The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Last modified: December 17, 2007
XML Daily Newslink. Monday, 17 December 2007

A Cover Pages Publication
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
BEA Systems, Inc.

W3C First Public Draft: Cool URIs for the Semantic Web
Leo Sauermann and Richard Cyganiak (eds), W3C Technical Report

W3C announced that the Semantic Web Education and Outreach Interest Group has released a first Working Draft for "Cool URIs for the Semantic Web." Comments on this draft are requested by 21-January-2008. The document explains the effective use of URIs to enable the growth of the Semantic Web. URIs (Uniform Resource Identifiers) more simply called "Web addresses" are at the heart of the Web and also of the Semantic Web. It gives pointers to several Web sites that use these solutions, and briefly discusses why several other proposals have problems. Web documents have always been addressed with URIs (in common parlance often referred as Uniform Resource Locators, URLs). This is useful because it means we can easily make RDF statements about Web pages, but also dangerous because we can easily mix up Web pages and the things, or resources, described on the page. So the question is, what URIs should we use in RDF? To identify the frontpage of the Web site of Example Inc., we may use ''. But what URI identifies the company as an organisation, not a Web site? Do we have to serve any content (HTML pages, RDF files) at those URIs? In this document we will answer these questions according to relevant specifications. We explain how to use URIs for things that are not Web pages, such as people, products, places, ideas and concepts such as ontology classes. We give detailed examples how the Semantic Web can (and should) be realised as a part of the Web. The draft document is a practical guide for implementers of the RDF specification. It explains two approaches for RDF data hosted on HTTP servers (called 303 URIs and hash URIs). Intended audiences are Web and ontology developers who have to decide how to model their RDF URIs for use with HTTP. Applications using non-HTTP URIs are not covered. This document is an informative guide covering selected aspects of previously published, detailed technical specifications.

See also: the W3C Semantic Web Activity

The Open-ness of the Open Source Vulnerability Database
Serdar Yegulalp, InformationWeek Open Source Blog

There are a lot of open source initiatives out there that aren't just software, but ways to get information into people's hands. Today an open source supplier of security vulnerability information, the OSVDB, just went live with a whole new revision to its service. According to the web site description, OSVDB is "an independent and open source database created by and for the security community. The goal of the project is to provide accurate, detailed, current, and unbiased technical information on security vulnerabilities. The project will promote greater, more open collaboration between companies and individuals, eliminate redundant works, and reduce expenses inherent with the development and maintenance of in-house vulnerability databases. [Where] Common Vulnerabilities and Exposures (CVE) provides a standardized name for vulnerabilities, much like a dictionary, OSVDB is database that provides a wealth of information about each vulnerability. Where appropriate, entries in the OSVDB reference their respective CVE names." The basic idea's pretty elegant: Take all the ethically disclosed software security information you can find and make it available in as detailed and up-to-date format as you can without the interests of any particular software vendor. The results can and have been integrated with a number of third-party security products such as Nikto—itself an open source product. [Note: OSVDB supports three database types for XML importation: PostgreSQL, MySQL, and Microsoft Access. The database may also be accessed through the XML export file directly. The XML export was designed such that all database integrity is stored within the structure of the XML file. By this means anyone can keep a local copy of the current OSVDB snapshot, even in the absence of a local database such as PostgreSQL. Another feature of the chosen formatting is the ease in which this XML export can be integrated into products using tools such as XPath to pull all the information about a specific vulnerability straight from the XML file.]

See also: Common Vulnerabilities and Exposures (CVE)

Video Requirements for Web-based Virtual Environments Using Extensible 3D (X3D) Graphics
Don Brutzman and Mathias Kolsch, W3C Workshop Presentation

This presentation from members of the Web3D Consortium was given at the "W3C Video on the Web Workshop", held 12-13 December 2007, in San Jose, California, USA and Brussels, Belgium. Real-time interactive 3D graphics and virtual environments typically include a variety of multimedia capabilities, including video. The Extensible 3D (X3D) Graphics is an ISO standard produced by the Web3D Consortium that defines 3D scenes using a scene-graph approach. Multiple X3D file formats and language encodings are available, with a primary emphasis on XML for maximum interoperability with the Web architecture. A large number of functional capabilities are needed and projected for the use of video together with Web-based virtual environments. This paper examines numerous functional requirements for the integrated use of Web-compatible video with 3D. Three areas of interest are identified: video usage within X3D scenes, linking video external to X3D scenes, and generation of 3D geometry from video. Extensible 3D (X3D) is a Web-based standard for 3D graphics, enabling real-time communication using animation, user interaction and networking. The point paper lists current and expected requirements, primarily divisible into usage of video within X3D graphics scenes, linkage to video in web-based applications external to X3D graphics scenes, and generation of 3D geometric content from spatially annotated video inputs. Royalty-free video capabilities are critical important to achieve essential requirements for interoperability and performance. Standards-based X3D requirements also appear to be representative of the needs presented by alternative proprietary multiuser virtual environments. X3D capabilities are proposed, implemented, evaluated and approved by members of the nonprofit Web3D Consortium. X3D is an open, royalty-free standard that is rigorously defined, published online, and ratified by the International Organization for Standards (ISO). Multiple commercial and open-source implementations are available.

See also: the W3C Workshop Agenda and papers

JBoss, Geronimo, or Tomcat: Three Open Source Java Application Servers
Jonathan Campbell, JavaWorld Magazine

Java Enterprise Edition (Java EE) application servers are the Web-enabled standard when it comes to application development for the enterprise. While there are commercial options, studies have shown that open source technology has become a familiar, if not essential, part of the corporate IT infrastructure. JBoss 4.2, Geronimo 2, and Tomcat 6 are three widely used open source Java EE servers. Of the three, JBoss and Tomcat hold the majority share of the market, although neither one is fully Java EE compliant. The fully Java EE compliant Geronimo, meanwhile, is quickly gaining momentum. All open source Java EE application servers are not created equal, however. In this article, Jonathan Campbell compares JBoss 4.2, Geronimo 2, and Tomcat 6 based on features, deployment, and performance.

Ruby on Rails 2.0 Users Give Thumbs Up
Darryl K. Taft, eWEEK

With Ruby on Rails 2.0 just a week old, developers already are weighing in with what they like or dislike about the new release. Ruby on Rails creator David Heinemeier Hansson announced the release of Ruby on Rails 2.0 on December 7, 2007 to a developer base set on seeing the next big thing regarding the popular Web development framework. Chief among the changes in Rails 2.0 are enhanced security and support for REST (Representational State Transfer). Steven Beales, chief software architect at Medical Decision Logic said Mdlogix has been using the EdgeRails releases of Rails and had already incorporated many of the Rails 2.0 features into its Rails-based solutions. Mdlogix develops a clinical research management system based on Rails. Beales said the most useful features of Rails 2.0 for Mdlogix have been Partial Layouts, which reduce CSS (Cascading Style Sheets)/html duplication by allowing parts of pages to use common layouts, RESTful Routing Updates, which allow "prettier" URLs for custom actions, Asset Caching, which provides new tags for compressing JavaScript easily, Initializers, which separate out custom configuration into separate initializer files, and Fixtures, which provide support for using fixture names in other fixture files to relate fixtures. Simply put, Beales said RoR (Ruby on Rails) is the most productive tool Mdlogix has for developing simple-looking Web applications with advanced functionality.

IBM Partners With ACI on SOA-Based Payments System
Antone Gonsalves, InformationWeek

IBM announced that it has partnered with ACI Worldwide in building electronic payment systems that are based on a service-oriented architecture to make it easier to share payment information across banking applications. The alliance is focused primarily on the financial services industry, targeting banks that are trying to manage old payments systems running on legacy platforms that are difficult to integrate with newer systems and are expensive to maintain, IBM said. ACI and IBM plan to offer an SOA approach for integration. SOA uses technology based on extensible markup language, or XML, to loosely couple systems for passing data between them. Phase one of the partnership is expected to yield an optimized version of BASE24-eps on System z to acquire, route, and authorize payments online; a wholesale payments system to help European companies meet pending Single Euro Payments Area regulations; and a real-time fraud detection system. Subsequent systems will focus on dispute management, smart card management, online banking, and trade finance. Under the deal, ACI will tailor its money transfer system and BASE24-eps application to run on IBM's System z mainframe hardware. The companies plan to form joint sales and technical teams for selling the combined technologies, and for helping companies migrate legacy systems to the new products.

See also: the announcement

Digital Libraries Are Taking Form
Greg Goth, IEEE DS Online

Large-scale digital libraries and book digitization projects are poised to go beyond prototypes into the mass market. "All the published literature of humankind in the next generation will be in digital form," says Brewster Kahle, cofounder of the Internet Archive and one of the driving forces behind the nonprofit Open Content Alliance (OCA) an open digitization consortium. "And all the older materials that will be used by younger people (except for a very few) will be online. So, if we want something to be used by the next generation, it has to be online. That's an understood premise. It's now also understood that it's not that expensive to get there." Librarians tackling the new digitization projects contend with complex technological issues. Notable among them is creating metadata schemas that work across multiple technologies and organizations. How best to provide multilingual services is another issue. However, the issue of who will control the digitization process, and its concomitant economic and access ramifications, is far more convoluted... Interoperability poses several difficulties. Digitization is available in several common formats for text-heavy books. Developing metadata for such books is therefore easier than it is for multimedia materials spread across multiple institutions. Metadata compatibility will likely present the greatest challenges and the greatest opportunity for developers in this market. The European Digital Library (EDL) will most likely opt for a metadata scheme based on the Dublin Core standard. Presumably, as the EDL work progresses, mapping technologies will evolve to support semantic queries. This, in turn, will enable application-level interoperation without the need for separate, complex, and expensive application-level interoperability profiles.

See also: the Open Content Alliance (OCA)

Phishers Pinch Billions from Consumers' Pockets
Gregg Keizer, Computerworld

More than 3.5 million U.S. adults lost money to phishing scams and online identity theft in the 12-month period that ended in August, a 57% increase over the previous year, according to a Gartner fraud analyst. The bad news, said analyst Avivah Litan, didn't end there. About 3.3% of the 4,500 Americans polled in August said they had been victimized by a phishing attack and had lost money in the deal. In 2006, the figure was 2.3%. And banking regulators are both "in the dark" and "asleep at the wheel," she noted. In other words, phishing is far from ancient history. Even consumers familiar with the concept—and those, said Litan, remain a minority—are not necessarily immune from current scams. "Phishing is much more surreptitious, much more devious; they're grabbing information from Facebook and MySpace and sending e-mail like they're your friend. Then there's greeting cards and charities, both of which are up dramatically. It's not obvious, like it used to be, like with early phishing techniques that used bank-branded e-mails that claimed the recipient needed to enter her log-in information in the next 24 hours or be locked out of her account. Now malware is being dropped from e-mails, or from advertisements on Web pages, or from compromised Web sites. Click on a link in an ad, and even if you don't enter any information, you're still getting infected."

See also: the Anti-Phishing Working Group Report


XML Daily Newslink and Cover Pages are sponsored by:

BEA Systems, Inc.
IBM Corporation
Sun Microsystems, Inc.

XML Daily Newslink:
Newsletter Archive:
Newsletter subscribe:
Newsletter unsubscribe:
Newsletter help:
Cover Pages:

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: