The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Last modified: September 08, 2009
XML Daily Newslink. Tuesday, 08 September 2009

A Cover Pages Publication
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
Oracle Corporation

W3C eGovernment Interest Group: Publishing Open Government Data
Daniel Bennett and Adam Harvey (eds), W3C Working Draft

"The World Wide Web Consortium (W3C) has announced a draft work plan for the eGovernment Interest Group, whose mission is to document, advocate, coordinate and communicate best practices, solutions and approaches to improve the interface between citizens and government through effective use of Web standards. The draft charter, in review by the W3C community until the end of September 2009, focuses on two topics: Open Government Data (OGD), and Education and Outreach.

Publishing data using open standards can help people efficiently share, combine, and expose government data, and will improve government's transparency and accountability by providing useful information to citizens. The eGov IG will work with governments, end users, and other interested parties to develop best practices and approaches to successfully publish government data in open formats."

In line with its anticipated focus on Open Government Data, the Interest Group has also announced the publication of a first Working Draft for 'Publishing Open Government Data'. From the Abstract: "Every day, governments and government agencies publish more data on the Internet. Sharing this data enables greater transparency; delivers more efficient public services; and encourages greater public and commercial use and re-use of government information. Some governments have even created catalogs or portals (such as to make it easy for the public to find and use this data.

Although the reasons may vary, the logistics and practicalities of opening government data are the same. To help governments open and share their data, the W3C eGov Interest Group has developed the following guidelines. These straightforward steps emphasize standards and methodologies to encourage publication of government data, allowing the public to use this data in new and innovative ways..."

See also: Publishing Open Government Data

OASIS XML Catalogs Standard: Implementation for .NET
Anthony B. Coates, XML-DEV Announcement

Coates reports: "I have posted a .NET implementation of the OASIS XML Catalogs Standard to, described in a document 'Londata XML Catalogs for .NET and Mono.'...

The specification for "XML Catalogs Version 1.1" was produced by members of the OASIS Entity Resolution TC and approved as an OASIS Standard in 2005. It defines an entity catalog that maps both external identifiers and arbitrary URI references to URI references... "XML documents sometimes need to refer to other documents, particular Schemas or DTDs. While DTDs allow can be referenced using logical (non-physical) names (public IDs), W3C XML Schemas are typically referred to using a relative or absolute URL (which could be a "file:" URL, equivalent to a file path), but there are often problems with this in practice: (1) different users may not have access to the same files in the same locations; even an HTTP URL may refer to a private system that not all users have access to; (2) you may not trust the Schema (etc.) references in incoming XML files... [So] OASIS XML Catalogs defines a standard XML format for mapping URIs in XML documents to your own local, trusted copies of Schemas, etc; you can also map to other URIs as required...

The .NET/Mono API provides an XmlResolver class that convert a relative URL into an absolute URL. Londata XML Catalogs for .NET and Mono provides a (derived) replacement class "XmlCatalogResolver" which reads an XML Catalog file and uses the catalog mappings to rewrite the URIs as appropriate. This allows you to redirect any URI that is passed to the XML resolver by the XML parser... This increases security and flexibility for XML applications by allowing any URI to be mapped to a local copy of a file (Schema or other). It integrates with the existing .NET/Mono XML API, is royalty-free, and open source. The Londata XML Catalogs implementation for .NET supports log4net logging so that you can debug your XML Catalogs..."

See also: Debugging Your XML Catalogs Using Logging

NIST Special Publication: Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography
Elaine Barker, Lily Chen, Andrew Regenscheid, Miles Smid (eds); NIST Special Publication

This Recommendation from NIST "specifies key establishment schemes using integer factorization cryptography, based on ANS X9.44, 'Public Key Cryptography for the Financial Services Industry: Key Establishment Using Integer Factorization Cryptography' [published August 24, 2007], which was developed by the Accredited Standards Committee (ASC) X9, Inc...

A key establishment scheme can be characterized as either a key agreement scheme or a key transport scheme. This Recommendation provides asymmetric-based key agreement and key transport schemes that are based on the Rivest Shamir Adleman (RSA) algorithm... Secret cryptographic keying material may be electronically established between parties by using a key establishment scheme, that is, by using either a key agreement scheme or a key transport scheme. During key agreement, the derived secret keying material is the result of contributions made by both parties. Key agreement schemes may use either symmetric key or asymmetric key (public key) techniques. The key agreement schemes described in this Recommendation use public key techniques. The party that begins a key agreement scheme is called the initiator, and the other party is called the responder. During key transport (where one party selects the secret keying material), encrypted secret keying material is transported from the sender to the receiver. The key transport schemes described in this Recommendation use either public key techniques or a combination of public key and symmetric key techniques. The party that sends the secret keying material is called the sender, and the other party is called the receiver...

The security of the Integer Factorization Cryptography (IFC) schemes in this Recommendation is based on the intractability of factoring integers that are (divisible by) products of (two or more) sufficiently large, distinct prime numbers..."

See also: the OASIS KMIP Technical Committee

Using OAuth for Recursive Delegation
Bart Vrancken and Zachary Zeltsan (eds), IETF Internet Draft

Members of the IETF Open Authentication Protocol (OAuth) Working Group have published an initial -00 level specification for Using OAuth for Recursive Delegation. The need for documenting a use case for the OAuth multi-layered authorization was discussed on the OAuth mailing list and at the BoF meeting at the Plenary IETF 75.

The OAuth protocol provides a method for servers to allow third-party access to protected resources without forcing their end-users to reveal their authentication credentials. This method can be employed to support organizing and sharing information among the end-users. For example, a Web user (Resource Owner) can grant data access to a pre-defined set of users. This can be done with the use of a special OAuth Client -- content manager—which serves as a proxy between the end-users and the Web servers that host the resources related to the project. The content manager allows a user (the owner of the resources) to specify a set of the resources related to a project (e.g., by tagging) and a set of the users and their access rights in respect to the resources. The content manager may also enable searching of the related materials.

This Internet Draft describes a use case for delegating authorization by a Resource Owner to another user via a Client using the OAuth protocol. OAuth allows Clients to access server resources on behalf of another party (such as a different Client or an end-user). The document describes the use of OAuth for delegating one Client's authorization to another Client — a scenario, which is also known as four-legged authorization.

Specifically, the document describes the use of OAuth for enabling sharing a resource under the following scenario: (1) First Client has been authorized by the Resource Owner, to share a resource (e.g., file) with a second Client; (2) The first Client has obtained access token credentials for the resource; (3) The first Client enables the second Client to access the resource without getting the Resource Owner involved in authorization process..."

See also: the IETF Open Authentication Protocol (OAuth) Working Group

Update: Cascading Style Sheets Level 2 Revision 1 (CSS 2.1) Specification
Bert Bos, Tantek Çelik, Ian Hickson, H.-W. Lie (eds), W3C Technical Report

Members of the W3C CSS Working Group have published a revised Candidate Recommendation for the "Cascading Style Sheets Level 2 Revision 1 (CSS 2.1) Specification." This document "incorporates errata resulting from implementation experience since the previous publication. Some of the corrections remove ambiguities or change the behavior in edge cases, and therefore it is expected that another Working Draft will (briefly) precede the Proposed Recommendation, in order to invite more review...

The specification defines Cascading Style Sheets, level 2 revision 1 (CSS 2.1). CSS 2.1 is a style sheet language that allows authors and users to attach style (e.g., fonts and spacing) to structured documents (e.g., HTML documents and XML applications). By separating the presentation style of documents from the content of documents, CSS 2.1 simplifies Web authoring and site maintenance.

CSS 2.1 builds on CSS2 which builds on CSS1. It supports media-specific style sheets so that authors may tailor the presentation of their documents to visual browsers, aural devices, printers, braille devices, handheld devices, etc. It also supports content positioning, table layout, features for internationalization and some properties related to user interface..."

See also: the new CR specification

Introducing the All New Yahoo! Contacts API
Shirish Anand, Blog

"We are pleased to announce the launch of the new Yahoo! Contacts API, which now uses OAuth to offer read, write, and sync access to the Yahoo! Address Book, one of the largest address books on the Web. We've completely reengineered the existing Contacts API and added more useful functionality for developers. The new Contacts API provides the same features as the Yahoo! Address Book API, plus it is part of the Social API stack. Hence, it is fully compliant with the rest of the social APIs provided by Yahoo! such as Social Directory, Updates and the Status API...

With this API, you can find addresses to assist with communications such as email, instant messaging, SMS, or even plain old postal mail. You can also look up addresses for auto-completion of emails, add addresses for future shipping information, or sync with another address book...

We encourage you to migrate to the new API so you can take advantage of the following new features: (1) Update contacts automatically: When two users create a connection, the contact info in their address books is automatically kept in sync from that point on. (2) Get data faster and more reliably: we have made sure that the new API is faster and more reliable, so you don't have to worry about business continuity issues. (3) Identify the users' trusted contacts: A user's address book often contains contacts who have a wide range of relationships with the user. The Contacts API allows you to sort the user's most socially relevant contacts (aka connections)... (4) Filter contacts more efficiently: We've also added a number of filter mechanisms that allow you to fetch a subset of contacts by specifying matrix parameters..."

See also: the Yahoo! Contacts API web site

SPEC Launches SOA Benchmark Effort
Darryl K. Taft, eWEEK

"The Standard Performance Evaluation Corp. has formed a new working group to develop standard methods of measuring performance for typical middleware, database and hardware deployments of applications based on the service-oriented architecture..."

According to the announcement: "SPEC is interested in hearing from enterprise architects, IT managers and other potential users of SOA techniques to ensure that the working group understands customer needs and can develop the best possible benchmarking solutions. Organizations that are not currently SPEC members are invited to join the new working group. Membership is open to vendors, universities, R&D organizations, and users of SOA technologies...

In developing a new SOA benchmark, SPEC will draw on its expertise in creating widely used system-level benchmark suites. The group plans an initial benchmark designed around three parts of a typical SOA deployment infrastructure: (1) services on top of application servers using web services; (2) Enterprise Service Bus (ESB) technologies that connect and mediate the services; (3) choreographing services into larger composite applications through BPEL (Business Process Execution Language) technologies..."

Related: article by Jack Vaughan from TechTarget.

See also: the SPEC web site

Seven Reasons Websites Are No Longer Safe
Bill Brenner, Network World

"Conventional wisdom is that Web wanderers are safe as long as they avoid sites that serve up pornography, stock tips, games and the like. But according to recently gathered research from Boston-based IT security and control firm Sophos, sites we take for granted are not as secure as they appear.

Among the findings in Sophos' threat report for the first six months of this year, 23,500 new infected Web pages—one every 3.6 seconds -- were detected each day during that period. That's four times worse than the same period last year, said Richard Wang, who manages the Boston lab. Many such infections were found on legitimate websites. In a recent interview with CSOonline, Wang outlined seven primary reasons legitimate sites are becoming more dangerous..."


XML Daily Newslink and Cover Pages sponsored by:

IBM Corporation
Microsoft Corporation
Oracle Corporation
Sun Microsystems, Inc.

XML Daily Newslink:
Newsletter Archive:
Newsletter subscribe:
Newsletter unsubscribe:
Newsletter help:
Cover Pages:

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: