The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Last modified: August 02, 2007
XML Daily Newslink. Thursday, 02 August 2007

A Cover Pages Publication
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:

The Incident Object Description Exchange Format
R. Danyliw, J. Meijer, Y. Demchenko (eds), IETF Internet Draft

IETF announced the availability of a revised IODEF specification in the Internet Draft libraries. "The Incident Object Description Exchange Format" (IODEF) defines a data representation that provides a framework for sharing information commonly exchanged by Computer Security Incident Response Teams (CSIRTs) about computer security incidents. This document describes the information model for the IODEF and provides an associated data model specified with XML Schema. Organizations require help from other parties to mitigate malicious activity targeting their network and to gain insight into potential threats. This coordination might entail working with an ISP to filter attack traffic, contacting a remote site to take down a bot- network, or sharing watch-lists of known malicious IP addresses in a consortium. The Incident Object Description Exchange Format (IODEF) is a format for representing computer security information commonly exchanged between CSIRTs. It provides an XML representation for conveying incident information across administrative domains between parties that have an operational responsibility of remediation or a watch-and-warning over a defined constituency. The data model encodes information about hosts, networks, and the services running on these systems; attack methodology and associated forensic evidence; impact of the activity; and limited approaches for documenting workflow.

See also: IODEF references

Introduction to JavaFX Script
Anghel Leonard, O'Reilly

In the spring of 2007 Sun released a new framework called JavaFX. This is a generic name because JavaFX has two major components, Script and Mobile, and, in the future, Sun will develop more components for it. With JavaFX you can easily build rich, dynamic interfaces in much less time than you could build something comparable in Java with Swing and Java 2D. In this article, we step through the basic syntax, look at IDE support, and build a demonstration application that shows off some of JavaFX's Capabilities. The core of JavaFX is JavaFX Script, which is a declarative scripting language. It is very different from Java code, but has a high degree of interactivity with Java classes. Many classes of the JavaFX Script are designed for implementing Swing and Java 2D functionalities more easily. With JavaFX Script you can develop GUIs, animations, and cool effects for text and graphics using only a few straightforward lines of code. And, as a plus, you can wrap Java and HTML code into JavaFX Script. The second component, JavaFX Mobile, is a platform for developing Java applications for portable devices. It will eventually be a great platform for JavaFX Script. If you decide to start with the JavaFX plug-in for NetBeans 5.5, the instructions on Project OpenJFX for JavaFX for NetBeans will help you. Similarly, if you want to use the JavaFX plug-in for Eclipse, then go to JavaFX for Eclipse

See also: the JavaFX web site

XyEnterprise Releases Contenta DITA Version 1.4
Staff, XyEnterprise Announcement

XyEnterprise, a leading developer of award-winning XML content management and multi-channel delivery solutions today announced the release of Contenta DITA 1.4 supporting the next generation of DITA-based content management software. The software's new features extend DITA Specialization support to all out-of-the-box tools, enhance DITA Author Support for the latest authoring tools, provide collaborative review using XMetaL Reviewer, support the latest version of the DITA Open Toolkit, integrate seamlessly with SDL's Translation Management System, and provide enhanced graphics support for print and online delivery formats. Highlights of the latest version of XyEnterprise's Contenta DITA solution include: (1) SDL Translation Management Integration: A seamless integration with SDL's Translation Management System that allows end users to upload only those topics requiring translation, track the status of translated topics while in the TMS, and import translated topics back into the Contenta repository as soon as available. (2) DITA Specialization: With Contenta DITA 1.4, specialization is easily configurable, with no customization required. Specialization allows sites to add new data types to support unique requirements. Because specialized objects are based on known types (a specialized Task is still a Task), specialization enables a shared understanding of information across groups, saving time and presenting a consistent picture to customers. (3) DITA Author Support: XyEnterprise continues to support the latest DITA offerings of the major XML Authoring tools - Arbortext Editor 5.3, FrameMaker 7.2 and XMetaL 5.0 Enterprise Edition, so authors can use the XML editing tools they are already familiar with, reducing the learning curve and cost associated with training. (4) XMetaL Reviewer Integration: With a seamless integration to XMetaL Reviewer that enables robust collaborative review, Contenta DITA 1.4 provides detailed reports of all editorial activity during the review cycle. Since XMetaL Reviewer is integrated with XMetaL Author, the document owner has greater control over the approval and modification of a document within a workflow. (5) Enhanced Graphics Support... (6) DITA Open Toolkit 1.3.1 Support: The DITA Open Toolkit is an important component in most DITA implementations. XyEnterprise is committed to supporting the DITA standard and integrating with current versions of the open source toolkit.

See also: DITA references

Microsoft Moves Ahead with Software Modeling
Darryl K. Taft, eWEEK

With the goal of generating applications from simple models an elusive goal, Microsoft and others are working on technology to make it a reality. Some say the possibility of delivering applications from models exists today in the form of the UML (Unified Modeling Language) and MDA (Model-Driven Architecture). But the use of tools supporting these technologies typically require serious expert involvement, some observers say. Richard Mark Soley, chief executive of the Object Management Group, located in Needham, Mass., which oversees many of the modeling specifications such as UML and MDA, said developing applications via modeling is entirely feasible. Richard Mark Soley, chief executive of the Object Management Group, located in Needham, Mass., which oversees many of the modeling specifications such as UML and MDA, said developing applications via modeling is entirely feasible: "The answer is absolutely, yes—software and hardware has already been generated from UML models. And other modeling languages MDA includes several UML, MetaObject Facility (MOF), Business Process Modeling Notation (BPMN) and Systems Modeling Language (SysML) can be used to generate applications from models." Grady Booch, chief scientist at IBM's Rational business unit and the co-creator of the UML, likes to cite the usage of the technology in various instances. In fact, one of Booch's more salient examples of the prevalence of the use of UML is a reference to the technology on an episode of the CBS television series "NUMB3RS," which involves a math genius who helps the FBI. However, Microsoft sees UML and its ilk as too hard and too heavy a process, and is working on delivering its own modeling technology. S. "Soma" Somasegar, corporate vice president of Microsoft's Developer Division, said Microsoft has some incubation projects that focus on modeling. He expects to see fruit from those projects in the next six to 12 months... Today modeling is making a comeback through business process modeling schemes like Business Process Execution Language (BPEL) and business rules engines.

Black Hat: Security Researchers Exercise AJAX Attacks
Matt Hines, InfoWorld

The presence of AJAX code in Web applications continues to grow at a rapid pace, but many of the programs built using the language remain extremely vulnerable to various forms of attack, according to researchers with applications testing specialists SPI Dynamics. Identified as a so-called Web 2.0 programming language, which melds Asynchronous JavaScript and XML to boost the interactivity of Web sites, AJAX has become widely employed among many different types of sites (including online applications made by major companies such as Google and Yahoo) but many developers working with the language remain unaware of its security implications, the researchers said. To illustrate just how AJAX applications can be victimized, the researchers built a fictional travel site called utilizing programming tips offered by popular developer resources, both Web sites and printed manuals, which they used to demonstrate their attacks to the Black Hat audience. Following the advice offered by mainstream AJAX resources, the SPI experts maintain that the fictional site and its many functions, including its airline flight reservation and payment processing systems, could be compromised easily. The SPI researchers demonstrated a number of potential attacks that can be carried out against AJAX-bred programs such as their travel site, including denial-of-service threats, so-called client-side pricing schemes—whereby they reduced the price of tickets on the URL, and hacks into backend databases supporting such e-commerce applications.

INCITS Establishes New Study Group on Security Best Practices
Staff, InterNational Committee for Information Technology Annoucement

The INCITS Executive Board hass announced the establishment of the INCITS Study Group on Security Best Practices. The Study Group will examine the security needs and requirements of the financial and insurance service industries to assess missing elements in current standards and practices. Based on its findings, the Study Group will make a recommendation to the INCITS Executive Board on an approach to create deployable best practices and frameworks for security in these industries. Mr. Edward Stull, sponsored by Direct Computer Resources, Inc., has been asked to lead the INCITS Study Group on Security Best Practices. He noted: "As a 20+ year member of INCITS, I know that the Study Group can offer the financial services and insurance communities a grand and well-grounded opportunity with the means to develop an internationally focused collection of formal standards that bring together the many international and national security-related organizations, standards, practices and technologies." The formation meeting of the INCITS Study Group on Security Best Practices will be held September 19, 2007 at 3:00 PM in conjunction with the Financial Services Technology (FST) Summit at The Boulders Resort in Scottsdale, Arizona. Since its establishment in 1961, the InterNational Committee for Information Technology Standards (INCITS) has provided the forum of choice for information technology developers, producers and users for the creation and maintenance of ICT standards. The mission of INCITS is to promote the effective use of Information and Communication Technology through standardization in a way that balances the interests of all stakeholders and increases the global competitiveness of the member organizations. INCITS serves as the U.S. Technical Advisory Group for ISO/IEC Joint Technical Committee 1, which is responsible for international standardization in the field of information technology. Membership in INCITS is open to all stakeholders. Currently INCITS is comprised of 1700 member organizations from 13 countries. The INCITS Executive Board has 18 member organizations including representation from the ICT industry's leading hardware and software providers.

See also: INCITS Standards Information

Tech Group Fights Copyright Absolutism at the FTC
Thomas Claburn, InformationWeek

The Computer and Communications Industry Association (CCIA), a tech industry trade group that counts Google, Microsoft, and Yahoo as members, Wednesday filed a complaint with the Federal Trade Commission to protect consumers from overreaching copyright claims made by sports and media companies. The complaint is part of the CCIA's initiative, which aims to expose "how media and sports organizations have systematically misled consumers with regard to their legal rights to use content, and to protect those rights in the digital age." The organizations named in the complaint include the National Football League (NFL), Major League Baseball (MLB), NBC-Universal, Morgan Creek Productions, DreamWorks, Harcourt Inc., and Penguin (USA) Inc. The alleged misrepresentations of copyright power made by these companies violate the FTC's prohibition on unfair or deceptive trade practices, according to the CCIA. For example, Major League baseball games are routinely accompanied by the warning, "This copyrighted telecast is presented by authority of the Office of the Commissioner of Baseball. It may not be reproduced or retransmitted in any form, and the accounts and descriptions of this game may not be disseminated, without express written consent." The CCIA complaint dismisses that assertion outright: "The claim that news accounts or 'descriptions' of the game cannot be 'disseminated' is manifestly false."


XML Daily Newslink and Cover Pages are sponsored by:

BEA Systems, Inc.
IBM Corporation
Sun Microsystems, Inc.

XML Daily Newslink:
Newsletter Archive:
Newsletter subscribe:
Newsletter unsubscribe:
Newsletter help:
Cover Pages:

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: