This issue of XML Daily Newslink is sponsored by:
Sun Microsystems, Inc. http://sun.com
- Voice Extensible Markup Language (VoiceXML) 3.0
- IETF IANA Registration for Topic Maps: application/xtm+xmlMedia Type
- Model-Driven Architecture with Eclipse Graphical Modeling Framework (GMF)
- A Multi-Layer Architecture for a Security Management Infrastructure
- W3C Last Call Review for XML Schema Definition Language Version 1.1
- Distribution of EAP Based Keys for Handover and Re-Authentication
- Integrating a Dojo Client with an SCA Application via SCA HTTP Binding
Voice Extensible Markup Language (VoiceXML) 3.0
Scott McGlashan, Daniel C. Burnett (et al., eds.), W3C Technical Report
Members of the W3C Voice Browser Working Group have published a revised working draft specification for Voice Extensible Markup Language (VoiceXML) 3.0. This document is very much a work in progress: many sections are incomplete, only stubbed out, or missing entirely. To get early feedback, the group focused on defining enough functionality, modules, and profiles to demonstrate the general framework. To complete the specification, the group expects to introduce additional functionality (for example speaker identification and verification, external eventing) and describe the existing functionality at the level of detail given for the Prompt and Field modules. We explicitly request feedback on the framework, particularly any concerns about its implementability or suitability for expected applications. By early 2010 the group expects to have all functionality defined and all the profiles defined in detail...
VoiceXML 3.0 is a modular XML language for creating interactive media dialogs that feature synthesized speech, recognition of spoken and DTMF key input, telephony, mixed initiative conversations, and recording and presentation of a variety of media formats including digitized audio, and digitized video. Its major goal is to bring the advantages of Web-based development and content delivery to interactive voice response applications...
The Web, in comparison to the telephone (invented 150 years ago), is very recent, but has rapidly become a competing communications channel. The convergence of telecommunications and the Web is now bringing the benefits of Web technology to the telephone, enabling Web developers to create applications that can be accessed via any telephone, and allowing people to interact with these applications via speech and telephone keypads. The W3C Speech Interface Framework is a suite of markup specifications aimed at realizing this goal. It covers voice dialogs, speech synthesis, speech recognition, telephony call control for voice browsers and other requirements for interactive voice response applications, including use by people with hearing or speaking impairments..."
See also: the W3C Voice Browser Activity
IETF IANA Registration for Topic Maps: application/xtm+xmlMedia Type
Lars Marius Garshol (ed), IETF Internet Draft
An initial level -00 IETF Internet Draft has been published for the I-D "application/xtm+xmlMedia Type Registration." The document describes a media type ('application/xtm+xml') for serialization of Topic Maps into Extensible Markup Language (XML).
Topic Maps is a technology for encoding knowledge and connecting this encoded knowledge to relevant information resources. Topic maps are organized around topics, which represent subjects of discourse; associations, representing relationships between the subjects; and occurrences, which connect the subjects to pertinent information resources. Topic Maps is an ISO standard (ISO 13250)...
Fragment Identifiers: The id attribute can be used to define fragments in an XTM document. So given an XTM document with the URL 'someurl', the URL reference someurl#frag is taken to refer to the topic element in the XTM document whose id attribute value is "frag". Such URLs commonly occur in XTM documents to refer to topics defined either in the same XTM document or a different XTM document..."
See also: XML Topic Maps
Model-Driven Architecture with Eclipse Graphical Modeling Framework (GMF)
Abhishek Pratap Singh and Akansha Jain, DevX.com
Model Driven Architecture (MDA) is gaining more focus in many organizations. MDA stresses the benefits of modeling at various levels of abstraction and the integration and flow of information among models. With MDA, first the object model is built, which differentiates it from the traditional approach of server side development. Models are built after good communication between various team members, and after modeling completion, development of software and systems is enabled.
MDA can be achieved by using UML, DSL (Domain Specific Language), or other modeling solutions. DSL is one of the most efficient and proven ways of creating an MDA-based solution. There are many frameworks available for DSL like xText, EMF, GMF, Groovy, etc. Eclipse Graphical Modeling Framework (GMF) is a Domain Specific language framework which is used to develop graphical editors based on Eclipse Modelling Framework (EMF) and Graphical Editing Framework (GEF). It helps in defining the domain model, their properties, and relationships among them. A set of configuration files like meta model, graphical model, tooling model, and the mapping model are defined. These configuration files provide graphical representation of domain model, its constraint etc.
In the following article we will showcase how to achieve MDA using GMF as a domain specific language. GMF comprises of EMF and GEF which provides advantage of developing a rich, graphical, modeling oriented editor from a domain element. With GMF, efforts for graphical editor development reduce drastically, and various models can be visualized by using this framework. GMF generates the code based upon model that can be modified manually also..."
See also: on Eclipse Foundation
A Multi-Layer Architecture for a Security Management Infrastructure
Michael Kretzschmar and Frank Eyermann, MilCIS 2009 Conference Paper
IT security is a matter of paramount importance especially to military organizations. Today's networks feature a large number of different security solutions—often not interoperable, complex to manage and laboriously to change or modify. This mostly leads to stovepipe systems with less flexibility and increased security concerns.
Security Management Infrastructure (SMI) is an emerging research area that aims at assisting organizations in managing their security capabilities consistently and in provisioning security functions to organizational entities. In this paper we introduce a multi-layer architecture for an SMI integrating various inhomogeneous security devices and services of an organization and providing a uniform interface for accessing them... SMI capabilities include, for example, Identity Management, Privilege Management, Metadata Management, Policy Management and Cryptographic Key Management. These security capabilities enable and manage basic security functions, such as perimeter defense, confidentiality, virus protection, protection of data at rest, or encapsulation of data during transmission...
This new SMI approach establishes the basis for a global and consistent management of the security infrastructure according to organizational goals. In the example the user has a X.509 certificate including the appropriate private and public keys on a smartcard. The provided identity reference is double checked with a LDAP server (Light-weight Directory Access Protocol) in order to confirm whether the identity is still valid. Between the device of the user (for example, computer, PDA) and the authorization tool a SAML (Security Assertion Markup Language) assertion is created, which implements role-based Access Control policies defined in XACML (eXtensible Access Control Markup Language). Beside the information within the SAML assertion, the authorization tool requests additional metadata about the secured database and afterwards computes the corresponding access control policies for the access decision. Furthermore additional user und resource attributes are queried from a MySQL attribute management database. All this information is taken by the Policy Decision Point (PDP) to decide on the access request of the mission planer, which is then forwarded to the Policy Enforcement Point (PEP) implemented in the mission archive database...
SMI is a challenging task, mainly because of the underlying infrastructure characterized by many heterogeneous, reused, and flexible security capabilities of different granularity and in different life cycles within and across organizational boundaries..."
W3C Last Call Review for XML Schema Definition Language Version 1.1
Sandy Gao, C. M. Sperberg-McQueen, (et al, eds), W3C Technical Reports
Members of the W3C XML Schema Working Group have published Last Call Working Draft specifications for "W3C XML Schema Definition Language (XSD) 1.1 Part 1: Structures" and "W3C XML Schema Definition Language (XSD) 1.1 Part 2: Datatypes." The documents are made available for review by W3C members and the public. The Status section in both documents lists major revisions since the publication of the previous public working drafts XSD 1.1 retains all the essential features of XSD 1.0, but adds several new features to support functionality requested by users, fixes many errors in XSD 1.0, and clarifies wording. The Last Call review period for this document extends until 31-December-2009.
The purpose of Part 1 (Structures) is to define the nature of XSD schemas and their component parts, provide an inventory of XML markup constructs with which to represent schemas, and define the application of schemas to XML documents. The purpose of an XSD schema is to define and describe a class of XML documents by using schema components to constrain and document the meaning, usage and relationships of their constituent parts: datatypes, elements and their content and attributes and their values. Schemas can also provide for the specification of additional document information, such as normalization and defaulting of attribute and element values. Schemas have facilities for self-documentation. Thus, XML Schema Definition Language: Structures can be used to define, describe and catalogue XML vocabularies for classes of XML documents. Any application that consumes well-formed XML can use the formalism defined here to express syntactic, structural and value constraints applicable to its document instances. The XSD formalism allows a useful level of constraint checking to be described and implemented for a wide spectrum of XML applications. However, the language defined by this specification does not attempt to provide all the facilities that might be needed by applications...
'XML Schema: Datatypes' is Part 2 of the specification of the XML Schema language. It defines facilities for defining datatypes to be used in XML Schemas as well as other XML specifications. The datatype language, which is itself represented in XML, provides a superset of the capabilities found in XML document type definitions (DTDs) for specifying datatypes on elements and attributes...
See also: XML Schema Datatypes
Distribution of EAP Based Keys for Handover and Re-Authentication
Katrin Hoeper, Madjid Nakhjiri, Yoshihiro Ohba (eds); IETF Internet Draft
Members of the IETF Handover Keying (HOKEY) Working Group have released an updated version of the specification "Distribution of EAP Based Keys for Handover and Re-Authentication." It describes an abstract mechanism for delivering root keys from an Extensible Authentication Protocol (EAP) server to another network server that requires the keys for offering security protected services, such as re-authentication, to an EAP peer.
Extensible Authentication Protocol (EAP) "is a universal authentication framework frequently used in wireless networks and Point-to-Point connections; it is defined in RFC 3748 and updated by RFC 5247. EAP is an authentication framework supporting authentication methods that are specified in EAP methods. By definition, any key-generating EAP method derives a Master Session Key (MSK) and an Extended Master Session Key (EMSK). RFC 5295 reserves the EMSK for the sole purpose of deriving root keys that can be used for specific purposes called usages. In particular, RFC 5295 defines how to create a usage-specific root key (USRK) for bootstrapping security in a specific application, a domain-specific root key (DSRK) for bootstrapping security of a set of services within a domain, and a usage-specific DSRK (DSUSRK) for a specific application within a domain. RFC 5296 defines a re-authentication root key (rRK) that is a USRK designated for re-authentication.
In this updated I-D, the distributed root key can be either a usage-specific root key (USRK), a domain-specific root key (DSRK) or a domain-specific usage-specific root key (DSUSRK) that has been derived from an Extended Master Session Key (EMSK) hierarchy previously established between the EAP server and an EAP peer. The document defines a template for a key distribution exchange (KDE) protocol that can distribute these different types of root keys using an AAA (Authentication, Authorization and Accounting) protocol and discusses its security requirements. The described protocol template does not specify message formats, data encoding, or other implementation details. It thus needs to be instantiated with a specific protocol (e.g. RADIUS or Diameter) before it can be used..."
Note: the IETF The Handover Keying Working Group is concerned with developing procedures for key reuse and delivery, while respecting good security practice. The group was recently rechartered, according to an announcement from IESG.
Integrating a Dojo Client with an SCA Application via SCA HTTP Binding
Eugene Kharlamov, Udesh Senaratne, Paul Pacholski; IBM developerWorks
XML Daily Newslink and Cover Pages sponsored by:
|Sun Microsystems, Inc.||http://sun.com|
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: firstname.lastname@example.org
Newsletter unsubscribe: email@example.com
Newsletter help: firstname.lastname@example.org
Cover Pages: http://xml.coverpages.org/