides a complete set of schema definitions, example files, and documentation for Public Release 1.0 of the AEX project, complete with a large mp3 narration file for the Schema Architecture presentation. Production of the AEX Version 1.0 schemas represents a joint industry effort involving over twenty-five organizations. Key technology contributions were made by the AIChE Design Institute for Physical Properties (DIPPR) 991 Project, ePlantData, and the National Institute of Standards and Technology (NIST). FIATECH, DIPPR, and ePlantData initiated this open industry cooperative under an umbrella name of Capital Facilities Industry XML (cfiXML). The collaborative goal was to "achieve a pragmatic industry consensus around the use of XML technology to achieve the noted economic benefits for capital facilities equipment and material properties." The XML schemas are governed by open source licenses and are freely available for anyone to use. [Full context]

  • [July 22, 2004]   W3C HTML Working Group Publishes Updated XHTML 2.0 Draft and XHTML FAQ.    Members of the W3C HTML Working Group have released a sixth XHTML 2.0 Working Draft and a new HTML and XHTML Frequently Answered Questions. XHTML 2 is a "general purpose markup language designed for representing documents for a wide range of purposes across the World Wide Web. A modularized language without presentation elements, XHTML 2 takes HTML back to its roots in document structuring." XHTML 2 supplies a "generally useful set of markup elements with the possibility of extension using the class attribute on the span and div elements in combination with stylesheets, and attributes from the metadata attributes collection." The current Working Draft version includes an early implementation of XHTML 2.0 in RELAX NG. The Working Group intends to include implementations in DTD and/or XML Schema form in subsequent versions "once the content of the language stabilizes." Although XHTML 2.0 is a next generation markup language, its functionality is expected to remain similar to that of XHTML 1.1. "However, the markup language may be altered semantically and syntactically to conform to the requirements of related XML standards such as XML Base and XML Schema. The objective of these changes is to ensure that XHTML 2.0 can be readily supported by XML browsers that have no arcane knowledge of XHTML semantics such as linking, image maps, forms, etc." [Full context]

  • [July 21, 2004]   HL7 Announces ANSI Approval of Several Health Level Seven V3 Specifications.    Several Health Level Seven Version 3 (V3) Specifications have been approved by the American National Standards Institute (ANSI), giving them normative status as American national standards. The HL7 Version 3 project "represents a new approach to clinical information exchange. It is built from the ground up around a single object model (Reference Information Model - RIM) and a rigorous UML-based methodology that ties model to messages and finally to the message's expression in XML syntax." Among the ANSI-approved HL7 documents is the XML Implementation Technology Specification — Data Types, Release 1. It "defines the V3 data types that will be used by all of HL7 V3 and onwards; it also defines the representation of HL7 V3 data types in XML, including the schema necessary to derive XML schemas for HL7 V3 Hierarchical Message Descriptions (HMD)." Other HL7 specifications approved by ANSI cover UML Implementation Technology (UML Data Types specification that binds the V3 data types to the UML/OCL kernel types to allow for formally correct OCL constraints), Scheduling, Claims and Reimbursements, Reference Information Model (RIM), Shared Messages, and Refinement, Constraint and Localization to Version 3 Messages. The HL7 Board believes that the use of XML represents a primary value in Version 3. XML's "transparent representation of complex data and its extensibility is creating widespread acceptance throughout the IT industry. Version 3 fully supports the expressive capability of XML. It supports generation of XML schemas with the logical information relationships and element names that directly relate to the HL7 models — and hence to the concepts that analysts and programmers will have to grasp to relate Version 3 messages to their own information systems or to use them in new ways for Web browsing, XML repositories, etc." [Full context]

  • [July 20, 2004]   Ecma International Approves ECMAScript for XML (E4X) Specification.    Ecma International has announced unanimous approval of the ECMAScript for XML (E4X) International Standard by the Ecma General Assembly. The ECMA-357 ECMAScript for XML (E4X) Specification "defines the syntax and semantics of ECMAScript for XML (E4X), a set of programming language extensions adding native XML support to ECMAScript. ECMAScript (ECMA-262 / ISO/IEC 16262) is one of the most widely used programming languages." E4X "adds native XML datatypes to the ECMAScript language, extends the semantics of familiar ECMAScript operators for manipulating XML objects and adds a small set of new operators for common XML operations, such as searching and filtering. It also adds support for XML literals, namespaces, qualified names and other mechanisms to facilitate XML processing." The E4X International Standard "provides a simple, familiar, XML programming model that flattens the XML learning curve by leveraging the existing skills and knowledge of one of the largest developer communities worldwide. It reuses familiar programming language concepts, operators and syntax for manipulating XML data, meaning software developers can start creating, navigating and manipulating XML with little to no additional knowledge. E4X reduces code complexity, time to market and revision cycles; decreases XML footprint requirements; and enables looser coupling between code and external data." The ECMAScript group is currently working on "significant enhancements for future editions of the ECMAScript language, including mechanisms for defining XML types using the XML Schema language and support for classes." [Full context]

  • [July 19, 2004]   W3C Member Submission from IBM and Novell: Solution Installation Schema.    W3C has acknowledged receipt of a Solution Installation Schema as a W3C Member Submission from IBM and Novell. InstallShield Software and Zero G Software are co-authors of the submission. The two-part submission includes Installable Unit Deployment Descriptor Specification Version 1.0 and Installable Unit Package Format Specification Version 1.0. The purpose of the specification is "to define the schema of an XML document describing the characteristics of an installable unit (IU) of software that are relevant for its deployment, configuration and maintenance. The XML schema is referred to as the Installable Unit Deployment Descriptor or IUDD schema." According to the IUDD document abstract, IUDDs are intended to "describe the aggregation of installable units at all levels of the software stack, including middleware products aggregated together into a platform; and user solutions composed of application-level artifacts which run on such a platform. The XML schema is flexible enough to support the definition of atomic units of software (Smallest Installable Units) as well as complex, multi-platform, heterogeneous solutions. A solution is any combination of products, components or application artifacts addressing a particular user requirement. The top-level aggregation is the root installable unit. In addition to the installable units that comprise a solution, the IUDD also describes the logical topology of targets onto which the solution can be deployed." An installable unit is "a logical component that can be selected for installation. An installable unit package (or packaged installable unit) contains files to be installed, files that implement change management operations, and a set of manifest files which include a deployment descriptor that describes the install characteristics of the installable unit, and a media descriptor that describes the binding (or physical locations) of the files." [Full context]

  • [July 16, 2004]   Speech Synthesis Markup Language (SSML) Version 1.0 Advances to Proposed Recommendation.    The W3C Voice Browser Working Group has released Speech Synthesis Markup Language (SSML) Version 1.0 as a Proposed Recommendation. Based upon wide review for technical soundness and implementability, the WG believes that SSML 1.0 is a now mature technical report. The Speech Synthesis Markup Language (SSML) is part of the W3C Speech Interface Framework. The specification is designed "to provide a rich, XML-based markup language for assisting the generation of synthetic speech in Web and other applications. The essential role of the markup language is to provide authors of synthesizable content a standard way to control aspects of speech such as pronunciation, volume, pitch, rate, etc. across different synthesis-capable platforms." Related specifications in the W3C Speech Interface Framework include the Speech Recognition Grammar (SRGS), Call Control (CCXML), VoiceXML 2.0, VoiceXML 2.1, Semantic Interpretation, and Dialog Markup ("V3"). "SSML is part of a larger set of markup specifications for voice browsers developed through the open processes of the W3C. It is based upon the JSGF and/or JSML specifications, which are owned by Sun Microsystems, Inc. A related initiative to establish a standard system for marking up text input is SABLE, which tried to integrate many different XML-based markups for speech synthesis into a new one. The activity carried out in SABLE was also used as the main starting point for defining the Speech Synthesis Markup Requirements for Voice Markup Languages. Since then, SABLE itself has not undergone any further development." "The intended use of SSML is to improve the quality of synthesized content. Different markup elements impact different stages of the synthesis process. The markup may be produced either automatically, for instance via XSLT or CSS3 from an XHTML document, or by human authoring. Markup may be present within a complete SSML document or as part of a fragment embedded in another language, although no interactions with other languages are specified as part of SSML itself. Most of the markup included in SSML is suitable for use by the majority of content developers. However, some advanced features like phoneme and prosody (e.g., for speech contour design) may require specialized knowledge." [Full context]

  • [July 15, 2004]   OASIS Security Services TC Releases SAML 2.0 Documents for Public Review.    The OASIS Security Services Technical Committee (SSTC) has announced the release of a set of SAML Version 2.0 specifications in advance of TC ballot for approval at Committee Draft level. The Technical Committee is actively soliciting external input on these SAML draft documents; public comment and implementor feedback is invited through August 2, 2004. SAML is an XML framework for exchanging authentication and authorization information. SAML "provides a standard XML schema for specifying authentication, attribute, and authorization decision statements, and it additionally specifies a web services-based request/reply protocol for exchanging these statements." The SAML Version 2.0 review distribution includes five draft specifications and corresponding XML Schemas. Assertions and Protocols defines the syntax and semantics for XML-encoded assertions about authentication, attributes, and authorization, and for the protocols that convey this information. A Bindings specification defines protocol bindings for the use of SAML assertions and request-response messages in communications protocols and frameworks. A SAML 2.0 Profiles draft defines profiles for the use of SAML assertions and request-response messages in communications protocols and frameworks, as well as attribute syntax for use in attribute statements. The Metadata document defines an extensible metadata format for SAML system entities, organized by roles that reflect SAML profiles. Such roles include that of Identity Provider, Service Provider, Affiliation, Attribute Authority, Attribute Requester, and Policy Decision Point. The Authentication Context specification defines a syntax for the definition of authentication context declarations and an initial list of authentication context classes for use with SAML. The OASIS SSTC believes these five key SAML v2.0 specifications are feature-complete, but is prepared to revise the working drafts in response to comments. The SAML v2.0 specification set includes other documents that are non-normative or less crucial for initial implementation. These documents are publicly accessible and will be brought into the formal review process at a later date. Conformance, Security and Privacy Considerations, Baseline Identities and Attributes, Trust Models, SAML V1.x and Liberty ID-FF V1.2 Migration Paths, X.509 Attribute Sharing Profile, Glossary, Implementation Guidelines, Technical Overview, and Executive Overview are among these additional drafts. [Full context]

  • [July 12, 2004]   W3C Releases Public Working Draft for Full-Text Searching of XML Text and Documents.    W3C has published an initial Public Working Draft for XQuery 1.0 and XPath 2.0 Full-Text. Created as a joint specification by the W3C XML Query Working Group and the XSL Working Group as part of the XML Activity, this new draft specification defines a language that extends XQuery 1.0 and XPath 2.0 with full-text search capabilities. As defined by the draft, "full-text queries are performed on text which has been tokenized, i.e., broken into a sequence of words, units of punctuation, and spaces." New full-text search facility is implemented by extending the XQuery and XPath languages to support a new "FTContainsExpr" expression and a new "ft:score" function. Expressions of the type FTSelection are composed of:(1) words or combinations of words that are the search strings to be found as matches; (2) Match options such as case sensitivity or an indication to use stop words; (3) Boolean operators that allow composition of an FTSelection from simpler FTSelections; (4) Positional constraints such as indication of match distance or window. The new Full-Text Working Draft endeavors to meet search requirements specified in an updated companion draft XQuery 1.0 and XPath 2.0 Full-Text Use Cases. This document provides use cases designed to "illustrate important applications of full-text querying within an XML query language. Each use case exercises a specific functionality relevant to full-text querying. An XML Schema and sample input data are provided; each use case specifies a query applied to the input data, a solution in XQuery, a solution in XPath (when possible), and the expected results." Full-text query designed as an extension of XQuery and XPath will support several kinds of searches not possible using simple substring matching. It allows precision querying of XML documents containing "highly-structured data (numbers, dates), unstructured data (untagged free-flowing text), and semi-structured data (text with embedded tags). Language-based query and token-based searches are also supported; for example, find all the news items that contain a word with the same linguistic stem as the English word "mouse" — which finds occurrences of both "mouse" and "mice" together with possessive forms. [Full context]

  • [July 09, 2004]   DCMI Usage Board Announces Approval of Metadata Terms for Digital Rights Declaration.    The Usage Board of the Dublin Core Metadata Initiative (DCMI) has announced approval of the rights-related terms "License" and "Rights Holder." The Dublin Core Metadata Initiative is "an open forum engaged in the development of interoperable online metadata standards that support a broad range of purposes and business models." The Dublin Core Metadata Element Set is a standard for cross-domain information resource description, implemented in markup languages perhaps more widely than any other metadata specification. Version 1.1 has been endorsed as ISO Standard 15836-2003, NISO Standard Z39.85-2001, and CEN Workshop Agreement CWA 13874. The new DCMI term "license" is an element-refinement for "rights" and provides for reference of a legal document giving official permission to do something with the resource. The DCMI recommended best practice is to identify the license using a URI. Examples of such licenses can be found at the Creative Commons web site. The new term "rightsHolder" identifies a Rights Holder as a person or organization owning or managing rights over the resource. The DCMI Recommended best practice for this element is to use the URI or name of the Rights Holder to indicate the entity. The proposal for adding new DCMI rights terms articulates a goal of supporting standard practice concerning rights declarations on the Internet. The design especially recognized that "the recent emergence of the Creative Commons as a clearinghouse for rights declarations affords an opportunity to improve standard practice, particularly for resources that have been developed with the intention of cost-free distribution, but whose creators wish to formally declare various rights." The authors believe that both Creative Commons proponents and Dublin Core adopters "will benefit by having a clear approach to formal rights declaration in a widely adopted metadata framework on the Internet." A growing collection of open source software tools supports the creation of Creative Commons machine-readable licenses and embedding of license metadata within digital objects. [Full context]

  • [July 07, 2004]   WHAT Working Group Issues Call For Comments on Web Forms 2.0.    A draft specification for Web Forms 2.0 has been released by members of the Web Hypertext Application Technology (WHAT) Working Group. This initial call-for-comments draft of Web Forms 2.0 "defines an extension to the forms features found in HTML 4.01's Forms chapter. Web Forms 2.0 applies to both HTML and XHTML user agents, and provides new strongly-typed input fields, new attributes for defining constraints, a repeating model for declarative repeating of form sections, new DOM interfaces, new DOM events for validation and dependency tracking, and XML submission and initialization of forms. The specification also standardises and codifies existing practice in areas that have not been previously documented. HTML4, XHTML1.1, and the DOM are thus extended in a manner that has a clear migration path from existing HTML forms, leveraging the knowledge authors have built up with their experience with HTML so far." The Web Hypertext Applications Technology Working Group is described as "a loose, unofficial, and open collaboration of Web browser manufacturers and interested parties. The group aims to develop specifications based on HTML and related technologies to ease the deployment of interoperable Web Applications, with the intention of submitting the results to a standards organisation. A public mailing list for the WHAT working group is hosted at ''. The Web Forms 2.0 specification "clarifies and extends the semantics put forth in HTML 4.01 for form controls and form submission. It is expected to be implemented in ordinary HTML user agents alongside existing forms technology, and indeed, some of the features described in this draft have been implemented by user agents as ad-hoc, non-standard extensions for many years due to strong market need. The specification can also be viewed as an extension to [XHTML1]. In particular, some of the features added in this module only apply to XHTML documents; for example, features allowing mixed namespaces." This initial call-for-comments draft of Web Forms 2.0 "defines an extension to the forms features found in HTML 4.01's Forms chapter. Web Forms 2.0 applies to both HTML and XHTML user agents, and provides new strongly-typed input fields, new attributes for defining constraints, a repeating model for declarative repeating of form sections, new DOM interfaces, new DOM events for validation and dependency tracking, and XML submission and initialization of forms. The specification also standardises and codifies existing practice in areas that have not been previously documented." [Full context]

  • [July 06, 2004]   IPTC Working Group Releases EventsML 1.0 Business Requirements Document.    A fourth Working Draft of EventsML 1.0 Business Requirements has been produced by members of the IPTC EventsML Working Group. 'EventsML' is the provisional name for a new IPTC standard designed for effective interchange of newsworthy event information. The objective of the International Press Telecommunications Council (IPTC) EventsML Working Group is to "create an XML format to be used in notifications of news worthy events such as press conferences for distributions to news media and others users who have an interest in the information for internal or external purposes." This IPTC standard for describing newsworthy events and associated coverage will address: (1) "Event publishing: communication of information about events, including associated media; (2) Event planning: managing the coverage of breaking news or upcoming newsworthy events, including support for gathering associated media; (3) Event coverage: communication of information about coverage of events by news organizations, often referred to as a 'Daybook'. The proposed standard would include linkage between resulting news packages and event coverage information." Use cases documented in the draft include Planned Event Coverage, News Agency Daybook, Sports League Publishes a Season Schedule, Urgent Breaking News, and Urgent Breaking News. The EventsML specification is intended to be useful to organizations outside the IPTC. A proposed requirement is that it be compatible with other IPTC standards, and that it reuse existing external standards where possible. EventsML should interoperate easily with existing IPTC standards, specifically with the IPTC Subject Reference System, NewsML, SportsML, and NITF." The vCard and vCalendar standards are explicitly identified as specifications which should inform EventsML in terms of interoperability. The designers believe it may be possible to implement most or all of the EventsML requirements using NewsML. The EventsML Working Group responsible for the EventsML 1.0 Business Requirements draft is one of IPTC's activities organized under a Specialised Content Working Party. Chaired by Geoffrey Haynes (The Associated Press) and Henrik Stadler (Tidningarnas Telegrambyra), the IPTC Specialised Content Working Party oversees "maintenance and development of standards for specialised content in close relation to IPTC's open news standards NITF and NewsML," including SportsML, ProgramGuideML, and EventsML. The EventsML Project Team Leads are Johan Lindgren (TT) and Dominic Chan (Canadian Newswire). [Full context]

  • [July 02, 2004]   W3C Working Draft on Mobile SVG Profiles Defines Features for Cellphones.    The W3C SVG Working Group has issued an invitation for public comment on a third Working Draft of Mobile SVG Profiles: SVG Tiny and SVG Basic, Version 1.2, released as part of the W3C Graphics Activity. The SVG Tiny 1.2 mobile profile is a subset of features in SVG 1.2, defined to be suitable for displaying vector graphics on small devices such as cellphones. Whereas the W3C SVG Mobile 1.1 defined two profiles (SVG Tiny and SVG Basic), the SVG Mobile 1.2 specification only defines one profile: SVG Tiny 1.2. According to a note from Dean Jackson, W3C SVG Working Group Team, the most important changes are the decision to design just an "SVG Tiny 1.2 profile, new definitions for text wrapping, gradients, scripting, non-scaling strokes, and the ability to place graphics in client space without being affected by zoom and pan (e.g., legends on maps)." SVG Tiny 1.2 Document Fragments must conform to the SVG Tiny 1.2 Relax NG schema, now supplied as Appendix D in the Working Draft. A new normative Appendix E supplies the SVG Tiny Conformance Criteria, covering Fragment Conformance, User Agent Conformance, Dynamic SVGT User Agent Conformance, and SVGT User Agent Compatibility Issues. From the Working Draft's twenty main sections, nine (9) sections contain updated information relevant to SVG Mobile 1.2, including: Document Structure; Coordinate Systems, Transformations and Units; Text; Painting: Filling, Stroking and Marker Symbols; Gradients and Patterns; Interactivity; Linking; Scripting; and Animation. SVGT content "can be in the form of stand-alone SVG Documents or document fragments embedded within a parent XML document. SVGT 1.2 supports Multiple Pages, Streaming, Progressive Rendering, the 'audio' Element and the 'Video' element." SVGT "allows interactivity with declarative animation and with the integration of XMLEvents, as described in SVG 1.2. Linking into specific views of the SVG document is supported by a subset of the svgView fragment identifier as defined in SVG 1.1. SVGT supports scripting through the integration of XML Events, as defined in SVG 1.2. SVGT allows the language features to support animation through scripting; it will support the UDOM as defined in the SVG 1.2 draft." [Full context]

  • [July 01, 2004]   W3C Sponsors Workshop on Constraints and Capabilities for Web Services.    W3C has issued a Call for Participation in connection with the public October 12-13, 2004 Workshop on Constraints and Capabilities for Web Services. The Workshop will be hosted at the Oracle Conference Center in Redwood Shores, California. The Workshop is public, but it is restricted to 60 places. Program Chairs include Mark Nottingham (BEA) and Philippe Le Hégaret (W3C). The Workshop is being held to discuss the establishment of a framework for the expression of constraints and capabilities regarding security, reliable messaging, message serialization or other policy, and the association with Web services, in order to promote interoperability and scalability. Position papers are required for participation by individuals and organizations. Some of the papers submitted will be selected for presentation at the Workshop. Position papers are due August 27, 2004 and should follow the prescribed guidelines for requirementes, case studies, and XHTML/HTML/PDF format. Topics suitable for position papers include (for example): specific problem domains (security, privacy, reliable messaging, internationalization); processing models for constraints and capabilities on requester and provider agents; machine readable constraints on the allowable actions or states of an agent; policy management (merging, delegation, cancel, request, revocation, priorities, preferences, meta-policies); abstract vs. concrete constraints and capabilities; communicating policy decisions to other parties; policy subjects and identity; intermediaries and policy; etc. The Workshop organizers recognize that the domain of Web Services constraints and capabilities has the potential interactions with many existing efforts, including: the WS-Policy Framework and Attachment specifications; the Semantic Web; rule languages; P3P and EPAL; XACML and WSPL; the IETF Policy Framework; HTTP headers and other Web-based policies. [Full context]

Earlier News April-June 2004

  • [June 30, 2004]   Oracle BPEL Process Manager Provides SOA and Integration Platform Support.    At the JavaOne 2004 Conference, Oracle announced the immediate availability of the Oracle BPEL Process Manager, provided free on the Oracle Technology Network for download and evaluation. The Business Process Execution Language (BPEL) is being developed within the OASIS Web Services Business Process Execution Language Technical Committee, chartered to continue work on the business process language published in the April 2002 Business Process Execution Language for Web Services (BPEL4WS) specification. Based upon Oracle's acquisition of Collaxa Inc. and the Collaxa BPEL Server, the Oracle BPEL Process Manager provides a "complete Service Oriented Architecture (SOA) and integration platform, makeing it easier for organizations to coordinate Web services and automate business processes." The Oracle BPEL Process Manager "is a new addition to the Oracle product portfolio, enabling enterprises to model, deploy and manage BPEL processes. It comprises an easy-to-use BPEL modeler, a scalable BPEL engine, an extensible WSDL binding framework, a monitoring console and a set of built-in integration services (transformation, user task, java embedding). It offers native and comprehensive BPEL support, ease-of-use, and cross-platform support." The Oracle BPEL Process Manager, "hailed as the best BPEL implementation on the market, enables organizations to easily implement adaptive transactions and collaborative business processes based on composite applications. The solution includes an engine for executing business processes, a console to monitor, manage and debug business processes and a rich graphical interface to design and build business processes. With its native BPEL engine, Collaxa provided organizations such as the European Space Agency, SAIC and British American Tobacco the most open means for executing business processes written in BPEL. When coupled with Oracle Application Server 10g, this native BPEL engine completes Oracle's comprehensive SOA and integration platform." [Full context]

  • [June 28, 2004]   Sun Releases JDesktop Network Components (JDNC) as an Open Source Project.    Sun Microsystems has announced the release of the open source JDesktop Network Components (JDNC) Project on JDNC includes the lightweight JDNC Markup Language, and aims to "simplify the development of rich networked desktop applications by means of a set of high-level user interface components with built-in networking and data-binding support." The JDNC Markup Language is "a simple, extensible XML-based markup language that enables developers to configure JDNC based clients using XML and deploy them either as Java Web Start applications or as applets in a standard browser." JDNC "leverages the power of J2SE and Swing while providing a higher level API, as well as an optional XML markup language, which enables common user-interface functionality to be constructed more quickly, without requiring extensive Swing or GUI programming skill. Additionally, JDNC simplifies the task of connecting a rich client to a J2EE backend, including JDBC and WebServices." JDNC has a specific goal to make programming shortcuts accessible to a broader developer base, and especially to markup language developers. It will allow a wider audience to build "rich, data-centric, Java desktop clients for J2EE-based network services comparable to what enterprise developers typically build, such as SQL database frontends, forms-based workflow, and data visualization applications. Three standard client deployment options are supported for JDNC, since is completely Java-based: (1) as a standalone application; (2) an application deployed with Java WebStart; (3) Applet deployed in a browser using Java Plugin. "When using the JDNC markup language, the same JDNC XML markup file may be used in all three cases. JDNC provides the bootstrapping classes which interpret the XML file and realize its contents in the appropriate toplevel UI container." Offered under the Lesser General Public License (LGPL), JDesktop Network Components is one of several open source projects announced by Sun at the JavaOne 2004 Conference. Other technologies contributed to open source include Project Looking Glass, Java 3D Desktop Technology, and JDesktop Integration Components (JDIC). [Full context]

  • [June 25, 2004]   IETF Releases Anti-Spam Sender ID Internet Draft Specification.    The IETF has released a revised version of the Internet Draft MTA Authentication Records in DNS from the MARID Working Group, now called the 'Sender ID' specification. Jointly authored by Jim Lyon (Microsoft) and Meng Weng Wong (, the Sender ID draft represents a merger of the Sender Policy Framework (SPF) specification and Microsoft's Caller ID for E-mail proposal. The authors "hope to simplify industry adoption of effective e-mail authentication technology, thereby helping more swiftly provide greater spam protection to e-mail users worldwide." Meng Weng Wong has authored a separate informational I-D Behind The Curtain: An Apology for Sender ID. It explains that "Sender ID follows from a set of design decisions; those decisions were motivated by philosophical, engineering, and political considerations. The document reviews some of the important choice that distinguish Sender ID from alternative possibilities in the same space." Motivation for the Sender ID draft is presented in the abstract: "Internet mail suffers from the fact that much unwanted mail is sent using spoofed addresses — 'spoofed' in this case means the address is used without the permission of the domain owner." The Sender ID document describes mechanisms by which a domain owner can publish its set of outgoing MTAs [Mail Transfer Agents], mechanisms by which SMTP servers can determine what email address is allegedly responsible for most proximately introducing a message into the Internet mail system, and whether that introduction is authorized by the owner of the domain contained in that email address." One part of the proposal's decision model involves finding a purported responsible address and extracting the domain part of the purported responsible address, called a purported responsible domain. Then an E-mail Policy Document for the purported responsible domain would be located. The E-mail Policy Document is modeled by an XML infoset that contains, among other things, a definition of the four-argument client authorization function. The Sender ID draft "describes those parts of the XML infoset that define the mail acceptance function. The infoset may contain other information relating to e-mail; this other information may be the subject of future IETF consensus processes." Industry experts are by no means agreed that the Sender ID proposal constitutes a real solution to the spamming problem, or that the net effect will be judged positive by all parties. The authors of the specification assert that the design "is carefully tailored to ensure that the overwhelming majority of legitimate emailers, remailers and mailing list operators are already compliant." [Full context]

  • [June 24, 2004]   Application Vulnerability Description Language (AVDL) Becomes an OASIS Standard.    OASIS has announced the approval of Application Vulnerability Description Language Version 1.0 as an OASIS Standard. AVDL is a security interoperability standard for creating a uniform method of describing application security vulnerabilities using XML. The version 1.0 specification "describes a standard XML format that allows entities such as applications, organizations, or institutes to communicate security information regarding web. AVDL provides an open XML-based vulnerability assessment output that will be used to improve the effectiveness of attack prevention, event correlation, and remediation technologies." Based upon the AVDL information exchange model, application administrators use an assessment tool to determine if their networked applications are "vulnerable to various types of malicious attacks. An assessment tool records and catalogues detected vulnerabilities in an XML file in AVDL format. An application security gateway then uses the AVDL information to recommend the optimal attack prevention policy for the protected application. In addition, a remediation product uses the same AVDL file to suggest the best course of action for correcting the security issues. Finally a reporting tool uses the AVDL file to correlate event logs with areas of known vulnerability." According to Jan Bialkowski of NetContinuum, Co-chair of the OASIS AVDL Technical Committee, "organizations are drowning in the flood of security bulletins and alerts while application vulnerability exploits are wreaking havoc on networks around the globe; AVDL offers an automated way to break this cycle by dramatically reducing the time between the discovery of a new vulnerability and the response time to block attacks at the security gateway." The AVDL TC Chairs indicate that some features of the AVDL specification design were inspired by Mitre's Open Vulnerability Assessment Language (OVAL), which uses the Common Vulnerabilities and Exposures (CVE) database. Related technical work is being done within the OASIS Web Application Security TC based upon Application Security Attack Components (ASAC) and VulnXML, developed by the Open Web Application Security Project (OWASP). [Full context]

  • [June 23, 2004]   IPTC Collaborates with Adobe to Integrate XMP into Image Metadata Specifications.    Adobe Systems and the International Press Telecommunications Council (IPTC) have announced a collaborative effort to extend the capabilities of IPTC metadata through use of Adobe's Extensible Metadata Platform (XMP). The Adobe XMP specification "standardizes the definition, creation, and processing of metadata by providing a data model, storage model (serialization of the metadata as a stream of XML), and formal schema definitions (predefined sets of metadata property definitions that are relevant for a wide range of applications). XMP makes use of the W3C XML-based Resource Description Framework (RDF) standard in order to represent the metadata properties associated with a document. The International Press Telecommunications Council (IPTC) Consortium includes the world's major news agencies and news industry vendors. IPTC develops and maintains technical standards for improved news exchange, including XML-based standards for news content and metadata: NewsML, SportsML, ProgramGuideML, and EventsML. The IPTC also develops and maintains controlled vocabularies of terms of significance to publishers, "the most significant of which are part of the Subject Reference System (SRS). This metadata system includes a taxonomy of subject codes, listings of roles and genres of news components, and ratings for relevance, priority, urgency, and other characteristics. These sets of terms can be assigned as metadata to news objects such as text, photographs, graphics, audio- and video files, and streams." According to the joint announcement, incorporating Adobe XMP into IPTC metadata specifications "will expand the scope of information captured to describe the content of images and extend the reach of IPTC metadata beyond its traditional constituencies. For example, photographs can be tagged with richer detail including usage rights, limitations and assignment information, creating a direct link between editorial systems and photographer's work." Current IPTC users also welcome the incorporation of XMP's rights management schema which defines properties relating to legal ownership and usage terms applicable to digital news items. XMP's capabilities extend the current IPTC structure to support "advanced metadata capabilities, including rights management, for the current customer base, which includes the largest circulation newspapers in the United States." Adobe and IPTC have also announced their intent to "develop future implementations that will be accessible via the Adobe Creative Suite, and related point products including Photoshop CS, through a customizable metadata user interface. This is intended to streamline the data capture process and allow relevant IPTC metadata to be preserved as the file is utilized across news and derivative workflows. As part of its collaboration, Adobe and IPTC plan to establish a working group that will identify a strategy for users to transition to IPTC implementations that take advantage of XMP extensibility." [Full context]

  • [June 21, 2004]   Workflow Management Coalition Hosts ASAP and Wf-XML 2.0 Interoperability Demo.    The Workflow Management Coalition (WfMC) has announced a multi-vendor interoperability demonstration for Wf-XML 2.0 and the OASIS Asynchronous Service Access Protocol (ASAP). The interop demo will be held June 23, 2004 at the BrainStorm Business Process Management Conference in San Francisco. ASAP is currently a Working Draft specification being developed by an OASIS Technical Committee. This TC was chartered to create a very simple extension of Simple Object Access Protocol (SOAP) that enables generic asynchronous webservices or long-running webservices. ASAP is a "web services protocol that can be used to access a generic service that might take a long time to complete. Existing web services protocols protocols work best when the service can provide an answer quickly, within a minute or two at the longest. ASAP is useful when the answer might take longer than this — for example services that last from minutes to months in duration. The service being invoked might be fully automated, a manual task that a person performs, or any mixture of the two. This capability to handle both automated and manual activities is what makes ASAP particularly suited for B2B and intra-organizational service request scenarios." Wf-XML Version 2.0 was produced by the Workflow Management Coalition (WfMC), and extends the ASAP model to include BPM and workflow interchange capabilities. Wf-XML "introduces the concept that factories themselves may be added and removed. The concept of a container resource is defined, and operations are defined to list factories and to create new ones. A business process engine "is a special type of asynchronous service: it has the ability to be started, to involve people in that process, and to complete some time later. One BPM engine can be easily linked to another BPM engine using Wf-XML. Wf-XML extends ASAP by including the ability to retrieve the process definition, and to monitor the current state of a running process instance. Wf-XML 2.0 both simplifies and strengthens the implementation of asynchronous services to support business process interoperability." The Interoperability Demonstration will involve products that have implemented the Wf-XML 2.0 web commerce protocol, and will include scenarios with Customer, Retailer and Manufacturer. "All clients and servers will be internet; demonstration client each have a simple UI to invoke the asynchronous services from a web form. Each implementation exposes a factory that can be called with a specified context structure, and should return a specific result structure within a few seconds." [Full context]

  • [June 18, 2004]   W3C Public Working Draft on Content Selection for Device Independence (DISelect).    The W3C Device Independence Working Group (DIWG) has released a First Public Working Draft for Content Selection for Device Independence (DISelect) 1.0 as part of the W3C Device Independence Activity. The draft specification "represents one part of the approach being developed within DIWG for the provision of a markup language that supports creation of web sites that can be used from a wide variety of devices with a wide variety of characteristics. The overall approach being taken by DIWG is based on the development of a device independent profile for XHTML. The profile will be based on XHTML Version 2, XForms, and current and forthcoming versions of CSS. DIWG is developing additional modules that can be added to this combination of specifications to complete the profile. This specification describes the module that provides selection between versions of materials." According to the WD abstract, the new document "specifies a syntax and processing model general purpose selection. Selection involves conditional processing of various parts of an XML information set according to the results of the evaluation of expressions. Using this mechanism some parts of the information set can be selected for further processing and others can be suppressed. The specification of the parts of the infoset affected and the expressions that govern processing is by means of XML-friendly syntax. This includes elements, attributes and XPath expressions. The document specifies how these components work together to provide general purpose selection." The DISelect specification "provides a simple mechanism for the selection of the content that is to be expressed when adaptation takes place. Its processing model will follow the XInclude approach of positioning the document that contains DISelect items as the input to a step in which it is replaced by host markup based on processing of DISelect." Attributes and elements are defined for conditional processing. DISelect variables to help reduce the complexity of expressions and markup. DISelect uses a subset of XPath 1.0 to express the calculations and conditions involved when determining whether or not a particular piece of content is to be included for processing. This subset is sufficient to construct conditional expressions and expressions that return values. It also includes the ability to invoke XPath functions." [Full context]

  • [June 17, 2004]   European Commission's IDA TAC Publishes Recommendations on Open Document Formats.    The TAC (Telematics Between Administrations Committee) of the EC's IDA Community Programme has announced approval of an expert group's conclusions and recommendations on open document formats, with special focus upon XML formats in OpenOffice.Org and WordML. IDA (Interchange of Data between Administrations) is "a Community Programme managed by the European Commission's Enterprise Directorate General. IDA supports the implementation of EU legislation, from internal market regulations to consumer and health policies, by facilitating the exchange of information between public administrations across Europe through the use of information technology." "The TAC, which guides the Community programme for the Interchange of Data between Administrations (IDA), gave its support to recommendations that were prepared by a group of experts from EU Member States, based on an IDA report on the current market situation for document formats. While suggesting that the public sector should make use of XML-based document formats, the recommendations place particular importance on standardisation to ensure market access to industry actors. The TAC endorsed the IDA Expert Group's recommendations at a May 25, 2004 meeting, recognizing "the special responsibility of the European public sector to ensure the accessibility of its information, with a view to rationalising and improving the interactions with citizens and enterprises, and taking into account the importance of the public sector as buyer of IT services and products." The Expert Group stated that standardization initiatives "will ensure not only a fair and competitive market but will also help safeguard the interoperability of implementing solutions whilst preserving competition and innovation. Therefore, the submission of the OpenOffice.Org format to the Organization for the Advancement of Structured Information Standards (OASIS) in order to adopt it as the OASIS Open Office Standard should be welcomed." Further, "Industry is encouraged to provide filters that allow documents based on the WordML specifications and the emerging OASIS Open Document Format to be read and written to other applications whilst maintaining a maximum degree of faithfulness to content, structure and presentation; these filters should be made available for all products." [Full context]

  • [June 16, 2004]   IETF Forms New Atom Publishing Format and Protocol (atompub) Working Group.    The Internet Engineering Steering Group (IESG) has announced the formation of an Atom Working Group in the IETF Applications Area. Atom is being created as an enhancement to functionality provided in the popular RSS syndication format, currently documented in several semi-official XML specifications. Atom "defines a feed format for representing and a protocol for editing Web resources such as Weblogs, online journals, Wikis, and similar content. The feed format enables syndication; that is, provision of a channel of information by representing multiple resources in a single document. The editing protocol enables agents to interact with resources by nominating a way of using existing Web standards in a pattern. Chaired by Paul Hoffman and Tim Bray under the supervision of Applications Area Advisor Scott Hollenbeck, the IETF Atom Publishing Format and Protocol (atompub) Working Group will "use experience gained with RSS (variably used as a name by itself and as an acronym for 'RDF Site Summary', 'Rich Site Summary', or 'Really Simple Syndication') as the basis for a standards-track document specifying the model, syntax, and feed format. The feed format and HTTP will be used as the basis of work on a standards-track document specifying the editing protocol. The goal for the working group is to produce a single feed format and a single editing protocol; the working group will only consider additional formats or additional protocols if those charter changes are approved by the IESG." According to the new WG Charter, the working group "will also take steps to ensure interoperability, by unambiguously identifying required elements in formats, clearly nominating conformance levels for different types of software, and providing clear extensibility mechanisms and constraints upon them." Atom currently consists of "a conceptual model of a resource, a concrete syntax for this model, a syndication and archiving format (the Atom feed format) using this syntax, and an editing protocol using this syntax. The Atom protocol will be designed to provide security services for updating and accessing dynamic online resources. The working group will consider current known issues with requirements for remote access, along with the fact that many such resources are constrained by providers who provide the resource owners with little configuration control." The proposed WG schedule calls for release of initial Internet Drafts of the Atom feed format and Atom editing protocol in June 2004. These Internet Draft would be submitted approval as Last Call drafts in March 2005, and would be submitted to the IESG for consideration as Proposed Standards in April 2005. [Full context]

  • [June 15, 2004]   Last Call Review for IETF Indication of Message Composition for Instant Messaging.    The Internet Engineering Steering Group (IESG) has announced a Last Call review of the Internet Draft Indication of Message Composition for Instant Messaging, prepared by the IETF's SIP for Instant Messaging and Presence Leveraging Extensions (SIMPLE) Working Group. The Internet Draft describes an XML-based status message that can be used to indicate the current composing status to participants in an IM conversation. "In instant messaging (IM) systems, it is useful to know during an IM conversation that the other party is composing a message, e.g., typing or recording an audio message. The document defines a new status message content type and XML namespace that conveys information about a message being composed. Status messages are carried as XML, as instances of the XML Schema defined in the draft and labeled as an application/im-iscomposing+xml content type." The draft distinguishes two types of messages used in an IM conversation: one is the "content message" which "conveys actual content between two or more users engaged in an instant messaging conversation; the other is the "status message" which "indicates the current composing status to the other participants in a conversation. The status message can indicate the composition of a message of any type, including text, voice or video. The status messages are delivered to the instant messaging recipient in the same manner as the instant messages themselves. The Internet Draft Indication of Message Composition for Instant Messaging is legally encumbered, according to an IETF Patent Disclosure and Licensing Declaration from Microsoft on the version -00 'is-composing ' draft of March 2004. Microsoft declined to make a royalty-free declaration provided in the IPR Template ("Royalty-Free, Reasonable and Non-Discriminatory License to All Implementers"), electing instead a RAND declaration for two issued patents and potentially for related unpublished pending patent application(s). The IESG solicits public comment on this Internet Draft by 2004-06-28. [Full context]

  • [June 09, 2004]   W3C Web Services Working Groups Release New Drafts on Handling of Binary Data.    Six new or updated specifications related to binary content have been released by members of the W3C XML Protocol Working Group and Web Services Description Working Group. Both Working Groups are part of the W3C Web Services Activity. XML-binary Optimized Packaging and SOAP Message Transmission Optimization Mechanism are now Last Call Working Drafts which enhance SOAP Version 1.2 performance. Feedback on these WDs may be sent to the XML Protocol Working Group through 2004-06-29. The XML-binary Optimized Packaging (XOP) convention provides a means of more efficiently serializing XML Infosets that have certain types of content. A concrete implementation of the XOP format designed for carrying SOAP messages is defined in the SOAP Message Transmission Optimization Mechanism Working Draft; it describes both an abstract feature and a concrete implementation of XOP for optimizing the transmission and/or wire format of SOAP messages. A new W3C Note written by Michael Mahan (Nokia) answers questions about design decisions in the choice of the include mechanism selected by the XML Protocol Working Group during construction of XML-binary Optimized Packaging (XOP). XOP Inclusion Mechanism: Frequently Asked Questions explains the use of xop:Include as a "a minimal include element that defines one mandatory href attribute information item for the URI link to the related MIME part in a XOP package." The SOAP 1.2 Attachment Feature Note "defines a SOAP feature that represents an abstract model for SOAP attachments. It provides the basis for the creation of SOAP bindings that transmit such attachments along with a SOAP envelope, and provides for reference of those attachments from the envelope. SOAP attachments are described using the notion of a compound document structure consisting of a primary SOAP message part and zero or more related documents parts known as attachments." An updated SOAP Optimized Serialization Use Cases and Requirements Working Draft document "serves to motivate and constrain the scope of the XML Protocol WG's work on a SOAP Message Transmission Optimization Mechanism. A new Assigning Media Types to Binary Data in XML Working Draft "addresses the need to indicate the media type associated with binary element content in an XML document and the need to specify, in XML Schema, the expected media types associated with binary element content. It is expected that the additional information about the media type will be used for optimizing the handling of binary data that is part of a Web services message." [Full context]

