This issue of XML Daily Newslink is sponsored by:
Oracle Corporation http://www.oracle.com
- Unicode Public Review for CharMapML, Line Breaking, and Bidi Algorithm
- Towards an Ontology-Based Standard for Quantities and Units of Measure
- Creating Multi-Target XML Documents from Single Source
- W3C Last Call Review: Geolocation API Specification
- The OAuth Security Model for Delegated Authorization
- U.S. National Information Exchange Model (NIEM) Version 2.1 Preview
- Java Web Services: The High Cost of (WS-)Security
- Google Chrome OS: An Open Source, Lightweight Operating System
Unicode Public Review for CharMapML, Line Breaking, and Bidi Algorithm
Staff, Unicode Technical Committee Announcement
Members of the Unicode Technical Committee announced a public review period for three Unicode specifications now in revision. The review period (including two updates) closes on August 3, 2009. "Organizations and interested individuals are invited to submit public review comments on these issues. From time to time the Unicode Consortium seeks wide public review and feedback for certain proposed actions. The purpose of the review is to elicit better information on the practical impact of such proposals on users or implementers as well as broaden the review of technical details. Any feedback on Public Review Issues will be used in the deliberations of the relevant Unicode Consortium technical committee... Such Public Review Issues are often targeted at the next version of a particular specification, such as the Unicode Standard."
The Proposed Update to Unicode Technical Standard #22 (PRI #149) concerns the "Unicode Character Mapping Markup Language (CharMapML)." This document specifies an XML format for the interchange of mapping data for character encodings, and describes some of the issues connected with the use of character conversion. It provides a complete description for such mappings in terms of a defined mapping to and from Unicode, and a description of alias tables for the interchange of mapping table names. The proposed update includes editorial fixes and clarifications based on community feedback. As clarified in the Modification History and the highlighted changes, there is a small change in the XML DTD from version three to this proposed version five (a new default attribute value).
The Proposed Update to UAX #14 concerns the Unicode Line Breaking Algorithm. The line breaking algorithm produces a set of 'break opportunities', or positions that would be suitable for wrapping lines when preparing text for display. A model implementation using pair tables is also provided. "The text of UAX #14 has been revised throughout, with both substantive and editorial changes. A new Line_Break class CP has been added, and the rule LB30 has been reintroduced, to address an edge case involving breaks around parenthesized letters. More new Southeast Asian scripts and characters have been added to the Line_Break class SA..."
The Proposed Update Unicode Standard Annex #9 concerns "Unicode Bidirectional Algorithm," which describes specifications for the positioning of characters flowing from right to left, such as Arabic or Hebrew. Because right-to-left scripts use digits that are written from left to right, the text is actually bidirectional: a mixture of right-to-left and left-to-right text. In addition to digits, embedded words from English and other scripts are also written from left to right, also producing bidirectional text. Without a clear specification, ambiguities can arise in determining the ordering of the displayed characters when the horizontal direction of the text is not uniform. The latest revision includes a new conformance test file, which implementers should carefully review..."
Towards an Ontology-Based Standard for Quantities and Units of Measure
Peter Yim, Ontolog Announcement
On behalf the Ontolog UoM Panel Session Organizers (Ed Barkmeyer, Howard Mason, Frank Olken, Steve Ray) Peter Yim announced the creation of a new mailing list forum to support the community workspace of the Quantity and Unit of Measure Ontology-based Standard Initiative, now also online.
According to the 'Abstract and Thoughts' from the recent Ontology Summit 2009 Symposium, "Quantities and Units of Measure" was identified as a candidate ontology-based standard that folks from the standards community and the ontology community can (and should) work together on. Further momentum has been developing through the active discussion among the community members on the mailing list. Representatives include the acknowledged authorities who maintain governance over the system of measures. Primarily: BIPM, along with various national NMIs (National Measurement Institutes) who collectively maintain key documents such as the GUM (Guidelinefor Evaluating and Expressing the Uncertainty of NIST Measurement Results), the VIM (International Vocabulary of Basic and General Terms in Metrology), UCUM (Unified Code for Units of Measure), and the like. Other related organizations would be IEC, IFCC, ISO, IUPAC, IUPAP and OIML..."
See also: slides from the June 2009 Panel Session
Creating Multi-Target XML Documents from Single Source
William von Hagen, IBM developerWorks
"A natural outgrowth of XML as a software-independent documentation environment that facilitates information reuse is the need to customize that information so that its content differs based on the specific audience or output format. This reuse is commonly known as single-source documentation, because a single set of input files can satisfy the requirements of multiple audiences or output formats. Some single- source requirements are handled automatically by the tools that produce output in different formats. For example, generating PDF output for a DocBook XML document that contains a link to external resources (using the 'ulink' element) embeds both a hyperlink to that information and its actual URL in that output, while generating HTML output from the same XML document simply embeds a link in that HTML output. Transforming a single element in different ways for different output formats is a step in the right direction for single-source documentation, but it doesn't enable customization of document content beyond its presentation requirements. Being able to customize the actual content of a document based on its target output format is a fairly common requirement for modern documentation. Luckily, this is easily handled by a combination of preprocessing and taking advantage of flexible aspects of the design of documentation formats such as DocBook XML.
The power and flexibility of XML, sets of existing standards, and a rich set of tools for working with and converting XML documents provide a powerful environment for creating and maintaining documentation. The attributes and techniques discussed in this article make it easy to create conditionalized documentation that can contain different content targeted toward specific audiences, computer systems, or presentation formats. If you add a simple preprocessing stage or set variables for use in your documentation-production process, you can create and maintain single-source documentation that produces specialized output.
W3C Last Call Review: Geolocation API Specification
Andrei Popescu (ed), W3C Technical Report
On July 07, 2009, members of the W3C Geolocation Working Group published a Last Call Working Draft for the Geolocation API Specification. This Geolocation API "defines a high-level interface to location information associated only with the device hosting the implementation, such as latitude and longitude. Common sources of location information include Global Positioning System (GPS) and location inferred from network signals such as IP address, RFID, WiFi and Bluetooth MAC addresses, and GSM/CDMA cell IDs, as well as user input." Public comment is invited through August 10, 2009.
W3C's Geolocation Working Group was chartered through December 2009 to "define a secure and privacy-sensitive interface for using client-side location information in location-aware Web applications. The number of Web enabled devices that are location-aware has increased markedly as of late. These devices are very common and include mobile phones with cell triangulation or Global Positioning System (GPS) capabilities, laptops with Wi-Fi triangulation capabilities and GPS receivers. The Geolocation WG is created in response to requests from the community for W3C to develop a standardized, secure and privacy-sensitive interface so that Web applications may gain access to location information. In addition to the variety of techniques for determining location, applications may: (1) retrieve a user's location only once—e.g., finding the nearest bank; (2) retrieve several data points over time, for example, recording a route; (3) retrieve a sequence of locations at irregular intervals, e.g., each time a photo is taken..."
The OAuth Security Model for Delegated Authorization
Richard Barnes and Matthew Lepinski (eds), IETF Internet Draft
Members of the IETF OAuth Working Group have published a draft specification "The OAuth Security Model for Delegated Authorization." The WG's document "OAuth Protocol: Web Delegation" specifies the OAuth protocol web delegation method, where OAuth allows clients to access server resources on behalf of another party (such a different client or an end user). The "Web Delegation" I-D defines a redirection-based user-agent process for end users to authorize access to clients by substituting their credentials (typically, a username and password pair) with a different set of delegation-specific credentials.
The updated specification OAuth Security Model for Delegated Authorization describes the security model for the OAuth authorization system, which allows a party that holds some authorization to delegate a subset of that authorization to another party, without requiring either party to disclose its credentials to the other.
Background: "It is an almost universal situation in the Internet today that users make use of many Internet applications, some of which store data for the user and some of which consume user data. There is increasing interest in bringing these two types of application together, i.e., in allowing certain applications that consume user data to access data that is stored by other applications. However, in order to maintain the security of user data, applications that store data typically require an entity requesting private resources to authenticate that they own those resources (i.e., to authenticate as the owner of the resources). Enabling a second application to access private resources would thus require the user who ones the resources to enable that application to authenticate as the user. This situation is clearly undesirable, since it allows the consuming application to impersonate the user: To access any and all data the user owns, or to take actions as the user... This document describes a security model for the OAuth delegated authorization system. In particular, we provide an abstract message flow that defines how parameters are exchanged between OAuth entities, and what the security requirements are for these exchanges..."
U.S. National Information Exchange Model (NIEM) Version 2.1 Preview
Staff, NIEM Newsletter
The July 2009 issue of the NIEM Newsletter previews the Version 2.1 release, which is being revised in response to rapid adoption and use, with and improvements, expansions, and best practices. NIEM is a framework designed to "leverage the data exchange standards efforts successfully implemented by the Global Justice Information Sharing Initiative (Global) and extend the Global Justice XML Data Model (GJXDM) to facilitate timely, secure information sharing across the whole of the justice, public safety, emergency and disaster management, intelligence, and homeland security enterprise."
NIEM Version 2.1 "will feature three new domains: (1) The Maritime domain will be sponsored by the U.S. Navy as the executive agent for the Maritime Domain Awareness and will include the harmonized content from the Maritime Information Exchange Model 1.0 (MIEM). (2) The Family Services domain will be a joint effort of the U.S. Department of Health and Human Services (HHS) Administration on Children and Families, the National Center for State Courts (NCSC), and the U.S. Department of Justice (DOJ) Office of Juvenile Justice and Delinquency Prevention. (3) The Chemical, Biological, Radiological, Nuclear (CBRN) domain will be sponsored by the U.S. Department of Homeland Security (DHS) Office of Domestic Nuclear Detection."
Updates in NIEM Version 2.1 will be made to existing domains, including the Infrastructure Protection domain, which "will provide a complete taxonomy of infrastructure categories. This should prove widely reusable by developers in many lines of business. The Emergency Management domain will tighten its linkage to the EDXL messaging standards. It also incorporates the results of a successful pilot at the Richmond, Virginia, emergency dispatch center, enabling the reuse of exchanges with private alarm companies..."
See also: NIEM Version 2.0
Java Web Services: The High Cost of (WS-)Security
Dennis Sosnoski, IBM developerWorks
"WS-Security provides a comprehensive set of security features for Web service applications, building on established industry standards for cryptography and XML encryption and signing. You can specify the features to be used for a particular application with WS-Policy and WS-SecurityPolicy, allowing clients of the service to configure themselves automatically to access the service. With widespread support for these standards across multiple platforms and Web services frameworks, interoperability is good—and getting better over time.
Despite these benefits, WS-Security also has some drawbacks: WS-Security can be complex to configure, and that it sometimes adds a lot of bulk to the messages being exchanged. So when are the benefits of WS-Security worth the costs? In this article the author gives you better look at the run-time costs of WS-Security and the related WS-SecureConversation (in terms of both processing overhead and added bulk), leading up to a discussion of how to apply WS-Security in a manner that makes sense for your application..."
See also: Axis2 WS-Security signing and encryption
Google Chrome OS: An Open Source, Lightweight Operating System
Sundar Pichai, Google Blog
"Today, we [Google] are announcing a new project that's a natural extension of Google Chrome: the Google Chrome Operating System. It's our attempt to re-think what operating systems should be. Google Chrome OS is an open source, lightweight operating system that will initially be targeted at netbooks. Later this year we will open-source its code, and netbooks running Google Chrome OS will be available for consumers in the second half of 2010. Because we're already talking to partners about the project, and we'll soon be working with the open source community, we wanted to share our vision now so everyone understands what we are trying to achieve.
Speed, simplicity and security are the key aspects of Google Chrome OS. We're designing the OS to be fast and lightweight, to start up and get you onto the web in a few seconds. The user interface is minimal to stay out of your way, and most of the user experience takes place on the web. And as we did for the Google Chrome browser, we are going back to the basics and completely redesigning the underlying security architecture of the OS so that users don't have to deal with viruses, malware and security updates. It should just work..."
See also: commentary by InformationWeek
XML Daily Newslink and Cover Pages sponsored by:
|Sun Microsystems, Inc.||http://sun.com|
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: firstname.lastname@example.org
Newsletter unsubscribe: email@example.com
Newsletter help: firstname.lastname@example.org
Cover Pages: http://xml.coverpages.org/