Cover Pages: XML Daily Newslink: Thursday, 30 August 2007

A Cover Pages Publication http://xml.coverpages.org/
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
IBM Corporation http://www.ibm.com

Headlines

Open Source Software: GridShib SAML Tools
W3C XML Schema Definition Language (XSDL) 1.1 Part 1: Structures
Read News Industry Text Format (NITF) Files with PHP
Storing and Using RDF in Mulgara
Meeting SOA and Web Services Security Challenges, Part 1
INCITS Confirms: U.S. to Vote for Open XML in ISO
Microsoft, Eolas Settle Patent Dispute

Open Source Software: GridShib SAML Tools
Tom Scavo, GridShib Development Team Announcement

The GridShib Project is pleased to announce the release of GridShib SAML Tools v0.2.0, available now from the GridShib Downloads page. The GridShib SAML Tools, an easy-to-install, standalone software package requiring only java and ant, let you issue or request SAML assertions and optionally bind these assertions to X.509 proxy certificates. You can try an online demo of the GridShib SAML Tools before downloading. Version 0.2.0 of the GridShib SAML Tools includes the following new features: (1) New command-line options and configuration parameters (IdP.entityID, authnInstant, dateTime.pattern); (2) Support for multi-valued attributes; (3) Introducing the GridShib Security Framework; (4) Support for RFC3820-compliant proxy certificates; (5) Updated Globus SAML Library, with source code included; (6) Java API [gridshib-common-0_2_0.jar] for developers. For developers, there is a Java API (with javadoc documentation) and sample code illustrating the use of the Security Framework. GridShib SAML Tools supports both the production and the consumption of X.509-bound SAML assertions. GridShib SAML Tools v0.2.0 is compatible with the forthcoming GridShib for GT v0.6.0. GridShib [the project] consists of two primary components: GridShib for Globus Toolkit, and GridShib for Shibboleth. The two components may be installed and tested separately, but both components are required for complete functionality and interoperability. GridShib also includes the 'GridShib Certificate Authority' and the 'GridShib SAML Tools'. Project: "The NMI GridShib project is a collaboration between NCSA and the University of Chicago. The goal of the project is to allow for interoperability between the Globus Toolkit and the Shibboleth Identity Federation system. In the first year of this project basic interoperability has been achieved in that a deployment of the Globus Toolkit can query and receive attributes from a Shibboleth service regarding a Grid user, and then make an access control decision based on those attributes. In the second year, we turn our attention to refining this capability as well as addressing higher-level management issues such as management of the federation of name spaces between the Grid and campus worlds and the management of the trust configuration/ metadata between the Grid and Shibboleth components."

See also: the project summary

W3C XML Schema Definition Language (XSDL) 1.1 Part 1: Structures
Shudi Gao, C. M. Sperberg-McQueen, Henry S. Thompson; W3C Working Draft

Members of the W3C XML Schema Working Group have released a Last Call Public Working Draft for the "W3C XML Schema Definition Language (XSDL) 1.1 Part 1: Structures" specification, updating the previous WD of 31-August-2006. The Last Call review period for this document extends until 8-November-2007. Comments on this document should be made in W3C's public installation of Bugzilla, specifying "XML Schema" as the product. The "Structures" document specifies the XML Schema Definition Language, which offers facilities for describing the structure and constraining the contents of XML documents, including those which exploit the XML Namespace facility. The schema language, which is itself represented in an XML vocabulary and uses namespaces, substantially reconstructs and considerably extends the capabilities found in XML document type definitions (DTDs). This "Structures" specification depends on "XML Schema Definition Language 1.1 Part 2: Datatypes." XSDL 1.1 retains all the essential features of XSDL 1.0, but adds several new features to support functionality requested by users, fixes some errors in XSDL 1.0, and clarifies some wording. Some of the major revisions since the previous draft include: (1) A mechanism for conditional type assignment has been defined; this allows the 'governing type definition' to be assigned by evaluating information in the instance document. (2) Element declarations may now specify multiple substitution group heads. (3) A default attribute group may now be specified at the schema-document level; all complex types defined in the schema document will include that attribute group unless they specify otherwise; this makes it easier to specify that particular attributes are to be accepted by every complex type in a schema. (4) Content models may now be defined as "open", which means that elements other than those explicitly named will be accepted during validation. Several styles and degrees of openness are possible; they can be configured at the level of the schema document or of the complex type definition. (5) Wildcards may now be defined which match only elements not declared in the schema—so-called "not-in-schema" wildcards. (6) Complex types whose content models are all-groups may now be extended. (7) The assertions facility defined in the previous working draft has been revised; the changes may help minimize confusion between the assertions defined here and the assert and report elements of Schematron. (8) Elements may now have more than one attribute of type 'xs:ID'. (9) Various enhancements to the definition of the 'post-schema-validation infoset' (PSVI) have been made. (10) Some aspects of the use of xsi:type have been clarified. (11) A conditional-inclusion mechanism has been defined to allow XSDL 1.1 processors to cope more successfully with constructs defined in future versions of this specification [and] so that the same schema document can be usable with processors supporting different versions of XSDL.

See also: XML Schema languages

Read News Industry Text Format (NITF) Files with PHP
Vikram Vaswani, IBM developerWorks

XML allows document authors to describe content using their own tags and markup, and this flexibility has made it the platform of choice for specialized industry-specific data-sharing applications. One such example is the News Industry Text Format (NITF), an XML-based vocabulary that allows publishers in the news industry to define the content and structure of news articles and thus provide a framework for easier sharing of news articles. NITF is an open, public standard defined and supported by the International Press Telecommunications Council (IPTC), and is widely used by some of the world's largest news agencies. For PHP developers working with this format. a 'XML_NITF' a package is available from the PHP Extension and Application Repository (PEAR). The XML_NITF package provides an API to extract various elements of a news article from an NITF-formatted file, and then use this information in a PHP application. The XML_NITF package also includes methods to access article metadata—the 'docdata' and 'pubdata' elements within the document 'head'—as well as any media associated with the article. As such, XML_NITF provides a robust, easy-to-use widget for any PHP/NITF application.

See also: NITF references

Storing and Using RDF in Mulgara
Brian Sletten, DevX.com

The semantic web is about machine-processable metadata. As you accumulate this information, where do you plan on putting it, and how do you plan on accessing it? Check out the Mulgara open source solution. If you've been following semantic web technologies, then by now you're no doubt aware of semantic web data languages like the Resource Description Framework (RDF) and the Web Ontology Language (OWL). When you're talking about storing semantic web data, usually you're talking about RDF triples, which are facts about URI-addressable resources. Why RDF triple stores? To efficiently store and query RDF, you are most likely not going to want to use relational databases directly. It isn't that there is something inherently wrong with relational databases; it's just that the more general RDF model doesn't fit efficiently within a table structure, and the web moves faster than your schemas can keep up. The point is simply that sharing data on the web requires an extensible, open-world model that allows people to agree to disagree. This characteristic is what RDF was designed to provide. After you commit to using the RDF graph model, you need someplace to put it efficiently—triple stores give you this ability. Several systems work well at this functionality, but the focus here will be on a particular solution, called Mulgara. The Mulgara Semantic Store is an open source project that is a 100% Pure Java-based RDF quad store. It is scalable, supports transactions, and has a pluggable resolver architecture allowing you to interface with non-RDF data sources from within the RDF model. Mulgara currently supports supports hundreds of millions of triples within a single database instance, while maintaining decent query and storage performance. Although Mulgara presently supports only Remote Method Invocation (RMI) and SOAP-based access, the developers are adding a RESTful interface to make it easier to use with other languages, tools, and platforms. RDF is becoming an important data model on the web and in the enterprise. Understanding how you can accumulate, store, and query information in this format is going to become an important part of working with the information systems of the twenty-first century. Mulgara is a great tool for beginning to learn how to do that. Note: Mulgara v1.1.0, released July 2007, provides: "a new Transaction framework fixing several Concurrent Modification bugs, and ensuring ACID compliance; a relationalResolver that provides access to sql databases via a D2RQ mapping; a distributedResolver allowing selections from multiple servers in one query, and also permitting insert/select queries between multiple servers; updates to the TQL language, giving it Predicate-Object lists and Object lists, similar to SPARQL."

Meeting SOA and Web Services Security Challenges, Part 1
Andrew K. Burger, TechNewsWorld

Software designers and developers are being challenged to build efficient security measures into their project work as computing is increasingly distributed via Web application services and service-oriented architecture (SOA). Research recently conducted by the Ponemon Institute and CipherOptics found that only 12 percent of IT professionals surveyed believed that cyber-crime threats were lessening in severity. Among the findings analyzed in their report "Network Security 2.0," the practice of sending data in clear text over third-party networks, the increasing presence of organized crime, growing complexity of networks, devices and applications, and the desire to enforce and easily manage network encryption were cited as prevalent threats to network security... Complexity is the biggest difference, and challenge, to developers when it comes to building adequate security measures into Web services and an SOA, according to BEA Systems'Systems Hal Lockhart, who co-chairs the OASIS technical advisory board and Security Services (SAML) technical committees. Lockhart: "I believe SOA and SaaS 2.0 will usher in a more complex business environment. Instead of just one organization is the customer, the other organization is the vendor, there will be a number of relationships around each interaction. For example, there might be a customer, a broker, a service provider and a data provider. The security systems will have to enforce the rules specified by the business contracts. Building applications composed of many services means that each service is called in many different ways by many other services as well as directly by users. Each service will need to consider the entire context when it is called in order to decide what should be permitted." The development and adoption of open security standards plays a big role in enabling organizations and IT professionals to deal with the increasing complexity of SOA and distributed Web application services and protect their systems and data from criminally motivated threats. Identification and authentication in mash-ups, which draw from a number of Web services, often from different providers, and the development of SAML (Security Assertion MarkUp Language) is one example that illustrates the problems relating to increasing complexity and existing security measures and how open standards are addressing them.

INCITS Confirms: U.S. to Vote for Open XML in ISO
Eric Lai, ComputerWorld

The United States member group to the ISO standards body on Wednesday [2007-08-29] finalized plans to vote in favor of approving Microsoft Corp.'s Office Open XML document format as an open standard. The executive board of the Washington D.C.-based InterNational Committee for Information Technology Standards (INCITS) had its final meeting on Wednesday morning before its September 2, 2007 vote is due at the International Organization for Standardization (ISO). "Everyone was entrenched in their position," said Frank Farance, a longtime INCITS board member who voted against Open XML's ratification. The INCITS board plans to stick with the results of a vote last Thursday, in which it approved a "Yes, with comments" position by a 12-3 margin, with one abstention. Others that voted against Open XML's approval in INCITS included habitual Microsoft foes IBM and Oracle Corp. The September 2 process will tally votes by the 20 countries that are members of ISO's Joint Technical Committee 1 (JTC-1). With countries such as Brazil and China already announcing plans to vote against Open XML's approval, the next likely stage is ISO's ballot resolution meeting in Geneva next February, during which the Open XML specification will be edited and fixed in order to address the 'comments' submitted by voting nations. At that time, ISO members can change their vote again, with a two-thirds majority needed to pass Open XML.

Microsoft, Eolas Settle Patent Dispute
Stephen Shankland, CNet News.com

Microsoft has settled a long-running and expensive lawsuit with Eolas Technologies, a start-up backed by the University of California that alleged Internet Explorer infringed a patent. The suit concerned technology that lets Web browsers call up separate applications or plug-ins such as Flash or Java within a Web page. While at the University of California at San Francisco, Eolas Chief Executive Michael Doyle led a team that worked on the technology in the patent, and he spun off Eolas to help commercialize it, according to Eolas. Microsoft revamped Internet Explorer to work around the patent in 2005. Eolas prevailed earlier in the case, with a court awarding damages of $521 million in 2003 and the U.S. Patent Office upholding the validity of the Eolas patent in 2005. However, a Supreme Court decision this year weakened Eolas' case, and Microsoft said it expected the damages in the case to be revisited. [Note: W3C participated in a broad effort to have the Eloas patent evaluated: In an unprecedented step, Tim Berners-Lee, W3C Director and inventor of the Web, sent a letter today to Under Secretary Rogan requesting that his office reinvestigate the matter. "W3C urges the USPTO to initiate a reexamination of the '906 patent in order to prevent substantial economic and technical damage to the operation of World Wide Web," stated Berners-Lee. "The impact of this patent will be felt not only by those who are alleged to directly infringe, but all whose web pages and application rely on the stable, standards-based operation of browsers threatened by this patent. In many cases, those who will be forced to incur the cost of modifying Web pages or software applications do not even themselves infringe the patent—assuming it is even valid."

See also: the earlier news


SEARCH \| ABOUT \| INDEX \| NEWS \| CORE STANDARDS \| TECHNOLOGY REPORTS \| EVENTS \| LIBRARY

Headlines

Sponsors