The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Last modified: October 08, 2009
XML Daily Newslink. Thursday, 08 October 2009

A Cover Pages Publication
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
Sun Microsystems, Inc.

Federal Register Goes XML At Last
Doug Beizer, Government Computer News

"U.S. White House officials announced that the Federal Register is now available in a format that lets readers browse, reorganize, and electronically customize the publication's daily contents. Issues of the Federal Register in XML format are now available at The XML documents are aslo available at and XML is a machine readable form of text that can be manipulated to work with digital applications, allowing people to analyze its contents in various ways... In 2008, editions of the daily publication contained nearly 32,000 separate documents on nearly 80,000 pages; the register chronicles White House and agencies' activities and proposed changes to federal regulations..."

From the announcement: "XML is a form of text that can be manipulated in virtually limitless ways with digital applications. For example, people who want to know about the workings of the Executive branch of the Federal Government no longer need to sift through the Federal Register in its traditional Department-by-Department and Agency-by-Agency format. In this new format users can rearrange the Federal Register's contents in personalized ways to match their particular interests. It is now possible, for example, to download the Federal Register and easily see what proposed actions might affect one's community or region, or what actions might have an impact on one's profession or business interests...

The transformation, undertaken by the Government Printing Office and the National Archives and Records Administration, vastly increases the Federal Register's usefulness to the American public and further opens the curtains on the inner workings of Government, a major goal of the Obama Administration... This paves the way for consumers, rather than Government officials to be in charge of deciding how to access critical information. The Government Printing Office and the Office of the Federal Register have accomplished a minor miracle in warp-speed time..."

See also: the announcement

IETF Last Call Review for The OAuth Core 1.0 Protocol
Eran Hammer-Lahav and Blaine Cook (eds), IETF Internet Draft

The Internet Engineering Steering Group (IESG) has received a request to consider 'The OAuth Core 1.0 Protocol' as an IETF Informational RFC. The IESG plans to make a decision in the next few weeks, and solicits final comments on this action by 2009-11-06.

OAuth "allows a user to grant a third-party Web site or application access to their resources, without necessarily revealing their credentials, or even their identity. For example, a photo-sharing site that supports OAuth would allow its users to use a third-party printing Web site to access their private pictures, without gaining full control of the user account. OAuth consists of: (1) A mechanism for a user to authorize issuance of credentials which a third party can use to access resources on their behalf; (2) A mechanism for using the issued credential to authenticate HTTP requests—called "signatures" in current OAuth...

The specification consists of two parts. The first part defines a method for making authenticated HTTP requests using two sets of credentials, one identifying the client making the request, and a second identifying the resource owner on whose behalf the request is being made. The second part defines a redirection-based user agent process for end users to authorize client access to their resources, by authenticating directly with the server and provisioning tokens to the client for use with the authentication method.

See also: the IETF Open Authentication Protocol (OAuth) WG Charter

W3C Last Call Review for Widgets 1.0: Widget URIs
Robin Berjon (ed), W3C Technical Report

Members of the W3C Web Applications Working Group have published a Last Call Working Draft for "Widgets 1.0: Widget URIs." The specification defines the widget URI scheme that is used to address resources inside a widget package...

"Resources inside a widget package are identified and located using a method that is specific to widgets technology. Widget URIs reflect this by providing these specific locators with their own syntax so that resources in widget packages can be readily identified. In general, authors of widget content use relative URI references. Widget URIs are therefore primarily synthesised by the user agent as it absolutises URI references found in documents contained in widgets packages. There are three classes of products that can claim conformance to this specification: (1) widget URI producers, which generate string representations of widget URIs; (2) widget URI consumers, which parse or otherwise process string representations of widget URIs; (3) valid widget URIs, the string representations of widget URIs..."

Related news: "Report of the Patent Advisory Group on the Widgets Updates Specification." A Patent Advisory Group (PAG) for the Web Applications Working Group published its report, which suggests that W3C should continue the work on the Widgets 1.0: Updates Specification. W3C launched the PAG when Apple Computer, Inc excluded patent claims from the W3C Royalty-Free licensing commitment. From the Executive Summary: "In reponse to Apple's withdrawal of IP, the Widgets Updates PAG concluded that the US Patent Nr. 5,764,992 (hereinafter also called 'the 992 patent') is considered not essential according to Section 8, Definition of Essential Claims of the W3C Patent Policy. The Patent Advisory Group concluded that the inventive step claimed by US Patent Nr. 5,764,992 lies in the fact that the software program can update itself absolutely independent of functions performed by any resource external to the current software program. As the Widgets 1.0: Updates Draft uses an update-manager throughout the Specification, such self-updating does not occur..."

See also: the W3C Patent Advisory Group report

Yahoo Sees Standards as Key to Open Web

Darryl K. Taft "Among the key issues in the Internet space today is the ongoing struggle between openness and stability in terms of standard web technology... Doug Crockford, a JavaScript expert at Yahoo called on his company and others to not 'break the web' as they each vie for developer hearts and minds. Crockford said this struggle is being felt across the industry at different levels and is becoming a point of concern in the standards bodies governing web technologies...

Crockford is also a member of the Ecma Technical Committee 39 (TC39), which is working on ECMAScript. 'Most of the stuff in JavaScript isn't useless, it's just dangerous, and that's true for HTML, CSS and a lot of other web technologies... The issue is how do we fix it without breaking it? For now we've been content putting stuff on top of it, but that can only last so long...' For example, with the ECMAScript, the TC39 committee abandoned an effort to deliver a fourth version of ECMAScript that advanced the language but also had some features that caused concern for some members. Instead, the committee agreed up a new specification, known as the Harmony release...In the interim TC39 has committed to deliver a new version of ECMAScript (version 5) that advances the language and fixes some of the problems; the fifth edition features better security, native JSON support, enhanced library support and more..."

Google Says, Have Your AJAX and SEO, Too
Michelle Megna,

This article reports on a Google proposal by Katharina Probst, Bruce Johnson, Arup Mukherjee, Erik van der Poel, and Li Xiao. "Google is proposing a new standard for making AJAX-based Web sites search-engine friendly. If adopted, the standard could mean developers no longer have to choose between site optimization and dynamic pages. It's been common knowledge for years that Web sites created using Asynchronous JavaScript and XML would not be crawled and indexed by search engines, often forcing Web developers to choose between search engine visibility and the dynamic features offered by AJAX. While AJAX-based Web sites are popular with users, search engines traditionally are not able to access any of the content on them...

Google also rolled out fitlered search options for smartphones powered by Android and Palm's webOS operating systems, as well as for iPhones. Now mobile users can narrow searches using several critieria, including date ranges, forum posts and so on... now offers nine more Search Options filters—including date ranges and options for more or fewer e-commerce sites. Search Options are found in the "show options" link, in the lightly shaded blue bar above the search results. As a result, Google now enables users to choose among the following: past hour, specific date range, more shopping sites, fewer shopping sites, visited pages, not yet visited, books, blogs and news..."

From the Google "Proposal for Making AJAX Crawlable," as reported in the blog post by John Mueller: "[Google proposes] a new standard for making AJAX-based websites crawlable. This will benefit webmasters and users by making content from rich and interactive AJAX-based websites universally accessible through search results on any search engine that chooses to take part. We believe that making this content available for crawling and indexing could significantly improve the web...

Some of the goals that we wanted to achieve with this proposal were: (1) Minimal changes are required as the website grows; (2) Users and search engines see the same content—no cloaking; (3) Search engines can send users directly to the AJAX URL—not to a static copy; (4) Site owners have a way of verifying that their AJAX website is rendered correctly and thus that the crawler has access to all the content... We are currently working on a proposal and a prototype implementation; feedback is very welcome..."

See also: the Google blog

W3C Report: Product Modelling using Semantic Web Technologies
Michel Boehms, David Leal (et al, eds), W3C Incubator Group Final Report

Members of the W3C Product Modelling Incubator Group have published their final report. The mission of the Incubator Group was to enable the use of the (Semantic) Web for Product Modelling (PM): the definition, storage, exchange and sharing of product data. Product data is information about the structure and behaviour of things that are realized in industrial processes. So principally product data is about things that are manmade, but it can also be about things in the natural world that interact with those industrial processes and/or its resulting products.

The report describes the role and scope of product data, and initial work in two technical areas (1) quantities, units, and scales; and (2) product structure—the decomposition of wholes in parts and the interconnection relationships between these parts.

Background: "The SWOP and S-TEN European projects, with the POSC Caesar Association, believed that it was possible to define a small core of basic OWL classes and properties constituting a generic, reusable 'upper ontology' for Product Modelling (PM). This core could be the basis of the ontologies defined by the two projects, and for many other application ontologies. This core could help the development of Web ontologies derived from existing international standards, such as BuildingSmart/IAI Industry Foundation Classes (IFC), ISO 10303 (STEP) and ISO 15926 (process plants)..."

See also: the Product Modelling Incubator Group

Web Data Services: Beyond the RDB-BI Straightjacket
Dana Gardner, ZDNet Blog

"As the recession forces the need to identify and evaluate new revenue sources, businesses need to capture such web data services for business intelligence (BI) to work better and fuller... In Part 2 of this series with Kapow Technologies, we identify how BI and web data services come together, and explore such additional subjects as text analytics and cloud computing...

Jim Kobielus: "At Forrester, we see traditional BI as a basic analytics environment, with ad-hoc query, OLAP, and the like. Advanced analytics -- building on that initial investment and getting to this notion of an incremental add-on environment—is really where a lot of established BI users are going. Advanced analytics means building on those core reporting, querying, and those other features with such tools as data mining and text analytics, but also complex event processing (CEP) with a front-end interactive visualization layer that often enables mashups of their own views by the end users. We see a strong push in the industry toward smashing those silos and bringing them all together. A big driver of that trend is that users, the enterprises, are demanding unified access to market intelligence and customer intelligence that's bubbling up from this massive Web 2.0 infrastructure, social networks, blogs, Twitter..."

Stefan Andreasen, co-founder and chief technology officer at Kapow Technologies: "Web data services can encapsulate or wrap the data silos that were residing with their business partners into services—SOAP services, REST services, etc.—and thereby get automated access to the data directly into the BI tool. The beauty with web data services is that it's really accessing the data through the application front end, using credentials and encryptions that are already in place and approved. You're using the existing security mechanism to access the data, rather than opening up new security holes, with all the risk that that includes..."

Secure Ajax Channel: SRP Hermetic
Antonio Caciuc, Blog

"SRP-Hermetic provides secure user authentication, communication integrity and communication privacy to AJAX applications. Its goal is to offer an efficient, scalable and customizable secure channel as an alternative to HTTPS. The source code is released under the MIT License. It encapsulates an implementation of Stanford's Secure Remote Password protocol, a pseudo-random number generator, symmetric encryption, message authentication and cryptographic hash functions into an easy to use API. A JavaScript client and a PHP server back-end are currently available...

SRP-Hermetic gives the developer the option to select between two security modes: (1) Signing mode, in which messages are sent in plain text, but are signed (currently using HMAC)—this mode provides integrity and authentication; (2) Encryption mode, in which messages are fully encrypted (currently using AES CTR), and then signed—this mode also provides confidentiality. The keys for signing and encrypting the messages are derived from the key obtained after the completion of the SRP authentication protocol.

The goal of SRP-Hermetic is not to replace HTTPS, but to be used as an alternative, simpler and possibly cheaper secure channel... The Achilles heel of this library, and of all javascript code is ensuring safe initial delivery to the client. While SRP network traffic can't be used to find out the password, the verifiers stored on the server can be broken by brute force attacks if the passwords are weak..."


XML Daily Newslink and Cover Pages sponsored by:

IBM Corporation
Microsoft Corporation
Oracle Corporation
Sun Microsystems, Inc.

XML Daily Newslink:
Newsletter Archive:
Newsletter subscribe:
Newsletter unsubscribe:
Newsletter help:
Cover Pages:

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: