This issue of XML Daily Newslink is sponsored by:
IBM Corporation http://www.ibm.com
- W3C Call for Implementations: Widgets 1.0 Digital Signatures
- XTLS: End-to-End Encryption for the Extensible Messaging and Presence Protocol (XMPP) Using Transport Layer Security (TLS)
- KMIP: A Breakthrough in Key Management
- RESTful Services With ASP.NET MVC
- W3C mobileOK Scheme 1.0
- RF Licensing for Advanced Encryption Standard S-box Applications
- Industry Agrees On Standardised EU Phone Charger
- HP and Red Hat Integrate SOA Tools
W3C Call for Implementations: Widgets 1.0 Digital Signatures
Frederick Hirsch, Marcos Caceres, Mark Priestley (eds), W3C Technical Report
Members of the W3C Web Applications (WebApps) Working Group announced the release of a Candidate Recommendation for the "Widgets 1.0: Digital Signatures" specification, together with a call for implementations. The WG expects to request advancement of this document to Proposed Recommendation once the Working Group has developed a comprehensive Widgets 1.0: Digital Signature test suite, and demonstrated at least two interoperable implementations. The WebApps Working Group expects to show these implementations by September 2009.
"Widgets 1.0: Digital Signatures" defines a profile of the XML Signature Syntax and Processing 1.1 specification to allow a widget package to be digitally signed. Widget authors and distributors can digitally sign widgets as a mechanism to ensure continuity of authorship and distributorship. Prior to instantiation, a user agent can use the digital signature to verify the integrity of the widget package and to confirm the signing key(s). This document specifies conformance requirements on both widget packages and user agents... A widget package can be signed by the author of the widget producing an XML DSIG signature ("XML Signature Syntax and Processing, Version 1.1") that cryptographically includes all of the file entries other than signature files. A widget package can also be signed by one or more distributors of the widget, producing XML DSIG signatures that each cryptographically includes all of the non-signature file entries as well as any author signature...
See also: the W3C Rich Web Clients Activity
XTLS: End-to-End Encryption for the Extensible Messaging and Presence Protocol (XMPP) Using Transport Layer Security (TLS)
Dirk Meyer and Peter Saint-Andre (eds), IETF Internet Draft
Members of the IETF Extensible Messaging and Presence Protocol (XMPP) Working Group have published a revised Internet Draft for XTLS: End-to-End Encryption for the Extensible Messaging and Presence Protocol (XMPP) Using Transport Layer Security (TLS). End-to-end encryption of traffic sent over the Extensible Messaging and Presence Protocol (XMPP) is a desirable goal. Requirements and a threat analysis for XMPP encryption are provided in the I-D "Requirements for End-to-End Encryption in the Extensible Messaging and Presence Protocol (XMPP)." This document explores the possibility of using the Transport Layer Security (TLS) to meet those requirements.
XTLS is "a protocol for end-to-end encryption of Extensible Messaging and Presence Protocol (XMPP) traffic. XTLS is an application-level usage of Transport Layer Security (TLS) that is set up using the XMPP Jingle extension for session negotiation and transported using any streaming transport as the data delivery mechanism. Thus XTLS treats the end-to-end exchange of XML stanzas as a virtual transport and uses TLS to secure that transport, enabling XMPP entities to communicate in a way that is designed to ensure the confidentiality and integrity XML stanzas. The protocol can be used for secure end-to-end messaging as well as other XMPP applications, such as file transfer.
See also: the Requirements document
KMIP: A Breakthrough in Key Management
Robert Griffin, YouTube Presentation
This video presentation (duration 5:12 minutes) features Robert Griffin, Director of Solution Design at RSA, the Security Division of EMC, and co-chair of the OASIS Key Management Interoperability Protocol (KMIP) Technical Committee. Bob explains what KMIP is, how KMIP will be used, and why KMIP is important to information security.
See also: KMIP references
RESTful Services With ASP.NET MVC
Aaron Skonnard, MSDN Magazine
A RESTful service is a web of resources that programs can navigate. When designing a RESTful service, you have to think carefully about how your web will work. This means designing resource representations with links that facilitate navigation, describing service input somehow, and considering how consumers will navigate around your service at run time. Getting these things right is often overlooked, but they're central to realizing the full potential REST has to offer... Your RESTful services should also somehow provide these two features through whatever resource representation you decide to use. For example, if you're designing a custom XML dialect for your service, you should probably come up with your own elements for establishing links and describing service input that will guide consumers through your web. Or you can simply use XHTML...
There are several reasons to consider XHTML as the default representation for your RESTful services. First, you can leverage the syntax and semantics for important elements like 'a', 'form', and 'input' instead of inventing your own. Second, you'll end up with services that feel a lot like sites because they'll be browsable by both users and applications. The XHTML is still interpreted by a human—it's just a programmer during development instead of a user at runtime. This simplifies things throughout the development process and makes it easier for consumers to learn how your service works. And finally, you can leverage standard Web development frameworks to build your RESTful services. ASP.NET MVC is one such framework that provides an inherently RESTful model for building XHTML-based services. This article walks through some XHTML design concepts and then shows you how to build a complete XHTML-based RESTful service that you can download..."
W3C mobileOK Scheme 1.0
Jo Rabin and Phil Archer (eds), W3C Technical Report
Members of the W3C Mobile Web Best Practices Working Group have published a Group Note for "W3C mobileOK Scheme 1.0." This public Working Group Note follows a period of evolution during which the Working Group considered defining two levels of mobileOK conformance, each with its own set of tests. mobileOK is presented here as a simplified and unified scheme in which the relationship with the "Best Practices document", the "Basic Tests", and the "Checker" is made explicit. Changes since last publication in November 2008 are minor.
W3C's mobileOK is designed to improve the Web experience for users of mobile devices by rewarding content providers that adhere to good practice when delivering content to them. This document describes the mobileOK scheme, which allows content providers to promote their content as being suitable for use on very basic mobile devices.
See also: the W3C Mobile Web Initiative
RF Licensing for Advanced Encryption Standard S-box Applications
Staff, U.S. Federal Register Announcement via Cryptome
The Federal Register notice describes a jointly owned invention available for non-exclusive, royalty-free licensing for Advanced Encryption Standard (AES) S-box applications. The invention is jointly owned by the U.S. Government, as represented by the Department of Commerce, and the University of Southern Denmark. The Department of Commerce's interest in the invention is available for non-exclusive, royalty-free licensing in the Field of Use of Advanced Encryption Standard S-box applications, in accordance with 35 U.S.C. 207 and 37 CFR part 404 to achieve expeditious commercialization of results of federally funded research and development.
"A method of simplifying a combinational circuit establishes an initial combinational circuit operable to calculate a set of target signals. A quantity of multiplication operations performed in a first portion of the initial combinational circuit is reduced to create a first, simplified combinational circuit. The first portion includes only multiplication operations and addition operations. A quantity of addition operations performed in a second portion of the first, simplified combinational circuit is reduced to create a second, simplified combinational circuit. The second portion includes only addition operations. Also, the second, simplified combinational circuit is operable to calculate the target signals using fewer operations than the initial combinational circuit."
Industry Agrees On Standardised EU Phone Charger
Elitsa Vucheva, EU-Observer
Searching for a phone charger that works with your phone will soon be a thing of the past, as the world's ten major mobile phone manufacturers have agreed to produce a harmonised charger for users across Europe, with the first such chargers expected to be introduced on the EU market next year... The companies in question—which include Apple, LG, Motorola, Nokia, Samsung, and Sony Ericsson—represent 90 percent of Europe's mobile phone market. The phone manufacturers submitted a memorandum of understanding to the commission after Brussels had called on them to come forward with a voluntary proposal in order to avoid legislation.
See also: the ZDNet blog
HP and Red Hat Integrate SOA Tools
Jeffrey Schwartz, Application Development Trends
Hewlett Packard and Red Hat announced their respective service oriented architecture platforms will work together. The pact gives Red Hat a way to offer governance and policy management to its JBoss Enterprise SOA Platform, while it gives those that use HP's SOA Systinet a lower cost enterprise service bus alternative for points within a SOA environment. While the two companies have agreed to integrate their respective offerings and cross market them, it does not involve a packaging or cross selling of both offerings... Muzilla [of HP] said that many customers are looking to extend their SOAs with open source solutions. In many scenarios, the base UDDI registry that comes with the JBoss offering will suffice; for those that want a more comprehensive system that doesn't provide just registry, but provides policy management and overall governance of the services, the integration with HP Systinet will address those issues..."
According to the text of the announcement: "JBoss Enterprise SOA Platform is the next-generation integration and business process automation infrastructure that seeks to enable superior business execution, responsiveness, and flexibility with a cost-effective, open platform. We believe this modular approach offers a competitive advantage to users because it is designed to enable customers to integrate applications, execute business processes and move information around the datacenter easily and with fewer errors, which should help a business to stay ahead of market dynamics. Now with the integration of the JBoss Enterprise SOA Platform and HP SOA Systinet, a customer with an SOA deployment will have the opportunity to effectively govern their services, integrate best practices and processes, and drive collaboration for easy SOA adoption."
See also: the announcement text
XML Daily Newslink and Cover Pages sponsored by:
|Sun Microsystems, Inc.||http://sun.com|
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: email@example.com
Newsletter unsubscribe: firstname.lastname@example.org
Newsletter help: email@example.com
Cover Pages: http://xml.coverpages.org/