This issue of XML Daily Newslink is sponsored by:
SAP AG http://www.sap.com
- Sun's Non-Assertion Covenant: An OpenID Developer Promise
- XML Format for Antiphishing Info to Go Live in July
- The Incident Object Description Exchange Format
- Chinese XML Format Will Get Microsoft Converter
- W3C Last Call: XQuery 1.0 and XPath 2.0 Full-Text 1.0, Requirements, Use Cases
- XML Design for Relational Storage
Sun's Non-Assertion Covenant: An OpenID Developer Promise
Eve Maler, Blog
Internet Identity Workshop last week in Mountain View was an exhilarating experience. One of the most gratifying moments for me was when Bill Smith, Gerry Beuchelt, and I had the pleasure of preannouncing the news of Sun's non-assertion covenant on OpenID to a good-sized crowd, many of whom are OpenID developers and thus directly affected by IPR (intellectual property rights) considerations on this technology. I believe Sun has been the first to make a statement on OpenID IPR like this, and Sun continues to push the edge of the envelope in stating clear, unambiguous wording that gives unprecedented assurance to those developers who worry about patent lawsuits coming down on their heads. From the FAQ: "Question - What does the covenant mean? Answer - It means that developers of OpenID Authentication V1.1 and OpenID Simple Registration Extension V1.0 technology can be assured that Sun will not impose on them any licensing terms, conditions, or fees for the use of any patents held by Sun related to these specifications. Developers need not, in fact, do anything active in order to get this assurance; they do not need to obtain any license from us; they do not need to even think about licensing; they merely need to refrain from attempting to enforce their own (or others') patents against any developer implementing OpenID." Some things to note about our covenant: (1) It's irrevocable. We're not going to yank it out from under anyone. (2) It's not constrained just to features 'necessary' to implement the spec (a legal term of art that functions as the cover to a can of worms). (3) Its only condition applies to those who exhibit legally threatening behavior—to anyone. I believe these are the best possible terms to encourage maximum software innovation, and encourage others to take such a stance themselves.
See also: NAC for SAML Implementations
XML Format for Antiphishing Info to Go Live in July
Sandra Rossi, ComputerWorld
A common format to electronically report fraudulent activities will be fully operational by July 2007. Anti-Phishing Working Group (APWG) secretary general, Peter Cassidy, said a structured data model is necessary to improve incident reporting, share information and allow forensic searches and investigations. Cassidy said the first base specification was submitted in June 2005 and the Incident Object Description Exchange Format (IODEF) XML Schema with e-crime relevant extensions will be a recognized IETF standard in about six weeks. He said reporting will be automated with greater ease using a standard schema: "For example, a Korean CERT (Computer Emergency Response Team) reporting an incident can send it to a French bank." To date, 2.5 million records of attacks and 13,500 URLs are added to the database every month. Cassidy said the block list is updated every five minutes and is a 10MB file used as a historical archive, most commonly used by browser developers. Cassidy said the APWG first started collecting data in October 2003. He estimates there are upwards of 50 full-time phishing gangs operating worldwide at any given time. The APWG is also in the process of establishing a Contact System for Abuse Managers. It is currently in beta with 1600 companies. Cassidy said it allows companies to communicate and costs about $21 (U.S.) to enroll.
See also: the IODEF XML Schema
The Incident Object Description Exchange Format
Roman Danyliw, Jan Meijer, Yuri Demchenko (eds), IETF Internet Draft
The "Incident Object Description Exchange Format" specification is an IETF Standards Track I-D produced by members of the IETF Extended Incident Handling Working Group. Organizations require help from other parties to mitigate malicious activity targeting their network and to gain insight into potential threats. This coordination might entail working with an ISP to filter attack traffic, contacting a remote site to take down a bot-network, or sharing watch-lists of known malicious IP addresses in a consortium. The Incident Object Description Exchange Format (IODEF) is a format for representing computer security information commonly exchanged between Computer Security Incident Response Teams (CSIRTs). It provides an XML representation for conveying incident information across administrative domains between parties that have an operational responsibility of remediation or a watch-and-warning over a defined constituency. The data model encodes information about hosts, networks, and the services running on these systems; attack methodology and associated forensic evidence; impact of the activity; and limited approaches for documenting workflow. The overriding purpose of the IODEF is to enhance the operational capabilities of CSIRTs. Community adoption of the IODEF provides an improved ability to resolve incidents and convey situational awareness by simplifying collaboration and data sharing. This structured format provided by the IODEF allows for: (1) increased automation in processing of incident data since the resources of security analysts to parse free-form textual documents will be reduced; (2) decreased effort in normalizing similar data (even when highly structured) from different sources; and (3) a common format on which to build interoperable tools for incident handling and subsequent analysis, specifically when data comes from multiple constituencies.
See also: XML and Application Security
Chinese XML Format Will Get Microsoft Converter
Jeremy Kirk, InfoWorld
Microsoft will collaborate with the Chinese government and universities to make a plug-in that will let users read and save documents written in two different XML file formats. China is developing its own XML format, UOF (Uniform Office Format), a variation that's used in applications such as RedOffice, a productivity suite forked from OpenOffice.org for the Chinese market. China's UOF group is headed by the Chinese Office Software Work Group and the Ministry of Information Industry. The plug-in will enable translation with Office Open XML (OOXML), Microsoft's version of XML that the company is pushing to become a uniformly used standard, said Jean Paoli, Microsoft's manager of interoperability and XML architecture. China is working on UOF to cater to needs of the local market and local productivity software. For example, tags can be written in Chinese, Paoli said. "That's the goal of the Chinese government and we respect that," he said. Five entities will work on the translator, including Microsoft, Beihang University, also known as the Beijing University of Aeronautics and Astronautics; Litsoft, part of Lenovo Group; Tsinghua University; and the Beijing Information Technology Institute. The first version of the UOF translation tool will be released on July 30 under the BSD (Berkeley Software Distribution) license and posted on Sourceforge, the popular open-source application development site, Paoli said. It should be released in January 2008, and will work with Microsoft Office 2003 and 2007.
See also: the announcement
W3C Last Call: XQuery 1.0 and XPath 2.0 Full-Text 1.0, Requirements, Use Cases
Staff, W3C Announcement
W3C announced that the XSL Working Group and XML Query Working Group have published three Last Call Working Drafts: (1) "XQuery 1.0 and XPath 2.0 Full-Text 1.0", (2) "XQuery 1.0 and XPath 2.0 Full-Text 1.0 Requirements", and (3) "XQuery 1.0 and XPath 2.0 Full-Text 1.0 Use Cases." Full-Text 1.0 technology extends XQuery 1.0 and XPath 2.0 with full-text search capabilities. The "Use Cases" document was created by the XML Query Working Group and the XSL Working Group to illustrate important applications of full-text querying within an XML query language. Each use case exercises a specific functionality relevant to full-text querying. An XML Schema and sample input data are provided. Each use case specifies a query applied to the input data, a solution in XQuery, a solution in XPath (when possible), and the expected results. The document supplements the XML Query Use Cases. The full-text queries in the use cases are performed on text which has been tokenized, i.e., broken into a sequence of words, units of punctuation, and spaces. A word is defined as any character, n-gram, or sequence of characters returned by a tokenizer as a basic unit to be queried. Each instance of a word consists of zero or more consecutive characters. Beyond that words are implementation-defined. Note that consecutive words need not be separated by either punctuation or space, and words may overlap. A phrase is an ordered list of words. A phrase may contain any number of words. Tokenization enables functions and operators which work with the relative positioning of words (e.g., proximity operators). Tokenization also enables functions and operators which operate on a part or the root of the word (e.g., wildcards and stemming).
See also: Use Cases
XML Design for Relational Storage
Solmaz Kolahi and Leonid Libkin, WWW 2007 Paper
This paper was presented at the 16th International World Wide Web Conference (IW3C2) held May 8-12, 2007 in Banff National Park, Alberta, Canada. "Design principles for XML schemas that eliminate redundancies and avoid update anomalies have been studied recently. Several normal forms, generalizing those for relational databases, have been proposed. All of them, however, are based on the assumption of a native XML storage, while in practice most of XML data is stored in relational databases. In this paper we study XML design and normalization for relational storage of XML documents. To be able to relate and compare XML and relational designs, we use an information-theoretic framework that measures information content in relations and documents, with higher values corresponding to lower levels of redundancy. We show that most common relational storage schemes preserve the notion of being well-designed (i.e., anomalies- and redundancy-free). Thus, existing XML normal forms guarantee well-designed relational storages as well. We further show that if this perfect option is not achievable, then a slight restriction on XML constraints guarantees a ''second-best'' relational design, according to possible values of the information-theoretic measure. We finally consider an edge-based relational representation of XML documents, and show that while it has similar information-theoretic properties with other relational representations, it can behave significantly worse in terms of enforcing integrity constraints."
See also: the Refereed Conference Papers
Selected from the Cover Pages, by Robin Cover
The Open Geospatial Consortium announced a call for public comment on two draft OpenGIS Implementation Specifications: GeoXACML and OpenGIS Image Geopositioning Service (IGS). The draft Geospatial Extensible Access Control Markup Language (GeoXACML) Implementation Specification defines a geo-specific extension to the Extensible Access Control Markup Language (XACML) OASIS Standard. The OGC GeoXACML draft clarifies that access control systems enable management of access to information only until it is obtained by the user and stored locally, as opposed to rights management systems that remain in force regardless of where the content of the original resource is located or reproduced. The second OGC draft released for public comment is the OpenGIS Image Geopositioning Service (IGS) Draft Implementation Specification. This document defines an Image Geopositioning Service (IGS) interface to services that perform triangulation. Accompanying the IGS draft specification is a separate OpenGIS Image Geopositioning Metadata Geography Markup Language (GML) Draft Application Schema, which is structured to provide consistency between the IGS and other OGC Web Services (OWS) specifications. OGC also recently published KML 2.1 Reference—An OGC Best Practice. KML is a file format used to display geographic data in an Earth browser, such as Google Earth, Google Maps, and Google Maps for Mobile. KML uses a tag-based structure with nested elements and attributes and is based on the XML standard.
See also: Geography Markup Language (GML)
XML Daily Newslink and Cover Pages are sponsored by:
|BEA Systems, Inc.||http://www.bea.com|
|Sun Microsystems, Inc.||http://sun.com|
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: email@example.com
Newsletter unsubscribe: firstname.lastname@example.org
Newsletter help: email@example.com
Cover Pages: http://xml.coverpages.org/