  • [June 08, 2004]   Tags for Identifying Languages: IESG Issues Last Call Review for IETF BCP.    The Internet Engineering Steering Group (IESG) has announced a last call review for the Internet Draft Tags for Identifying Languages, edited by Addison Phillips (webMethods) and Mark Davis (IBM). The IESG intends to make a decision within the next few weeks on the request to approve this document as an IETF Best Current Practice (BCP) RFC. Commonly referenced as "RFC 3066bis," this working draft of Tags for Identifying Languages is intended to replace Tags for the Identification of Languages (IETF RFC 3066, BCP 47, January 2001). RFC 3066bis describes the "structure, content, construction, and semantics of language tags for use in cases where it is desirable to indicate the language used in an information object. It also describes how to register values for use in language tags and a construct for matching such language tags, including user defined extensions for private interchange." RFC 3066bis will represent a significant improvement in language identification facility if it is approved as a an IETF BCP that supersedes RFC 3066. Both XML 1.0 and XML 1.1 normatively reference RFC 3066 for purposes of language identification: "In document processing, it is often useful to identify the natural or formal language in which the content is written. A special attribute named xml:lang may be inserted in documents to specify the language used in the contents and attribute values of any element in an XML document. In valid documents, this attribute, like any other, must be declared if it is used. The values of the attribute are language identifiers as defined by IETF RFC 3066, Tags for the Identification of Languages, or its successor..." The main goals in the revision RFC 3066 are: (1) to maintain backward compatibility, so that all previous codes would remain valid; (2) to reduce the need for large numbers of registrations; (3) to provide a more formal structure to allow parsing into subtags even where software does not have the latest registrations; (4) to provide stability in the face of potential instability in ISO 639, 3166, and 15924 codes — demonstrated instability in the case of ISO 3166; and (5) to allow for external extension mechanisms." The revision of IETF RFC 3066 represents one of several standards efforts currently underway to enhance intelligent computer processing of machine-readable natural language through the use of language description in markup contexts. The IESG solicits final comments on the proposal to approve "RFC 3066bis" as an IETF BCP. Feedback should be sent to the relevant IETF mailing lists by 2004-07-05. [Full context]

  • [June 07, 2004]   W3C First Public Working Draft for RDF Data Access Use Cases and Requirements.    The W3C RDF Data Access Working Group has released an initial Working Draft specification for RDF Data Access Use Cases and Requirements which "outlines use cases for RDF query languages and access protocols and their requirements, examining their design objectives." The Working Draft has been produced as part of the W3C Semantic Web Activity. The RDF Data Access Working Group was chartered to "gather requirements and to define an HTTP and/or SOAP-based protocol for selecting instances of subgraphs from an RDF graph," paying special attention to the RDF Net API submission. The WG's work involves specification of a "language for the query and the use of RDF in some serialization for the returned results. The query langauge may have aspects of a path language similar to XPath (used for XML in XSLT and XQuery) and various RDF experimental path syntaxes." The Use Cases and Requirements draft clarifies some of the objectives in the W3C design of an RDF query language and data access protocol. "Each use case describes a user-oriented context in which the RDF query language or protocol or both are used to solve a real problem. The use cases characterize some of the most important and most common motivations behind the development of existing RDF query languages and access protocols. The use cases, in turn, inform decisions about requirements, that is, the critical features that a standard RDF query language and data access protocol require, as well as design objectives that are not on the critical path." "The RDF data model is a directed, labeled graph with edges labeled with URIs and nodes that are either unidentified, literals, or URIs. The W3C's Semantic Web Activity is based on RDF's flexibility as a means of representing data. While there are several standards covering RDF itself, there has not yet been any work done to create standards for querying or accessing RDF data. There is no formal, publicly standardized language for querying RDF information. Likewise, there is no formal, publicly standardized data access protocol for interacting with remote or local RDF storage servers." The requirements sketched in the initial Working Draft are in development: the RDF Data Access Working Group has adopted some but not all of these requirements; several are still under discussion. The team invites feedback especially with respect to which use cases and requirements should be elaborated, clarified, removed, or added. [Full context]

  • [June 03, 2004]   Proposed Technical Specification for Web Services Addressing and Referencing Framework.    A bold move to catalyze standards convergence and create a public Web Services Addressing specification has been published on W3C's open Web services mailing list. Representatives from eleven major companies have proposed the creation of a new technical activity to "bring about industry convergence in the area of Web Service Referencing and Addressing." An open letter from Jeff Mischkinsky (Oracle) to the W3C AC Forum contains the proposal from W3C Advisory Committee members representing Arjuna, CycloneCommerce, Enigmatec, Fujitsu, Hitachi, Iona, NEC, Nokia, Oracle, SeeBeyond, and Sun. Two principal specifications in the web services addressing and referencing area would be used as input to the new technical activity; the working group would "use these inputs without prejudice or restriction and, evaluate them on their technical merit,in its deliberations to create deliverables which satisfy the Charter requirements," together with other contributions which conform to the goals and scope of the proposed Charter. One is the the Web Services Addressing (WS-Addressing) specification, provided that it is submitted for such use. WS-Addressing is a proprietary specification in three published versions, owned by BEA, IBM, and Microsoft. The second key specification is WS-MessageDelivery Version 1.0, which "defines an abstract set of message delivery properties enabling message delivery for Web services that utilize Message Exchange Patterns associated with WSDL documents." WS-MessageDelivery is already a W3C Member Submission, contributed by a subset of W3C members companies that drafted the new proposal. Key deliverables from the proposed working group would include a WS-Addressing and Referencing Framework Recommendation and a corresponding primer which introduces the new specification, including use cases and scenarios. As justification for the new activity, the proposers reference the substantial informal discussion about how to bring about industry convergence in the area of web services addressing and are seeking to create a technical activity that "would have the participation of the entire web service community: we believe that the requirements are clear and that substantial contributions exist. With industry recognition of these elements, and contribution of their use, it is apparent that reasonable convergence should be feasible now." According to the a proposed Scope statement, "The ability to identify participants in a Web service message exchange is fundamental to the dynamic and ever changing world of on-line business. WSDL provides mechanisms to define and describe the server side of an interaction (i.e. where to send a one way or a request messages to), but there are no standardized mechanisms to identify other delivery destinations that may exist in a message exchange pattern, such as a reply-to destination." The purpose of the proposed working group would be to "define extensible and reusable mechanisms to reference Web Services, to allow such Web service references to be passed in messages, and to support WSDL Messsage Exchange Patterns. The specification would support the MEPs in WSDL 1.1, the MEPs anticipated in WSDL 2.0 if it is sufficiently progressed, and may define support for other useful MEPS such as basic callback." As proposed, the new working group would "collaborate with W3C efforts within the Web Service Activity including WSD, XMLP, WS-Chor as appropriate. [It would] collaborate with relevant OASIS TCs such as WS-RF, WS-N, WS-CAF, WS-BPEL, ASAP as appropriate." The authors of the proposal welcome debate and comments, either publicly or privately. [Full context]

  • [June 02, 2004]   Email Spoofing Targeted in IETF Draft on MTA Authentication Records in DNS.    An updated IETF Internet Draft has been published for MTA Authentication Records in DNS, representing one of several current proposals aimed at design of mechanisms to reduce spoofing of email headers and delivery of (virus-bearing) spam. The MTA Authentication Records in DNS draft borrows heavily from earlier proposals that involve use of a DNS record to check the legitimacy of an email address; it also incorporates ideas proposed by many members of the IETF MARID (MTA Authorization Records in DNS) Working Group. Other IETF draft proposals include: Sender Policy Framework (SPF): A Convention to Describe Hosts Authorized to Send SMTP Traffic; Caller ID for E-mail; The RMX DNS RR and Method for Lightweight SMTP Sender Authorization. The MTA Authentication Records in DNS Internet Draft describes mechanisms by which a domain owner can publish its set of outgoing Mail Transfer Agents (MTAs), and mechanisms by which SMTP servers can determine what email address is allegedly responsible for most proximately introducing a message into the Internet mail system, and whether that introduction is authorized by the owner of the domain contained in that email address. The specification is carefully tailored to ensure that the overwhelming majority of legitimate emailers, remailers and mailing list operators are already compliant." As with other current proposals, this IETF Internet Draft uses XML in its solution. Given an email message and an IP address from which it has been (or will be) received, the decision model tests whether the SMTP client at the host address authorized to send that email message. Part of the authentication process involves finding the E-mail Policy Document for the purported responsible address; this E-Mail Policy Document contains a description of a client authorization function with four arguments (the local-part of an email address; a domain name called the "original domain"; a domain name called the "current domain"; an IP address, either IPv4 or IPv6. An E-mail Policy Document "is modeled by an XML infoset that contains, among other things, a definition of the client authorization function; this function can be used to determine whether a domain owner is willing to take responsibility for e-mail that is sent by a particular SMTP client." The draft specification describes those parts of the XML infoset that define the mail acceptance function, provides a description of the macro expansion performed on the character data in some of the elements, and presents the algorithm by which the XML infoset may be obtained. Appendix B provides an XML Schema for 'urn:ietf:params:xml:schema:marid-1'. This IETF proposal recognizes that "a huge majority of the unwanted email contains headers that lie about the origin of the mail; this is true of most spam and substantially all of the virus email that is sent. The document describes a mechanism such that receiving MTAs, MDAs and/or MUAs can recognize mail in this category and take appropriate action." [Full context]

  • [May 31, 2004]   Open Mobile Alliance Releases Working Drafts for OMA DRM Version 2.0.    The OMA Browser and Content (BAC) Download and DRM Sub-Working Group has released several draft specifications as part of the OMA DRM 2.0 Enabler Release, announced in February 2004. The Open Mobile Alliance (OMA) Digital Rights Management technology "enables the distribution and consumption of digital content in a controlled manner, where content is distributed and consumed on authenticated devices per the usage rights expressed by the content owners. OMA DRM work addresses the various technical aspects of this system by providing appropriate specifications for content formats, protocols, and rights expression languages." OMA DRM 2.0 builds upon core DRM functionality specified in the OMA DRM 1.0 Enabler Release, now supported on more that fifty (50) mobile handsets. The new OMA DRM enabler release "takes advantage of expanded device capabilities and offers improved support for audio/video rendering, streaming content, and access to protected content using multiple devices, thus enabling new business models. It enables the protection of premium content such as music tracks, video clips, and games, with enhanced security and improved support to preview and share content." Support for OMA DRM 2.0 has been announced by numerous mobile device vendors and content suppliers. The OMA DRM 2.0 Enabler Release Specification Baseline introduces the five principal documents: DRM Rights Expression Language V2.0 defines the XML/ODRL-based rights expression language used to describe the permissions and constraints governing the usage of DRM protected media objects. The DRM Specification V2.0 defines the the format and semantics of the cryptographic protocol, messages, processing instructions and certificate profiles, including the Rights Object Acquisition Protocol (ROAP) messages, the domains functionality, transport mappings for ROAP, binding rights to user identities, exporting to other DRMs, the certificate profiles, and application to other services"; these features are outlined in the OMA DRM Requirements. A DRM Architecture document defines the overall architecture for DRM 2.0 including informative descriptions of the technologies and their uses. DRM Content Format V2.0 defines the content format for DRM protected (encrypted) media objects. XML schemas are provided for Rights Object Acquisition Protocol (ROAP) protocol data units, Rights Object Acquisition Protocol trigger media type, and the OMA DRM Rights Expression Language. The OMA DRM Rights Expression Language (REL) V2.0 is defined as a mobile profile of the Open Digital Rights Language (ODRL). ODRL is an XML-based rights expression language free of licensing restrictions, providing a lightweight formal mechanism for specifying rights independently of the content type and transport mechanism. [Full context]

  • [May 28, 2004]   Java Web Services Developer Pack V1.4 Supports WSS and WS-I Specifications.    Sun Microsystems has announced Java Web Services Developer Pack (Java WSDP) version 1.4 along with Sun Java System Application Server 7 Enterprise Edition. The Java WSDP is a "free integrated toolkit that allows Java developers to build and test XML applications, Web services, and Web applications with the latest Web service technologies and standards implementations. With 1.2 million downloads to date, the Java WSDP from Sun is one of the most popular toolkits for accelerating development of secure and interoperable Web services applications." According to the Sun announcement, Java WSDP 1.4 has been enhanced to support the latest Web services security standards and Web Services Interoperability Organization (WS-I) Basic Profile 1.1 with Attachments Profile 1.0. It also provides support for a full implementation of the OASIS Web Services Security (WSS) specification, providing message level security for SOAP. This technology helps allow developers to build reliable Web services, including XML digital signature (JSR 105), XML message encryption and authentication for Web services applications. The Java WSDP 1.4 will support a broader set of Web containers, allowing choice and flexibility for developers. In addition to Apache Tomcat, developers will be able to deploy to the Sun Java System Application Server and the Sun Java System Web Server." The toolkit is scheduled for general availability in June 2004, downloadable from the Sun Developer Network web site. Sun also announced the immediate availability the new Sun Java System Application Server 7 which features greater enterprise Java technology-based Web services performance, with scalability reaching over 100 linear CPUs and new technology that supports five-nines (99.999%) availability. Java System Application Server 7 EE provides a high performance, scalable and robust enterprise Java platform for delivering enterprise-class application services and Web services. The Application Server offers an economically compelling platform for deploying mission-critical applications that require extremely high availability and massive scalability. New features of the Java System Application Server 7 EE include a reference architecture that provides best practice recommendations for high availability; support for multiple platforms, including the Solaris Operating System, Linux, Red Hat, HP-UX 11i and Windows, and full enterprise Java platform application failover with added Enterprise JavaBeans (EJBs) specification support and Remote Method Invocation over Internet Inter-Orb Protocol (RMI/IIOP) failover." [Full context]

  • [May 26, 2004]   Industry Shows Heightened Interest in Federated Identity-Based Web Services.    Recent announcements about the adoption of identity federation standards and demonstrated interoperability of enterprise-level products reveal a growing interest in deploying secure, identity-based Web Services across company boundaries. The Liberty Alliance consortium has released a new overview document describing the general applicability of its Identity Web Services Framework (ID-WSF) to Web services. Finalized in November 2003, Liberty's ID-WSF suite of specifications supports the development of Web services which "typically require a number of standard functions, including authentication, security, service discovery, and the communication of service policy. Liberty ID-WSF provides such functionality, allowing the development of secure, privacy-protected Web services. AOL, Nokia and Vodafone are among approximately thirty (30) member companies that have announced products and services or plans for products and services based on Liberty specifications. Federated, identity-based Web services allow companies to connect their applications with their partners' or customers' applications by granting trusted entities access to services and information protected by firewalls." Microsoft announced that six companies participating in a WS-Federation interoperability workshop completed testing of their products; the solution was demonstrated in the Microsoft Interoperability Pavilion Microsoft at the TechED conference. Several participating companies have issued announcements describing the implementation of federated identity specifications in their products, including support for Web Services Federation (WS-Federation), OASIS Web Services Security (WSS) 1.0, SAML, and Liberty Alliance. WS-Federation (from BEA, IBM, Microsoft, RSA Security, and Verisign, July 2003) "defines mechanisms that are used to enable identity, account, attribute, authentication, and authorization federation across different trust realms. The mechanisms can be used by passive and active requestors; the Web service requestors are assumed to understand the new security mechanisms and be capable of interacting with Web service providers." RSA Security's announcement reports that Dan Blum of Burton Group counts "approximately 200 organizations currently implementing browser-based federated identity solutions, primarily utilizing the SAML (Security Assertion Markup Language) specification." Ping Identity Corporation has founded an open source community project ( for federated identity management based upon the SAML, Liberty Alliance, and WS-Federation specifications. Its goal is to promote education about a federated identity infrastructure that "enables cross-boundary single sign-on, dynamic user provisioning and identity attribute sharing; by providing for identity portability, identity federation affords end-users with increased simplicity and control over the movement of personal identity information while simultaneously enabling companies to extend their security perimeter to trusted partners." [Full context]

  • [May 24, 2004]   Updated WS-Trust and WS-SecureConversation Specifications Accompany Microsoft WSE 2.0.    On May 24, 2004 Microsoft announced the final release of Web Services Enhancements 2.0 and revised specifications for Web Services Trust Language (WS-Trust) and Web Services Secure Conversation Language (WS-SecureConversation). According to Microsoft's summary Fact Sheet, WSE 2.0 is a "supported add-on to Microsoft Visual Studio .NET and the Microsoft .NET Framework that enables developers to build security-enhanced Web services based on the latest Web services protocol specifications and standards. Today more than 250,000 developers use WSE to create security-enhanced connected systems that help improve business processes within and beyond corporate trust boundaries and create new revenue-generating opportunities." These "latest Web services specifications and standards" include WS-Security 2004, WS-Policy, WS-SecurityPolicy, WS-Trust, WS-SecureConversation, and WS-Addressing; WS-Security 2004 became an OASIS Standard in April 2004, while the other five protocol specifications are proprietary. The revised Version 1.1 drafts of WS-Trust and WS-SecureConversation update the previous Version 1.0 specifications published by IBM, Microsoft, RSA, and VeriSign on December 18, 2002. These two documents are featured prominently in Microsoft's WSE 2.0 announcements. "What's New" says that WSE's support of the WS-Trust and WS-SecureConversation specifications "provides the capability to programmatically request a security token using a SOAP message, and that token can be used for a series of SOAP messages between a SOAP message sender and a target Web service. WSE allows you to build a security token service or configure one that issues security context tokens. When configured to issue security context tokens, a SOAP message sender can use the token to sign and/or encrypt a series of SOAP messages, known as a conversation, between a SOAP message sender and the target Web service." According to Martin Gudgin's new article "Using WS-Trust and WS-SecureConversation," the Web Services Enhancements (WSE) Toolkit Version 2.0 "provides implementations of both specifications to enable Web Service producers and consumers to secure their applications"; it implements the latest version of WS-Trust, providing a SecurityTokenService class as the base class for processing issuance, renewal, and validation requests for security tokens; it also implements the latest version of the WS-SecureConversation specification, providing a SecurityContextTokenService class for issuing Security Context Tokens. WSE 2.0 is said to work "in concert with another new addition to Microsoft's Web services offering, Microsoft Office Information Bridge Framework 1.0. Information Bridge Framework is an integrated set of tools that uses eXtensible Markup Language (XML) and Web services to enable information workers to view and act on enterprise business data from within familiar Microsoft Office System programs." [Full context]

  • [May 21, 2004]   SWRL: A Semantic Web Rule Language Combining OWL and RuleML.    W3C has acknowledged receipt of a Member Submission from the National Research Council of Canada, Network Inference, and Stanford University for SWRL: A Semantic Web Rule Language Combining OWL and RuleML. The submission has been made in association with the Joint US/EU ad hoc Agent Markup Language Committee. The SWRL submission package contains three components in addition to the principal prose document: (1) an RDF Schema partially describing the RDF Concrete Syntax of SWRL; (2) an OWL ontology partially describing the RDF Concrete Syntax of SWRL; (3) an XML Schema for the SWRL XML Concrete Syntax. The document "contains a proposal for a Semantic Web Rule Language (SWRL) based on a combination of the OWL DL and OWL Lite sublanguages of the OWL Web Ontology Language with the Unary/Binary Datalog RuleML sublanguages of the Rule Markup Language. SWRL includes a high-level abstract syntax for Horn-like rules in both the OWL DL and OWL Lite sublanguages of OWL. A model-theoretic semantics is given to provide the formal meaning for OWL ontologies including rules written in this abstract syntax. An XML syntax based on RuleML and the OWL XML Presentation Syntax as well as an RDF concrete syntax based on the OWL RDF/XML exchange syntax are also given, along with several examples." Statements concerning copyrights, trademarks, service marks, and patents related to the submission have been made by W3C members and non-members, including the National Research Council of Canada, Network Inference, Stanford University, Lucent Technologies, Macgregor, Inc., Massachusetts Institute of Technology, and BBN Technologies; each of these organizations has granted to the W3C "a perpetual, nonexclusive, royalty-free, world-wide right and license under any of its copyrights in this contribution to copy, publish and distribute the contribution under the W3C document licenses." [Full context]

  • [May 20, 2004]   IETF Releases QA Checklist Document for Specification Production Using XML.    Technical specifications produced by committees with multiple phases of editorial review and feedback are susceptible to myriad QA risks, clerical and otherwise. The Internet Engineering Steering Group (IESG) has announced the publication of a technical memo which "defines a list of often called 'ID-NITS' that need to be checked before an Internet-Draft will be accepted for IESG consideration. The intent is that Working Group chairs check an I-D for any nits before submitting a request-for-publication. All Internet Drafts which are offered for publication as RFCs must conform to the stated requirements or they will be returned to the author(s)/editor(s) for revision." Several items in the checklist related to ABNF and XML syntax used in formal definitions and examples. Additionally, as a suggestion for productivity improvement, the Checklist document strongly recommends following RFC 2629 (Writing I-Ds and RFCs using XML) in the creation of XML source files for generating an Internet Draft. There is an online xml2rfc tool to generate the nroff and Internet Draft files; this tool automatically takes care of most of the formatting, administrative and bureaucratic rules." According to the new Checklist document, all ABNF grammars must be checked, and an online tool is available for validating IETF ABNFs. "Protocol specifications that use XML should always use well-formed XML at a minimum. Sample XML instances included in a specification have to be well-formed, and if the XML is supposed to be valid (according to the current W3C definition of validity), the samples must reference and be validated using an appropriate XML Schema, DTD, or other standard validation mechanism that is structurally and syntactically correct. XML provides structures, such as the <any> element information item in XML Schema, to allow element extensions. If these structures are included in a protocol, the protocol specification must include clear guidance on how, when, and where the extension structures, such as versioning, can be used. All XML Schemas, Namespaces, and Resource Description Framework (RDF) Schemas should be registered with the IANA using the procedures described in Best Current Practice 81, The IETF XML Registry." [Full context]

  • [May 19, 2004]   XML Silicon: The Tarari Random Access XML (RAX) Content Processor.    Tarari Inc. recently announced the availability of its RAX Content Processor which can "easily process millions of XPaths per second." The Random Access XML Content Processor solution was demonstrated at the NetWorld+Interop Las Vegas 2004 event, and represents the latest technology achievement in hardware-accelerated XML processing. Tarari's purpose-built silicon for XML processing is enabled by a core technology called a Simultaneous XPath engine which "produces results directly from the input XML document, whereas DOM or SAX-based systems need to create an in-memory representation of the document." According to a white paper authored by Michael Leventhal, Simultaneous XPath "is vastly faster than any software-based XPath engines (e.g., Saxon, Xalan, libxml) because its performance is insensitive to the number of XPaths in an evaluation group and the complexity of the XPath expressions. Simultaneous XPath handles XML namespaces and namespace prefixing on the fly without pre-scanning and declaration of prefixes; its execution time increases linearly with the file size, without any performance degradation and without memory thrashing." Random Access XML (RAX) "represents a breakthrough in accelerating and simplifying XML processing. Using XPaths as indices, RAX gives applications direct access to any data within an XML message without parsing and without tree or streaming traversal. RAX can be used for any XML application that would traditionally be handled by DOM, SAX, JAXB, BEA's XMLBeans, or any other approach. It enables network switch, server, blade, and appliance vendors to create a variety of new applications such as gigabit message classification and routing, high transaction rate publish and subscribe systems, advanced SOAP message processing, high performance XML security firewalls and real-time telecommunications billing solutions." The Tarari RAX Content Processor hardware device "sits on a 4.2Gbps PCI bus, communicating with main memory through multiple and interleaved DMA channels; this standard PCI card into servers, appliances, and network devices to allow control and inspection of complete messages. The complete Tarari technology solution includes acceleration of XML security, XML compression, and Unicode character conversion." Tarari participated in W3C's September 2003 Binary XML Workshop, and is currently studying how to propose RAX as an industry standard. [Full context]

  • [May 18, 2004]   WS-I Releases Basic Security Profile Version 1.0 Working Group Draft.    The Web Services Interoperability Organization (WS-I) has announced the availability of a Basic Security Profile Version 1.0 Working Group Draft. Publication of the Basic Security Profile follows a February 2004 release of WS-I Security Scenarios Working Group Draft which defined the requirements and scope for the WS-I Basic Security Profile. The WS-I Basic Security Profile Version 1.0 consists of "a set of non-proprietary Web services specifications, along with clarifications and amendments to those specifications which promote interoperability. The Security Profile WD addresses Transport Layer Security, SOAP Message Security, Username Token Profile, X.509 Certificate Token Profile, XML-Signature, XML Encryption, Algorithms, Relationship of Basic Security Extension Profile to Basic Profile, and Attachment Security. The Profile's Guiding Principles articulated in Section 1.1 clarify that testable statements are made when possible, but that "such testability is not required; preferably, testing is achieved in a non-intrusive manner (e.g., examining artifacts 'on the wire,' but due to the nature of cryptographic security, non-intrusive testing may not be possible." Similarly, the Basic Security Profile provides no guarantee of interoperability: "Although it is impossible to completely guarantee the interoperability of a particular service, the Profile attempts to increase interoperability by addressing the most common problems that implementation experience has revealed to date." Requirements from a number of specifications are incorporated into the Profile by reference, as enumerated in Appendix I: HTTP over TLS; Web Services Security: SOAP Message Security; Web Services Security: Username Token Profile; Web Services Security: X.509 Token Profile; XML-Signature Syntax and Processing; Web Services Security: SOAP Message Security Section 9; XML Encryption Syntax and Processing. The WS-I announcement reports that the the WS-I Basic Security Profile Working Group is "planning to incorporate the Web Services Security: Kerberos Token Profile into the Basic Security Profile upon completion of the technical work by the OASIS Web Services Security Technical Committee. In addition, WS-I is considering incorporating other token profiles, such as the Web Services Security: SAML Token Profile and the Web Services Security: XRML Token Profile into the Basic Security Profile." [Full context]

  • [May 13, 2004]   W3C Releases Candidate Recommendation for CSS3 Basic User Interface Module.    A CSS3 Basic User Interface Module Candidate Recommendation edited by Tantek Çelik has been published by the W3C CSS Working Group as part of the W3C Style Activity. This CR "describes those user interface related selectors, properties and values that are proposed for CSS level 3 to style HTML and XML, including XHTML and XForms. It includes and extends user interface related features from the selectors, properties and values of CSS level 2 revision 1 and Selectors specifications." Three other CSS Candidate Recommendations were released by the CSS Working Group earlier this year: Cascading Style Sheets, Level 2 Revision 1. CSS 2.1 Specification, CSS Print Profile, and CSS3 Paged Media Module. CSS (Cascading Style Sheets) is "a language for describing the rendering of HTML and XML documents on screen, on paper, in speech, etc. It uses various selectors, properties and values to style basic user interface elements in a document." The CSS3 Basic User Interface Module will remain at Candidate Recommendation level at least until 11-November-2004, providing opportunity for additional interoperability testing. "A test suite and a report on implementations will be provided before the document becomes a Proposed Recommendation. One of the Candidate Recommendation Exit Criteria for this CSS specification is that there must be at least two interoperable implementations for every feature." [Full context]

  • [May 12, 2004]   OGC Interoperability Experiment for LandXML and Geography Markup Language (GML).    The Open GIS Consortium has announced its first Interoperability Experiment involving the Geography Markup Language (GML) Version 3.1 and LandXML Version 1.0. OGC Interoperability Experiments are "brief, inexpensive, low-overhead initiatives led and executed by OGC members to achieve specific technical objectives that further the OGC Technical Baseline; three or more OGC members launch and run an initiative without the more substantial sponsorship that supports OGC's traditional testbeds and pilot projects. These initatives can be for specification development, refinement, or testing or for other purposes." LandXML Version 1.0 is "an industry-driven, open XML data exchange standard that provides interoperability in more than 40 software applications serving the civil engineering, survey and transportation industries. The Industry Consortium, initiated by Autodesk and now comprised of 190 companies, government agencies and universities, developed the standard. LandXML is now broadly supported in online cadastral applications, GIS applications, Survey field instruments, Civil Engineering desktop and CAD-based applications, instant 3D viewers and high end 3D visualization rendering applications." LandXML XML Schema root nodes include Alignments, Application, CgPoints, CoordinateSystem, GradeModel, Monuments, Parcels, PipeNetworks, PlanFeatures, Project, Roadways, Surfaces, Survey, and Units. OGC's Geography Markup Language (GML) is a "widely supported open specification for representation of geographic (spatial and location) information. It defines XML encoding for the transport and storage of geographic information, including both the geometry and properties of geographic features." The LandGML IE initiated by US Army Corps of Engineers ERDC, Autodesk and Galdos Systems "will test a GML 3.0 application schema for encoding LandXML 1.0 documents (LandGML) and will provide a tool to transform LandXML 1.0 documents into LandGML documents. In a second phase, a tool will be developed to transform LandGML documents to LandXML 1.0 documents." [Full context]

  • [May 11, 2004]   OASIS Forms Open Building Information Exchange (oBIX) Technical Committee.    A new Open Building Information Exchange (oBIX) Technical Committee has been formed at OASIS to "define a standard web services protocol to enable communications between building mechanical and electrical systems and enterprise applications. This protocol will enable facilities and their operations to be managed as full participants in knowledge-based businesses. The oBIX specification will utilize web services for exchange of information with the mechanical and electrical systems in commercial buildings." The TC will continue work previously hosted by the Continental Automated Building Association (CABA) in an XML/Web Services Guideline Committee. Motivation for the technical work is provided in the TC Call for Participation: "most mechanical and electrical systems are provided with embedded digital controls (DDC) and most of these devices are low cost and not enabled for TCP/IP. They are installed with dedicated communications wiring. Larger DDC controllers provide network communications for these dedicated controllers. There are several well established binary protocols (BACnet, LonTalk, Modbus, DALI) that are used on these dedicated networks in addition to numerous proprietary protocols. While these binary protocols can be used over TCP/IP networks — they have challenges with routers, firewalls, security, and compatibility with other network applications. There is an added challenge in that the industry is split between several largely incompatible protocols." The oBIX TC therefore proposes to "develop a publicly available web services interface specification that can be used to obtain data in a simple and secure manner from HVAC, access control, utilities, and other building automation systems, and to provide data exchange between facility systems and enterprise applications. In addition, the TC will develop implementation guidelines, as needed, to facilitate the development of products that use the web service interface." [Full context]

  • [May 07, 2004]   OMG Membership Approves Adoption of Reusable Software Assets (RAS) Standard.    The Object Management Group (OMG) announced that its members have voted to adopt the Reusable Asset Specification (RAS), which "defines a standard way to package reusable software assets. A reusable software asset is, broadly speaking, any cohesive collection of artifacts that solve a specific problem or set of problems encountered in the software development life cycle." A reusable asset, which "provides a solution to a problem for a given context, may have a variability point with a value provided or customized by the asset consumer, and rules for usage which are the instructions describing how the asset should be used. Artifacts are any workproducts from the software development lifecycle, such as requirements documents, models, source code files, deployment descriptors, test cases or scripts, etc." RAS describes assets as part of asset-based development (ABD) which complements the Model Driven Architecture (MDA) by describing asset production, asset consumption, and asset management. An RAS manifest document is an XML document; the authoritative description of the RAS manifest document structure is provided as an XML Schema. Every reusable asset must contain at a minimum one manifest file, which are described below, and at least one artifact to be considered a valid reusable asset. The manifest file is an XML document that validates against one of the known RAS XML Schemas, and passes an additional set of semantic constraints described in the profile document. An asset package is the collection of artifact files plus a manifest." Several tool vendors have implemented the currently released RAS XML schema in their tools and other companies have implemented internal tools based on the RAS specification. [Full context]

  • [May 06, 2004]   HL7 Approves Web Services Profile and ebXML as 24-Month DSTUs for Messaging Standard.    Health Level Seven (HL7) has announced the approval of a Web Services Profile and ebXML Message Service Specification 2.0 as Draft Standards for Trial Use (DSTUs) as Version 3 Transport Specifications within the HL7 Messaging Standard. The Web Services and ebXML transport specifications are two of over two dozen specifications that make up the HL7 Version 3 Messaging Standard. The HL7 V3 project "represents a new approach to clinical information exchange. It is XML-based and built from the ground up around a single object model, the HL7 Reference Information Model (RIM) and a rigorous methodology that ties model to message and finally to syntax." A Version 3 HL7 Patient Administration Standard is also being published for a twelve-month period of trial use within the HL7 V3 project. This Version 3 specification is "built around subject domains, for each of which it provides storyboard descriptions, trigger events, interaction designs, domain object models derived from the RIM, hierarchical message descriptors (HMDs) and a prose description of each element. Implementation of these domains further depends upon a non-normative V3 Guide and normative specifications for data types, the XML implementable technical specifications (ITS) or message wire format, message and control wrappers, and transport protocols." The Web Services Profile for HL7 has been designed "in response to an industry need for increased interoperability between implementations; it focuses on basic Web services protocols and technologies like SOAP (Simple Object Access Protocol) and WSDL (Web Services Description Language), which lay the groundwork for more complex interactions based on higher-level Web services specifications." The purpose of the HL7 ebXML transport specification is to "provide secure, flexible transport for exchanging HL7 messages between message handling interfaces or ebXML Message Service Handlers (ebXML MSH). It specifies an HL7-specific implementation of the ebXML Message Service specification, providing transport to move HL7 content, messages and documents over a variety of lower level transports, such as TCP/IP, HTML, and SMTP. This protocol optionally supports important features such as Duplicate Message handling, Reliable Messaging, Message Routing, Sequencing, and Digital Signatures. When using this protocol in combination with a certificate based TLS (Transport Layer Security) or SSL (Secure Sockets Layer) TCP/IP lower level transport it provides a robust, secure and authenticated communications infrastructure for exchanging HL7 V2 and V3 messages and content between organizations." HL7 is a "not-for-profit, ANSI-accredited standards developing organization dedicated to providing a comprehensive framework and related standards for the exchange, integration, sharing, and retrieval of electronic health information that supports clinical practice and the management, delivery and evaluation of health services. HL7's more than 2,000 members represent over 500 corporate members, including 90 percent of the largest information systems vendors serving healthcare." [Full context]

  • [May 05, 2004]   IESG Announces Proposal for IETF Atom Publishing Format and Protocol Working Group.    The Internet Engineering Steering Group (IESG) has announced the proposal for a new IETF Atom Publishing Format and Protocol Working Group within the IETF Applications Area. An informational document about the proposed ATOMPUB Working Group describes the motivation for the WG, the essential features of Atom, the group's proposed focus, and technical background to the Atom Publishing Format. Atom currently "defines a feed format for representing and a protocol for editing Web resources such as Weblogs, online journals, Wikis, and similar content. The feed format enables syndication, that is, provision of a channel of information by representing multiple resources in a single document. The editing protocol enables agents to interact with resources by nominating a way of using existing Web standards in a pattern." The proposed IETF Working Group would "use experience gained with RSS (variably used as a name by itself and as an acronym for 'RDF Site Summary', 'Rich Site Summary', or 'Really Simple Syndication') as the basis for a standards-track document specifying the model, syntax, and feed format. The feed format and HTTP will be used as the basis of work on a standards-track document specifying the editing protocol. The goal for the working group is to produce a single feed format and a single editing protocol. The working group's primary focus will be on delivering an interoperable format and corresponding protocol; it is expected that all but the most basic, generic metadata and functions will be accommodated through extensions, rather than in the core documents." Interoperability is a key concern for the design initiative; in order to ensure interoperability the WG will unambiguously identify required elements in formats, clearly nominate conformance levels for different types of software, and provide clear extensibility mechanisms and constraints upon them. Public comment on the proposed Atom Publishing Format and Protocol Working Group may be sent to the IESG mailing list by May 12, 2004. [Full context]

  • [May 04, 2004]   Microsoft Releases Devices Profile for Web Services Specification.    A new Devices Profile for Web Services: A Proposal for UPnP 2.0 Device Architecture edited by Jeffrey Schlimmer (Microsoft) "defines a minimal set of implementation constraints to enable secure Web service messaging, discovery, description, and eventing on resource-constrained endpoints." The profile has been jointly authored with Intel, Lexmark, and Ricoh. Description in a technical overview clarifies that the Devices Profile relies upon other Web service specifications, allowing devices "to participate in the Service Oriented Architecture (SOA) fabric. Sharing a common protocol framework allows devices to contribute to Web service scenarios that are traditionally beyond the reach of individual devices. Moreover, this commonality allows ISVs to leverage development tooling when writing applications for devices, and it allows IT departments to leverage service management infrastructure. By leveraging factored Web service specifications built on a common foundation of SOAP and XML, device implementations can support rich functionality in a pay-as-you-go manner. The Devices Profile represents a new foundation for application protocols; it frees vendors and their standards organizations to concentrate on designing messages for specific device classes. The well-factored architecture and significant extensibility of the Device Profile enables as-yet-unforeseen messaging patterns, transports, metadata, and capabilities and requirements." The three principal goals of the Devices Profile specification are to: (1) "Identify a minimal set of Web service specifications needed to enable secure messaging, dynamic discovery, description, and eventing; (2) Constrain Web services protocols and formats so Web services can be implemented on peripheral-class and consumer electronics-class hardware; (3) Define minimum requirements for compliance without constraining richer implementations." Namespaces are provided for several WS-* specifications, in addition to XML Schema, SOAP, and WSDL: the unpublished Web Services Metadata Transfer (WS-MetadataTransfer), WS-Addressing, WS-Discovery, WS-Eventing, and WS-Policy. [Full context]

  • [April 30, 2004]   Universal Business Language (UBL) 1.0 Approved as an OASIS Committee Draft.    The approval of the Universal Business Language (UBL) Version 1.0 as an OASIS Committee Draft represents a major publication milestone in the arena of e-business message exchange standards development. Freely available to everyone without legal encumbrance or licensing fees, UBL "defines a generic XML interchange format for business documents that can be extended to meet the requirements of particular industries. The specification is designed to provide a universally understood and recognized commercial syntax for legally binding business documents and to operate within a standard business framework such as ISO 15000 (ebXML) to provide a complete, standards-based infrastructure that can extend the benefits of existing EDI systems to businesses of all sizes." The UBL v1.0 Committee Draft release is distributed for public review as a ZIP archive with some 244 files, containing prose documentation, normative XML Schemas, UML diagrams, spreadsheet models, formatting specifications, sample instances, and other components. A UBL ASN.1 specification provides an alternative schema definition for UBL documents in accordance with ITU-T X.680-X.693. The UBL v1.0 release provides a library of XML schemas for reusable data components, small set of XML schemas for common business documents useful in a generic order-to-invoice trading context, and support for the customization of UBL in specific trading relationships. The UBL schemas are "modular, reusable, and extensible in XML-aware ways. Designed as an implementation of ebXML Core Components Technical Specification 2.01, the UBL Library is based on a conceptual model of information components known as Business Information Entities (BIEs). These components are assembled into specific document models such as Order and Invoice. These document assembly models are then transformed in accordance with UBL Naming and Design Rules into W3C XSD schema syntax. This approach facilitates the creation of UBL-based document types beyond those specified in the version 1.0 release." Special Projects undertaken by members of the UBL Technical Committee in reaching the Committee Draft level include design, development, and QA projects for Business Modeling, XSD Schema Generation, XSD Schema Validation, XSD Rules Review, ASN.1 Generation, UML Generation, UN Layout Key Formatting, CCTS Alignment, and Quality Assurance. The UBL effort has been directed by Jon Bosak (TC Chair) and Mark Crawford (Vice Chair), together with leadership provided in sixteen (16) UBL Subcommittees. The approved UBL v10 Committee Draft is being submitted to OASIS for public review in preparation for OASIS standardization. [Full context]

  • [April 30, 2004]   W3C Publishes Last Call Working Draft for CCXML Version 1.0.    The W3C Voice Browser Working Group has issued a last call Working Draft for Voice Browser Call Control: CCXML Version 1.0, incorporating some major changes in the Sections for Session Variables Documentation, Session Life-Cycle Details, Element and attribute name re-factoring, Meta and Metadata Features, Expanded Conferencing Events/Options, <dialogprepare>, Event I/O Updates, and VoiceXML Appendix. The Call Control Extensible Markup Language (CCXML) is designed "to provide telephony call control support for VoiceXML or other dialog systems. CCXML has been designed to complement and integrate with a VoiceXML interpreter. Because of this there are many references to VoiceXML's capabilities and limitations. There are also details on how VoiceXML and CCXML can be integrated. However it should be noted that the two languages are separate and are not required in an implementation of either language. For example CCXML could be integrated with a more traditional Interactive Voice Response (IVR) system and VoiceXML or other dialog systems could be integrated with some other call control systems." According to the WD Introduction, CCXML "can provide a complete telephony service application, comprised of Web server CGI compliant application logic, one or more CCXML documents to declare and perform call control actions, and to control one or more dialog applications that perform user media interactions. Since platforms implementing CCXML may choose to use one of many telephony call control definitions (e.g., JAIN Call Control, ECMA CSTA, S.100), the call control model in CCXML has been designed to be sufficiently abstract so that it can accommodate all major definitions. For relatively simple types of call control, this abstraction is straightforward. The philosophy in this regard has been to 'make simple things simple to do.' Outdial, transfer (redirect), two-party bridging, and many forms of multi-party conferences fall within this classification." [Full context]

  • [April 29, 2004]   OASIS TC Approves Application Vulnerability Description Language (AVDL) Draft.    The OASIS Application Vulnerability Description Language TC has approved a Committee Draft of its version 1.0 specification and has submitted it for consideration as an OASIS Standard. The AVDL specification defines "a standard XML format that allows entities (such as applications, organizations, or institutes) to communicate information regarding web application vulnerabilities. The OASIS AVDL Technical Committee was formed to create an XML definition for exchanging information about the security vulnerabilities of applications exposed to networks. For example, the owners of an application use an assessment tool to determine if their application is vulnerable to various types of malicious attacks. The assessment tool records and catalogues detected vulnerabilities in an XML file in AVDL format. An application security gateway then uses the AVDL information to recommend the optimal attack prevention policy for the protected application. In addition, a remediation product uses the same AVDL file to suggest the best course of action for correcting the security issues. Finally a reporting tool uses the AVDL file to correlate event logs with areas of known vulnerability." According to a declaration presented by the AVDL TC Chairs, some features of the AVDL specification design were inspired by Mitre's Open Vulnerability Assessment Language (OVAL), which uses the Common Vulnerabilities and Exposures (CVE) database. Related technical work is being done within the OASIS Web Application Security TC based upon Application Security Attack Components (ASAC) and VulnXML, developed by the Open Web Application Security Project (OWASP). Application Vulnerability Description Language version 1.0 Committee Draft will be balloted to the OASIS membership during the period May 16-31, 2004. [Full context]

  • [April 28, 2004]   Delivering Classics Resources with TEI-XML, Open Source, and Creative Commons Licenses.    The Center for Hellenic Studies of Harvard University has adopted an innovative technological program for free online publication of books, articles, and databases designed to make resources in the classics more visible and accessible. A second issue of the online Classics@: The Electronic Journal of the Center for Hellenic Studies of Harvard University features articles about "Ancient Mediterranean Cultural Informatics." It is published under the Creative Commons 'Attribution-NonCommercial-ShareAlike' license allowing others to copy, distribute, display, and perform the authored work, and to create derivative works in non-commercial settings. The Harvard CHS publication process is based upon TEI-XML encoding and "uses open source tools to convert proprietary word-processing files to TEI-XML and to publish the result." Consistent with the intellectual mission of the CHS editorial group to expedite online publication and collaborative research, the team is developing a process and tools "that others can adopt or modify to produce online and print books rapidly, beautifully, and accurately." Erik Ray and Benn Salter have assisted the CHS technical team in the development of Perl and XSLT transformation tools to convert word-processor data into TEI-XML format; publication of the materials online involves the use of the open source Apache Cocoon web development framework. Classics@ Issue Two was published directly from source files encoded in TEI-conformant XML, using publication mechanisms available in the CHS TextServer protocol. CHS is also "committed to experimental uses of online publication to complement print publication as well as innovative arrangements with traditional academic publishers in the interest of generalizing its goals to the academic community and of making creative classical scholarship available to the widest possible audience." [Full context]

  • [April 27, 2004]   W3C Publishes Web Services Choreography Description Language (WS-CDL).    An initial Public Working Draft of the Web Services Choreography Description Language Version 1.0 has been released by W3C. This document, the first in a series of WS-CDL working drafts, has been produced by members of the W3C Web Services Choreography Working Group as part of the Web Services Activity. The WS-CDL XML-based language "describes peer-to-peer collaborations of Web Services participants by defining, from a global viewpoint, their common and complementary observable behavior, where ordered message exchanges result in accomplishing a common business goal. The Web Services Choreography specification is targeted for composing interoperable peer-to-peer collaborations between any type of Web Service participant regardless of the supporting platform or programming model used by the implementation of the hosting environment." According to the W3C announcement, the Web Services Choreography Description Language is a "necessary complement to end point languages such as BPEL and Java. WS-CDL provides them with the global model they need to ensure that end point behavior — the 'rules of engagement' — is consistent across cooperating services. Business transactions, especially those envisioned by Web services, grow from complex interactions. These interactions can be viewed from a variety of points in the transaction chain, not simply the start or the expected endpoint. Modeling these interactions from a global viewpoint allows software developers to take into account the distributed race conditions (unexpected dependence on the sequence of events) that may exist — in much the same way they exist in non-Web business processes. Choreography provides the set of rules that explains how different components may act together, and in what sequence, giving a flexible systemic view of the process." [Full context]

  • [April 26, 2004]   WS-MessageDelivery Specification Integrates with WSDL Message Exchange Patterns.    W3C has acknowledged receipt of a WS-MessageDelivery Version 1.0 specification which defines an abstract set of message delivery properties enabling message delivery for Web services that utilize Message Exchange Patterns associated with WSDL documents. The W3C Member Submission has been prepared by Oracle, Arjuna, Cyclone Commerce, Enigmatec, IONA, Nokia, SeeBeyond, and Sun Microsystems. According to the W3C staff comment, the WS-MessageDelivery proposal is similar to the WS-Addressing proposal from BEA, IBM, and Microsoft: "while addressing the same scope as the WS-Addressing document, WS-MessageDelivery is more fully integrated with WSDL, by defining its relations with the WSDL Message Exchange Patterns or by introducing a WSMD description for WSDL. It also follows the current work of the W3C Web Services Description Working Group, and the service references introduced in WSDL 2.0. WS-Addressing, while relying on the WSDL concepts, does not use the WSDL service element as a service reference. WS-MessageDelivery relies on the implicit open content model of WSDL for extensions, while WS-Addressing uses an explicit 'reference properties' extension mechanism." The WS-MessageDelivery Version 1.0 specification abstract summarizes: "[This] specification defines a mechanism to reference Web services (WSRef), essential abstract message delivery properties (AMDP), a SOAP binding for those properties, and the relationship of those properties to WSDL definitions and message exchange patterns. These properties enable SOAP messages to be transport independent — extending messaging capability to use separate transport protocol sessions or even using different transport protocols within the context of a message exchange pattern (MEP). Message delivery details are surfaced to the application layer, extending SOAP processors to use a wider range of message patterns and transport protocols to accomplish a Web service interaction. The abstract message delivery properties include web service references, message identification and message references. This specification outlines in detail how to build message exchange patterns consistent with WSDL 1.1 or WSDL 2.0 using the definitions in the specification. The semantics and mapping for the Callback Pattern, a commonly used message exchange pattern as a composite pattern, is defined. The Web service References (WSRef), Abstract Message Delivery Properties and a SOAP binding are designed for interoperability and extensibility." The submission request provides royalty-free license terms from the eight sponsor companies for use of the WS-MessageDelivery technology. [Full context]

  • [April 23, 2004]   W3C Director Tim Berners-Lee Awarded Millennium Technology Prize.    An announcement from the Finnish Technology Award Foundation describes the selection of Tim Berners-Lee by unanimous vote of the International Award Selection Committee as recipient of the first Millennium Technology Prize. A graduate of Oxford University, England, Tim Berners-Lee "holds the 3Com Founders chair at the Laboratory for Computer Science and Artificial Intelligence Lab (CSAIL) at the Massachusetts Institute of Technology (MIT). He directs the World Wide Web Consortium, an open forum of companies and organizations with the mission to lead the Web to its full potential." The Finnish Millennium Technology Prize is awarded every other year for innovation based on scientific research in any of four disciplines: Health Care and Life Sciences, Communications and Information, New Materials and Processes, and Energy and the Environment. It is a technology award granted "for outstanding technological achievements that directly promote people's quality of life, are based on humane values, and encourage sustainable economic development." Berners-Lee was selected for the Millennium Technology Prize 2004 from a group of 78 nominees representing twenty-two countries and four continents. The Award Ceremony will be held on June 15, 2004 at Finlandia Hall in Helsinki, Finland. Ms Tarja Halonen, President of the Republic of Finland and Patron of the Millennium Technology Prize, has been invited to present the Prize, which carries a value of one million euros. [Full context]

  • [April 23, 2004]   OASIS Members Form New CGM Open WebCGM Technical Committee.    A new CGM Open WebCGM Technical Committee has been formed at OASIS to accelerate the further adoption, application, and implementation of the Computer Graphics Metafile (CGM). CGM is an "international standard for open interchange of structured graphical objects and their associated attributes. The WebCGM Profile of CGM was developed by CGM Open and is a current recommendation of the W3C. WebCGM is focused on presenting dynamic technical graphics in the web environment." New work for the OASIS TC, according to the scope statement, includes possible releases of new versions of WebCGM, WebCGM DOM development, Web-based CGM interoperability reporting and tracking system, alignment of WebCGM functionality with ATA and other graphics profile requirements, definition of semantics of XML companion data associated with WebCGM, and production of an XML encoding of WebCGM. The group may identify additional interoperability topics in response to the evolution of world markets, target application sectors, and CGM/WebCGM implementations. It will develop an education program for users and implementers of CGM and WebCGM technology as needed. The CGM Open WebCGM TC Convenor and Proposed Chair are Dave Cruikshank (Boeing). The first meeting of the TC will be held May 24-27, 2004 as a F2F meeting in Cologne, Germany, hosted by ITEDO. [Full context]

  • [April 21, 2004]   Unicode Consortium Hosts the Common Locale Data Repository (CLDR) Project.    An announcement from the Unicode Consortium describes new sponsorship for the CLDR Project and its Locale Data Markup Language (LDML), designed to facilitate standardized methods for software globalization. The project is now organized under the Unicode Locale Technical Committee (LTC). The Common Locale Data Repository (CLDR) "provides a general XML format for the exchange of locale information for use in application and system software development, combined with a public repository for a common set of locale data generated in that format." A locale, as described in the Draft Unicode Technical Standard, is "an id that refers to a set of user preferences that tend to be shared across significant swathes of the world. Traditionally, the data associated with this id provides support for formatting and parsing of dates, times, numbers, and currencies; for measurement units, for sort-order (collation), plus translated names for timezones, languages, countries, and scripts. They can also include text boundaries (character, word, line, and sentence), text transformations (including transliterations), and support for other services." An LDML specification has been produced by the Free Standards Group's LADE Workgroup, with support from workgroup founding members IBM, Sun and; the project was chartered "to devise a general XML format for the exchange of linguistically and culturally sensitive (locale) information for use in application and system development, and to gather, store, and make available data. With LDML, for example, collation rules can be exchanged, allowing two implementations to exchange a specification of collation. Using the same specification, two different implementations will achieve the same results in comparing strings." [Full context]

  • [April 20, 2004]   Technology Companies Form Enterprise Grid Alliance (EGA) Consortium.    Twenty-some leading technology companies have launched a new Enterprise Grid Alliance (EGA) consortium to develop enterprise grid solutions and accelerate the deployment of grid computing in enterprises. The EGA consortium has been formed to "encourage and accelerate movement to an open grid environment through interoperability solutions. It will work on grid computing specifications by endorsing and supporting existing specifications, assembling and profiling component specifications, and defining new specifications where needed." When specifications needed in enterprise grids are not available, EGA will create new specifications within the EGA consortium or by initiating efforts in other specification forums. EGA working groups have been proposed to address: (1) Reference model; (2) Component provisioning; (3) Data provisioning; (4) Utility accountingl (5) Grid security. Companies having representatives on the EGA Board of Directors include EMC, Fujitsu-Siemens, HP, Intel, NEC, Network Appliance, Oracle, and Sun. Initial Sponsor members of EGA include AMD, Ascential Software, Optena, and Paremus; they are joined by other companies as founding participants in Contributor and Associate member categories. Technology submitted to EGA and produced within its working groups is intended to me made available royalty-free: "EGA believes in the open disclosure of intellectual property interests and a commitment to royalty-free licensing of essential patents associated with foundational grid technology specifications. As part of their membership obligations, EGA members preparing specifications, test cases or reference implementations agree to license their essential patents under royalty free, reasonable and non-discriminatory terms." EGA intends to liaise with other consortia and SDOs, creating MOUs and harmonizing IPR norms; it will seek to work with organizations like DMTF, GGF, OSDL, SNIA, and others (W3C, OASIS). The EGA consortium is "an open, independent and vendor-neutral community addressing the near-term requirements for deploying commercial applications in a grid environment. Initial focus areas include reference models, provisioning, security and accounting. The Alliance will address obstacles that organizations face using enterprise grids, by looking at best practices and solutions that are open and interoperable. By focusing exclusively on the needs of enterprise users, the EGA will enable businesses to realize the many benefits of grid computing such as faster response to changing business needs, better utilization and service level performance and lower IT operating costs." [Full context]

  • [April 16, 2004]   Java System Application Server Platform Edition 8 Supports Web Services Standards.    Sun Microsystems has announced the general availability of its small-footprint Java System Application Server Platform Edition 8, designed for developer productivity with tools to help deploy applications quickly. It is completely free of license fees for development, deployment, and redistribution, "making it suitable for broad adoption and embedding in third-party systems and applications. The platform is the first commercially available version of the Java 2 Platform, Enterprise Edition (J2EE) 1.4 specification, featuring rigorous J2EE standard compliance and Web services interoperability through support of the WS-I Basic Profile. It offers a complete Web services infrastructure, including the Java API for XML Messaging (JAXM), Java API for XML Processing (JAXP), Java API for XML Registries (JAXR), Java API for XML-based RPC (JAX-RPC), SOAP and WSDL. Its high-performance Java Message Service (JMS) provider delivere enterprise-class application services and Web services. The new J2EE Connector Architecture version 1.5 featuring bi-directional connectivity for access to enterprise applications supports standardized J2EE deployment APIs, making it easier to deploy to the application server using industry-standard Java technology IDEs such as NetBeans. Java System Application Server Platform Edition 8 supports the new JavaServer Faces 1.0 APIs for building powerful GUIs for J2EE technology-based applications. It also supports the JavaServer Pages (JSP) Standard Tag Library (JSTL), which encapsulates core functionality common to applications that use JSP pages." A migration tool is available for migrating J2EE applications that were developed on other J2EE application servers. An updated version of the popular J2EE 1.4 SDK, free for both development and deployment, is also available for download. [Full context]

  • [April 15, 2004]   Microsoft Releases Royalty-Free XML Reference Schema for Office Visio 2003.    Microsoft has announced incorporation of the DataDiagramML XML Schema used by Microsoft Office Visio 2003 into the Microsoft Open and Royalty-Free Office 2003 XML reference schema program, announced in November 2003. Visio 2003 is a drawing and diagramming solution that helps users transform business and technical concepts into visual diagrams, automatically creating database diagrams, UML software diagrams, Web maps, timelines, calendars, organizational charts, and related types using data within other tools. Because the DatadiagramML XML Schema defines a text-based format, the user "can take advantage of all the text-based tools available for document management, including text utilities for archiving, differencing, searching, indexing, or versioning. One can create a multifile utility to search all the text in a DatadiagramML documents without running Visio; index files and search on more than just document properties; post DatadiagramML files on the Web to easily share data; and retrieve data embedded in the documents and run offline data processing and data analyzing applications." Microsoft has provided documentation for use of the DataDiagramML schema, together with a royalty-free license, so that "customers and partners can take advantage of the XML schema in its diagramming and data visualization tool. The availability of the Visio schema builds on Microsoft's commitment to XML by providing a complete and W3C-compliant description of the Visio Extensible Markup Language (XML) file format, enabling organizations to access information captured in their Visio diagrams and use it with other XML-enabled applications, such as customer relationship management (CRM) and enterprise resource planning (ERP) systems, as part of their business processes." [Full context]

  • [April 15, 2004]   Systinet WASP Server for Java Supports WS-Addressing and WS-ReliableMessaging.    Systinet has announced the availability of WASP Server for Java 5.0 Beta, featuring new functionality and standards support. Systinet's WASP Server for Java is a "modular, easy to use, high performance Web services runtime environment for creating, deploying and managing Web services in Java and J2EE applications. WASP implements the latest SOAP, WSDL, UDDI and Java standards such as JAX-RPC, JAXM, and SAAJ. The WASP Server for Java 5.0 Beta provides reliable messaging with WS-ReliableMessaging support, including one-way, synchronous (request/response), and asynchronous messaging. WASP offers message persistence, support for multiple exchange patterns, and API or policy-based configuration. WASP also fully supports the WS-Addressing specification, which defines transport independent addressing and enables the creation of reliable, asynchronous Web services. The WASP administration console has been redesigned and extended to make Web service configuration, management, and testing even easier. New functionality includes an HTML Invocation Console that automatically creates HTML forms from WSDL definitions for testing deployed Web services. WASP now fully integrates with Netegrity SiteMinder so that it can accept security information propogated by Netegrity using a wide range of authentication credentials." [Full context]

  • [April 13, 2004]   W3C Working Draft Proposes Universal Markup Mechanism for Identifers.    An initial public working draft for xml:id Version 1.0 has been released by the W3C XML Core Working Group. The proposal provides a mechanism for annotating markup elements with unique identifiers. It 'unreserves' the attribute xml:id which otherwise cannot be declared for use in a well-formed XML document. The draft specification proposes xml:id "as a universal spelling for ID attributes, and defines processing of this attribute to identify IDs in the absence of validation." The document proposes that a parser would "validate that the ID value matches the allowed lexical form, that the value is unique within the XML document, and that each element has a single unique identifier." The new working draft takes into account the W3C's xml:id Requirements document published in August 2003 and an earlier W3C Technical Architecture Group (TAG) finding, "How should the problem of identifying ID semantics in XML languages be addressed in the absence of a DTD?" The draft TAG finding summarized the problem and sketched a solution space in terms of applying ID semantics universally for XML processors. The xml:id Requirements document framed the problem thus: Since XML 1.0, the ability of processors to identify an XML element by an explicit identifier ('IDness') has depended upon validation: both DTDs and XML Schema have mechanisms to identify the structures containing unique identifiers, but neither XML Schema nor DTDs are required by all processors. A common processor type does not perform validation, nor fetch external resources for the purpose of acertaining whether the document contains unique identifiers." The authors of the xml:id Version 1.0 document note that the Working Draft "does not yet fully address specific interactions between this specification and others. The intent is for this specification to compose smoothly with other specifications, but some specifications, particularly those not based on the XML Information Set, may require errata to realize the full benefits of xml:id. These interactions are a topic of study by the Working Group and will be documented in future Working Drafts." [Full context]

  • [April 09, 2004]   TMAPI 1.0 Alpha Release: Common Topic Map Application Programming Interface.    A first major public release of TMAPI has been made available from the project's SourceForge website. TMAPI is a "proposed programming interface for accessing and manipulating data held in a topic map. The TMAPI specification defines a set of core interfaces which must be implemented by a compliant application as well as a set of additional interfaces which may be implemented by a compliant application or which may be built upon the core interfaces." According to the project announcement of April 8, 2004, the goal of TMAPI is "to allow developers to learn and use just one programming API for work with any topic map processing engine — improving code portability and reducing learning curve. TMAPI has been developed in an open process by developers working on topic map processors and topic map applications, and has been placed into the public domain; there are no restrictions on its use." Motivation for the TMAPI development effort is provided on the project home page: "[Though] commercial and non-commercial topic map processing applications are available, each of these applications has a different programming interface, reflecting the slightly different ideas that each developer has had about the best way to represent the information in a topic map. For an application developer, this leads to non-portable code; the need to learn a new API for every topic map implementation he or she uses and the lack of a community of supporting developers. TMAPI hopes to do for topic maps what SAX and DOM did for XML: provide a single common API which all developers can code to and which means that their applications can be moved from one underlying platform to another with minimum fuss." [Full context]

  • [April 08, 2004]   OASIS Web Services Security Specification Approved as an OASIS Standard.    On April 6, 2004 the co-chairs of the OASIS Web Services Security (WSS) Technical Committee announced the TC's unanimous decision to request that the WSS TC's Web Services Security specification, as successfully balloted to the OASIS membership, be advanced to OASIS Standard status. The Web Services Security specification set includes: Web Services Security: SOAP Message Security 1.0 (WS-Security 2004), Web Services Security UsernameToken Profile 1.0, Web Services Security X.509 Certificate Token Profile, and two relevant XML Schemas. The WSS TC is also creating additional token profiles for use with the core SOAP Message Security 1.0 specification, including the Web Services Security: SAML Token Profile, now in an advanced state of preparation. The SOAP Message Security 1.0 core specification "describes enhancements to SOAP messaging to provide message integrity and confidentiality. The specified mechanisms can be used to accommodate a wide variety of security models and encryption technologies. The specification also provides a general-purpose mechanism for associating security tokens with message content. No specific type of security token is required, the specification is designed to be extensible, so as to support multiple security token formats. For example, a client might provide one format for proof of identity and provide another format for proof that they have a particular business certification. Additionally, the specification describes how to encode binary security tokens, a framework for XML-based tokens, and how to include opaque encrypted keys. It also includes extensibility mechanisms that can be used to further describe the characteristics 26 of the tokens that are included with a message." The UsernameToken Profile describes how to use the UsernameToken with the core WSS specification. It "describes how a web service consumer can supply a UsernameToken as a means of identifying the requestor by 'username', and optionally using a password (or shared secret, or password equivalent) [how] to authenticate that identity to the web service producer." The X.509 Certificate Token Profile document describes "how to use X.509 Certificates with the SOAP Message Security 1.0 specification. An X.509 certificate specifies a binding between a public key and a set of attributes that includes (at least) a subject name, issuer name, serial number and validity interval. This binding may be subject to subsequent revocation advertised by mechanisms that include issuance of CRLs, OCSP tokens or mechanisms that are outside the X.509 framework, such as XKMS. An X.509 certificate may be used to validate a public key that may be used to authenticate a WS-Security-enhanced message or to identify the public key with which a WS-Security-enhanced message has been encrypted." [Full context]

  • [April 08, 2004]   OASIS Hosts Open Symposium on XML-Based Messaging and Networking Infrastructure.    A symposium sponsored by OASIS members Adobe, Booz Allen Hamilton, IBM, SAP, and Sun Microsystems will be held April 26-27, 2004, in New Orleans, LA, USA, coinciding with the popular New Orleans Jazz Festival. Hosted by OASIS, the Symposium on Reliable Infrastructures for XML is open to the public, offering a forum for the international community to exchange ideas and present results of standards work-in-progress. Symposium events will address the different and only partially interchangeable technologies that propose to increase the reliability of XML-based messaging and networking infrastructure. Interoperability issues of concern relate to several technologies: reliable messaging specifications, transaction protocols, intermediate levels of routing, and point-to-point compared to end-to-end, and message-oriented middleware as a carrier for XML messages. At least seventeen (17) of the OASIS Technical Committees will be participating in two days of face-to-face working sessions. These include: FWSI TC, Legal XML Legislative TC, Legal XML Electronic Court Filing TC, Legal XML Integrated Justice TC, Legal XML SDHI TC, WS-CAF TC, WS-Notification TC, WSRF TC, WSRM TC, XACML TC, XDI TC, ebSOA TC, ebXML BP TC, ebXML CPPA TC, ebXML IIC TC, ebXML Messaging TC, and the ebXML Registry TC. Events include an OASIS Symposium BoF on "Advancing a Service-Oriented Architecture Based on ebXML and Web Services; the BoF leader is Duane Nickull of Adobe Systems, convener and proposed chair of the OASIS ebSOA Technical Committee. OASIS and CommerceNet will join forces to present "Reliable Infrastructure for eHealth," a one-day Workshop designed to investigate the relationships between the standards that exist today and identify solutions to the road ahead. This workshop is designed to facilitate the identification of practical steps that can be taken to apply reliable infrastructure for XML standards into healthcare applications. [Full context]

  • [April 08, 2004]   DOM Level 3 Specifications Published as W3C Recommendations.    The World Wide Web Consortium (W3C) has announced the publication of the DOM Level 3 specifications as W3C Recommendations, including Document Object Model (DOM) Level 3 Core Specification and Document Object Model (DOM) Level 3 Load and Save Specification. These specifications "reflect cross-industry agreement on a standard API (Applications Programming Interface) for manipulating documents and data through a programming language such as Java or ECMAScript. A W3C Recommendation indicates that a specification is stable, contributes to Web interoperability, and has been reviewed by the W3C Membership, who favor its adoption by the industry. Created and developed by the W3C Document Object Model (DOM) Working Group, DOM Level 3 Core extends the platform- and language-neutral interface to access and update dynamically a document's content, structure, and style first described by the DOM Level 2 W3C Recommendations. DOM Level 3 provides a standard set of objects for representing Extensible Markup Language (XML) documents and data, including namespace, XML Base, and XML Schema datatypes support. DOM Level 2 was designed for HTML 4.01, XML 1.0, and Namespaces in XML. With DOM Level 3, authors can take further advantage of the XML platform. It provide support for XML 1.1 and is aligned with the XML Information Set, specification which is also used by other W3C Recommendations such as XML Schema 1.0 and SOAP 1.2." [Full context]

  • [April 07, 2004]   OASIS Open Office XML Format TC Approves Committee Draft Specification.    A Committee Draft of the Open Office Specification 1.0 has been approved by the OASIS Open Office XML Format TC, providing an open, XML-based file format for office applications based on XML. The release includes a 607-page prose specification and separate schema files. The Open Office Specification defines an XML schema for office applications and its semantics. The schema is suitable for office documents, including text documents, spreadsheets, charts and graphical documents like drawings or presentations, but is not restricted to these kind of documents. The schema retains high-level information suitable for editing document and is friendly to transformations using XSLT or similar XML-based languages or tools. The normative XML Schema for Open Office XML embedded within the specification is defined as a RELAX NG schema. Chapter 15 on 'Data Types and Schema Definitions' also references some of the W3C Schema data types and provides Relax-NG definitions. The RELAX NG specifiction has been published as ISO/IEC 19757-2:2003, being "Document Schema Definition Language (DSDL) -- Part 2: Regular-Grammar-Based Validation." According to James Clark, the RELAX NG schema language is "based firmly on the labelled-tree abstraction," distinguished from other XML schema languages by what it leaves out; in RELAX NG, the syntax and minimal labelled-tree abstraction implicit in that syntax are at the center of XML processing." The Open Office XML CD "does not specify which elements and attributes conforming application must, should, or may support. The intention behind this is to ensure that Open Office XML can be used by as many implementations as possible, even if these applications do not support some or many of the elements and attributes defined in this specification. Viewer applications for instance may not support all editing relates elements and attributes (like change tracking), other application may support only the content related elements and attributes, but none of the style related ones. Similarly, Open Office documents may contain elements and attributes not specified within the Open Office schema. Such elements and attributes must not be part of a namespace that is defined within the specification, and are called foreign elements and attributes." [Full context]

  • [April 06, 2004]   W3C Releases Candidate Recommendations for XML Key Management Specification (XKMS 2.0).    The W3C XKMS Working Group has addressed Last Call issues relating to the April 18, 2003 XKMS Working Draft and has now approved publication of Candidate Recommendations for XML Key Management Specification (XKMS 2.0) and XML Key Management Specification (XKMS 2.0) Bindings. The XKMS Candidate Recommendation period will last for at least six months in order for the WG to collect implementation feedback and evaluate implementation experience. This W3C Working Group was chartered to "to develop a specification of an XML application/protocol that allows a simple client to obtain key information (values, certificates, management or trust data) from a web service." The main Part-1 document "specifies protocols for distributing and registering public keys, suitable for use in conjunction with the standard for XML Signatures defined by the World Wide Web Consortium (W3C) and the Internet Engineering Task Force (IETF), and the companion standard for XML encryption." XKMS Part-1 defines two service specifications. The XML Key Information Service Specification is a protocol designed "to support the delegation by an application to a service of the processing of key information associated with an XML signature, XML encryption, or other usage of the XML Signature <ds:KeyInfo> element." The XML Key Registration Service Specification is a protocol designed "to support the registration of a key pair by a key pair holder, with the intent that the key pair subsequently be usable in conjunction with the XML Key Information Service Specification or a Public Key Infrastructure (PKI) such as X.509. These protocols do not require any particular underlying public key infrastructure but are designed to be compatible with such infrastructures." XKMS Part-2 specifies protocol bindings with security characteristics for the XML Key Management Specification (XKMS) as defined in Part-1. [Full context]

  • [April 05, 2004]   INCITS Announces ANSI's Approval of Role Based Access Control (RBAC) Security Standard.    An announcement from the InterNational Committee for Information Technology Standards (INCITS) describes the approval of an ANSI/INCITS 359-2004 standard Information Technology — Role Based Access Control, superseding the draft specification previously available from NIST. INCITS is sponsored by the Information Technology Industry Council (ITI), a trade association representing the leading U.S. providers of information technology products and services. The approved standard "describes RBAC features that have achieved acceptance in the commercial marketplace. It includes a reference model and functional specifications for the RBAC features defined in the reference model. It is intended for: (1) software engineers and product development managers who design products incorporating access control features; (2) managers and procurement officials who seek to acquire computer security products with features that provide access control capabilities in accordance with commonly known and understood terminology and functional specifications." According to NIST's summary: "Security administration can be costly and prone to error because administrators usually specify access control lists for each user on the system individually. With RBAC, security is managed at a level that corresponds closely to the organization's structure. Each user is assigned one or more roles, and each role is assigned one or more privileges that are permitted to users in that role. Security administration with RBAC consists of determining the operations that must be executed by persons in particular jobs, and assigning employees to the proper roles. Complexities introduced by mutually exclusive roles or role hierarchies are handled by the RBAC software, making security administration easier." RBAC security methods have been implemented in a wide range of commercial products. At least ten papers accepted for presentation at the ACM Symposium on Access Control Models and Technologies (SACMAT 2004) are related to role based access control technologies. In February 2004 the OASIS Extensible Access Control Markup Language TC approved XACML Profile for Role Based Access Control (RBAC) as a Committee Draft. This OASIS document defines a profile for the use of XACML in expressing policies that use role based access control. [Full context]

What Was New in 1995 - 2003

Other SGML/XML news items recorded for 1995 and later may be found in separate online documents:

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: