The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Last modified: June 29, 2009
XML Daily Newslink. Monday, 29 June 2009

A Cover Pages Publication
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
IBM Corporation

W3C Call for Implementations: Widgets 1.0 Digital Signatures
Frederick Hirsch, Marcos Caceres, Mark Priestley (eds), W3C Technical Report

Members of the W3C Web Applications (WebApps) Working Group announced the release of a Candidate Recommendation for the "Widgets 1.0: Digital Signatures" specification, together with a call for implementations. The WG expects to request advancement of this document to Proposed Recommendation once the Working Group has developed a comprehensive Widgets 1.0: Digital Signature test suite, and demonstrated at least two interoperable implementations. The WebApps Working Group expects to show these implementations by September 2009.

"Widgets 1.0: Digital Signatures" defines a profile of the XML Signature Syntax and Processing 1.1 specification to allow a widget package to be digitally signed. Widget authors and distributors can digitally sign widgets as a mechanism to ensure continuity of authorship and distributorship. Prior to instantiation, a user agent can use the digital signature to verify the integrity of the widget package and to confirm the signing key(s). This document specifies conformance requirements on both widget packages and user agents... A widget package can be signed by the author of the widget producing an XML DSIG signature ("XML Signature Syntax and Processing, Version 1.1") that cryptographically includes all of the file entries other than signature files. A widget package can also be signed by one or more distributors of the widget, producing XML DSIG signatures that each cryptographically includes all of the non-signature file entries as well as any author signature...

See also: the W3C Rich Web Clients Activity

XTLS: End-to-End Encryption for the Extensible Messaging and Presence Protocol (XMPP) Using Transport Layer Security (TLS)
Dirk Meyer and Peter Saint-Andre (eds), IETF Internet Draft

Members of the IETF Extensible Messaging and Presence Protocol (XMPP) Working Group have published a revised Internet Draft for XTLS: End-to-End Encryption for the Extensible Messaging and Presence Protocol (XMPP) Using Transport Layer Security (TLS). End-to-end encryption of traffic sent over the Extensible Messaging and Presence Protocol (XMPP) is a desirable goal. Requirements and a threat analysis for XMPP encryption are provided in the I-D "Requirements for End-to-End Encryption in the Extensible Messaging and Presence Protocol (XMPP)." This document explores the possibility of using the Transport Layer Security (TLS) to meet those requirements.

XTLS is "a protocol for end-to-end encryption of Extensible Messaging and Presence Protocol (XMPP) traffic. XTLS is an application-level usage of Transport Layer Security (TLS) that is set up using the XMPP Jingle extension for session negotiation and transported using any streaming transport as the data delivery mechanism. Thus XTLS treats the end-to-end exchange of XML stanzas as a virtual transport and uses TLS to secure that transport, enabling XMPP entities to communicate in a way that is designed to ensure the confidentiality and integrity XML stanzas. The protocol can be used for secure end-to-end messaging as well as other XMPP applications, such as file transfer.

See also: the Requirements document

KMIP: A Breakthrough in Key Management
Robert Griffin, YouTube Presentation

This video presentation (duration 5:12 minutes) features Robert Griffin, Director of Solution Design at RSA, the Security Division of EMC, and co-chair of the OASIS Key Management Interoperability Protocol (KMIP) Technical Committee. Bob explains what KMIP is, how KMIP will be used, and why KMIP is important to information security.

See also: KMIP references

RESTful Services With ASP.NET MVC
Aaron Skonnard, MSDN Magazine

A RESTful service is a web of resources that programs can navigate. When designing a RESTful service, you have to think carefully about how your web will work. This means designing resource representations with links that facilitate navigation, describing service input somehow, and considering how consumers will navigate around your service at run time. Getting these things right is often overlooked, but they're central to realizing the full potential REST has to offer... Your RESTful services should also somehow provide these two features through whatever resource representation you decide to use. For example, if you're designing a custom XML dialect for your service, you should probably come up with your own elements for establishing links and describing service input that will guide consumers through your web. Or you can simply use XHTML...

There are several reasons to consider XHTML as the default representation for your RESTful services. First, you can leverage the syntax and semantics for important elements like 'a', 'form', and 'input' instead of inventing your own. Second, you'll end up with services that feel a lot like sites because they'll be browsable by both users and applications. The XHTML is still interpreted by a human—it's just a programmer during development instead of a user at runtime. This simplifies things throughout the development process and makes it easier for consumers to learn how your service works. And finally, you can leverage standard Web development frameworks to build your RESTful services. ASP.NET MVC is one such framework that provides an inherently RESTful model for building XHTML-based services. This article walks through some XHTML design concepts and then shows you how to build a complete XHTML-based RESTful service that you can download..."

W3C mobileOK Scheme 1.0
Jo Rabin and Phil Archer (eds), W3C Technical Report

Members of the W3C Mobile Web Best Practices Working Group have published a Group Note for "W3C mobileOK Scheme 1.0." This public Working Group Note follows a period of evolution during which the Working Group considered defining two levels of mobileOK conformance, each with its own set of tests. mobileOK is presented here as a simplified and unified scheme in which the relationship with the "Best Practices document", the "Basic Tests", and the "Checker" is made explicit. Changes since last publication in November 2008 are minor.

W3C's mobileOK is designed to improve the Web experience for users of mobile devices by rewarding content providers that adhere to good practice when delivering content to them. This document describes the mobileOK scheme, which allows content providers to promote their content as being suitable for use on very basic mobile devices.

See also: the W3C Mobile Web Initiative

RF Licensing for Advanced Encryption Standard S-box Applications
Staff, U.S. Federal Register Announcement via Cryptome

The Federal Register notice describes a jointly owned invention available for non-exclusive, royalty-free licensing for Advanced Encryption Standard (AES) S-box applications. The invention is jointly owned by the U.S. Government, as represented by the Department of Commerce, and the University of Southern Denmark. The Department of Commerce's interest in the invention is available for non-exclusive, royalty-free licensing in the Field of Use of Advanced Encryption Standard S-box applications, in accordance with 35 U.S.C. 207 and 37 CFR part 404 to achieve expeditious commercialization of results of federally funded research and development.

"A method of simplifying a combinational circuit establishes an initial combinational circuit operable to calculate a set of target signals. A quantity of multiplication operations performed in a first portion of the initial combinational circuit is reduced to create a first, simplified combinational circuit. The first portion includes only multiplication operations and addition operations. A quantity of addition operations performed in a second portion of the first, simplified combinational circuit is reduced to create a second, simplified combinational circuit. The second portion includes only addition operations. Also, the second, simplified combinational circuit is operable to calculate the target signals using fewer operations than the initial combinational circuit."

Industry Agrees On Standardised EU Phone Charger
Elitsa Vucheva, EU-Observer

Searching for a phone charger that works with your phone will soon be a thing of the past, as the world's ten major mobile phone manufacturers have agreed to produce a harmonised charger for users across Europe, with the first such chargers expected to be introduced on the EU market next year... The companies in question—which include Apple, LG, Motorola, Nokia, Samsung, and Sony Ericsson—represent 90 percent of Europe's mobile phone market. The phone manufacturers submitted a memorandum of understanding to the commission after Brussels had called on them to come forward with a voluntary proposal in order to avoid legislation.

See also: the ZDNet blog

HP and Red Hat Integrate SOA Tools
Jeffrey Schwartz, Application Development Trends

Hewlett Packard and Red Hat announced their respective service oriented architecture platforms will work together. The pact gives Red Hat a way to offer governance and policy management to its JBoss Enterprise SOA Platform, while it gives those that use HP's SOA Systinet a lower cost enterprise service bus alternative for points within a SOA environment. While the two companies have agreed to integrate their respective offerings and cross market them, it does not involve a packaging or cross selling of both offerings... Muzilla [of HP] said that many customers are looking to extend their SOAs with open source solutions. In many scenarios, the base UDDI registry that comes with the JBoss offering will suffice; for those that want a more comprehensive system that doesn't provide just registry, but provides policy management and overall governance of the services, the integration with HP Systinet will address those issues..."

According to the text of the announcement: "JBoss Enterprise SOA Platform is the next-generation integration and business process automation infrastructure that seeks to enable superior business execution, responsiveness, and flexibility with a cost-effective, open platform. We believe this modular approach offers a competitive advantage to users because it is designed to enable customers to integrate applications, execute business processes and move information around the datacenter easily and with fewer errors, which should help a business to stay ahead of market dynamics. Now with the integration of the JBoss Enterprise SOA Platform and HP SOA Systinet, a customer with an SOA deployment will have the opportunity to effectively govern their services, integrate best practices and processes, and drive collaboration for easy SOA adoption."

See also: the announcement text


XML Daily Newslink and Cover Pages sponsored by:

IBM Corporation
Microsoft Corporation
Oracle Corporation
Sun Microsystems, Inc.

XML Daily Newslink:
Newsletter Archive:
Newsletter subscribe:
Newsletter unsubscribe:
Newsletter help:
Cover Pages:

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: