The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Last modified: August 29, 2007
XML Daily Newslink. Wednesday, 29 August 2007

A Cover Pages Publication
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
IBM Corporation

Fast Incremental Updates of XML Records: Classic UNIX Utilities Offer Help for a Modern Problem
Uche Ogbuji, IBM developerWorks

"XML is a very popular format for exchanging collections of records. You can export these records from a relational database, or they can be in formats such as Atom, which is structured around a collection of entry elements. A common architectural pattern is to synchronize data sets by having one system export a set of records to another; this export is often in the form of a large XML file that contains the entire record set. Such systems have some common efficiency problems: [1] The XML exports can be so large that they use up excessive bandwidth in transmission; [2] For large files, the processing needed to validate and import the XML takes a long time. In this article, I suggest a simple batch of techniques to address these problems. You should always be quick to look to several decades of experience when solving such problems. The crux of the techniques presented in this article follows the lines of the age-old diff and patch utilities well known in UNIX diff is a utility that compares two files (or sets of files) and reports the differences in a standard format. patch can read this standard format and apply the represented updates to some other file... I focus on XML with particular characteristics: (1) The root element serves as an envelope whose children are a series of record elements; (2) Each record element has a unique ID attribute or child element; (3) Within each record is a consistent order of elements. The last requirement might seem stringent, but it doesn't necessarily mean that your schema must mandate the order. In practice, incremental updates usually involve comparison of successive export files from the same process, and in such scenarios, matters such as the order of elements within records tend to be consistent. In the worst case, if the schema allows arbitrary order, and you don't want to rely on the order in the actual exports, you can process the XML to impose an order..."

NIEM: The New Public-Safety Language
Jennifer McAdams, Federal Computer Week

Many state and local law enforcement officials eagerly joined an early federal effort to use Extensible Markup Language to streamline data exchanges within the law enforcement community. Several regions shot ahead of the pack and began incorporating a federally designated Global Justice XML Data Model (GJXDM), only to find the Justice and Homeland Security departments are now pushing a different framework, the National Information Exchange Model (NIEM). Federal officials released last month the second production version of NIEM, which moves the framework closer to the concept's original purpose, which was to cover a broad range of homeland security-related activities. NIEM goes beyond law enforcement by also applying to emergency response, disaster management, the screening of people and cargo, and international trade. New York was among the first states to adopt NIEM when the state decided to make it the foundation of the New York State Integrated Justice environment. This fall, the state will use NIEM in its eJusticeNY Web portal. Along with New York, Florida has emerged as another NIEM frontrunner. The Florida Department of Law Enforcement has established the Florida Law Enforcement Exchange (FLEX) project to map data and establish new regional information sharing systems. NIEM will play an integral role in FLEX... NIEM uses a national standard to create a common vocabulary, and it offers users a structured approach for developing records and reference documents. Those elements are encapsulated in reusable NIEM building blocks called Information Exchange Package Documentation. The IEPDs include a set of schemas for specific XML exchange instances. An IEPD might include examples of style sheets to use when entering new data components or assembling existing data...

See also: the NIEM web site

Document Formats Survey Shows Growing Interest in XML-Based Standards
Staff, Microsoft PressPass

"IT managers at large organizations are increasingly interested in employing XML-based standards, including Open XML, among their document standards, according to a study of U.S. and European organizations commissioned by Microsoft Corporation. The results of the survey, which polled 200 government and private-sector organizations to better understand which factors drive adoption of open document standards, are available in an IDC white paper. Survey respondents included key influencers as well as those charged with supporting document standards in 200 organizations (100 in the U.S. and 100 in Europe). Fifty organizations with more than 250 employees were selected from the public sector, another 50 from the commercial sector. Functional approaches to standards adoption were evident in the survey results, with the majority of respondents citing interoperability between productivity tools, long-term archiving, and ease of transition from an existing base of documents to a new standard as the primary criteria used to evaluate organizationwide adoption of a given standard. Other key takeaways from this research include the following: (1) Large organizations with diverse business needs prefer multiple document standards. (2) Although IT managers appear to strongly prefer a single standard to reduce cost and complexity of implementation, line-of-business managers closer to the daily needs of business support the desire for multiple document standards. (3) The standards Portable Document Format (PDF), Open XML and OpenDocument Format (ODF) are all in use today, with PDF viewed as the dominant standard and Open XML demonstrating 'more traction in the market compared to other XML-based standards.' (4) Companies in Europe with an interest in Open XML expect to be piloting or fully deploying the standard a year from today..."

See also: the IDC report

W3C Last Call Working Draft: XQuery Update Facility
Don Chamberlin, Daniela Florescu (et al. eds), W3C Technical Report

W3C announced that members of the XML Query Working Group have published a Last Call Working Draft for the XQuery Update Facility 1.0. Comments are welcome through 31-October-2007. The specification's "Requirements" and and "Use Cases" were also published as updated Working Drafts. The XQuery Update Facility document defines the syntax and semantics of an extension to XQuery 1.0; this language extension is designed to meet the requirements for updating instances of the "XQuery 1.0 and XPath 2.0 Data Model (XDM)." XML Query can perform searches, queries and joins over collections of XDM instances such as documents or databases. Sample usage scenarios for update: (1) Updating persistent XML stores: Modify XML in persistent XML stores, including native XML databases, XML files stored on a file system, or XML stored in SQL databases. (2) Modify XML messages: Modify XML messages to change status and add information created while processing the message. (3) Add to existing XML document: Add new data to an existing XML document; for instance, add a new entry to a BLOG or a data log. (4) Updating XML registries: Perform updates on configuration files, user profiles, or administrative logs represented in XML. (5) Creating edited copies: Create a new copy of an XML document or subtree that differs from the original in the way specified by the update. For instance, updates could be used to modify a web message in order to add new information and change headers to reflect the modified status. (6) Modifying XML views: Modifying XML views of non-XML sources, such as a SQL/XML view of a SQL database. Since the last version of this document, several significant changes have been made.

See also: the Use Cases

IETF Proposed Standard: Presence Authorization Rules
Jonathan Rosenberg (ed), IETF Standards Track Internet Draft

Biblio: "Presence Authorization Rules. Edited by Jonathan Rosenberg. IETF Standards Track Internet Draft. July 9, 2007, expires January 10, 2008. An announcement from The Internet Engineering Steering Group (IESG) reports that the "Presence Authorization Rules" specification has been approved as a Proposed Standard. The document was produced by members of the IETF SIP for Instant Messaging and Presence Leveraging Extensions (SIMPLE) Working Group. The specification "defines an Extensible Markup Language (XML) document format for expressing presence authorization rules. Such a document can be manipulated by clients using the XML Configuration Access Protocol (XCAP), although other techniques are permitted. There are three functions in a presence system, namely: subscriptions, publishing, and notifications. Authorization is a key function in presence systems. Authorization policies, also known as authorization rules, specify what presence information, when sending notifications, can be given to which watchers, and when. According to the published Working Group Summary, this document defining the Presence Authorization rules now reflects WG consensus, and group censensus was particularly strong. The document depends heavily on the Common Policy: A Document Format for Expressing Privacy Preferences specification produced by members of the IETF Geographic Location/Privacy (GEOPRIV) Working Group. That "Common Policy" document (IETF Request for Comments #4745) "defines a framework for authorization policies controlling access to application specific data; the framework combines common location- and presence-specific authorization aspects, where an XML schema specifies the language in which common policy rules are represented and the common policy framework can be extended to other application domains." Protocol Quality and reviewers: The document was reviewed for the IESG by Jon Peterson; Hisham Khartabil was the PROTO shepherd; Gen-ART review was provided by Pasi Eronen. Background: "The Session Initiation Protocol (SIP) for Instant Messaging and Presence (SIMPLE) specifications allow a user, called a watcher, to subscribe to another user, called a presentity, in order to learn their presence information. This subscription is handled by a presence agent. However, presence information is sensitive, and a presence agent needs authorization from the presentity prior to handing out presence information. As such, a presence authorization document format is needed. This specification defines a format for such a document, called a presence authorization document. "Common Policy" (RFC 4745) specifies a framework for representing authorization policies, and is applicable to systems such as geo-location and presence; the framework is used as the basis for presence authorization documents. In the framework, an authorization policy is a set of rules. Each rule contains conditions, actions, and transformations. The conditions specify under what conditions the rule is to be applied to presence server processing. The actions element tells the server what actions to take. The transformations element indicates how the presence data is to be manipulated before being presented to that watcher, and as such, defines a privacy filtering operation."

See also: the IETF SIMPLE Working Group Charter

Building a Grid System Using WS-Resource Transfer
Tyler Anderson, IBM developerWorks

The WS-RT standard provides a new method for accessing and exchanging information on resources between components. It is designed to enhance the WS-Resource Framework (WSRF) and build on the WS-Transfer standards. The WS-RT system extends previous resource solutions for Web services and makes it easy not only to access resource information by name but also to access individual elements of a larger dataset through the same mechanisms by exposing elements of an XML dataset through the Web services interfaces. In this five-part series, we will look at the use of WS-RT in different areas of the grid environment, from using it as a method for storing and recovering general information about the grid to grid monitoring and management, and security. We'll also examine how WS-RT can be used for the distribution and division of work. Part 1 examines the WS-RT standard and looks at how to develop a WS-RT solution using Java technology and Apache Muse. We take a look at Apache Muse and what WS-RT work has already been done with it. Then we look at how we can use WS-RT for managing and accessing grid information, grid monitoring, security, and work distribution. Grid research and application development has been transitioning more and more to Web services, starting with Open Grid Services Infrastructure (OGSI) in 2001. The plan was to start with OGSI, then develop new specifications as time went on. WSRF and WS-ResourceProperties (WSRP) were eventually released and were meant to comprise the framework needed for grid services, but competing standards like WS-Transfer made interoperability difficult, and consolidation in the open standards was necessary. The problem with WS-Transfer was its inability to operate on fragments of resources the WSRF and WSRP specifications already had. Enter WS-RT. It was designed with WS-Transfer and WSRF and WSRP in mind. Thus emerged the WS-Transfer specification with greater capabilities for operating on resources: WS-RT... The support in WS-RT for grabbing entire blocks of data rendered in XML, and for picking out specific elements makes it a good solution for sharing grid monitor data. For example, we can use WS-RT to extract information about all the disks in a system, about a specific system, or for grabbing trend data by asking our grid node to provide historical information through the WS-RT interface.

See also: Web Services Transfer (WS-Transfer)

Authentication, Authorization, Accounting and Billing of Roaming Users Using SAML
Silvana Greco Polito and Henning Schulzrinne (eds), IETF Internet Draft

IETF announced the publication of an updated Internet Draft previously issued under the title "SIP and SAML Roaming Profile"—"Authentication, Authorization, Accounting and Billing of Roaming Users using SAML." Abstract: "Roaming services allow users that have a contract with a voice service provider to use access resources owned by other providers known as internet access providers. This draft proposes a token-based Authentication, Authorization, Accounting (AAA) and billing model for roaming users supporting the Session Initiation Protocol (SIP). It also introduces a protocol solution for the proposed model that is based on the Security Assertion Markup Language (SAML) protocol and the Hypertext Transfer Protocol (HTTP)... While clearinghouses are used for authorizing users' calls, the guarantor provides authorization for the use of access network resources. One of the main protocols for clearinghouse-based models is the Open Settlements Protocol (OSP). OSP inroduces a token-based authorization model for interdomain calls in which telephony operators can ask a clearinghouse for tokens proving the right of their users to place calls toward some destination. In this draft, we extend the concept of tokens introduced by OSP, focusing on the authorization and authentication of roaming users instead of the authorization of calls... SAML is an OASIS protocol for the description and exchange of security information between partners. SAML defines a framework for the exchange of security information about a subject between partners called requesting, asserting and relying parties. The asserting party is the entity that produces an authentication and authorization assertion about a subject when required by the requesting party, while the relying party uses the assertion for authorizing the subject. This draft defines a new SAML profile, called roaming SAML profile. It defines a set of specifications that allows to use SAML for the description of the token and the token building request and response introduced above. In the SAML roaming profile, the VSPs assume the role of SAML requesting parties, the guarantor the one of asserting party, and IAPs the one of relying parties.

See also: SAML references

OpenID Authentication 2.0
Josh Hoyt (ed), OpenID Proposed Draft

A posting by Josh Hoyt to the OpenID community via the OpenID Specifications Discussion List announces the release of "OpenID Authentication 2.0 - Implementor's Draft 12". OpenID is an open, decentralized, free framework for user-centric digital identity. OpenID takes advantage of already existing internet technology (URI, HTTP, SSL, Diffie-Hellman) and realizes that people are already creating identities for themselves whether it be at their blog, photo stream, profile page, etc. With OpenID you can easily transform one of these existing URIs into an account which can be used at sites which support OpenID logins. To login to an OpenID-enabled website, just type your OpenID URI. The website will then redirect you to your OpenID Provider to login using whatever credentials it requires. Once authenticated, your OpenID provider will send you back to the website with the necessary credentials to log you in...Beyond Authentication, the OpenID framework provides the means for users to share other components of their digital identity. By utilizing the emerging OpenID Attribute Exchange specification, users are able to clearly control what pieces of information can be shared by their Identity Provider, such as their name, address, or phone number. The "OpenID Authentication 2.0" specification provides a way to prove that an end user controls an Identifier. It does this without the Relying Party needing access to end user credentials such as a password or to other sensitive information such as an email address. OpenID is decentralized. No central authority must approve or register Relying Parties or OpenID Providers. An end user can freely choose which OpenID Provider to use, and can preserve their Identifier if they switch OpenID Providers. OpenID Authentication uses only standard HTTP(S) requests and responses, so it does not require any special capabilities of the User-Agent or other client software. OpenID is not tied to the use of cookies or any other specific mechanism of Relying Party or OpenID Provider session management. Extensions to User-Agents can simplify the end user interaction, though are not required to utilize the protocol... Major changes from draft 11 to draft 12: (1) specify handling of URL fragments; (2) realm verification using XRDS discovery; (3) don't allow unencrypted secret exchange unless operating with transport layer encryption."

See also: OpenID specifications


XML Daily Newslink and Cover Pages are sponsored by:

BEA Systems, Inc.
IBM Corporation
Sun Microsystems, Inc.

XML Daily Newslink:
Newsletter Archive:
Newsletter subscribe:
Newsletter unsubscribe:
Newsletter help:
Cover Pages:

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: