Cover Pages: XML Daily Newslink: Wednesday, 28 October 2009

A Cover Pages Publication http://xml.coverpages.org/
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
Microsoft Corporation http://www.microsoft.com

Headlines

W3C OWL 2 Standard Facilitates Information Management and Integration
Can Your Computer Read a Web Page Without Your Help?
Tokenization vs. End-to-End Encryption: Experts Weigh In
Safran North America Releases UNCEFACT XML File for Cost/Scheduling
OGC Announces Call for Participation in OWS7
FBI: National Data-Breach Law Would Help Fight Cybercrime
Jive Refines Corporate Social Networking Tools
Feds' Smart Grid Race Leaves Cybersecurity in the Dust

W3C OWL 2 Standard Facilitates Information Management and Integration
Staff, W3C Announcement

W3C has announced a new version of a standard for representing knowledge on the Web. "OWL 2, part of W3C's Semantic Web toolkit, allows people to capture their knowledge about a particular domain (say, energy or medicine) and then use tools to manage information, search through it, and learn more from it. Furthermore, as an open standard based on Web technology, it lowers the cost of merging knowledge from multiple domains.

W3C published the first version of OWL in 2004. OWL has already been successfully deployed in such diverse application areas as Oil & Gas exploration, eBusiness, health record management, semantic desktops, or management of musical archives; more case studies are available. The new features in OWL 2 are based on the features people most requested after using OWL 1. OWL 2 introduces OWL profiles, subsets of the language that offer easier implementation and use (at the expense of expressive power) designed for various application needs...

OWL is one W3C tool for building and sharing vocabularies. Consider the application of OWL in the field of health care. Medical professionals use OWL to represent knowledge about symptoms, diseases, and treatments. Pharmaceutical companies use OWL to represent information about drugs, dosages, and allergies. Combining this knowledge from the medical and pharmaceutical communities with patient data enables a whole range of intelligent applications such as decision support tools that search for possible treatments; systems that monitor drug efficacy and possible side effects; and tools that support epidemiological research..."

Can Your Computer Read a Web Page Without Your Help?
Joab Jackson, Government Computer News Tech Blog

"At the International Semantic Web Conference, being held this week in Chantilly, Va., Dean Allemang, chief scientist at Semantic Web consulting firm TopQuadrant, offered a solid example of how a machine-readable Web would help us all, in theory anyway... W3C recently been promoting the idea of making the Web machine-readable, or a Web of data. What does that mean?

Allemang's example was work-related: booking hotels... Relational databases make the prospect feasible. With databases, you can structure data so each data element is slotted into a predictable location. You can query a database of personnel data to return a birth date of a particular person, because the row of data with that person's info has a dedicated column dedicated to the birth date. This approach wouldn't work so well for data beyond a single database...

The answer the W3C has come up with comes in a form of a set of interrelated standards, that can be used to embed data on Web sites, as well as to interpret the data that is found there. One standard is the Resource Description Framework. The other is the Web Ontology Language, or OWL... A query against Triple Store, which is what a RDF database is called, can link together disparate facts. If another triple, perhaps located in another Triple Store, contains the fact that Yellowstone contains the Mammoth Hot Springs, a single search across multiple Triple Stores can return both facts... In essence, with RDF, a user can build a set of data from various sources on the Web that may have not been brought together before... How do you use these triples? One way is through the query language for RDF, called SPARQL (an abbreviation for the humorously recursive SPARQL Protocol and RDF Query Language). With Structured Query language (SQL), you can query multiple database tables through the JOIN function. With a SPARQL query, you specify all the triples you would need, and the query engine will filter down to the answers that fit all of your criteria..."

See also: the ISWC 2009 Conference

Tokenization vs. End-to-End Encryption: Experts Weigh In
Linda McGlasson, BankInfoSecurity

Tokenization or end-to-end encryption: which solution will win the hearts of data protectors in the race to secure data? A recent study conducted by PriceWaterhouseCoopers on behalf of the Payment Card Industry Security Standards Council shows that end-to-end encryption and tokenization are the top choices for companies seeking to employ new emerging technologies to protect payment card and other critical data. And both approaches have their public proponents, including Heartland Payment Systems (HPY) CEO Robert Carr, who's been encryption's most vocal supporter in the wake of his organization's historic breach...

Tokenization replaces sensitive card data information with unique id symbols that keep all the essential data, without compromising its security. This approach has become popular as a way to increase security of credit card and e-commerce transactions, while minimizing the cost and complexity of industry regulations and standards -- especially the Payment Card Industry Data Security Standard (PCI). End-to-end encryption, also defined by Visa as data field encryption, is continuous protection of the confidentiality and integrity of transmitted data by encrypting it at the origin, then decrypting at its destination. The encrypted data travels safely through vulnerable channels such as public networks to its recipient, where it can be decrypted. One example is a virtual private network (VPN) that uses end-to-end encryption...

Dave Shackleford, former chief security strategist at EMC: 'We'll see both used for quite some time... I think smaller organizations that can really outsource everything will be more likely to choose tokenization, but bigger enterprises that have lots of data and applications will continue to look to encryption'..."

Safran North America Releases UNCEFACT XML File for Cost/Scheduling
Staff, Safran North America Announcement

"Safran North America (SNA), one of the world's leading manufacturers and distributors of project management applications, announced that it has successfully completed the development of export capability from its Safran for Microsoft Project and Safran Project applications to produce the international UNCEFACT XML file for scheduling. The XML file, which is sanctioned by the National Defense Industrial Association and the U.S. Defense Contract Management Agency (DCMA), normalizes scheduling information coming from proprietary software applications to conform to open systems standards. Earlier in 2009 the defense agency, which has oversight of all Defense-related contracts, had published the schema for the new XML standard, which is expected to eventually displace the government and industry standard ANSI X12 standards...

In Third Quarter 2009 Safran submitted its version of the XML file to DCMA for testing and conformance with the government's new Central Repository. It is expected that the Central Repository will archive information on government funded programs to track contractor performance, particularly in line with the federal government's new requirements for performance management in the expenditure of government funds... Safran is currently working on the UNCEFACT XML requirement for a separate export file for cost data and, in response to a recently released XML requirement for integrated cost and schedule, is in the initial stages of development for this new requirement also. The projected release of these additional files is during First Quarter 2010."

See also: UN/CEFACT TBG6

OGC Announces Call for Participation in OWS7
Staff, Open Geospatial Consortium Announcement

From the "OGC Web Services, Phase 7 (OWS-7) Request For Quotation and Call For Participation," which closes on December 01, 2009: "The organizations sponsoring OWS-7 seek open standards that address their interoperability requirements. The content of OWS-7 will be organized around the following threads: (1) Sensor Fusion Enablement, (2) Feature and Decision Fusion, (3) Aviation.

Many fusion processes are deployed in closed architectures with existing single provider software and hardware solutions. The goal of the fusion threads is to move those capabilities into a distributed architecture based upon open standards including standards for notifications, security, authorization, and workflow processing. The OGC's Sensor Web Enablement (SWE) standards enable developers to make all types of sensors, transducers and sensor data repositories discoverable, accessible and useable via the Web.

The Aviation Thread began in OWS-6, addressing certain applications in the aviation industry. OWS-7 expands the scope to include flight planning and aviation operations more broadly. The US Federal Aviation Administration (FAA) and EUROCONTROL have developed AIXM as a global standard for the representation and exchange of aeronautical information. AIXM uses the OGC Geography Markup Language (GML) tailored to the specific requirements for the representation of aeronautical objects, including the temporality feature that allows for time dependent changes affecting AIXM features.

OWS testbeds are part of OGC's Interoperability Program, a global, hands-on and collaborative prototyping program designed to rapidly develop, test and deliver proven candidate specifications into OGC's Specification Program, where they are formalized for public release. In OGC's Interoperability Initiatives, international teams of technology providers work together to solve specific geoprocessing interoperability problems posed by the Initiative's sponsoring organizations. OGC Interoperability Initiatives include test beds, pilot projects, interoperability experiments and interoperability support services—all designed to encourage rapid development, testing, validation and adoption of OGC standards.

FBI: National Data-Breach Law Would Help Fight Cybercrime
Grant Gross, Network World

Proposed U.S. legislation "would require businesses to report data breaches to potential victims and could help law enforcement agencies fight the growth of cybercrime, a U.S. Federal Bureau of Investigation official said; if U.S. businesses were required to share information about their data breaches, law enforcement agencies could link those attacks to others and potentially stop similar attacks at other organizations...

Some members of Congress have pushed for several years to pass data breach notification bills, without success. Although about 45 states have passed their own data-breach notification bills, Congress has yet to pass a federal law. Data-breach notification will be part of a comprehensive cybersecurity bill that the Senate Judiciary Committee will try to move to the Senate floor this year, said Lydia Griggsby, chief counsel for privacy and information policy at the committee. The Personal Data Privacy and Security Act, sponsored by Senator Patrick Leahy, a Vermont Democrat, would also limit how data brokers can use personal information and would establish data security rules for interstate businesses that collect personal data.

From Congressional Record S. 1490 Section 2 'Findings': 'To prevent and mitigate identity theft, to ensure privacy, to provide notice of security breaches, and to enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access, and misuse of personally identifiable information... Congress finds that (1) databases of personally identifiable information are increasingly prime targets of hackers, identity thieves, rogue employees, and other criminals, including organized and sophisticated criminal operations... (4) security breaches are a serious threat to consumer confidence, homeland security, e-commerce, and economic stability... (5) it is important for business entities that own, use, or license personally identifiable information to adopt reasonable procedures to ensure the security, privacy, and confidentiality of that personally identifiable information... (6) individuals whose personal information has been compromised or who have been victims of identity theft should receive the necessary information and assistance to mitigate their damages and to restore the integrity of their personal information and identities..."

Jive Refines Corporate Social Networking Tools
John Fontana, InfoWorld

Jive Software has announced a suite of corporate social networking tools tailored for various activities such as employee collaboration or brainstorming that will pull together both internal and external users. Jive Social Business Software (SBS) 3.0, is the latest iteration of the company's well-known Clearspace social networking tools. Jive, however, has sharpened the focus by crafting the tools around four "centers"—employee engagement; marketing and sales; customer support; and innovation. Jive combines social networking software, collaboration software, and community software into the first solution to effectively manage employees, customers, and partners on a unified platform built for tens of thousands of users and millions of page views...

What was an ad hoc platform that required users to bend the tools for their particular use, Jive is now offering a foundation tailored around certain tasks with the flexibility to add other capabilities and build custom applications. The centers in essence are a set of modules that sit on top of core collaboration capabilities such as discussion, polls, blogs, wiki, documents and workflow. Specific centers also feature unique tools. For example, the innovation center includes a plug-in for voting. The chief addition to the platform, however, is a technology called bridging, which allows companies to blend internally and externally generated content..."

According to the announcement: "The Jive Mobile for the iPhone and Blackberry allows users to create content and participate in active discussions from the iPhone and/or Blackberry, or any mobile or desktop device with access to email... With Jive Bridging, employees can now pull high-impact conversations that take place in any of their public Jive communities (such as recurring customer issues or channel partner needs) into the private Jive employee community for internal discussion behind the firewall and seamlessly push thoughtful responses back... The Jive Microsoft Office Connector enables Jive SBS 4.0 users to work on any Microsoft Office document, spreadsheet or presentation in Jive or on their desktop... The Jive Analytics Module provides a powerful set of tools for community managers to quickly quantify and characterize the growth and success of their communities..."

See also: the announcement

Feds' Smart Grid Race Leaves Cybersecurity in the Dust
Kim Zetter, Wired.com

"Amid the government-funded rush to upgrade America's aging electric system to a smart grid comes a strange confluence of press releases this week by the White House and the University of Illinois. Tuesday morning, President Obama, speaking at Florida Power and Light (FPL) facilities, announced $3.4 billion in grants to utility companies, municipal districts and manufacturers to spur a nationwide transition to smart-grid technologies and fund other energy-saving initiatives as part of the economic stimulus package. FPL will receive $200 million to install 2.6 million smart meters and other technologies that promise to reduce energy costs for customers...

Strange, then, that another press release distributed Monday by the Information Trust Institute at the University of Illinois announces a grant of $18.8 million to four academic institutions to fund a five-year research project into securing the power grid. The project is supposed to make certain that the smart meters and other devices implemented by power companies can resist hackers and other attackers. The only problem is, by the time the research project is completed, most of the nation will have already adopted untested and unsecured technologies...

Richard Clarke, chairman of the Good Harbor security consulting firm and former special adviser to President George W. Bush on cybersecurity: 'We have no way of having any confidence that there's any cybersecurity plans since we don't know anything about the qualifications of the experts who examined them or the criteria they're using to judge them; in the absence of someone like the NSA or the cybercenter at DHS to certify every smart-grid proposal, there's no reason to believe they're taking security seriously... More important than asking companies to submit a cybersecurity plan for future technologies is to require that utility companies and energy distributors pass an audit for their current state of security'..."


SEARCH \| ABOUT \| INDEX \| NEWS \| CORE STANDARDS \| TECHNOLOGY REPORTS \| EVENTS \| LIBRARY

Headlines

Sponsors