This issue of XML Daily Newslink is sponsored by:
BEA Systems, Inc. http://www.bea.com
- Use of WebDAV for Certificate Publishing and Revocation
- OASIS Membership Approves Digital Signature Services (DSS) Version 1.0
- W3C Issues Candidate Recommendation for CSS3 Media Queries
- Open XML SDK: Tech Preview
- Verizon Gets Into Supply Chain Management
- New York Becomes Latest State to Ponder ODF
- End-to-end Ajax Application Development
- How NOT to Do RESTful Web Services
- Email System Event Notification Model
Use of WebDAV for Certificate Publishing and Revocation
David Chadwick (ed), IETF Internet Draft
Members of the IETF Public-Key Infrastructure (X.509) PKIX Working Group have released an initial working draft for "Internet X.509 Public Key Infrastructure: Use of WebDAV for Certificate Publishing and Revocation." The document describes the use of the WebDAV protocol for publishing and revoking X.509 public key certificates and specifies two new access methods for the Authority Information Access extension to support this. There are a number of well known problems with using LDAP to store certificates and certificate revocation lists, for example, most corporate firewalls deny access to the LDAP protocol. WebDAV is widely supported, several open source implementations are available including one for Apache, and there is an active community working with it. WebDAV specifies extensions to the HTTP/1.1 protocol so that web content can be managed remotely. WebDAV provides users with the ability to create, remove and query information about web pages, including their contents and properties, such as their creation dates, expiry dates, authors etc. In the context of X.509, a web page will be a single X.509 certificate (either public key or attribute) or a CRL containing a single entry, and their properties can be any fields of the certificate or CRL. WebDAV also provides the ability to create sets of related web pages, called collections, and to retrieve hierarchical membership listings of them. In the context of X.509, a certificate subject can represent a collection, and his/her certificates can be the collection membership listing. The set of CRLs issued by an issuer can also be a collection membership listing. The WebDAV-based protocol specified in this document is based on the Representational State Transfer (REST) principles, in which the web itself is the state transition machine for a certificate. When a certificate does not exist it has no web page. This document specifies two certificate extensions, the certificate URL and the revocation URL, which may be stored in certificates in order to determine its state using the WebDAV protocol.
See also: the PKIX Working Group Charter
OASIS Membership Approves Digital Signature Services (DSS) Version 1.0
Staff, OASIS Announcement
OASIS announced that its members have approved the Digital Signature Services (DSS) Version 1.0 specification as an OASIS Standard, a status that signifies the highest level of ratification. DSS defines an XML interface to process digital signatures for Web services and other applications, enabling the sharing of digital signature creation, verification and other associated services, without complex client software and configuration. DSS describes two XML-based request/response protocols: one for signatures and a second for verification. Using these protocols, a client can send documents to a server and receive back a signature on the documents; or send documents and a signature to a server and receive back an answer on whether the signature verifies the documents. DSS supports a range of signature formats including XML and Cryptographic Message Syntax (CMS). It is designed around a core set of elements and procedures which can be profiled to support specific uses such as time-stamping (including XML structured time-stamps), corporate entity seals, electronic post marks, and code signing. The OASIS DSS Technical Committee worked closely with the Universal Postal Union, an agency of the United Nations, to facilitate the use of DSS within its Electronic Post Mark system (UPU EPM).
W3C Issues Candidate Recommendation for CSS3 Media Queries
Hakon Wium Lie, Tantek Celik, Daniel Glazman (eds), W3C CR
The W3C CSS Working Group has released an updated Candidate Recommendation for editorial changes to Media Queries, a module of Cascading Style Sheets Level 3 (CSS3). Built on the mechanism outlined in HTML, a registry of media types is proposed to describe to what type of devices a style sheet applies, and expressions to limit a style sheet's scope. Presentations can then be tailored to a specific range of output devices without changing the content itself. HTML4 and CSS2 currently support media-dependent style sheets tailored for different media types. For example, a document may use different style sheets for screen and print. nside a CSS style sheet, one can declare that sections apply to certain media types. The "print" and "screen" media types are defined in HTML4. The complete list of media types in HTML4 is: "aural", "braille", "handheld", "print", "projection", "screen", "tty", "tv". CSS2 defines the same list with the addition of "embossed" to differentiate between braille tactile feedback devices and braille printers. Also, "all" is used to indicate that the style sheet applies to all media types. Media-specific style sheets are supported by several user agents. The most commonly used feature is to distinguish between "screen" and "print". There have been requests for ways to describe in more detail what type of output devices a style sheet applies to. Fortunately, HTML4 foresaw these requests and defined a forward-compatible syntax for media types. Media Queries, as described in this specification, build on the mechanism outlined in HTML4. The syntax of Media Queries fit into the media type syntax reserved in HTML4. The media attribute of HTML4 also exists in XHTML and generic XML. The same syntax can also be used inside in the '@media' and '@import' rules of CSS.
See also: CSS3 Module for Multi-column Layout
Open XML SDK: Tech Preview
Brian Jones, Blog
"Microsoft announced the release of an early preview of a managed API for the Open XML formats, available for download as a Community Technology Preview. This is another tool that will help make it easier for developers to build solutions on top of the Office file formats. The easier we can make it for people to build solutions, the more valuable the documents themselves become. This is a very early preview and we're hoping to get a lot of great feedback to help shape the evolution of these APIs. There is a discussion forum where you can ask questions, and provide feedback on things you'd like to see added or changed. We'll then take this feedback and use it to help generate future CTPs. The goal in this first CTP was to provide some additional structure on top of what was already provided by System.IO.Packaging in .Net 3.0. Now instead of just generic parts and relationships, you actually have each part from the Open XML spec available as a strongly typed part. The API also provides package level validation so you'll know your creating all the necessary content type declarations and relationship type references." Online overview: "The 2007 Microsoft Office system introduces a new file format that is based on XML called Open XML Formats. Microsoft Office Word 2007, Microsoft Office Excel 2007, and Microsoft Office PowerPoint 2007 all use these formats as the default file format. Open XML formats are useful for developers because they are an open standard and are based on well-known technologies: ZIP and XML. Microsoft provides a library for accessing these files as part of the WinFX technologies in the System.IO.Packaging namespace. This SDK is built on top of the System.IO.Packaging API and provides strongly typed part classes to manipulate Open XML documents."
See also: the download
Verizon Gets Into Supply Chain Management
Jim Duffy, Network World
Verizon Business this week entered the supply chain management market through a resale arrangement with GXS, a provider of business-to-business (B2B) e-commerce systems. Verizon Business will provide large business customers with GXS's integrated supply chain management services via two new managed service offerings: Custom Supply Chain Managed Services and Invoice Automation Service. Custom Supply Chain Managed Services is intended to automate supply chain processes with or between enterprises; Invoice Automation Service is designed to help customers automate the invoice process and control costs by removing manual processes. Verizon Business will be the single point of contact and contractor for these services. GXS will step in when specialized supply chain management support is required, the carrier said. The GXS offerings support B2B e-commerce standards and protocols, including Electronic Data Interchange (EDI), Extensible Markup Language (XML), AS2, and proprietary formats.
New York Becomes Latest State to Ponder ODF
Elizabeth Montalbano, InfoWorld
New York State Bill A08961, sponsored by Democratic Assemblywoman RoAnn M. Destito, proposes the state study how government documents are created, exchanged, and preserved and how these documents can be used in a way that "encourages appropriate government control, access, choice, interoperability, and vendor neutrality," according to the text of the bill. Though lawmakers in other states—including Texas, Connecticut, Florida, Minnesota and Oregon—have proposed similar bills that might have mandated the use of open standards for document formats, none of those states has ended up officially supporting ODF yet. ODF is a freely available document format and rival to the default file format in Microsoft's Office 2007 suite, Open XML. If what has happened in other states is any precedent, Destito's bill may end up going nowhere. Bills that would have required state agencies to use freely available document formats in Texas, Connecticut, Florida, and Oregon were shot down mainly due to the pro-Microsoft lobby, while a bill in Minnesota was passed only to study the possibility of using open document formats, not to actually mandate them. So far, Massachusetts is the only U.S. state that has officially adopted an open documents policy that will include ODF support, though governments in other countries such as Belgium, Denmark, and France are ahead of the U.S. in mandating their agencies use open document formats. Microsoft also has submitted Open XML to be an international standard in the ISO (International Organization for Standardization, though it has been criticized for trying to control the Open XML specification more than is usually the case with standard technologies. Nevertheless, Open XML is scheduled to be up for an approval vote before the ISO late this year.
End-to-end Ajax Application Development
Senthil Nathan, IBM developerWorks
How NOT to Do RESTful Web Services
Anne Thomas Manes, Blog
A number of web service toolkits , including Apache Axis2 and Apache CXF, now claim to support REST. But in fact, these systems do NOT support REST. They support non-RESTful POX (plain old XML) over HTTP. Non-RESTful POX services are more accessible than SOAP services, but they don't exhibit the desirable characteristics associated with RESTful resources. The REST architectural style defines a number of basic rules (constraints), and if you adhere to these rules, your applications will exhibit a number of desirable characteristics, such as simplicity, scalability, performance, evolvability, visibility, portability, and reliability. The basic rules are: (1) Everything that's interesting is named via a URI and becomes an addressable resource; (2) Every resource exposes a uniform interface (e.g., GET, PUT, POST, DELETE); (3) You interact with the resource by exchanging representations of the resource's state using the standard methods in the uniform interface. Non-RESTful POX applications violate these basic rules. First, they don't define a URI for every resource. And second, they don't constrain the interactions to the methods defined in the uniform interface. Instead they define a single URL that represents an operation that can be performed on any number of unnamed resources. Essentially they are tunneling RPC calls through the URL.
See also: the Burton article
Email System Event Notification Model
Lisa Dusseault, IETF Internet Draft
An initial Internet Draft for "Email System Event Notification Model" has been published. "Email servers have event information which is of interest to a wide variety of clients, devices and users, and this motivates an effort to tie Email servers into the existing Internet notifications architecture as described by the Common Profile for Presence (CPP). This document describes where Email servers fit into CPP and what pieces are missing. This is not purely a requirements document because it describes a specific architecture, but it makes some requirements on future documents that fill in pieces of the architecture. An Email server can be an IMAP server RFC 3501 or a POP server RFC 1939. It could also be a Webmail server, offering email access through a presentation layer delivered over HTTP RFC 2616—or might support other online interfaces. Although the semantic and storage models differ, these servers are sufficiently similar to be considered together for the purposes of describing interesting events originating from email message stores and how to get access to such event streams. Typically, these servers are capable of storing up to gigabytes of messages per user, handling hundreds of incoming messages per user per day, and allow clients to track which messages have been handled (typically 'seen' or 'read') and which ones are new. Work to describe a event model for mail stores has already progressed in the LEMONADE Working Group; the Introduction of that draft also describes some of the demand for interoperability for producing, consuming and interpreting these events. Meanwhile, the SIEVE Working Group is working on an extension to the SIEVE email filtering language (RFC 3028) that allows a notification to be sent in the case of a SIEVE rule match All the components of the desired email event infrastructure already exist, though not all the interconnections are standardized. Only a few other pieces are required to encourage interoperability between vendors' products.
XML Daily Newslink and Cover Pages are sponsored by:
|BEA Systems, Inc.||http://www.bea.com|
|Sun Microsystems, Inc.||http://sun.com|
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: firstname.lastname@example.org
Newsletter unsubscribe: email@example.com
Newsletter help: firstname.lastname@example.org
Cover Pages: http://xml.coverpages.org/