A Cover Pages Publication http://xml.coverpages.org/
Provided by OASIS and Sponsor Members
Edited by Robin Cover
This issue of XML Daily Newslink is sponsored by:
Microsoft Corporation http://www.microsoft.com
Headlines
- Windows Live Leverages Activity Streams Standards
- Atom Activity Extensions
- IETF Centralized Conferencing Manipulation Protocol
- End-to-end Encryption is the Key to Protecting Data and Reputations
- CA Launches Mainframe-Based Encryption Key Management Software
- A Uniform Resource Name (URN) Namespace for Sources of Law (LEX)
- Telerik Offers Silverlight Advances and ORM for the Cloud
- Consuming XML Web Services in iPhone Applications
- Leaked Draft of EU Interop Framework
Windows Live Leverages Activity Streams Standards
Rob Dolin and Jeff Kunins, Posting to Activity Streams List
'Activity Streams' is an extension to the Atom feed format to express what people are doing around web. So Rob Dolin writes: "As you may have heard, Windows Live launched 19 new 'Web Activity' partners earlier this morning. There's a blog entry from Jeff Kunins... I particularly wanted to point the list readers as fellow Activity Streams enthusiasts to Jeff's comments about Activity streams being an enabling technology...
From a technology and standards point of view, here are a few additional fun data points about the web activities program: (1) Windows Live is a co-author and active participant in the Activity Streams standards, an effort for safely exchanging activity feed content (with user opt-in) among sites and client applications. The spec is being co-authored by representatives from Facebook, MySpace, Microsoft (us), SixApart, and the DiSo project. Many other key companies like Google, Yahoo, and Netflix are participants and contributors as well. (2) Activity Streams make it easy for partner sites to expose feed information or activity from their sites in a consistent format, once, so that their customers can import or connect what they're doing on that site to other major services like Windows Live, MySpace, Facebook, etc. without their needing to implement service-specific tweaks to their feed. Likewise, service endpoints like Windows Live can expose a standard endpoint rather than implementing and maintaining custom feed ingestion for every partner. (3) Windows Live is already consuming Activity Streams-compliant feeds from Facebook, MySpace, and about a dozen other of the current web activity partners who have begun publishing using the Activity Streams standard...
See also: Activity Streams standards
Atom Activity Extensions
Martin Atkins (et al, eds), Experimental Community Draft
This draft of November 4, 2009 or later "presents an extension that allows activities on social objects to be expressed within the Atom Syndication Format. For the purpose of the Atom Activity Extension document, an "activity" is a "description of an action that was performed (the verb) at some instant in time by some actor (the subject), usually on some social object (the object). An activity feed is a feed of such activities. An activity may also have an indirect object. The indirect object is considered for the purposes of this specification to be a modifier of the activity and does not exist as a first-class object.
It is expected that in many cases consumers of activity feeds will use them to turn machine readable descriptions of activities into human-readable sentences such as 'Joanne posted a Photo: 'My Cat''. The process for forming such sentences is not defined by the specification...
Verbs and object types are identified by IRIs (verb and object identifiers) as defined by RFC 3987 though these IRIs MAY not resolve to any useful resource. The specification defines a single verb ('post'), which describes the act of posting or publishing an object on the web. The implication is that before this activity occurred the object was not posted, and after the activity has occurred it is posted or published.
Verbs and object types MAY derive from other verbs and object types. In this case the atom:entry should list of all the parent verbs and the activity:object will should list of all the parent object types. The properties required by the parents will also be required by the derived types. For example, If we have an object type named photo which derives from an object type named image and image has a required property containing the URL of a thumbnail version of the image then this is also a required property for photo. This allows activity consumers to have a fallback behavior when new object types or verbs are introduced..."
See also: Atom Activity Base Schema
IETF Centralized Conferencing Manipulation Protocol
Mary Barnes, Chris Boulton (et al, eds), IETF Internet Draft
Members of the IETF Centralized Conferencing (XCON) Working Group have published a revised version of the Centralized Conferencing Manipulation Protocol specification. "The Centralized Conferencing Manipulation Protocol (CCMP) can create, retrieve, change and delete objects describing a centralized conference, such as state and capabilities of the conference, participants, and their roles. The conference information is contained in XML documents and fragments conforming to the centralized conferencing data model schema. Even though the goal of the CCMP is to appropriately manage conference state, the mechanisms upon which the protocol itself is built are based on a state-less request/response paradigm. Conferencing clients send requests to conference servers, which respond to the client with the conference information...
The CCMP implements the client-server model within the XCON Framework, with the conferencing client and conference control server acting as client and server, respectively. The CCMP uses HTTP as the protocol to transfer the CCMP requests and responses, which contain the domain-specific XML-encoded data objects defined in the Conference Information Data Model for Centralized Conferencing (XCON Data Model). Other protocol models such as the use of a REST (REpresentational State Transfer) architectural style were considered... Section 4 provides an overview of the Conference Control functionality of the XCON framework, together with a description of the main targets CCMP deals with, namely conference objects and conference users. A general description of the operations associated with protocol messages is given in Section 5 together with implementation details. A complete example of the operation of the CCMP, describing a typical call flow associated with conference creation and manipulation, is provided in Section 7, and Section 12 provides the XML schema.
The specification "Conference Information Data Model for Centralized Conferencing (XCON)" has also been updated. "A conference information data model is designed to convey information about the conference and about participation in the conference. The conference information data model defined in this document constitutes an extension of the data format specified in the Session Initiation Protocol (SIP) Event Package for Conference State. Conference objects are a fundamental concept in Centralized Conferencing, as described in the Centralized Conferencing Framework (per RFC 5239). A conference object contains data that represents a conference during each of its various stages (e.g., created/creation, reserved/reservation, active/activation, completed/completion). A conference object can be manipulated using a conference control protocol at a conference server. The conference object represents a particular instantiation of a conference information data model. Consequently, conference objects follow the XML format defined in this document..."
See also: the XCON Data Model document
End-to-end Encryption is the Key to Protecting Data and Reputations
Paul Meadowcroft, ZDNet News
"Encryption is new for many organizations striving to become and remain PCI-compliant and there is a limit to how aggressive you can be in mandating its deployment. PCI DSS therefore addresses the two most vulnerable areas—data in transit across public networks such as the Internet and during storage. In order to avoid the financial and brand damage associated with data breaches, businesses need to consider deploying end-to-end encryption as a tamper proof way of securing data, regardless of whether encryption is explicitly mandated by a piece of regulation or simply recommended.
Whilst much of the burden of implementing good key management lies with security professionals within organizations, there are several initiatives underway that are designed to guide the process. Key management standards such as the Key Management Interoperability Protocol (KMIP) and IEEE 1619.3 are nearing ratification, deployment best practices are well understood within the auditing community and second generation key management products are reaching the market. Measures such as these will help enable organizations to implement cohesive key management strategies moving forward. Once a well thought-through approach to key management is established, effective security policies, reporting practices and, ultimately, a stronger sense of control over your data will be achieved..."
See also: the OASIS KMIP specification
CA Launches Mainframe-Based Encryption Key Management Software
Beth Pariseau, Storage Soup Blog
"Claiming its approach to enterprise data security key management will assure users of reliability, CA this week launched a new Encryption Key Manager (EKM) software offering that runs on z/OS mainframe and can manage keys for CA Tape Encryption as well as IBM tape formats. Stefan Kochishan, director of storage product marketing for CA, said a lack of key management standards for encryption at the various points it's deployed in the enterprise has hindered encryption adoption. But, he argued, many customers are also concerned with the reliability of open-systems based encryption key managers, since without keys to access it, encrypted data can be lost...
The new z/OS based product will manage IBM and CA tape encryption instances and automatically mirror keys among mainframes at up to three sites, including replication over SSL and digital certification for data integrity. This method allows keys to be re-created from an alternate location should the primary key manager fail, a key is accidentally deleted, or if the primary site is lost in a disaster. Users can also backup the key store to mitigate the threat of rolling corruption in the replication system..."
According to the CA announcement: "IT organizations face new encryption key management issues as expanding compliance mandates and growing consumer concerns about privacy drive more rigorous protection of sensitive data. These issues include: (1) The time and effort required to manage keys; (2) The accuracy with which keys must be distributed to authorized users; (3) The need to ensure the availability of all keys under any conditions; (4) The need to credibly document encryption measures to auditors. CA EKM helps customers address these issues and others by providing a single, centralized interface that can be used for any combination of IBM TS1120 and IBM TS1130 tape encryption devices, as well as CA Tape Encryption subsystems... CA EKM automatically replicates encryption keys across a set of local and dispersed hosts via SSL-encrypted TCP/IP, so that keys can quickly and transparently be recovered in case of a disaster, hardware errors or a system outage. It also automatically enforces policies regarding the change of encryption keys and digital certificates, thereby mitigating the labor and risk associated with manual administration..."
See also: the CA announcement
A Uniform Resource Name (URN) Namespace for Sources of Law (LEX)
P. Spinosa, E. Francesconi, C. Lupo (eds), IETF Internet Draft
IETF has published an initial -00 level Internet Draft for the document A Uniform Resource Name (URN) Namespace for Sources of Law (LEX)" It describes a Uniform Resource Name (URN) Namespace Identification (NID) convention as prescribed by the World Wide Web Consortium (W3C) for identifying, naming, assigning, and managing persistent resources in the legal domain.
The purpose of the 'lex' namespace is to assign an unequivocal identifier, in standard format, to documents that are sources of law. The identifier is conceived so that its construction depends only on the characteristics of the document itself and is, therefore, independent from the document's on-line availability, its physical location, and access mode. 'Sources of law' include any legal document within the domain of legislation (including bills), case law and administrative acts or regulations. This identifier will be used as a way to represent the references (and more generally, any type of relation) among the various sources of law."
Context: "Since 2001 the Italian Government, through the CNIPA (National Authority for Information Technology in the Public Administration), the Ministry of Justice and ITTIG-CNR (the Institute of Legal Information Theory and Techniques of the Italian National Research Council) promoted the NormeInRete project. It was aimed at introducing standards for sources of law description and identification using XML and URN techniques. Other national initiatives in Europe introduced standards for the description of legal sources: for example the Metalex project, promoted by the University of Amsterdam and adopted by the Dutch Tax and Customs Administration, the Belgian Public Centers for Welfare and others; LexDania project in Denmark supported by the Danish Ministry of Justice; CHLexML in Switzerland developed by COPIUR, the Coordination Office for the Electronic Publication of Legal Data Federal Office of Justice; eLaw in Austria mainly coordinated by the Austrian Parliament. Such initiatives, based in synergies between government, national research institutes, and universities, have defined national XML standards for legal document management, as well as schemes for legal document identification...
Registrants wish now to promote interoperability among legal information systems by the definition of a namespace convention and structure that will create and manage identifiers for legal documents. The identifiers will be: globally unique, transparent, persistent, location-independent, and language-neutral. These qualities will facilitate legal document management as well as provide a mechanism of stable cross-collections and cross-country references..."
Telerik Offers Silverlight Advances and ORM for the Cloud
Kathleen Richards, Application Development Trends
"With its Q3 2009 release, Telerik is introducing Silverlight reporting tools and a complete object-relational mapper for SQL Azure, among other enhancements in its Premium Collection for .NET... Telerik's latest .NET tooling offers updated RadControls for Silverlight, ASP.NET AJAX, Windows Presentation Foundation and WinForms; Reporting, OpenAccess ORM and beta extensions for ASP.NET MVC. Automated UI testing for Silverlight apps is now part of the WebUI Test Studio, a separate testing tool. The updated Silverlight tooling, which supports Silverlight Version 3, offers a native report viewer for Telerik Reporting that renders pure XAML in a Silverlight plug-in. The upgraded Reporting tool supports Microsoft's XPS document format and document maps...
Automated testing of Silverlight apps is supported in the enterprise-level WebUI Test Studio, designed by ArtofTest to automate integration testing of ASP.NET. With the framework's UI object model, developers can test and verify the Telerik UI elements of their Silverlight applications using a VS 2008 integrated test recorder. The four extensions (in beta) for ASP.NET MVC, which include a data grid, are based on the JQuery JavaScript library and distributed under the open source GPLv2 license. A commercial license is also available..."
Consuming XML Web Services in iPhone Applications
Wei-Meng Lee, DevX.com
"Consuming web services in iPhone is not for the faint-of-heart. Unlike other development tools (such as Microsoft Visual Studio), Xcode does not have built-in tools that make consuming web services easy. Everything must be done by hand and you need to know how to form the relevant XML messages to send to the web services and then parse the returning XML result... In the .NET world, accessing the web service is a pretty straightforward affair: Visual Studio provides a built-in tool that automatically creates a web proxy service object for the web service when you download the WSDL document. For iPhone development, you need to get your hands dirty, so it's far more important to understand the underlying mechanics of consuming web services...
This article will give you a good understanding of how to communicate with XML web services from within your iPhone application, and the examples will provide a solid foundation for consuming other web services in your own projects... You will see a working iPhone application that illustrates the various ways you can consume a web service in your iPhone applications: SOAP, HTTP GET, and HTTP POST. The example both calls a web service and shows how to extract data from the XML-formatted response. Using web services (and being able to parse XML) in your iPhone applications can open up an entire world full of data to your applications..."
Leaked Draft of EU Interop Framework
Rick Jelliffe, O'Reilly Technical
"Two months ago I alerted readers Europeans: 'only two weeks left to comment on ICT & standards whitepaper'. I am not sure on which dots actually join up, but a Dutch website has what is claimed to be a leaked late draft in English of European Interoperability Framework for European Public Services (EIF) Version 2.0. Here are some of the general recommendations related to standards and issues raised on this blog...
'Recommendation 18: Public administrations should support the establishment of both sector-specific and cross-sectoral communities aimed at facilitating semantic interoperability and should encourage the sharing of results produced by such communities through national and European platforms... Recommendation 19: Public administrations should agree on the standards and specifications to be used to ensure technical interoperability when establishing European Public Services. Recommendation 22: Other things being equal, public administrations should prefer open specifications when establishing European Public Services'...
Excerpt 's5.2.1 The possibility of sharing and re-using service components based on formalised specification depends on the openness of the specifications... However, public administrations may decide to use less open specifications, especially in cases where open specifications do not meet the functional interoperability needs'... [Jelliffe:] One of the strong arguments that the Free software people have been making in recent times is that an Open Specification whose license locks them out is unacceptable. This footnote (19) seems to be saying that specifications must not only not lock Open source developers out, they must also not lock out Microsoft developers. What is really interesting is whether Free software will be treated as an independent tradition or community rather than being lumped in with Open Source. I tend to think it should be treated as distinct. I think that would shake things up nicely: especially with relationship to royalty-bearing standards such as some of the MPEGs..."
See also: the draft 'European Interoperability Framework for European Public Services (EIF) Version 2.0'
Sponsors
XML Daily Newslink and Cover Pages sponsored by:
IBM Corporation | http://www.ibm.com |
Microsoft Corporation | http://www.microsoft.com |
Oracle Corporation | http://www.oracle.com |
Primeton | http://www.primeton.com |
Sun Microsystems, Inc. | http://sun.com |
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: newsletter-subscribe@xml.coverpages.org
Newsletter unsubscribe: newsletter-unsubscribe@xml.coverpages.org
Newsletter help: newsletter-help@xml.coverpages.org
Cover Pages: http://xml.coverpages.org/