Cover Pages: XML Daily Newslink: Wednesday, 14 October 2009

A Cover Pages Publication http://xml.coverpages.org/
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
Microsoft Corporation http://www.microsoft.com

Headlines

HTML+RDFa: A Mechanism for Embedding RDF in HTML
Updated FAQ Document for the OASIS Symptoms Autonomic Framework (SAF) TC
MIKEY-IBAKE: Identity-Based Mode of Key Distribution in Multimedia Internet KEYing (MIKEY)
U.S. Dept. of Education Ties Desktop Encryption to Employee ID Cards
Laptop Theft Nets Data On 800,000 Doctors
W3C Member Submission: Web Application Description Language (WADL)
Developing WS-Management Solutions for Intel Active Management Technology
Database of Long-Lived Cryptographic Keys
Wi-Fi Direct Could Be the Death of Bluetooth
JetBrains Open-Sources IntelliJ IDEA

HTML+RDFa: A Mechanism for Embedding RDF in HTML
Ben Adida, Mark Birbeck (et al. eds), W3C Technical Report

Members of the W3C HTML Working Group have published a First Public Working Draft for "HTML+RDFa: A Mechanism for Embedding RDF in HTML."

"RDFa is intended to solve the problem of machine-readable data in HTML documents. RDFa provides a set of HTML attributes to augment visual data with machine-readable hints. Using RDFa, authors may turn their existing human-visible text and links into machine-readable data without repeating content.

Today's web is built predominantly for human consumption. Even as machine-readable data begins to permeate the web, it is typically distributed in a separate file, with a separate format, and very limited correspondence between the human and machine versions. As a result, web browsers can provide only minimal assistance to humans in parsing and processing web data: browsers only see presentation information.

This specification defines rules and guidelines for adapting the 'RDF in XHTML: Syntax and Processing (RDFa)' specification for use in the HTML5 and XHTML5 members of the HTML family. The rules defined in this document not only apply to HTML5 documents in non-XML and XML mode, but also to HTML4 documents interpreted through the HTML5 parsing rules..."

See also: the W3C HTML Working Group

Updated FAQ Document for the OASIS Symptoms Autonomic Framework (SAF) TC
CA, Fujitsu, IBM; Revised Frequently Asked Questions

Co-proposers of the OASIS Symptoms Autonomic Framework (SAF) Technical Committee have issued an updated FAQ document outlining opportunities for use of the symptoms technology. "Symptoms provides a common format to consistently analyze and remediate problems based on events from multiple domains and multiple vendors, and allows on-site management to extend and optimize the capabilities of their deployment beyond what vendors provide out of the box...

How does Symptoms relate to Cloud Computing? "Simply put, applications, services, and processes hosted in the cloud tend to have even more 'moving parts and layers' than when more traditionally distributed and deployed. In fact, adding the extra layers of abstraction across multiple vendors and domains will likely increase the cost of support and optimization without a standard like SAF to enable a more automated approach. SAF supports not only the autonomic management of individual layers in the Cloud deployment stack, i.e. IaaS, PaaS, SaaS, but also it facilitates the communication of problem (and optimization) information across the boundaries. For example, a Symptoms enabled PaaS could accept application level information from a SaaS to optimize provisioning at the IaaS level..."

Note: A Webinar "Introduction to OASIS Symptoms Autonomic Framework (SAF)" was scheduled to be held on Tuesday, October 20, 2009, featuring Jeffrey A. Vaught (CA), Abdi Salahshour (IBM), and Vivian Li (Fujitsu).

See also: the SAF Webinar

MIKEY-IBAKE: Identity-Based Mode of Key Distribution in Multimedia Internet KEYing (MIKEY)
Violeta Cakulev and Ganapathy Sundaram (eds), IETF Internet Draft

An initial version -00 has been released for "MIKEY-IBAKE: Identity-Based Mode of Key Distribution in Multimedia Internet KEYing (MIKEY)." This document describes a key management protocol variant for the multimedia Internet keying (MIKEY) protocol which relies on trusted key management service. In particular, this variant utilizes Identity Based Authenticated Key Exchange framework which allows the participating clients to perform mutual authentication and derive a session key in an 'asymmetric identity based encryption' framework. This framework, in addition to providing mutual authentication, eliminates the key escrow problem that is common in standard Identity Based Encryption while simultaneously providing perfect forward and backwards secrecy.

Background: "Identity-based encryption (IBE) is a public-key encryption technology that allows a public key to be calculated from an identity, and the corresponding private key to be calculated from the public key. IBE framework is defined in RFC 5091 (Identity-Based Cryptography Standard (IBCS) #1: Supersingular Curve Implementations of the BF and BB1 Cryptosystems), RFC 5408 (Identity-Based Encryption Architecture and Supporting Data Structures), and RFC 5409 (Using the Boneh-Franklin and Boneh-Boyen Identity-Based Encryption Algorithms with the Cryptographic Message Syntax - CMS").

Multimedia Internet Keying (MIKEY) as defined in RFC 3830 describes several modes of key distribution solution that address multimedia scenarios using pre-shared keys, public keys, and optionally a Diffie-Hellman key exchange. Following MIKEY specification, multiple extensions of MIKEY have been specified. Recently, it has been noted that the currently defined MIKEY modes are insufficient to address deployment scenarios in which security systems serve a large number of users. In these scenarios, a key management service is often preferred. With such a service in place, it would be possible for a user to request credentials for any other user when they are needed. Some proposed solutions rely on Key Management Services (KMS) in the network that create, distribute, and manage keys in a real time. Due to this broad functionality, key management services will have to be online, maintain high availability, and have to be networked across operator boundaries. In some applications, this architecture creates a huge burden on operators to install, and manage these boxes. Moreover, since the keys are created and distributed by the KMS, these servers are de-facto escrow points leading to increased vulnerability and operational discomfort on the part of end-users. In fact, this feature is a violation of the "end-to-end security" design goals in Section 2.2 of RFC 3830..."

U.S. Dept. of Education Ties Desktop Encryption to Employee ID Cards
Ellen Messmer, Network World

"The U.S. Department of Education is rolling out desktop encryption software in a way that links the cryptographic process to employees' government-issued Personal Identity Verification (PIV) smart cards. Tying encryption to the PIV card is a novel approach that will offer stronger authentication than a simple password. The system, which is based on PGP's disk encryption technology, is intended to meet government rules for safeguarding sensitive financial and personal information, according to Phillip Loranger, chief information security officer at the Department of Education...

The Department of Education intends to first deploy PGP's Whole Disk Encryption on all mobile computers to protect data at rest. The agency picked PGP in part because the encryption software company is willing to do some custom development to make sure that its Whole Disk Encryption software works with the government-issued PIV smart card and Microsoft Active Directory..."

Laptop Theft Nets Data On 800,000 Doctors
Thomas Claburn, InformationWeek

"The theft of a laptop belonging to an employee of an insurance trade group has put hundreds of thousands of physician around the country at risk of identity theft. The laptop, belonging to an employee of the Blue Cross and Blue Shield Association (BCBSA), was stolen from a car in late August [2009], according to reports in the Boston Globe and the Chicago Tribune. It contained a database listing the business and personal information of about 800,000 doctors...

There were about 732,000 practicing physicians in the U.S. at the end of 2007, according to a spokesperson for the American Medical Association... BlueCross Blue Shield Plans will offer credit monitoring services to affected physcians and he urged doctors to keep an eye out for fraud arising from the breach... According to the Globe's account, Blue Cross-Blue Shield maintains the data in encrypted form on its servers, but the employee copied the data after it had been decrypted..."

W3C Member Submission: Web Application Description Language (WADL)
Marc Hadley (ed), W3C Member Submission

W3C has acknowledged receipt of a Member Submission from Sun Microsystems for the "Web Application Description Language (WADL)" specification.

"An increasing number of Web-based enterprises (Google, Yahoo, Amazon, Flickr to name but a few) are developing HTTP-based applications that provide programatic access to their internal data. Typically these applications are described using textual documentation that is sometimes supplemented with more formal specifications such as XML schema for XML-based data formats. WADL is designed to provide a machine process-able description of such HTTP-based Web applications..."

According to the W3C Team Comment by Yves Lafon: "The "Web Application Description Language" submission (WADL) allows the description of HTTP-based services, putting the emphasis on the basic description of those services from the HTTP interaction standpoint, while allowing different grammars and formalizations to describe the payloads and parameters used during the interaction. WADL also gives examples on how to use grammars like RelaxNG or XML Schema... WADL relates to XML Schema (wnere WADL uses XML Schema as one possible mechanism for defining the structure of message payloads) and SAWSDL (where SAWSDL is used to describe additional semantic in WSDL descriptions and XML Schema definitions)..."

See also: W3C Member Submissions

Developing WS-Management Solutions for Intel Active Management Technology
Randy Templeton, Intel Software Network

The Web Services for Management (WS Management) specification "addresses the cost and complexity of IT management by providing a common way for systems to access and exchange management information across the entire IT infrastructure. By using Web services to manage IT systems, deployments that support WS-Management will enable IT managers to remotely access devices on their networks - everything from silicon components and handheld devices to PCs, servers and large-scale data centers. WS-Management was the first specification in support of the DMTF initiative to expose CIM resources via a set of Web services protocols..."

This article describes how to develop flexible WS Management-based solutions for Intel Active Management Technology using the .NET development environment. The basic ingredients and building blocks of a WSMan-based solution will be presented along with coding samples. WS-Management is now the primary interface used for Intel Activate Management Technology (Intel AMT) hardware...

The samples referenced in this article were written using Windows 2008 and can be downloaded from the Intel Software Network Manageability Community. Armed with WinRM, CIMAuto, and the Intel AMT SDK class reference, you should be able to implement any of the flows for Intel AMT. In this sample, we explore how to set up the .NET environment to use WSman and run through the WSMan operations to perform a hardware power control...

Database of Long-Lived Cryptographic Keys
Russell Housley and Tim Polk, IETF Internet Draft

IETF has released an initial level -00 Internet Draft for "Database of Long-Lived Cryptographic Keys." The document specifies the information that needs to be included in a database of long-lived cryptographic keys. This conceptual database is designed to support both manual key management and automated key management. The intent is to allow many different implementation approaches to the specified cryptographic key database.

Security protocols are expected to use an application program interface (API) to select a long-lived key from the database. In many instances, the long-lived keys are not used directly in security protocols, but rather a key derivation function is used to derive short-lived key from the long-lived keys in the database. The database is characterized as a table, where each row represents a single long-lived symmetric cryptographic key. Each key should only have one row; however, in the (hopefully) very rare cases where the same key is used for more than one purpose, multiple rows will contain the same key value. The columns in the table represent the key value and attributes of the key...

Management of encryption and authentication keys has been a significant operational problem, both in terms of key synchronization and key selection. For example, current guidance in RFC 3562 warns against sharing TCP MD5 keying material between systems, and recommends changing keys according to a schedule. The same general operational issues are relevant for the management of other cryptographic keys... Designers should recognize the warning provided in RFC 4107: Automated key management and manual key management provide very different features. In particular, the protocol associated with an automated key management technique will confirm the liveness of the peer, protect against replay, authenticate the source of the short-term session key, associate protocol state information with the short-term session key, and ensure that a fresh short-term session key is generated. Further, an automated key management protocol can improve interoperability by including negotiation mechanisms for cryptographic algorithms. These valuable features are impossible or extremely cumbersome to accomplish with manual key management..."

See also: the IETF Security Area

Wi-Fi Direct Could Be the Death of Bluetooth
Tony Bradley, Network World

The Wi-Fi Alliance announced a new wireless networking specification which will enable devices to establish simple peer-to-peer wireless connections without the need for a wireless router or hotspot. Wi-Fi Direct has a wide array of potential uses, many of which encroach on Bluetooth territory and threaten to make the competing wireless protocol obsolete. The new specification, previously referred to by the codename 'Wi-Fi peer-to-peer', will be finalized soon and the Wi-Fi Alliance expects to begin certifying devices as Wi-Fi Direct compliant by mid-2010...

Ad hoc wireless networking has always been more complex and cumbersome than it is worth, and it maxes out at 11 Mbps. Wi-Fi Direct will connect at existing Wi-Fi speeds—up to 250 Mbps. Wi-Fi Direct devices will also be able to broadcast their availability and seek out other Wi-Fi Direct devices. Wi-Fi Direct devices can connect in pairs or in groups. With Wi-Fi Direct only one of the devices needs to be compliant with Wi-Fi Direct to establish the peer-to-peer connection..."

According to the FAQ: "Wi-Fi Direct does not require new hardware to operate, so some vendors may offer software upgrades. However, it's important to note that interoperability between Wi-Fi Direct devices and legacy devices is a key element of the specification, so even non-upgraded devices can join a Wi-Fi Direct network... Wi-Fi devices will be able to make direct connections to one another quickly and conveniently to do things like print, sync, and share content even when an access point or router is unavailable. Wi-Fi Direct connections will work at typical Wi-Fi speeds and range, protected by WPA2 security protocols and including WMM Quality of Service mechanisms..."

JetBrains Open-Sources IntelliJ IDEA
Darryl K. Taft, eWEEK

JetBrains, the maker of the popular IntelliJ IDEA Java integrated development environment, "has decided to deliver an open-source version of its tool set... Starting with the upcoming Version 9.0, IntelliJ IDEA will be offered in two editions: Community Edition, which will be free and open source, and Ultimate Edition, which until today has been referred to as simply IntelliJ IDEA. The brand-new Community Edition is built on the IntelliJ platform and includes its sources. JetBrains has made it as easy as possible to access and use the source code of the Community Edition and the IntelliJ platform, by applying the democratic Apache 2.0 license to both of them..." According to the company blog: "in the free Community Edition you'll get all the Java code support—various refactorings and code inspections, coding assistance; debugging, TestNG and JUnit testing; CVS, Subversion and Git support; Ant and Maven build integration; and Groovy and Scala support (through a separate plugin)... The IntelliJ platform, the common foundation for all our IDEs (IDEA, RubyMine, WebIDE or MPS), is being open-sourced under the APL 2.0, too..."

See also: the blog article


SEARCH \| ABOUT \| INDEX \| NEWS \| CORE STANDARDS \| TECHNOLOGY REPORTS \| EVENTS \| LIBRARY

Headlines

Sponsors