The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Last modified: December 23, 2008
XML Daily Newslink. Tuesday, 23 December 2008

A Cover Pages Publication
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
IBM Corporation

Public Review: SAMLv2.0 HTTP POST 'SimpleSign' Binding Version 1.0
Jeff Hodges and Scott Cantor (eds), OASIS SAML TC Review Draft

Members of the OASIS Security Services TC have published Committee Draft 04 of the "SAMLv2.0 HTTP POST 'SimpleSign' Binding Version 1.0" specification for public review. Comments are invited through January 09, 2009. This version adds the following clarifying text to section 2.5.2 regarding the treatment of an empty RelayState value in signature processing: "Note that if there is no RelayState value, the entire parameter should be omitted from the signature computation (and not included as an empty parameter name), resulting in a string of one of these forms..." This specification defines a SAML HTTP protocol binding, specifically using the HTTP POST method, and not using XML Digital Signature for SAML message data origination authentication. Rather, a 'sign the BLOB' technique is employed wherein a conveyed SAML message is treated as a simple octet string if it is signed. Conveyed SAML assertions may be individually signed using XMLdsig. Security is optional in this binding... The HTTP POST-SimpleSign binding is intended for cases in which the SAML requester or responder need to communicate using an HTTP user agent (as defined in HTTP 1.1 as an intermediary, and when data origination authentication and integrity protection of the SAML message is not required, or when a lighter-weight signature mechanism (as compared to XMLSig is appropriate. This may be necessary, for example, if the communicating parties do not share a direct path of communication. It may also be needed if the responder requires an interaction with the user agent in order to fulfill the request, such as when the user agent must authenticate to it. Note that some HTTP user agents may have the capacity to play a more active role in the protocol exchange and may support other bindings that use HTTP, such as the SOAP and Reverse SOAP bindings. This binding does not require such capabilities—it assumes nothing apart from the capabilities of a common web browser...

See also: Security Assertion Markup Language (SAML)

Unicode CLDR Survey Tool Version 1.7 Beta Phase
Staff, Unicode Consortium Announcement

Members of the Unicode Consortium announced the initiation of a beta phase for version 1.7 of the Unicode CLDR survey tool, which will be used to collect data for version 1.7 of the Unicode locales. "The Common Locale Data Repository (CLDR) provides key building blocks for software to support the world's languages. CLDR uses the XML format provided by "UTS #35: Locale Data Markup Language (LDML)." LDML is a format used not only for CLDR, but also for general interchange of locale data, such as in Microsoft's .NET. CLDR is by far the largest and most extensive standard repository of locale data. This data is used by a wide spectrum of companies for their software internationalization and localization: adapting software to the conventions of different languages for such common software tasks as formatting of dates, times, time zones, numbers, and currency values; sorting text; choosing languages or countries by name; and many others. Most data in the Unicode Common Locale Data Repository is gathered and processed via what is called the Survey Tool, an online tool that can be used to view data for different languages and propose additions or changes. This tool provides a way to propose new localized data, see what others have proposed, and communicate with them to resolve differences. During each submission period, contributors from Unicode Consortium members, other organizations and the public at large are invited to review the data for their languages and countries, and propose new translations of terms or modifications, including language translations entirely new to the repository. For the release schedule, see CLDR Project. In this release, new structure has been added to provide for plurals, simple duration formats, more control over the formatting of locale names. There are a number of changes in the tool for usability: for example, only the timezone names that are important to translate are shown. There are also new items for translation, such as new territory codes. We would also like people to focus on getting enough votes for the unapproved items to make them approved..."

See also: the survey tool

Extending XACML Authorisation Model to Support Policy Obligations Handling in Distributed Applications
Yuri Demchenko, Cees de Laat, Oscar Koeroo, Hakon Sagehaug; ACM Conference Paper

This paper was presented at the Sixth International Workshop on Middleware for Grid Computing ('MGC 2008', December 2008, Leuven, Belgium). "The paper summarises the recent and ongoing developments and discussions in the Grid security community to built interoperable and scalable AuthZ infrastructure for distributed applications. The paper provides a short overview of the XACML policy format and policy obligations definition in the XACML specification. The paper analyses the basic use cases for obligations in computer Grids and on-demand network resource provisioning abstracted to the general complex resource provisioning (CRP) model to identify major requirements and functionalities in obligations handling that further is proposed as a Reference Model for Obligations Handling (OHRM). The authors refer to ongoing implementations of the obligations interoperability and handling framework in such project as EU funded projects EGEE and Phosphorus. The proposed implementation is based on the adoption and extension of the OASIS SAML 2.0 profile of XACML specification but defining a number of missing interface definitions and semantic conventions. The purpose of this paper is to facilitate wider discussion of the policy obligations concept based on the described ongoing implementations... The authors believe that the proposed model for policy obligations handling and related technical solutions will provide a good basis for interoperability and further discussion on different aspects of the general obligations definition and handling framework. [Note related paper "Using SAML and XACML for Complex Resource Provisioning in Grid based Applications" presented at Policy 2007.]

See also: Yuri Demchenko's publications list

European Standards and Innovation Policy
Alex Brown, Blog

I am writing this sitting on the Eurostar from Brussels to London, having just attended an event organised by the Centre for European Policy Studies to discuss 'EU Innovation Policy and the Role of Standards'. It was an exciting chance to get to express a view to some of the movers and shaker in and around the European Commission... Following a few introductory slides on the functioning of JTC 1, and given the task of predicting the immediate future and describing the challenges ahead, I focussed on four main headings: (1) Resisting vendor encroachment. Vendors dislike international standardisation (when it does not function in their favour). Anybody who has read my earlier piece will find the background argument to this familiar: international standardisation is an activity for nations and vendors have no standing. From time to time this causes upset (and in part explains some of the vendor-led assault on the integrity of the European standards institutions following the passage of OOXML)... (2) Effects of economic slowdown. It is difficult for vendors to commit staff to standardisation activities when under economic pressure Already the ICT industry is seeing lay-offs in large numbers as the global recession bites. There is always a danger when the pressure is on that standardisation is seen as a luxury, non-gainful activity—and the kinds of gurus and thought-leaders in corporations who do this stuff can find their jobs under threat. (3) Reform / modernisation. The publishing business model of many European standards bodies ('selling pages') is out of tune with the realities of modern ICT standardisation. The broken business model of National Standards Bodies is a serious problem. With ICT standards often (by demand) being given away free-of-charge the traditional means by which NBs can recoup the cost of making standards has gone away. Why, then, should they bother? I have no quick answer to this question, but I expect an answer would involve the need to have both governments and vendors contributing more to the financial cost of creating international ICT standards. (4) IPR reform. The patent spectres haunting innovation in ICT are also at work in the standards arena. The discussion around IPR, and particularly patents, in the EU is a vibrant one. My own view is that software patents are 'A Bad Thing' but if we are to have them then standardisation could have a particular role to play in the standardisation landscape. Ideally, an International Standard should provide a guarantee of freedom from IPR encumbrance...

See also: Rick Jelliffe's comment

Element Traversal Specification Is a W3C Recommendation
Doug Schepers and Robin Berjon (eds), W3C Technical Report

Members of the W3C Web Applications Working Group have published the W3C Recommendation for the "Element Traversal Specification". This specification defines the ElementTraversal interface, which allows script navigation of the elements of a DOM tree, excluding all other nodes in the DOM, such as text nodes. It also provides an attribute to expose the number of child elements of an element. It is intended to provide a more convenient alternative to existing DOM navigation interfaces, with a low implementation footprint. The ElementTraversal interface was originally published as part of the SVG Tiny 1.2 specification in the SVG namespace. At the request of the SVG, CDF, JCP, and other groups, it was transferred to the WebAPI WG, and migrated to DOM and DOM namespace as a generic facility. It was transferred again when the WebApps WG took responsibility for the deliverables of the WebAPI WG. The W3C Web Applications Working Group was chartered to provide specifications that enable improved client-side application development on the Web, including specifications both for application programming interfaces (APIs) for client-side development and for markup vocabularies for describing and controlling client-side application behavior. As Web browsers and the Web engine components that power them are becoming ubiquitous across a range of operating systems and devices, developers are increasingly using Web technologies to build applications and are relying on Web engines as application runtime environments. Examples of applications now commonly built using Web technologies include reservation systems, online shopping sites, auction sites, games, multimedia applications, calendars, maps, chat applications, clocks, interactive design applications, stock tickers, currency converters and data entry/display systems.

See also: the W3C Web Applications (WebApps) Working Group

Avoid Common XSLT Mistakes: Trade in Bad Habits For Great Code
Jirka Kosek, IBM developerWorks

Writing code to handle XML transformations in XSLT is much easier than in any other commonly used programming language. But the XSLT language has such a different syntax and processing model from classical programming languages that it takes time to grasp all of XSLT's subtle nuances. This article is in no way meant as an extensive and complex XSLT tutorial. Instead, it starts with explanation of topics that pose the biggest difficulties for inexperienced XML and XSLT developers. Later, it moves to topics related to the overall design of stylesheets and their performance. Working with namespaces: Although it's increasingly rare to see XML documents without namespaces, there still seems to be some confusion related to their proper use in different technologies. Many documents use prefixes to denote elements in a namespace, and this explicit notation of namespaces doesn't typically lead to confusion... you have to be very careful about prefixes in XPath expressions. One missing prefix, and you'll get the wrong result. Unfortunately, XSLT version 1.0 has no concept similar to a default namespace; therefore, you must repeat namespace prefixes again and again. This problem was rectified in XSLT version 2.0, where you can specify a default namespace that applies to un-prefixed elements in an XPath expression... Which XSLT version you use depends on several factors, but generally, I recommend using XSLT 2.0. The latest version of the language contains many new instructions and functions that can greatly simplify many tasks -- shorter and straightforward code is always easier to maintain. Moreover, in XSLT 2.0, you can write schema-aware stylesheets, which use a schema to validate both input and output documents. Schema-aware stylesheets can use information contained in a schema to automatically detect some types of errors and mistakes in your stylesheets.

Linux Subscriptions Paying Off for Red Hat
Sean Michael Kerner,

Linux vendor Red Hat yesterday reported growth in income and revenues on the back of renewal rates for its Linux support subscriptions. Revenues for the company's third fiscal quarter for 2009, which ended November 30, 2008 hit $165.3 million, an increase of 22 percent over its third-quarter fiscal 2008 performance a year ago. On the net income side of the books, Red Hat (NYSE: RHT) reported income of $24.3 million, or 12 cents per share, which is an improvement over the $20.3 million or 10 cent per share it reported for the same period last year. Minus taxes and other costs, profit totaled 24 cents per share, topping Wall Street estimates of 17 cents per share, according to Reuters Estimates... Among the top deals renewed by Red Hat were three multi-year renewals with large financial services firms. One of Red Hat's top 25 deals also includes a one-year transaction in which the customer moved from a free version of Linux to Red Hat's paid subscription model -- a sale Whitehurst described as a six figure deal. Red Hat executives on the analyst call did not specifically identify which flavor of free Linux had been abandoned through that six-figure deal. Red Hat develops a free community version of Linux called Fedora, and there are numerous clones of Red Hat Enterprise Linux as well, including one called CentOS.

Selected from the Cover Pages, by Robin Cover

Microsoft Publishes Implementation Notes for File Formats in Office 2007 SP2

Microsoft recently announced the publication of an initial set of document-format implementation notes relative to the company's ODF implementation in Office 2007 SP2. The new Document Interoperability Initiative (DII) Web site now provides detailed notes for Microsoft's implementation of Open Document Format (ODF) 1.1 in Microsoft Office 2007 Service Pack 2. The implementation notes "provide detailed information about the design decisions that went into Microsoft's implementation of ODF 1.1... Every implementer of a large standard such as ODF or ECMA-376 needs to make decisions about how to approach implementation of the standard. Application limitations and application design come into play, as well as more subtle factors such as support for optional constructs, default values for missing attributes, and bugs. The cumulative effect of all of these factors can cause behavior that was never intended, or behavior that can be difficult to understand in the abstract without detailed information about the myriad details that make up each implementation." The ODF Version 1.1 implementation notes include details about: (1) implementation decisions, e.g., where the text is ambiguous or more permissive than is appropriate for a particular office implementation; (2) additional data written into files, e.g., application-specific information such as user customizations; (3) implementation variances, e.g., where an implementer cannot follow the standard exactly for one reason or another. The Microsoft DII web site is designed to support implementation notes for multiple specifications and multiple implementations. Accordingly, in the blog article by Doug Mahugh, Microsoft has extended an invitation to other developers to post similar implementation plans: "Other implementers of these standards are welcome and encouraged to post their own implementation notes to help achieve a level of interoperability that will benefit users around the world. Assistance is available to those who are interested."


XML Daily Newslink and Cover Pages sponsored by:

IBM Corporation
Microsoft Corporation
Oracle Corporation
Sun Microsystems, Inc.

XML Daily Newslink:
Newsletter Archive:
Newsletter subscribe:
Newsletter unsubscribe:
Newsletter help:
Cover Pages:

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: