This issue of XML Daily Newslink is sponsored by:
Sun Microsystems, Inc. http://sun.com
- Sun Establishes First Open Source Standard for Storage Encryption Solutions
- Extensible Messaging and Presence Protocol (XMPP) End-to-End Encryption Using Transport Layer Security (XTLS)
- W3C Last Call: Accessible Rich Internet Applications (WAI-ARIA) 1.0
- ODRL Announces First Public Working Draft of ODRL V2 Core Metadata
- Review: OpenGIS Web Map Tiling Service (WMTS) Interface Specification
- Oracle to Release Major Enterprise Manager Upgrade
Sun Establishes First Open Source Standard for Storage Encryption Solutions
Staff, Sun Microsystems Announcement
On February 17, 2009, Sun Microsystems announced the release of an open source key management technology, described as "the world's first generic communication protocol between a Key Manager and an encrypting device." The Sun Crypto KMS Agent Toolkit Project Leaders include Nancy Buehmann, Ben Baron, Matt Ball, and Scott Painter. The software release terms enable partners to adopt this protocol to securely handle encryption keys without additional licensing. The protocol is implemented as a complete toolkit and is downloadable from the OpenSolaris website. According to the announcement: "Governments, finance, healthcare, retail and other vertical markets need to comply with current regulatory laws that create mandates to protect sensitive stored data. To support these requirements, this protocol is available to customers using the Sun StorageTek KMS 2.0 Key Manager and Sun StorageTek T9840D, T10000A, T10000B Enterprise Drives, as well as Sun StorageTek HP LTO4 drives shipped in Sun libraries. A number of additional partners are developing products based on this protocol, including EMC, whose RSA security division has talked about releasing it as an option on their RKM Key Manager... By releasing the Sun protocol as Open Source, Sun is taking a major step towards unifying [key management] technology. Sun continues to work with partners in the industry and with appropriate standards bodies such as IEEE 1619.3 Working Group and OASIS to further develop and formalize the interface as an industry standard. RSA is currently developing a solution using this protocol to work with their RKM key manager. IBM drive division is working on supporting this protocol for their IBM LTO4 drive shipped in Sun Libraries. Additionally, Sun has shared this protocol with numerous other industry partners including computer OEMs, back up application providers, disk array and switch manufacturers..."
Extensible Messaging and Presence Protocol (XMPP) End-to-End Encryption Using Transport Layer Security (XTLS)
Dirk Meyer and Peter Saint-Andre (eds), IETF Internet Draft
An initial version -00 IETF Internet Draft has been published for "Extensible Messaging and Presence Protocol (XMPP) End-to-End Encryption Using Transport Layer Security (XTLS)." The document specifies "XTLS", a protocol for end-to-end encryption of Extensible Messaging and Presence Protocol (XMPP) traffic via an application-level usage of Transport Layer Security (TLS). XTLS treats the end-to-end exchange of XML stanzas as a virtual transport and uses TLS to secure that transport, thus enabling XMPP entities to communicate in a way that is designed to prevent eavesdropping, tampering, and forgery of XML stanzas. The protocol can be used for secure end-to-end messaging as well as any others application such as file transfer. The XML schema will be provided in a later version of this document. Background: End-to-end encryption of traffic sent over the Extensible Messaging and Presence Protocol (XMPP) is a desirable goal. Since 1999, the Jabber/XMPP developer community has experimented with several such technologies, including OpenPGP, S/MIME (RFC 3923), and encrypted sessions or "ESessions". For various reasons, these technologies have not been widely implemented and deployed. When the XMPP Standards Foundation asked various Internet security experts to complete a security review of encrypted sessions, it was recommended to explore the possibility of instead using the Transport Layer Security (TLS) as the base technology for XMPP. That possibility is explored in this document. TLS is the most widely implemented protocol for securing network traffic. In addition to applications in the email infrastructure, the World Wide Web, and datagram transport for multimedia session negotiation (DTLS), TLS is used in XMPP to secure TCP connections from client to server and from server to server. Therefore TLS is already familiar to XMPP developers. This specification, called "XTLS", defines a method whereby any XMPP entity that supports the XMPP Jingle negotiation framework can use TLS semantics for end-to-end encryption, whether the application data is sent over a streaming transport (like TCP) or a datagram transport (like UDP). The basic use case is to tunnel XMPP stanzas between two IM users for end-to-end secure chat using end-to-end XML streams. However, XTLS is not limited to encryption of one-to-one text chat, since it can be used between two XMPP clients for encryption of any XMPP payloads, between an XMPP client and a remote XMPP service (i.e., a service with which a client does not have a direct XML stream, such as a XEP-0045 chatroom), or between two remote XMPP services. Furthermore, XTLS can be used for encrypted file transfer, for encrypted voice or video sessions... This specification is intended to meet the requirements defined in "Requirements for Encrypted Sessions" (XEP-0210) using building blocks that are already widely supported in XMPP clients, such as TLS, XML streams, Jingle, and in-band bytestreams.
W3C Last Call: Accessible Rich Internet Applications (WAI-ARIA) 1.0
James Craig, Michael Cooper (et al., eds), W3C Technical Report
ODRL Announces First Public Working Draft of ODRL V2 Core Metadata
Susanne Guth, ODRL Announcement
Members of the Open Digital Rights Language (ODRL) Initiative have announced the publication of the First Public Working Draft for "ODRL V2.0 Core Metadata," edited by Susanne Guth and Renato Iannella. All comments submitted by March 10 2009 will be encorporated into the next working draft. The V2.0 Core Metadata specification offers a basic vocabulary for the expression of terms and conditions over assets. Additional semantics can be defined in ODRL Extension Profiles for particular ODRL application areas, such as contracts, service level agreements, or certain industry sectors. All terms of the Core Metadata are related to one specific entity of the V2.0 Core Model, e.g., Asset, Party, Permission, Action, Duty, etc. and SHALL only be used for that particular entity. The ODRL rights expression language (REL) has benefited from a robust underlying information model that has captured its semantics and provided extensibility paths for various communities. ODRL Version 2.0 is a major update for ODRL and will supersede Version 1.1. The Core Metadata Profile will specify the terms (vocabulary) used by the V2.0 Core Model for basic rights expression needs. Profiles: The ODRL Core Model and Metadata represent the basic needs for rights expressibility. As a result, different communities will require less or more terms from the Core Metadata. Community Profiles that extend the ODRL Core Model or Metadata are expected to be developed that adequately document these changes in respect to the Core Profile. Some requirements of this process include: (1) Document any additions to the Core Model and Metadata (2) Document which aspects of the Core Model or Metadata are not being used (deprecated) (3) Declare your communities namespace (see Encoding specifications) (4) Share the Community Profile with the ODRL Initiative for feedback and comments The Open Digital Rights Language (ODRL) Initiative is an international effort aimed at developing and promoting an open standard for rights expressions. ODRL is intended to provide flexible and interoperable mechanisms to support transparent and innovative use of digital content in publishing, distributing and consuming of digital media across all sectors and communities.
See also: the announcement for ODRL V2.0 Core
Review: OpenGIS Web Map Tiling Service (WMTS) Interface Specification
Staff, Open Geospatial Consortium Announcement
The Open Geospatial Consortium (OGC) announced that members are requesting comments from the public on the candidate OpenGIS Web Map Tiling Service (WMTS) Interface Standard. This standard is an evolution of Tile Map Service Specification elaborated by OSGeo and TileWMS elaborated by OnEarth, and is deeply related to them. As such, this is the first OGC standard to include a RESTful approach in addition to the usual OGC encodings, to harmonize it to OSGeo proposal. It is intended to be the natural way to evolve WMS services into a more constrained but more scalable and faster service. The Web Map Server (WMS) specification was developed to allow cartographic maps to be served over the internet in an interoperable manner. One of the primary goals of the MS specification (other than interoperability) was flexibility. And in this respect it has been very successful. A WMS client is able to request the overlay of an arbitrary number of map layers in an arbitrary bounding window with an arbitrary background color at an arbitrary scale in a number of coordinate systems with a number of styles (and in some cases, with arbitrary user-defined styles). An advantage of the resource oriented architecture style is that since RESTful implementations rely on hyper-references to resources, they can be set up without any specific web service application using a standard web server serving a static XML capabilities document and a set of prerendered images. This could be useful because many internet service providers (especially the free ones) allow web pages and static content to be set up on a server but do NOT allow using ASP or CGI applications for security reasons. Tiles and RESTful implementations can be installed in such an environment without any assistance and without any special knowledge of web services since they are only files with standard MIME types.
See also: Geography Markup Language (GML)
Oracle to Release Major Enterprise Manager Upgrade
Chris Kanaracus, NetworkWorld
"Oracle is set to unveil Enterprise Manager 10g Release 5 on Tuesday [2009-03-03], framing the upgrade as a major step forward for the company's wide-ranging application management platform. On the application level, the update adds support for Siebel CRM 8.1.1, as well as additional management tools for the Beehive collaboration platform and Oracle's billing and revenue management software. Moving down the stack to middleware, Oracle has brought in deep management capabilities for WebLogic Server and Oracle Service Bus, according to Moe Fardoost. The company has also added automation for Real Application Testing, which allows users to take a snapshot of real-life production workloads and apply them to test databases for assessing the effect of changes. Automation has also been added for Oracle's Real Application Clusters, which allow users to deploy a single database across multiple servers for added reliability. In addition, Oracle's Automatic Database Diagnostics Monitor now has support for RAC environments. Oracle VM is another major focus of the release, as Enterprise Manager's configuration, provisioning and monitoring capabilities have been extended to virtual environments. William Vambenepe (blog): "From the application management perspective, it includes new management capabilities for middleware products that came from BEA (WL and OSB) and for several Oracle applications (Siebel, EBS, PeopleSoft, Beehive, BRM). And lots of goodies in other areas (virtualization, database, automation...)" A webcast by on March 03, 2009 at 09:02 AM PST (by Richard Sarwal) will cover Oracle Enterprise Manager 10g Release 5. [Note: Oracle Beehive has been introduced by Oracle as is a key component to be contributed to the OASIS ICOM TC. In January 2009, OASIS announced the submission of a draft charter for a new OASIS Technical Committee to define an integrated collaboration object model supporting a complete range of enterprise collaboration activities. The proposed data model is based upon the Oracle Beehive Object Model (BOM), to be contributed by Oracle to the ICOM TC. The new standard model, interface, and protocol would support contextual collaboration within business processes for an integrated collaboration environment which includes communication artifacts (e.g., email, instant message, telephony, RSS), teamwork artifacts (such as project and meeting workspaces, discussion forums, real-time conferences, presence, activities, subscriptions, wikis, and blogs), content artifacts (e.g., text and multi-media contents, contextual connections, taxonomies, folksonomies, tags, recommendations, social bookmarking, saved searches), and coordination artifacts (such as address books, calendars, tasks) etc. The first meeting of the OASIS ICOM Technical Committee will be held March 03, 2009 at 1:00 PM EST.]
See also: the Oracle Beehive Object Model (BOM)
Selected from the Cover Pages, by Robin Cover
On February 12, 2009, Brocade, EMC/RSA, HP, IBM, LSI, NetApp, Seagate, and Thales submitted a draft charter proposal for the creation of an OASIS Key Management Interoperability Protocol (KMIP) Technical Committee. An announcement from the companies described the joint development of the KMIP specification , designed "for enterprise key management that is engineered to dramatically simplify how companies encrypt and safeguard information. These companies—leaders in enterprise computing, storage, and security—developed the Key Management Interoperability Protocol (KMIP) in response to customers' needs to enable the widespread use of encryption. The Key Management Interoperability Protocol (KMIP) was initially developed by HP, IBM, RSA, Thales in the 2007-2008 timeframe to meet the compelling needs of today's enterprise data centre environments; Brocade, LSI, Seagate, and NetApp later joined the specification development effort. The OASIS KMIP Technical Committee (as proposed) "will develop specification(s) for the interoperability of key management services with key management clients. The specifications will address anticipated customer requirements for key lifecycle management (generation, refresh, distribution, tracking of use, life-cycle policies including states, archive, and destruction), key sharing, and long-term availability of cryptographic objects of all types (public/private keys and certificates, symmetric keys, and other forms of "shared secrets") and related areas." The problem addressed by KMIP, according to the published FAQ document, is "primarily that of standardizing communication between encryption systems that need to consume keys and the key management systems that create and manage those keys. Being able to encrypt and retain access to data requires that encryption keys be generated and stored. To date, organizations deploying encryption have not been able to take advantage of interoperability across encryption and the key management systems. By defining a low-level protocol that can be used to request and deliver keys between any key manager and any encryption system, KMIP enables the industry to have any encryption system communicate with any key management system. Through this interoperability, enterprise will be able to deploy a single enterprise key management infrastructure to mange keys for all encryption systems in the enterprise that require symmetric keys, asymmetric keys pairs, certificates and other security objects..."
See also: Cryptographic Key Management
XML Daily Newslink and Cover Pages sponsored by:
|Sun Microsystems, Inc.||http://sun.com|
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: firstname.lastname@example.org
Newsletter unsubscribe: email@example.com
Newsletter help: firstname.lastname@example.org
Cover Pages: http://xml.coverpages.org/