A Cover Pages Publication http://xml.coverpages.org/
Provided by OASIS and Sponsor Members
Edited by Robin Cover
This issue of XML Daily Newslink is sponsored by:
IBM Corporation http://www.ibm.com
Headlines
- W3C Issues Proposed Recommendations for GRDDL
- HP and MIT Create DSpace Foundation for Open Source Digital Archives
- Emergency Alert System (EAS) Poised for Massive Overhaul
- kXML-RPC Enables Service-Oriented Mobile Computing
- Ajax and Progressive Browser Enhancement
- Protect Your XML Applications: Avoid the Dangers of XPath Injection
- Patent Law Overhaul Gets House Panel OK
W3C Issues Proposed Recommendations for GRDDL
Dan Connolly and Chimezie Ogbuji (eds), W3C Technical Reports
W3C has announced the advancement of GRDDL specification ("Gleaning Resource Descriptions from Dialects of Languages") and companion "GRDDL Test Cases" to Proposed Recommendation status. Public feedback is welcome through 24-August-2007. The GRDDL Implementation Report demonstrates that the goals for interoperable implementations set in the May 2007 Candidate Recommendation draft of this document have been achieved. Linking microformats to the Semantic Web, the GRDDL mechanism is used to extract RDF statements from XHTML and XML content using programs such as XSLT. The markup includes a namespace-qualified attribute for use in general-purpose XML documents and a profile-qualified link relationship for use in valid XHTML documents. The GRDDL mechanism also allows an XML namespace document (or XHTML profile document) to declare that every document associated with that namespace (or profile) includes gleanable data and for linking to an algorithm for gleaning the data. By specifying a GRDDL transformation, the author of a document states that the transformation will provide a faithful rendition in RDF of information (or some portion of the information) expressed through the XML dialect used in the source document. Likewise, by specifying a GRDDL namespace transformation or profile transformation, the creator of that namespace or profile states that the transformation will provide a faithful RDF rendition of a class of source documents which relate to that namespace or profile. A namespace document or a profile document also provide a means for their authors to explain in prose the purpose of the transformation or any policy statements. The GRDDL specification is a concise technical specification of the GRDDL mechanism and its XML syntax. It specifies the GRDDL syntax to use in valid XHTML and well-formed XML documents, as well as how to encode GRDDL into namespaces and HTML profiles. Discussions of the GRDDL transformation link and security issues are also covered. Appendices provide links to extended examples and existing software and services that employ GRDDL. The "GRDDL Test Cases" document describes and includes test cases for software agents that extract RDF from XML source documents by following the set of mechanisms outlined in the GRDDL specification. They demonstrate the expected behavior of a GRDDL-aware agent by specifying one (or more) RDF graph serializations which are the GRDDL results associated with a single source document.
See also: GRDDL Test Cases
HP and MIT Create DSpace Foundation for Open Source Digital Archives
Staff, HP and the MIT Libraries
Hewlett-Packard (HP) and the Massachusetts Institute of Technology (MIT) Libraries have announced the formation of the DSpace Foundation, a non-profit organization that will provide support to the growing community of organizations that use DSpace, an open source software solution for accessing, managing and preserving scholarly works in a digital archive. Jointly developed by HP and the MIT Libraries beginning in 2002, today more than 200 projects worldwide are using the software to digitally capture, preserve and share their artifacts, documents, collections and research data. The foundation will assume responsibility for providing leadership and support to the ever growing DSpace community and promote even wider distribution and use. Michele Kimpton, formerly of the Internet Archive, will serve as Executive Director of the DSpace Foundation. HP and the MIT Libraries began developing DSpace after MIT expressed the need for a robust, software platform to digitally store its collections and valuable research data, which had previously existed only in hard copies. Institutions can more easily share and preserve their collections with an archiving system that stores digital representations of analog artifacts, text, photos, audio and films. DSpace is a community-based open source platform capable of permanently storing data in a non-proprietary format, so researchers can access its contents for decades to come. Because the archive is Internet-based, DSpace can be accessed from anywhere in the world via an Internet connection and federated with other archives. [Note: Currently DSpace supports exporting digital content, along with its metadata, in a simple XML-encoded file format. DSpace developers are working on migrating this export capability to use the METS standard using extension schemas for qualified Dublin Core metadata and technical/preservation metadata for arbitrary digital objects.]
See also: the DSpace web site
Emergency Alert System (EAS) Poised for Massive Overhaul
Staff, Radio World Online
For more than 50 years, our government-imposed emergency alerting systems have tried and too often failed to fulfill their collective intended mission and benefit to the public. The Integrated Public Alert and Warning System or IPAWS is a new initiative launched within DHS and FEMA to work with stakeholders to improve our public warning systems. We are seeing the fruit of that labor start to ripen. On May 31, 2007 the FCC adopted a Second Report and Order and FNPRM regarding EAS that will require EAS participants to accept messages using CAP, the Common Alerting Protocol. This will be incorporated in the next generation of EAS delivery systems no later than 180 days after FEMA announces its adoption of standards. CAP is an open, non-proprietary, XML-based standard data interchange format used by DHS, FEMA, NWS, USGS and more recently by the FCC. It can be used to collect all types of hazard warnings and reports locally, regionally and nationally for input into a range of information management and warning dissemination systems. The beauty of CAP is that it's readily used by the Internet, cellphones, PDAs, newsgathering organizations, radio, TV and cable operators, highway messaging, lottery machines and so on. The new EAS delivery structure will need to incorporate a text-based engine that will easily be harnessed by CAP. Existing EAS hardware manufacturers and perhaps new players will be introducing new codec versions that include CAP capability when rules are finalized. Perhaps most important for existing broadcasters, the new rules will require transmitting state and locally targeted EAS alerts that are originated by governors or their designees. The goal in forging a new EAS system is to quickly and reliably reach 99 percent of the nation using radio, TV and other media with geo-targeted voice, video, text and data emergency information. The government has fast-tracked this proceeding, and input from broadcasters is very much needed and encouraged. Radio World urges all interested parties to participate in the rulemaking process. We have a real opportunity to make EAS work the way it was intended. [Note: CAP
See also: OASIS Emergency Management TC and CAP
kXML-RPC Enables Service-Oriented Mobile Computing
Kyle Gabhart and David Johnson, DevX.com
Service orientation is going wireless; it's simply a matter of how much and how soon. XML-RPC and the kXML-RPC library certainly are in the mix for this inevitable convergence. A service is a platform-neutral and typically coarse-grained interface to one or more business systems that can be invoked across a network. Wireless networks complicate this invocation process because the service provider must account for dropped packets and hops across multiple relays. Consequently, wireless clients must keep their exchanges as thin as possible to ensure optimum performance. Additionally, mobile devices typically do not have an abundance of resources for processing fat requests, synchronous request-response exchanges, or storing robust data models. Its extremely lightweight XML grammar makes XML-RPC the ideal remote procedure-calling protocol for these service-oriented mobile computing scenarios, where application size, memory, and bandwidth are top priorities. This article demonstrates how to build and run a Java mobile application that implements kXML-RPC on the client side to access a web service example. It includes a complete downloadable sample of all the code. While XML-RPC provides a simple, minimalist XML grammar for invoking service operations, it does not, however, lend itself well to more advanced scenarios. Securing XML-RPC messages is limited to Transport Level Security (TLS) or ad-hoc XML encryption. As SOA continues to become a more pervasive factor within enterprise information systems, its convergence with mobile computing is inevitable. Service orientation is going wireless; it's simply a matter of how much and how soon. When this occurs, enterprises will need to evaluate their requirements and make a determination regarding the right messaging protocol. XML-RPC and the kXML-RPC library certainly are in the mix.
See also: the SourceForge project
Ajax and Progressive Browser Enhancement
Mark Birbeck, 'XForms and Internet Applications' Blog
Progressive enhancement is an approach to web development that has been around for a few years now. At its most basic it suggests building our web pages in a 'clean' and uncluttered way, and then layering functionality onto the mark-up using various mechanisms, such as stylesheets and scripts. The principle actually underpins much of the work we've been doing on XHTML 2, which has involved taking HTML back to its semantic roots. In particular the work on RDFa has been to a large extent motivated by providing more semantic 'hooks' on which to attach increasingly focused functionality. But there is a new phenomena afoot, which I'd like to call progressive browser enhancement. It's something we've been doing for a while with our work on XForms and formsPlayer, but it also has wider applicability. To illustrate the idea of PBE, let's look at eventing in the browser. Many Ajax libraries have their own eventing architecture, and they are without exception non-standard. This is a shame, since the W3C has a standard for DOM events (DOM 2 Events) which has been around for years and is very clearly defined. Of course, part of the problem is that whilst it has been implemented in Firefox, Safari and Opera, it's not available in Internet Explorer. This meant that when we began our work on formsPlayer, our XForms processor plug-in for Internet Explorer, we had to implement a DOM 2 Events component ourselves. This does however mean that DOM 2 Events support is potentially available for all browsers... To fill the gap we simply implemented a DOM 2 Events library in JavaScript. Whilst most Ajax libraries went the route of creating their own non-standard eventing architectures, we went the other way and implemented the standard. The advantage of our approach is that if our end-user is running a browser with reasonable standards support such as Firefox, Opera or Safari, they'll get native support for DOM 2 Events, and hopefully a faster experience. Similarly, if our user is on IE and has installed the formsPlayer DOM 2 Events component, they will likewise get a faster experience.
Protect Your XML Applications: Avoid the Dangers of XPath Injection
Robi Sen, IBM developerWorks
With the proliferation of simple XML APIs, Web services, and Rich Internet Applications (RIAs), more organizations have adopted XML as a data format for everything from configuration files to remote procedure calls. Some people have even used XML documents instead of more traditional flat files or relational databases, but like any other application or technology that allows outside user submission of data, XML applications can be susceptible to code injection attacks, specifically XPath injection attacks. Blind SQL injection attacks are a well know and recognized form of code injection attack, but there are many other forms, some not so well documented or understood. An emerging code injection attack is the XPath injection attack, which takes advantage of the loose typing and forgiving nature of XPath parsers to allow malcontents to piggyback malicious XPath queries on URLs, forms, or other methods to gain access to privileged information and change it. The blind XPath injection attack functions almost exactly like the blind SQL injection attack, but unlike SQL injection attacks, few people know about XPath injection attacks or take precautions against them. Like the SQL injection attack, you can often easily deal with the threat if you follow best practices to develop secure applications. This article looks at how XPath attacks are usually carried out and provides an example in Java and XML environments. It discusses how to detect such threats, looks at what you can do to mitigate the threat, and finally discusses what you can do in response to a suspected penetration.
Patent Law Overhaul Gets House Panel OK
Anne Broache, CNet Blog
In a move that high-tech companies have been advocating for years, a House of Representatives panel on Wednesday unanimously approved a controversial patent bill that high-tech firms argue is critical to correcting perceived flaws in the U.S. system. The Patent Reform Act of 2007 cleared the House Judiciary Committee with a handful of amendments, paving the way for its consideration by the full House. Supporters say its provisions would help curb litigation costs, weed out bad patents and restore balance to a system they argue tilts too heavily toward the rights of patent holders. The bill proposes some of the most sweeping changes to the patent system in years, including replacing a system that awards patents to the "first to invent" with one based on the "first to file," which all other foreign patent systems use. [However] A group called the Innovation Alliance—which includes representatives from universities, venture capital, biotechnology, nanotechnology and emerging-tech companies—said the committee made no "real progress" Wednesday in addressing its concerns. As drafted, the bill "will significantly erode the patent protections that have driven America's innovation leadership."
See also: Brian Kahin commentary
Sponsors
XML Daily Newslink and Cover Pages are sponsored by:
BEA Systems, Inc. | http://www.bea.com |
IBM Corporation | http://www.ibm.com |
Primeton | http://www.primeton.com |
SAP AG | http://www.sap.com |
Sun Microsystems, Inc. | http://sun.com |
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: newsletter-subscribe@xml.coverpages.org
Newsletter unsubscribe: newsletter-unsubscribe@xml.coverpages.org
Newsletter help: newsletter-help@xml.coverpages.org
Cover Pages: http://xml.coverpages.org/