The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Last modified: April 22, 2008
XML Daily Newslink. Tuesday, 22 April 2008

A Cover Pages Publication
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
Sun Microsystems, Inc.

Public Review for OASIS Product Life Cycle Support DEXs Version R1
Tor Arne Irgens (ed), Approved Public Review Draft

Members of the OASIS Product Life Cycle Support (PLCS) TC have approved a draft of the "Product Life Cycle Support DEXs Version R1" specification for 60-day public review. The specification is published as an interactive hypertext application with some 4300 linked files. The purpose of the OASIS Product Life Cycle Support (PLCS) standard is to support complex engineered assets such as planes and ships throughout their total life cycle. It puts particular emphasis on the in-service phase of the product and, in particular, it supports the seamless transition from design and manufacture through to product support and feedback of usage and change. The data needed is often distributed over multiple IT systems and organizations, and historically has been difficult to access and consolidate. The PLCS standard provides a large, integrated information model covering the whole lifecycle. Together with the XML binding described in ISO 10303-28, the PLCS standard provides the basic mechanisms enabling neutral file exchanges between IT systems and organisations. This helps remove delays and costs for both the end user of the product and the supplier, and is particularly important for service-based contracts such as 'power-by-the-hour'. The PLCS information model is larger than any single existing application, and needs detailed application rules in order to be used uniformly by different users and supported by different software applications. This standard, "OASIS PLCS DEXs ed. 2008:1" defines the usage of the PLCS information model by breaking it up into smaller parts (DEXs) that directly support real life business processes. It builds the DEXs from reusable components (Templates) that guarantees uniform interpretation of PLCS between different DEXs, and adds extendible business terminology (Reference Data) to the model. Each Data Exchange Specification (DEX) provides data exchange and sharing capabilities for a focused set of transactions based upon the integrated data model of ISO 10303 (STEP) Application Protocol 239 (Product Life Cycle Support). Future editions of the OASIS PLCS DEXs will extend the number of DEXs, Templates and Reference Data, as well as other parts to facilitate the adoption of the PLCS standard.

See also: the public review announcement

Portable Symmetric Key Container Specification
Philip Hoyer, M. Pei, S. Machani (eds), IETF Internet Draft

Members of the IETF Provisioning of Symmetric Keys (KEYPROV) Working Group have published an Internet Draft specification for "Portable Symmetric Key Container," together with a separate XML schema. The portable key container is based on an XML schema definition and contains the following main entities: KeyContainer entity, Device entity, and Key entity; additionally other XML schema types have been defined. A Content-type registration 'application/pskc+xml' is defined. The KEYPROV Working Group, part of the IETF Security Area, is chaired by Phillip Hallam-Baker and Hannes Tschofenig; it was chartered to develop protocols and data formats required to support provisioning and management of symmetric key authentication tokens, both proprietary and standards based. Current developments in deployment of Shared Symmetric Key (SSK) tokens have highlighted the need for a standard protocol for provisioning symmetric keys; in particular the ability to provision symmetric keys and associated attributes dynamically to already issued devices such as cell phones and USB drives is highly desirable. The "Portable Symmetric Key Container" document specifies a symmetric key format for transport and provisioning of symmetric keys—for example One Time Password (OTP) shared secrets or symmetric cryptographic keys—to different types of crypto modules such as a strong authentication device. The standard key transport format enables enterprises to deploy best-of-breed solutions combining components from different vendors into the same infrastructure. This work is a joint effort by the members of OATH (Initiative for Open AuTHentication) to specify a format that can be freely distributed to the technical community. The authors believe that a common and shared specification will facilitate adoption of two-factor authentication on the Internet by enabling interoperability between commercial and open-source implementations. With increasing use of symmetric key based authentication systems such as systems based one time password (OTP) and challenge response mechanisms, there is a need for vendor interoperability and a standard format for importing, exporting or provisioning symmetric keys from one system to another. Traditionally authentication server vendors and service providers have used proprietary formats for importing, exporting and provisioning these keys into their systems making it hard to use tokens from vendor A with a server from vendor B. The goal is that the format will facilitate dynamic provisioning and transfer of a symmetric keys such as an OTP shared secret or an encryption key of different types. In the case of OTP shared secrets, the format will facilitate dynamic provisioning using an online provisioning protocol to different flavors of embedded tokens or allow customers to import new or existing tokens in batch or single instances into a compliant system. This draft also specifies the key attributes required for computation such as the initial event counter used in the HOTP algorithm.

See also: the IETF Provisioning of Symmetric Keys (KEYPROV) WG Charter

W3C Publishes Web Compatibility Test for Mobile Browsers
Staff, W3C Announcement

W3C announced that the Mobile Web Test Suites Working Group has released a stable version of its Web Compatibility Test for Mobile Browsers, and has sent an invitation to the community to share reports of browser support and other feedback on the test itself. In the display, squares that are a uniform shade of green indicate that your browser supports the tested feature, while red, white or multi-coloured squares indicate that your browser does not support the tested feature. Technologies currently tested include (1) CSS2 min-width: fluid page widths, defined in percent of the screen width, often depend on the min-width and max-width properties to avoid turning unreadable on small screens; (2) Transparent PNG, where PNG, a bitmap image format, supports transparency and alpha channels, that are useful in building appealing visual effects; (3) GZIP support: The HTTP protocol allows data to be sent gzip-compressed when the client advertizes its capability to uncompress them (through the Accept-Encoding header), thus saving bandwith; (4) HTTPS: used to establish secure and encrypted connections on the Web; (5) iframe inclusing of XHTML-served-as-XML content: tests if the UA supports XML content-types by loading an XHTML document with the content-type 'application/xhtml+xml'; (6) Static SVG: allows authors to define vector-based graphics, that can be scaled up and down, fitting well the needs of mobile devices; (7) XMLHTTPRequest: XMLHTTPRequest is at the core of AJAX, allowing to update a subset of an HTML page without requesting a new full content transfer; (8) CSS Media Queries: allow authors to contrain CSS rules apply in specific context, for instance so that they only apply to screens of a given maximum width; (9) Dynamic SVG: also supports animations, that can be used to create very appealing interfaces; (10) The canvas element: as element defined in HTML5, offers a Javascript graphics API; (11) 'contenteditable' attribute: makes rich text editing of any element possible; (12) CSS3 selectors: CSS3 introduces a number of new selectors, allowing more fine-grained styling, leading to better layouts; the nth-child() selector is tested here. The chartered goal of the MWI Test Suites Working Group is to help create a strong foundation for the mobile Web through the development of a set of test suites. The test suites should be more extensive than those typically produced by W3C Working Groups as exit criterion from Candidate Recommendation, and could be suitable for checking conformance of user agents to specifications in the mobile Web space.

See also: the W3C Mobile Web Initiative Test Suites Working Group

Scala and XML: XML Processing Made Easy
Michael Galpin, IBM developerWorks

Scala is a popular new programming language that runs on the Java Virtual Machine (JVM.) Scala compiles into byte-code and thus it can leverage the Java programming language. Its syntax, however, makes it a powerful alternative to Java code in certain scenarios. One of those scenarios is XML processing. Scala lets you navigate and process parsed XML in several ways. It also has first class support for XML built right in, so you don't need to create strings of XML or programmatically build DOM trees. Like most programming languages, Scala gives you multiple options for parsing XML. These are the same basic ones: InfoSet/DOM based representations, push (SAX) or pull (StAX) events, or data-binding similar to Java Architecture for XML Binding (JAXB.) You will explore the DOM based manipulation, as it demonstrates many of the benefits of Scala's syntax. Many programming languages represent XML as a DOM tree. This has many advantages but it can be laborious to programmatically traverse a tree to extract data from the XML document. Java technology has libraries that leverage XPath syntax. Scala takes a similar approach, but it has some advantages. Scala has many functional language aspects to it. There are no operators (like + or *) in Scala. Instead symbols like + or * are used to define functions that can do things like normal numerical addition and subtraction. This also means that you can define operators (since they are actually just functions) to any type. It is much more powerful than operator overloading in languages like C++. In the case of XPath, you are able to use certain parts of XPath syntax directly in Scala, as it just gets translated into a function call.

See also: the online book 'scala.xml'

Drummond Group Forms AS4 Initiative for Web Services Interoperability
Staff, Drummond Group Announcement

Drummond Group Inc, a leading B2B software certification authority, announced that it has transitioned a set of functional requirements developed with Cisco, Extol, Sterling Commerce and others over to the OASIS ebXML Messaging Services Technical Committee (ebMS 3.0) which will provide a standardized entry-level on-ramp for secure, payload-agnostic document exchange using Web services. These functional requirements are based on mapping IETF RFC 4130 (AS2) to a simplified composition of WS-* specifications and WS-I profiles in an effort to promote the adoption and interoperability of Web services for B2B messaging. With the recent publication of the ebMS 3.0 specification and its foundation on WS-* specifications and WS-I profiles, it seemed natural that this body of work should be realized as a Conformance Profile of ebMS 3.0. Recently, the OASIS ebXML Messaging Services TC approved the creation of a subcommittee to develop a profile of ebMS 3.0 entitled "AS4: Secure B2B Document Exchange Using Web Services." For nearly a year, Drummond Group has facilitated meetings with a group of software vendors who recognized the need to address lingering interoperability issues and the practical desire to reduce complexity associated with Web services messaging. While many of the vendors involved in this effort had experienced implementing the widely successful AS2 (RFC 4130) messaging protocol, the Web services standards landscape was largely devoid of a similar "simple and elegant" solution for secure document exchange over a WS-* based specification stack. Furthermore, the group recognized that compliance to conformance engine testing is not a replacement for full-matrix interoperability testing to ensure supply chains and vertical markets with a robust pool of interoperable software implementations. After surveying the existing Web services standards landscape, it was clear that this group of vendors shared some common goals with the ebMS 3.0 technical committee at OASIS, and that an industry-sponsored profile of ebMS 3.0 presented a win-win scenario for a simplified on-ramp to Web services B2B messaging.

See also: AS4 Secure B2B Document Exchange Using Web Services

Adobe Breathes Fresh AIR into RIA
James R. Borck, InfoWorld Product Review

"Adobe AIR 1.0 brings new hope to Web developers looking to combine the global connectedness of browser-based applications with the persistence and functionality of first-class, local desktop applications. AIR (Adobe Integrated Runtime) packages a host of Web technologies and enables RIAs (rich Internet applications) to run outside of the browser on the user's local desktop. Those underlying technologies can be Adobe's own Flex, Flash, and ActionScript, for example, or just plain old HTML, CSS, JavaScript, and AJAX libraries. Adobe AIR comprises several components. The SDK is a command line toolkit for packaging and deploying Web applications as AIR apps. It includes a schema template for generating the AIR manifests (which define various properties of each application including name, security certificate, and files included within the package), APIs for the framework, a service monitor, and a command line debugger that lets you do some testing without first needing to package up your app. The entire lot is available for free and open sourced under the Mozilla Public License. AIR incorporates dual engines (the Flash/ActionScript JIT and WebKit) to support applications built in either Flex/Flash/MXML or HTML/JavaScript. AJAX developers can run AIR without ever needing to learn ActionScript. The underlying application components are packed into an AIR installer file, which is little more than a zip file containing program assets, the XML manifest, and a digital certificate to verify authenticity. The command line tools are easy enough to work with, and you can use any text editor to create an AIR app. Adobe provides plug-ins for creating AIR applications in Flash CS3 and Dreamweaver CS3, as well as third-party tools such as Aptana Studio. However, I recommend you try Adobe's new commercial development tool, the Flex Builder 3.0 IDE. Based on Eclipse, Flex Builder provides easy graphical tools for laying out GUIs, binding to servers and data sources, and generating the underlying MXML code. AIR apps can take advantage of protocols including FTP, AMF (ActionScript Messaging Format), JSON, SOAP, and RTMP (Real Time Messaging Protocol for streaming media), and they can communicate with Adobe LiveCycle and BlazeDS servers using server-side RPC and messaging calls."

See also: the product description

Create Collaborative and Dynamic Method Content Using Web 2.0
John Boyer, Bertrand Portier, Eoin Lane; IBM developerWorks

This article describes how to leverage Web 2.0 technologies to extend software development process content, which is typically published static as HTML. It explains how you can develop the ability to collaboratively edit method content and have access to the latest dynamic content within a method context. Software development methods like RUP and IBM RUP Service-Oriented Modeling and Architecture (SOMA) provide static process guidance that's published as HTML. For a method to be truly useful it needs to be augmented with context-specific assets. These are generally content, tooling, and people assets. The content assets include a range of resources, such as documents, presentations, models, social bookmarks, and others. For example, if this method is being applied to aid in business modeling in a telephone company (telco) vertical account, then the method should provide guidance around specific tooling and content that can be leveraged. Because the method content is frozen after being published, it's not extensible. Therefore, you can leverage Web 2.0 technologies to augment the static content with supplemental wiki pages that enable collaborative editing and dynamic Web feeds. These pages are referred to as extension points... [In our example] the wiki site contains the following two areas. The first area contains current information on service identification tool offerings to make the activity more consistent and streamlined. Because this is a collaborative area, the SOA architect is encouraged to edit these instructions to keep them up to date and to provide the latest field-based development thinking around these tools. The second area of the wiki Web site provides dynamic content relevant to the architect for this particular extension point in the form of Web feeds. In the case of the service identification extension, the area is populated by dynamic content around service identification. This is made possible by being able to embed all of this dynamic content in a wiki with syndicated Web feeds formatted as RSS or Atom. Each of the dynamic items above has its own Web feed, and these feeds are aggregated to provide all of the dynamic content. This is already possible, and by standardizing on Web 2.0 technology and tags, for example, all service identification-related content checked into an asset repository are tags with the service identification and dynamic-method keyword. After an item is checked into the Web feed-enabled asset repository with these keywords, the Web feed provided by the asset repository is automatically updated. As the extension page is refreshed for the service identification extension point, the updated content is now available to the method practitioner.


XML Daily Newslink and Cover Pages are sponsored by:

BEA Systems, Inc.
IBM Corporation
Sun Microsystems, Inc.

XML Daily Newslink:
Newsletter Archive:
Newsletter subscribe:
Newsletter unsubscribe:
Newsletter help:
Cover Pages:

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: