Cover Pages: XML Daily Newslink: Thursday, 17 December 2009

A Cover Pages Publication http://xml.coverpages.org/
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
Sun Microsystems, Inc. http://sun.com

Headlines

Developing a Mozilla Firefox Plug-In for CMIS
OpenCMIS Incubator for Content Mangement Interoperability Services (CMIS)
First Public Working Draft for Media Fragments URI 1.0
Getting Started With Full Disk Encryption (FDE)
W3C Web Services Resource Access Working Group Publishes New Drafts
Browser Makers Hope WebGL Will Remake 3D
An Introduction to MathML
Binding Extensions to Web Distributed Authoring and Versioning (WebDAV)
Government Grapples With EMR Security, Privacy
Heartland Pays Amex $3.6M Over 2008 Data Breach

Developing a Mozilla Firefox Plug-In for CMIS
Gregory Melahn, Shun Zhang, Yan Chen, (et al.), IBM developerWorks

Thanks to Internet protocols, high-speed networks, low-cost devices, and the standardization of document formats, it's now simpler than ever to exchange information. We still struggle, though, to collaborate on business content. Why? Part of the answer is that business information continues to be stored in content silos, where software vendors independently decide many of the details about how the information is organized and accessed. A document stored in two different content management systems might be created by the same application and, indeed, might have the same number of bits... In the case of enterprise content management (ECM) systems, the sharing problem becomes particularly acute because the volume of information in ECM systems is extremely large and because the information itself is mission critical... Content management standards began to emerge in the late 1990s, and andards such as WebDAV and Java Content Repository (JCR) were important steps, but they still lacked many features needed to share enterprise content...

This article presents an overview of a new proposed standard for accessing content, namely Content Management Interoperability Services (CMIS), and provides an example of how to use these services using Mozilla Firefox... The proposed CMIS standard is simple and defines an extensible domain model consisting of four base content types: document, folder, relationship, and policy. The two most important CMIS types are the folder and document types because that is where most of the content is...

CMIS is an important proposed OASIS standard that makes it easier to share content from different vendors. Mozilla provides a framework for extending the browser, using plug-ins written in XUL and JavaScript. Using the service definitions from CMIS with the Mozilla plug-in framework allows you to develop new kinds of applications that extend the capabilities of the browser to work with content from a variety of sources. Although we hope the code example provided with the article is a useful way to get started, we encourage you to learn more about the proposed CMIS standard and the Mozilla plug-in framework, and to develop your own kinds of content applications..."

See also: CMIS references

OpenCMIS Incubator for Content Mangement Interoperability Services (CMIS)
Paul Goetz, Apache Incubator List Announcement

On December 09, 2009, a proposal was posted for a new incubator podling called OpenCMIS to support the OASIS Content Mangement Interoperability Services (CMIS) specification.

As proposed: "OpenCMIS will deliver a Java implementation of the OASIS CMIS specification. OpenCMIS provides a Java implementation of the OASIS CMIS specification. This includes a library to connect as a consumer to a CMIS repository, and a library to provide the CMIS protocol handlers on top of an existing repository. All the protocol bindings defined by the CMIS specification will be supported.

The need for a common, open source CMIS library came up during the standardization work. David Caruana, David Ward, Florian Mueller, Jens Huebel, Paul Goetz, Martin Hermes, and Stephan Klevenz from Alfresco, Open Text and SAP started an initiative and design outline to found this project. Code and some design ideas from an existing open source project owned by Florian Mueller was an initial contribution to the project. The aim is to build an object oriented Java implementation of CMIS that encapsulates the CMIS protocol bindings, mainly to support clients using CMIS. Focus of this project it to support the needs of an enterprise environment, that is reliability, performance, and monitoring.

With CMIS being adopted by various ECM vendors, there is a strong need for repositories and applications dealing with content to support CMIS. As CMIS defines a domain model and protocol bindings, Java developers would have to implement the protocol bindings from scratch. The CMIS specification focuses on the protocols, and is therefore service oriented. An object oriented API which encapsulates this services makes it easier for Java developers to use CMIS. In turn, easy adoption of CMIS by Java applications should help the standard becoming widely adopted. The initial goals are to (1) implement the CMIS 1.0 protocol binding for SOAP; (2) implement the CMIS 1.0 protocol binding for AtomPub; (3) implement a library with an object oriented API to encapsulate the CMIS protocol bindings for consumers..."

First Public Working Draft for Media Fragments URI 1.0
Raphaäl Troncy, Erik Mannens (eds), W3C Technical Report

W3C announced that the Media Fragments Working Group has published a First Public Working Draft for the Media Fragments URI 1.0 specification. It defines the "syntax for constructing media fragment URIs and explains how to handle them when used over the HTTP protocol. The syntax is based on the specification of particular field-value pairs that can be used in URI fragment and URI query requests to restrict a media resource to a certain fragment...

Audio and video resources on the World Wide Web are currently treated as "foreign" objects, which can only be embedded using a plugin that is capable of decoding and interacting with the media resource. Specific media servers are generally required to provide for server-side features such as direct access to time offsets into a video without the need to retrieve the entire resource. Support for such media fragment access varies between different media formats and inhibits standard means of dealing with such content on the Web.

This specification provides for a media-format independent, standard means of addressing media fragments on the Web using Uniform Resource Identifiers (URI). In the context of this document, media fragments are regarded along three different dimensions: temporal, spatial, and tracks. Further, a fragment can be marked with a name and then addressed through a URI using that name. The specified addressing schemes apply mainly to audio and video resources—the spatial fragment addressing may also be used on images.

The aim of the specification is to enhance the Web infrastructure for supporting the addressing and retrieval of subparts of time-based Web resources, as well as the automated processing of such subparts for reuse. Example uses are the sharing of such fragment URIs with friends via email, the automated creation of such fragment URIs in a search engine interface, or the annotation of media fragments with RDF. Such use case examples as well as other side conditions on this specification and a survey of existing media fragment addressing approaches are provided in the companion requirements specification "Use Cases and Requirements for Media Fragments." The media fragment URIs specified in this document have been implemented and demonstrated to work with media resources over the HTTP and RTP/RTSP protocols. Existing media formats in their current representations and implementations provide varying degrees of support for this specification. It is expected that over time, media formats, media players, Web Browsers, media and Web servers, as well as Web proxies will be extended to adhere to the full specification. This specification will help make video a first-class citizen of the World Wide Web.

Getting Started With Full Disk Encryption (FDE)
Serdar Yegulalp, InformationWeek

"Today, full-system encryption in software is both feasible and practical, although how practical will depend on the workload involved. But it's not a security silver bullet, much as it might seem to be from the outside. It can, and does, add a layer of protection that greatly reduces the risk of data compromise in the event hardware is lost or stolen. But that protection depends entirely on how it's implemented, and whether or not the user's been educated in the way an encrypted system works...

System-disk encryption, or full-disk encryption, involves encrypting the operating system partition on a computer and then booting and running with the system drive encrypted at all times. If the computer is stolen or lost, all the data on the drive (including the OS itself) is unreadable without that volume's key. The data on the system can be considered a write-off without the need to remotely wipe the device.

When you boot an encrypted system, you need to provide a decryption key at boot time. The key could be any number of different things: a password; a USB flash drive with the decryption key; an RSA token-generating device; a fingerprint in conjunction with a Trusted Platform Module; or a combination of the above, in some variety of two-factor authentication. For the most part, the only thing that changes for the end user is the boot process, and then only minimally.

If the key itself is lost or stolen, most full-disk encryption systems provide some form of key escrow. This means a backup copy of the encryption key is held by the system administrator and can be used to recover the data on the system, and a new key can be generated without too much trouble. Professional-grade products typically allow the key to be held in a central repository such as an LDAP or Active Directory schema. The lost key itself is useless without the data encrypted with it, so it can generally be written off if it goes missing..."

W3C Web Services Resource Access Working Group Publishes New Drafts
Staff, W3C Announcement

Members of the W3C Web Services Resource Access Working Group, part of the Web Services Activity, have released five new Working Drafts for the suite of chartered WSRA deliverables. These specifications "define SOAP-based mechanisms for interacting with the XML representation behind a resource-oriented Web Service, accessing metadata related to that service, as well as a mechanism to subscribe to events related to that resource... The WSRA Working Group, chaired by Bob Freund, was chartered to produce W3C Recommendations for a set of submitted Web Services specifications addressing existing issues, implementation experience, and interoperability feedback from implementers and considering composition with other Web services standards...

Web Services Enumeration (WS-Enumeration) describes a general SOAP-based protocol for enumerating a sequence of XML elements that is suitable for traversing logs, message queues, or other linear information models. There are numerous applications for which a simple single-request/single-reply metaphor is insufficient for transferring large data sets over SOAP. Applications that do not fit into this simple paradigm include streaming, traversal, query, and enumeration. WS-Enumeration defines a simple SOAP-based protocol for enumeration that allows the data source to provide a session abstraction, called an enumeration context, to a consumer that represents a logical cursor through a sequence of data items. The consumer can then request XML element information items using this enumeration context over the span of one or more SOAP messages. In its simplest form, WS-Enumeration defines a single operation, Pull, which allows a data source, in the context of a specific enumeration, to produce a sequence of XML elements in the body of a SOAP message. Each subsequent Pull operation returns the next N elements in the aggregate sequence...

Web Services Eventing (WS-Eventing) defines a protocol that allows Web services to subscribe to or accept subscriptions for event notification messages. Web services often want to receive messages when events occur in other services and applications. A mechanism for registering interest is needed because the set of Web services interested in receiving such messages is often unknown in advance or will change over time. This specification defines a protocol for one Web service (called a "subscriber") to register interest (called a "subscription") with another Web service (called an "event source") in receiving messages about events (called "notifications"). The subscriber can manage the subscription by interacting with a Web service (called the "subscription manager") designated by the event source...

Web Services Resource Transfer (WS-RT) defines extensions to the WS-Transfer specification primarily to provide fragment-based access to resources. Web Services Transfer (WS-Transfer) defines a mechanism for acquiring XML-based representations of entities using the Web service infrastructure. It defines two types of entities: (1) Resources, which are entities addressable by an endpoint reference that provide an XML representation, and (2) Resource factories, which are Web services that can create a new resource from an XML representation... The Web Services Metadata Exchange (WS-MetadataExchange) specification defines how metadata associated with a Web service endpoint can be represented as WS-Transfer resources, how metadata can be embedded in WS-Addressing endpoint references, and how metadata could be retrieved from a Web service endpoint..."

Browser Makers Hope WebGL Will Remake 3D
Stephen Shankland, CNET News.com

"If you want to see the scale of browser makers' ambition to remake not just the Web but computing itself, look no farther than a new 3D technology called WebGL... WebGL, while only a nascent attempt to catch up, is real. WebGL now is a draft standard for bringing hardware-accelerated 3D graphics to the Web. It got its start with Firefox backer Mozilla and the Khronos Group, which oversees the OpenGL graphics interface, but now the programmers behind browsers from Apple, Google, and Opera Software are also involved.

Perhaps more significant than formal standards work, though, is WebGL support in three precursors of today's browsers—Minefield for Mozilla's Firefox, WebKit for Apple's Safari, and Chromium for Google's Chrome. Opera has started implementing WebGL...

WebGL is one of a handful of efforts under way to boost the processing power available to Web applications. It marries two existing technologies. First is JavaScript, the programming language widely used to give Web pages intelligence and interactivity. Although JavaScript performance is improving relatively quickly these days in many browsers, programs written in the language are relatively pokey and limited compared with those that run natively on a computer. Second is OpenGL ES, a 2D and 3D graphics interface for devices such as phones or car navigation systems with limited horsepower. If a computer's graphics system has an OpenGL driver, software written to use OpenGL can tap directly into the graphics system's hardware acceleration. WebGL links these two so JavaScript programs can call upon 3D abilities, with the HTML5 technology also under development acting as glue..."

From the specification: "The WebGL Specification describes an additional rendering context and support objects for the HTML 5 canvas element. This context allows rendering using an API that conforms closely to the OpenGL ES 2.0 API... The HTMLCanvasElement places an element on the page into which graphic images can be rendered using a programmatic interface. Currently the only such interface described is the CanvasRenderingContext2D. This document describes another such interface, WebGLRenderingContext, which presents and API derived from the OpenGL ES 2.0 specification. This API provides a rich set of functions allowing realistic 3D graphics to be rendered..."

See also: the WebGL Specification

An Introduction to MathML
David Carlisle, IBM developerWorks

This article provides an overview of MathML, with particular emphasis on the new features in MathML 3.0. David Carlisle is a Senior Technical Consultant at NAG ltd in the UK. He has been involved with OpenMath and MathML since 1998 and has served as co-editor of both the MathML2 and 3 specifications. Prior to working on MathML he was a core member of the LaTeX3 team that designed and implemented the LaTeX2e typesetting system; he also takes an active interset in XSLT...

MathML is a W3C Recommendation defining an XML vocabulary for marking up mathematical expressions. Version 1 was published as a W3C Recommendation in 1998, shortly after the XML specification was published. Three other versions of MathML have been published as Recommendations: MathML 1.01, MathML 2.0, and MathML 2.0 (2nd Edition), which since 2003 has been the Official MathML recommendation. The latest version, MathML 3.0, is nearing the final stages of being standardized...

MathML is an XML vocabulary for marking up mathematics, and it contains two sub-languages: presentation MathML and content MathML. Presentation MathML is primarily concerned with describing the layout of a mathematical expression, and can thus be compared to TeX, or earlier SGML markup languages for mathematics such as ISO 12083. Content MathML is primarily concerned with marking up some aspects of the meaning, or at least the mathematical structure, of expressions...

Being an XML vocabulary, MathML is highly suited to transformation using standard XML tools, especially XSLT, the W3C defined general XML transformation language. Transformations to and from OpenMath, and to and from OMML (Word's XML format for Math) and to TeX have already been mentioned in this article. One major area transformation work is the building of transformations to MathML from TeX, the mathematical typesetting system developed by Donald Knuth. Here you need to distinguish systems that try to cope with the extreme variability in TeX documents and convert existing legacy documents to XHTML+MathML, and systems that offer a TeX-like syntax that is specifically aimed at providing a convenient short form authoring syntax for MathML..."

Binding Extensions to Web Distributed Authoring and Versioning (WebDAV)
Geoffrey Clemm, Jason Crawford, Julian Reschke (et al), IETF Internet Draft

IETF has issued an updated version of the Internet Draft for Binding Extensions to Web Distributed Authoring and Versioning (WebDAV). This specification defines bindings, and the BIND method for creating multiple bindings to the same resource. Creating a new binding to a resource causes at least one new URI to be mapped to that resource. Servers are required to ensure the integrity of any bindings that they allow to be created. The document uses XML DTD fragments as a notational convention, using the rules defined in Section 17 of RFC 4918.

URIs of WebDAV-compliant resources are hierarchical and correspond to a hierarchy of collections in resource space. The WebDAV Distributed Authoring Protocol makes it possible to organize these resources into hierarchies, placing them into groupings, known as collections, which are more easily browsed and manipulated than a single flat collection. However, hierarchies require categorization decisions that locate resources at a single location in the hierarchy, a drawback when a resource has multiple valid categories. For example, in a hierarchy of vehicle descriptions containing collections for cars and boats, a description of a combination car/boat vehicle could belong in either collection. Ideally, the description should be accessible from both. Allowing clients to create new URIs that access the existing resource lets them put that resource into multiple collections.

Hierarchies also make resource sharing more difficult, since resources that have utility across many collections are still forced into a single collection. For example, the mathematics department at one university might create a collection of information on fractals that contains bindings to some local resources, but also provides access to some resources at other universities. For many reasons, it may be undesirable to make physical copies of the shared resources on the local server: to conserve disk space, to respect copyright constraints, or to make any changes in the shared resources visible automatically. Being able to create new access paths to existing resources in other collections or even on other servers is useful for this sort of case..."

Government Grapples With EMR Security, Privacy
Mitch Wagner, InformationWeek

"While electronic medical records promise massive opportunities for health benefits, the privacy and security risks are equally enormous... EMRs offer huge benefits: Improved efficiency by eliminating tons of paper files in every doctor's office, and improved medical care using the same kinds of database and data mining technologies that are now routine in other industries. EMR systems can flag symptoms and potentially harmful drug interactions that busy doctors might otherwise miss. But the privacy and security threats are massive as well. When completed, the nation's EMR infrastructure will be a massive store of every American's most personal, private information, potentially abused by marketers, identity thieves, and unscrupulous employers and insurance companies...

Healthcare providers and other health businesses aren't stepping up to protect privacy, according to a recent study. Some 80% of healthcare organizations have experienced at least one incident of lost or stolen health information in the past year, according to the study, released this month from security management company LogLogic and the Ponemon Institute, which conducts privacy and information management research...

John Halamka, CIO of Harvard Medical School and Beth Israel Deaconess Medical Center, is one of the people trying to solve the privacy problem. Halamka is chair of the U.S. Healthcare Information Technology Standards Panel and co-chair of the HIT Standards Committee for the U.S. Department of Health and Human Services. HITSP is developing standards for EMRs that balance patients' right to control their information and keep it confidential against the needs of healthcare providers, insurers, and other businesses to share information to improve patient care and do business: 'You want to protect the patient's preferences for confidentiality, but you also need to get information where it's needed. If you come to the emergency department in a coma, and you have a record that includes psychiatric treatment, HIV, drug abuse, and other information, would you share part of it or all of it? My preference would be all of it, with the hope that emergency workers would use it discreetly, to save my life'..." [Note: John D. Halamka has published personal Patient Information.]

Heartland Pays Amex $3.6M Over 2008 Data Breach
Robert McMillan, ComputerWorld

"Heartland Payment Systems will pay American Express $3.6 million to settle charges relating to the 2008 hacking of its payment system network. This is the first settlement Heartland has reached with a card brand since disclosing the incident in January of this year. The U.S. Department of Justice has charged Albert Gonzalez and several other accomplices with the hack, saying that Heartland was one of several companies that the hackers managed to break into using SQL injection attacks...

Card-issuing banks such as American Express have had to pay the costs of re-issuing credit cards, following the breach, and many banks have sued Heartland to recover these costs. American Express operates its own credit card brand as well, and the settlement may also cover fines incurred there..."


SEARCH \| ABOUT \| INDEX \| NEWS \| CORE STANDARDS \| TECHNOLOGY REPORTS \| EVENTS \| LIBRARY

Headlines

Sponsors