The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Last modified: August 11, 2009
XML Daily Newslink. Tuesday, 11 August 2009

A Cover Pages Publication
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
Microsoft Corporation

Advanced Security Processing for Atom and APP Documents
Fred Chen, Maryann Hondo, Rich Salz (eds); IETF Internet Draft

In initial version -00 IETF Internet Draft has been published for the specification Advanced Security Processing for Atom and APP Documents.

Abstract: "The Atom and APP specifications specify simple uses of cryptography to sign and encrypt their documents. Each document is processed completely, and in isolation. This document specifies additional uses that enable selective protection or encryption of content, and allow a "trust path" to be created across "atom:link" elements...

The Atom and APP specifications define how to use the W3C Recommendation "XML Signature Syntax and Processing (Second Edition)" and W3C "XML Encryption Syntax and Processing" to prevent the contents of a document from being modified or inadvertently disclosed. This IETF specification profiles how to use OASIS "Web Services Security: SOAP Message Security 1.1 (WS-Security 2004)" to provide selective protection and encryption of a document and allow a single document to be encrypted for multiple recipients.

An Atom or APP dcoument must not have more than one "wsse:Security" child element... One feature of the WS-Security header is that it should be possible to process in a forward-streaming manner. That is, security tokens appear before they are used (such as in signatures), and encipherment keys appear before the encrypted data. Therefore, if present, the "wsse:Security" element should be the first child of the Atom document. The "wsse:SecurityTokenReference" element can be used to help enable streaming processing, and to reduce multiple occurrences of the same credentials. To do this, each credential is made the child of a "wsse:BinarySecurityToken" element, which in turn is a child of the "wsse:Security" element... A "dsig:Signature" element in the "wsse:Security" element may be used to sign one or more elements of an Atom document. The signature should be detached, with one "dsig:Reference" for each item being signed...

See also: Atom references

W3C Last Call Review for Widgets 1.0: Access Requests Policy
Robin Berjon (ed), W3C Technical Report

Members of the W3C Web Applications Working Group have published a Last Call Working Draft for the specification "Widgets 1.0: Access Requests Policy." The Last Call period ends on 20-September-2009. The requirements were specified and addressed via consultation with W3C members and the public through the Working Group's mailing lists (WAF archive, WebApps archive). The purpose of this Last Call is to give external interested parties a final opportunity to publicly comment on how access requests should work within widgets before the Working Group issues a call for implementations. The Working Group's goal is to make sure that vendor's requirements for access requests have been effectively addressed and clearly specified.

This specification "defines the security model controlling network access from within a widget, as well as a method for widget authors to request that the user agent grant access to certain network resources, or sets thereof. User agents running widgets are expected to provide access to potentially sensitive APIs (phone book, calendar, file system, etc.) that expose data which should not be leaked to arbitrary network locations without the user's consent. The purpose of this specification is precisely to define the security model for network interactions from within a widget that has access to sensitive information, and to provide means for a widget to declare the need to access specific network resources so that a policy may control it..."

See also: the W3C Web Applications (WebApps) Working Group

OASIS DITA TC Launches Technical Communication Subcommittee
Staff, OASIS Announcement

Members of the OASIS Darwin Information Typing Architecture (DITA) Technical Committee have created a new DITA Technical Communication Subcommittee. According to the text of the Subcommittee Charter: "DITA was originally designed as an architecture for technical documentation, it has grown into a solution for much more than that. Today, DITA supports a growing set of industries and vertical markets via subcommittees that are responsible for their specializations. As a result, the technical communication specializations, including bookmap and the concept, reference, task, and glossary topic types, have been moved out of the base DITA package into a new "tech comm" package. The purpose of the Technical Communication Subcommittee is to take ownership of the "technical communication" specializations, driving new developments for technical communication and providing ongoing maintenance of the existing specializations."

The OASIS DITA TC has several other active Subcommittees covering Enterprise Business Documents, Learning and Training Content Specialization, Pharmaceutical Content, Semiconductor Information Design, Technical Standards, etc.

See also: the Subcommittee Charter

Microsoft Joins HTML 5 Standard Fray in Earnest
Stephen Shankland, CNET

After leaving much of the creation of a new version of HTML to Apple, Google, Opera, and Mozilla, Microsoft has begun sinking its teeth into the Web standard. The move adds clout to the effort to renovate HyperText Markup Language, the standard used to describe Web pages, which last was formally updated in 1999. In a recent mailing list posting, the software giant offered a host of questions and concerns with the present proposal...

HTML 5 in its current draft form includes a number of significant advancements, notably several that make the Web a better foundation for applications, not just static Web pages. Among the present HTML 5 features are built-in video and audio, the ability to store data on a local computer to enable use of Web applications even when offline, Web Workers that can perform computational chores in the background without bogging down Web application responsiveness..."

Adrian Bateman (for example) on the 'keygen' key/value pair generator control: "Windows has a broad set of controls for generating and enrolling in certificates in flexible ways while ensuring that the keys/certs can be used by other apps. The 'keygen' construct is based on an old Netscape implementation and is very basic. It's not clear that it is widely adopted today... We supported this in our web enrolment pages in the past for compatibility but in Win7 it is deprecated... We have some concerns about including 'keygen' in the spec. We're not sure this is the right design to be encouraging given that it wasn't in HTML 4.01..."

See also: the posting of Adrian Bateman

Balisage 2009: Running Bright in Montreal
Kurt Cagle, O'Reilly Technical

Balisage has become for many XML (and the occasional SGML) coders the must-attend conference of the year. The conference can best be described as cozy. This isn't a big trade show conference - there's nary a vendor booth in sight, and the idea with the conference is that it is a place where XML technicians - the standards creators, the implementers, the idea people - can get together quietly and talk about markup, at a very core level. It's definitely a deep pool, but there are no sharks, though there a bunch of dolphins, orcas and a blue whale or two...

There aren't really any keynotes—when you have people like Norm Walsh and Michael Kay giving talks in the morning, with Uche Ogbuji and C.M Sperberg-McQueen presenting talks in the afternoon, it's rather hard to say that you can just catch the big keynotes and miss the rest of the sessions. You can't—these are just too important to miss. I will unfortunately miss two talks that I especially was hoping to catch -- Alex Milowski's XML in the Browser: the Next Decade and especially Liam Quin's Automatic XML Namespaces, as I think that we're on the cusp of revisiting the XML Namespaces issue in light of HTML 5, but if you can make the conference on Tuesday I would especially recommend catching these two. I'll be speaking on Friday morning on Open Data and XML Services, where I hope to address the issues of how RESTful services are going to profoundly shape the next decade...

See also: the Balisage Conference Program


XML Daily Newslink and Cover Pages sponsored by:

IBM Corporation
Microsoft Corporation
Oracle Corporation
Sun Microsystems, Inc.

XML Daily Newslink:
Newsletter Archive:
Newsletter subscribe:
Newsletter unsubscribe:
Newsletter help:
Cover Pages:

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: