This issue of XML Daily Newslink is sponsored by:
Oracle Corporation http://www.oracle.com
- DCMI Recommendation: Expressing Dublin Core Metadata Using HTML/XHTML
- FEMA Plans to Inventory Emergency Systems
- OpenID Security Model: One-Factor Trust, Multi-Factor Problem
- IBM Announces Open-OVF SourceForge Project
- Dynamically Manage XML Schema Variations in XMLBeans Applications
- Early Draft OSGi V4.2 Docs Available
DCMI Recommendation: Expressing Dublin Core Metadata Using HTML/XHTML
Pete Johnston and Andy Powell (eds), DCMI Technical Report
A specification for "Expressing Dublin Core Metadata Using HTML/XHTML Meta and Link Elements" has been published by the Dublin Core Metadata Initiative (DCMI) as a DCMI Recommendation. The Recommendation "specifies a set of conventions by which a DC metadata description set can be can be represented within an X/HTML Web page using X/HTML elements and attributes. Formally, it defines a meta data profile for HTML and XHTML; the profile is identified by a URI and is referred to as the "DC-HTML" meta data profile. The "Description Set Model" of the DCMI Abstract Model describes the constructs that make up a DC metadata description set. The Abstract Model defines an abstract information structure called a description set. In order for applications to store or exchange DC metadata description sets, instances of those information structures must be represented in some concrete digital form according to the rules of a format or syntax. The DCMI Abstract Model itself does not define any such concrete formats or syntaxes for representing a DC metadata description set; DCMI defers that role to the family of specifications it refers to as "encoding guidelines". In order to represent a DC metadata description set in an X/HTML document those constructs have to be represented as components in that X/HTML document, i.e. as X/HTML elements and attributes and as element content and attribute values. The Recommendation supports the W3C specification Gleaning Resource Descriptions from Dialects of Languages (GRDDL) in the form of an XSLT transform for extracting RDF triples from instances of Dublin Core metadata in HTML/XHTML. This profile makes use only of the X/HTML 'meta' and 'link' elements and their attributes. A related document, "Notes on DCMI Specifications for Dublin Core Metadata in HTML/XHTML Meta and Link Elements", provides a guide to implementers to the differences between the HTML/XHTML meta data profile provided by the 2008 Recommendation and that of a previous Recommendation of November 2003. The DC-HTML-2003 profile and the DC-HTML-2008 profile are two different HTML meta data profiles: The DC-HTML-2008 profile is specified in terms of the DCAM description set model and all features of the profile have a well-defined mapping to the constructs of an RDF Graph and of a DCAM description set..." The Dublin Core Metadata Initiative (DCMI) is an organization dedicated to promoting the widespread adoption of interoperable metadata standards and developing specialized metadata vocabularies for describing resources that enable more intelligent information discovery systems.
See also: the Notes document
FEMA Plans to Inventory Emergency Systems
Ben Bain, Federal Computer Week
The IPAWS agency of the U.S. Homeland Security Department is preparing to inventory the country's federal, state and local government emergency warning systems more than two years after President Bush ordered the assessment as part of a program to integrate the country's alert systems. As part of its effort to build the Integrated Public Alert and Warning System (IPAWS), the Federal Emergency Management Agency (FEMA), a part of DHS, hopes to soon begin collecting information on the warning systems of almost 2,000 jurisdictions around the country. Although FEMA began running IPAWS pilots after the president ordered the nationwide integrated network in June 2006, the agency still has not undertaken the nationwide survey of electronic alert systems... Officials said IPAWS will be an improvement to the current emergency alert system which relies on radio and TV audio transmissions. IPAWS will make use of mobile media such as cell phone, pagers, computers and other personal communications devices to warn citizens. Officials say they will use IPAWS to send alerts via audio, video or text in multiple languages, including American Sign Language and Braille and FEMA has called IPAWS the 'Nation's next-generation public communications and warning capability.'
See also: FEMA's announced commitment to CAP
OpenID Security Model: One-Factor Trust, Multi-Factor Problem
Robin Wilton, Blog
You may have seen the recent announcements about DNS cache poisoning, and the potential effect of this on all kinds of internet-based applications' security. One area in which it can have a particularly significant impact is OpenID... because OpenID (largely for reasons of simplicity and ease-of-setup, originally) was designed to avoid the need for any prior exchange of security information between Relying Parties (RPs) and OpenIdentity Providers (OPs). That kind of prior exchange was seen by some as one of the obstacles to the rapid adoption of alternative distributed authentication schemes, like Liberty's Identity Federation Framework (ID-FF), or the SAML protocols that is based on. OpenID doesn't use such prior exchanges between OPs and RPs, but relies instead on the integrity of the underlying DNS system to ensure that the 'correct' OP is connected to the 'correct' RP. If the DNS infrastructure is compromised by something like a cache poisoning attack, it becomes impossible for OPs and RPs to tell 'real' communicating partners from bogus ones—and any resulting authentication is correspondingly undermined... We got a polite heads-up from Ben Laurie of Google's Security Group, and Richard Clayton of the Computer Laboratory, Cambridge University. They had noticed that the certificate used by our OP originated in a flawed software crypto module in one of the systems we used during the development work for this project. .. Ben and Richard have published a security advisory succinctly setting out how the confluence of the DNS vulnerability and the certificate bug have a potentially devastating effect on OpenID's security model.
See also: the advisory
IBM Announces Open-OVF SourceForge Project
Staff, Xen Community Blog
"Hi folks, we are announcing the availibility of source code for the SourceForge open-ovf project. We anticipate being able to deploy a single Open Virtual Machine Format (OVF) package to either Xen or KVM. Eventually expanding that list to include VMware, Hyper-V, and other platforms. Getting to that point will require community contributions. According to the Open OVF Proposal, IBM will be donating code and invites all to form an open community around OVF. From the SourceForge Project description: "Open-OVF project is an open source library and tools designed to promote adoption of the OVF (Open Virtual Machine Format) specification as an industry standard. It provides complete support for creating, using and maintaining OVF appliances. It aims to establish itself as a de-facto standard toolkit for working with OVF. Open-ovf is under EPL (Eclipse Publin License) and plans to build an open community around OVF. Development resources from all across will be leveraged to create the common plumbing, this will help build cross-hypervisor components and prevent fragmentation of the OVF across industry. It promotes the usage of OVF and its adoption as a standard VM appliance format... What is OVF? Distributed Management Task Force (DMTF) has defined a vendor-neutral XML-based standard for packaging virtual appliances enabling automated installation, configuration and activation of any virtualization platform. Open Virtual Machine Format (OVF) specification describes an open, secure, portable, efficient and extensible format for packaging and distribution of virtual machines."
See also: the SourceForge Project description
Dynamically Manage XML Schema Variations in XMLBeans Applications
Abdul Rasid and Pallavi Rao, IBM developerWorks
Apache XMLBeans is an open source, XML- and Java-binding tool used to generate Java classes and interfaces from an XML schema. With the generated beans, you can parse or generate XML documents that conform to the schema. Consequently, this binding causes a very tight coupling between the generated Java classes and the XML schema. When you make minor or major changes to the XML schema, the beans are regenerated and the new beans corresponding to the changed XML schema are used. At least, this is how it's intended to work. Unfortunately, sometimes an application needs to support multiple versions of a schema. For example, in the case where XML is used as a standard for data exchange, the application must provide backward or forward compatibility to older or newer versions of the standard. Apache XMLBeans does not inherently support multiple versions of an XML schema. For applications that need this type of support to manage compatibility, this limitation is serious. This article presents a solution, showing how dynamic class loading techniques can help.
Early Draft OSGi V4.2 Docs Available
Eric Newcomer, Weblog
As of this week you can download an early release draft document containing eleven (11) design documents we've been working on for the past year or so as the result of the OSGi enterprise initiative. This is important because according to OSGi Alliance rules, only members are allowed access to working drafts of documents. This is the first time we've released any of these drafts publicly. As a board member and EEG co-chair, I'm very pleased to see this happen because: (a) I often get asked about what's going on and why we can't (in this age of open source) release details of what we're doing, and (b) I'm very interested in feedback from the broader OSGi community. The enterprise edition activity started in January, 2007 with a review of requirements gathered at the enterprise workshop event. Following the OSGi Alliance process, the newly formed enterprise expert group members began writing Request for Proposal (RFP) documents. After an RFP on a particular topic is formally accepted, members can begin writing the Request for Comments (RFC) documents to design solutions to one or more of the RFPs. The early draft contains some of the RFCs that are far enough along to be released—in fact this represents a majority of current work items. One major work item that is not far enough along, BTW, is the Java EE mapping to OSGi. Of course I am particularly interested in any feedback you may have on the distibuted OSGi document (RFC 119), but you may also be interested in: the Spring-DM inspired component model design (RFC 124); or some of the proposed security enhancements (RFC 120); the new command line capability (RFC 132); the new service registry hooks (RFC 126); the bundle tracker (RFCs 121 and 125); transaction support (RFC 98); or the DS updates (RFC 134). It's almost 300 pages, but there's some good stuff there, and 18 months into the task, I think we have a pretty good handle on some things... The big new areas of course are the distributed OSGi and the "Spring-inspired" component model. And of course, as always, I am very interested in any comments or feedback about the suitability of the OSGi programming model for the enterprise, especially given some of these proposed enhancements.
See also: First Ever Demo of Distributed OSGi
XML Daily Newslink and Cover Pages sponsored by:
|Sun Microsystems, Inc.||http://sun.com|
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: email@example.com
Newsletter unsubscribe: firstname.lastname@example.org
Newsletter help: email@example.com
Cover Pages: http://xml.coverpages.org/