The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Last modified: September 22, 2009
XML Daily Newslink. Tuesday, 22 September 2009

A Cover Pages Publication
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
Microsoft Corporation

W3C Workshop on Access Control Application Scenarios
Staff, W3C Announcement

A Call for Participation has been issued for a "W3C Workshop on Access Control Application Scenarios," to be held November 17-18, 2009 in Luxembourg. "This workshop brings together worldwide research and user communities to explore evolving application scenarios for access control technologies, such as XACML. Results form a number of recent European research projects in the grid, cloud computing, and privacy areas show overlapping use cases for these technologies that extend beyond classical intra-enterprise applications. At this workshop, we will explore commonalities between different application scenarios, and standardization needs (at W3C and elsewhere) above and beyond the technology substrate that exists today. The workshop is co-financed by the European Commission 7th framework program via the Primelife project. Position papers of 1-5 pages are the basis for the discussion at the workshop; these papers will be made available online. W3C membership is not required in order to participate.

The workshop is intended to discuss issues around access control in very wide sense, encompassing conditions and rules derived from the fact of accessing information. Topics that might serve as appropriate discussion points for position papers include, but are not limited to: (1) interaction between access control and privacy policies; (2) language extensions to connect access control languages to novel types of credentials; (3) large-scale cloud and grid computing use cases for access control technologies; (4) policy management; (5) mechanisms for controlling progressive disclosure of information by user agents and servers; (6) the emerging role of trust delegation and supportive mechanisms in cloud computing, grid, and Web use cases; (7) mechanisms for richer user control over downstream data controllers...

The Workshop Program Committee incudes: Michele Bezzi (SAP), Laurent Bussard (Microsoft), Marco Casassa-Mont (Hewlett-Packard), David Chadwick (University Kent), Franz Kudorfer (Siemens), Hal Lockhart (Oracle), Gregory Neven (IBM), Dave Raggett (W3C), Babak Sadighi (Axiomatics), Pierangela Samarati (University Milano), Amardeo Sarma (NEC), Rudolf Schreiner (ObjectSecurity), Rigo Wenning (W3C/ERCIM), and Philip Wieder (TH Dortmund).

See also: XACML references

Database of Long-Lived Cryptographic Keys
Russell Housley and Tim Polk (eds), IETF Internet Draft

An initial level -00 Internet Draft has been published for Database of Long-Lived Cryptographic Keys. The document "specifies the information that needs to be included in a database of long-lived cryptographic keys. This conceptual database is designed to support both manual key management and automated key management. The intent is to allow many different implementation approaches to the specified cryptographic key database.

Security protocols are expected to use an application program interface (API) to select a long-lived key from the database. In many instances, the long-lived keys are not used directly in security protocols, but rather a key derivation function is used to derive short-lived key from the long-lived keys in the database.

The database is characterized as a table, where each row represents a single long-lived symmetric cryptographic key. Each key should only have one row; however, in the (hopefully) very rare cases where the same key is used for more than one purpose, multiple rows will contain the same key value. The columns in the table represent the key value and attributes of the key..."

See also: Cryptographic Key Management

Meet the Extensible Messaging and Presence Protocol (XMPP)
M. Tim Jones, IBM developerWorks

"Instant messaging (IM) is a popular application among casual Internet users as well as business users. It provides not only the means for users to communicate with others in real time, but also get their presence information — available, away from the computer, offline, and so on. One of the earliest open IM protocols was Jabber, which began as a nonstandard IM protocol in 1998 (developed by Jeremie Miller). As an extensible protocol built with XML, Jabber quickly found other applications as a general transport or message-oriented middleware (MoM). Eventually, XMPP arose from Jabber as a standards-based protocol in the form of an IETF working group protocol document: RFC 3920, 'Extensible Messaging and Presence Protocol (XMPP)'."

XMPP is not alone as a general-purpose messaging transport. Other popular protocols such as XML-RPC and SOAP can provide this capability with function call-like semantics. Newer methods such as Representational State Transfer (ReST) provide managed file access using URLs to specify the location, object, and method... XMPP has similarities to other application-layer protocols like SMTP. In these architectures, a client with a unique name communicates with another client with a unique name through an associated server. Each client implements the client form of the protocol, where the server provides routing capability..."

See also: the XMPP Standards Foundation

BACnet and Enterprise System Integration
Rita Tatum, FacilitiesNet

"While traditional enterprise firms pursue BAS to IT integration from the top down, Echelon Corporation and BACnet groups are approaching the matter from the BAS upward. In January, BACnet published a new complete version of the standard that includes an addendum on BACnet/Web Services, as well as seven other addenda. Eleven more addenda are being worked on by the American Society of Heating, Refrigerating and Air-Conditioning Engineers (ASHRAE) Standing Standard Project Committee (SSPC) 135, which developed the BACnet protocol. In addition, four addenda are underway for 135.1, BACnet's companion testing standard...

For some years now, SSPC 135's Utilities Integration Working group has been teaming with national labs and electric utilities on grid-related technologies such as real-time pricing and automated demand response. In June 2009, the group was rechartered as the Smart Grid Working Group, which is expected to continue working closely with NIST, Lawrence Berkeley National Laboratory and other groups as the smart grid develops. A definition for an XML syntax that can be used to represent building data in a consistent, flexible and extensible manner was defined by addendum 't'. The second public review of a revised version of the addendum was wrapped up in May 2009..."

See also: BACnet references

Defining DITA for Pharmaceutical Documentation
James Averback and Steffen Frederiksen (eds), Webinar Presentation

A presentation slideset from the Webinar Defining DITA for Pharmaceutical Documentation has been posted by Subcommittee Co-Chairs James Averback and Steffen Frederiksen. The 26-page document provides an overview with "Content Challenges in the Pharma Industry," Presentation on 'Is DITA the Answer?', and Overview of the newly formed OASIS DITA Pharma Subcommittee. Also available: an audio recording of the Webinar [.wmv], as reported by Carol Geyer.

The OASIS DITA Pharmaceutical Content Subcommittee (DITA-PSC) has been chartered to define DITA topics, maps, associated metadata properties and terminology to streamline design and creation of the complete body of pharmaceutical documentation required to represent a product for scientific and regulatory purposes throughout its lifecycle...Additional topics and maps for facilitating the internal business processes of content design, authoring, document review, submission assembly and regulatory portfolio management may be considered..."

The OASIS Darwin Information Typing Architecture (DITA) Technical Committee, parent of the DITA-PSC, was chartered advance a document creation and management specification that builds content reuse into the authoring process.

See also: the DITA Pharma announcement

Zend Teams with IBM, Microsoft, Rackspace and Other Cloud Leaders on Open Source Initiative
Staff, Zend Technologies Announcement

"Zend Technologies has launched the Simple API for Cloud Application Services project, a new open source initiative that allows developers to use common application services in the cloud, while enabling them to unlock value-added features available from individual providers. The project aims to facilitate the development of cloud applications that can access services on all major cloud platforms. Zend, IBM, Microsoft, Nirvanix, Rackspace and GoGrid are co-founding contributors to this community project...

The Simple Cloud API project empowers developers to use one interface to interact with a variety of cloud application services, enabling them to more easily access new technologies from cloud vendors. The first deliverables will include interfaces for file storage, document database, and simple queue services from platforms like Amazon Web Services, Windows Azure, Nirvanix Storage Delivery Network and Rackspace Cloud Files. As a result, developers can deploy software applications to access services in these environments without making time consuming and expensive changes to their source code...

An initial Simple Cloud API proposal and reference implementation is available now for community review and participation; developers can also evaluate the Simple API for Cloud Application Services by deploying their applications that use it on the Amazon cloud using the freely available Zend Server Community Edition Amazon Machine Image (AMI) for EC2..."

See also: the Simple Cloud API web site

Security Challenges With Cloud Computing Services
Marcia Savage,

If you entrust a cloud provider with your data, how is encryption handled, if at all? What about user authentication? What about data breach liability? Those were some of the issues raised during a panel discussion on the security challenges with cloud computing services at last week's Bay Area SecureWorld in Santa Clara, California...

Panelist Tim Mather, a security advisor and a founding member of the Cloud Security Alliance (CSA) said one of the major cloud security issues is encryption; if data is processed in the cloud it needs to be decrypted, while some providers don't even offer encryption. And if encryption is used, key management becomes a big issue: "Who manages the keys?"

The role of network security decreases when moving into the cloud, making user-based controls more critical, said Subra Kumaraswamy, senior security manager at Sun Microsystems Inc... The nonprofit CSA formally launched in April with a goal of sharing best practices on cloud computing security. The group, which has more than 4,000 members, released a paper outlining more than a dozen areas it says must be addressed to better secure cloud computing environments. Puhlmann said CSA expects to release the second version of the document in October..."

See also: the Cloud Security Alliance

Firefox Gets An Early Taste of 3D Web Standard
Stephen Shankland, CNET

A nascent technology called WebGL for bringing hardware-accelerated 3D graphics to the Web is getting a lot closer to reality. Last week, programmers began building WebGL into Firefox's nightly builds, the developer versions used to test the latest updates to the open-source browser. Also this month, programmers began building WebGL into WebKit, the project that's used in both Apple's Safari and Google's Chrome. Wolfire Games picked up on the WebKit move and offered a video of WebGL in action. Overall, the moves stand to accelerate the pace of WebGL development by making it easier to try out.

WebGL is one of a several efforts under way to make Web browsers into a more powerful computing platform, increasingly capable of rivaling what software running natively on a computer can do. Even the company with the most to lose from that direction (Microsoft) is embracing it with a Web-based version of Office... The WebGL plan emerged in March 2009 from Mozilla and the Khronos Group, which oversees the venerable OpenGL standard to let software tap into a computer's hardware-based graphics power . WebGL's roots lie with an earlier Mozilla project called Canvas 3D, a cousin of the present two-dimensional Canvas technology for drawing graphics in Web pages... Although Google is a WebGL supporter, it's also developing a higher-level 3D graphics technology called O3D for browsers..."

See also: the Vladimir Vukicevic blog


XML Daily Newslink and Cover Pages sponsored by:

IBM Corporation
Microsoft Corporation
Oracle Corporation
Sun Microsystems, Inc.

XML Daily Newslink:
Newsletter Archive:
Newsletter subscribe:
Newsletter unsubscribe:
Newsletter help:
Cover Pages:

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: