This issue of XML Daily Newslink is sponsored by:
Sun Microsystems, Inc. http://sun.com
- IETF Issues Updated Specification for VALID
- Public Review Drafts for OASIS SAML 2.0/Kerberos Specifications
- W3C Working Group Publishes SPARQL 1.1 Property Paths and Updated Drafts
- Making Things With UK Government Data Platform data.gov.uk
- IETF Creates IRI Working Group for Internationalized Resource Identifiers
- Six Strategies for Extending XML Schemas in a Single Namespace
IETF Issues Updated Specification for VALID
Philip Hoyer, Tim Moses, Mingliang Pei, Salah Machani (eds), IETF Internet Draft
IETF has published a revised level -01 Standards Track Internet Draft VALID, updating the previous draft of July 6, 2009. The specification describes a Web-service interface standard for an authentication-data validation service that supports risk-based, multi-factor authentication. This standard enables enterprises to deploy best-of-breed solutions combining components from different vendors into the same infrastructure. This work is based on earlier work produced by the members of OATH (Initiative for Open AuTHentication) working group. Document Section 10 presents the XML namespace registration and IANA VALID Version Registry.
Details: The Authentication-Data Validation Service Interface definition (VALID) describes a Web-service interface for a validation server. The specification reuses data definitions from SAML, WS-Security and WS-Trust and operates over version 1.2 of SOAP. Upon successful validation, the validation server returns a SAML assertion containing verified attributes of the authenticated end-user or a hardware or software device under the end-user's control. Communications between the end-user and the application are not required to follow the Web-services programming model.
The Authentication-Data Validation Service Interface allows communication of the following data elements in several different communication patterns: In-band authentication (In-band Challenge/Response; In-band 2 way Challenge/Response), Out-of-band challenge, Out-of-band response, Client supplies challenge, and End-user obtains assertions Out-of-band from server. The interface is based mainly on WS-Trust... The specific requirements for authentication data communication depend upon the specific authentication mechanism.
In-band authentication data SHALL be passed in the body of 'wst:RequestSecurityToken' and 'wst:RequestSecurityTokenResponse' elements. Upon successful validation of the authentication data, the validation server SHALL issue a SAML assertion containing verified end-user or token attributes, depending if the server is validating user identities (user centric authentication) or device/token (pseudonomous—token centric authentication) . The client MAY provide a 'wsp:Policy' element indicating which attributes it requires. Required attributes SHALL be referenced using the 'saml: Attribute' element, with the 'saml:AttributeValue' child element omitted. The validation server MAY include the sub-set of the requested attributes whose verified values are known to it. Otherwise, the validation server SHALL include all verified attributes whose values are known to it. These attributes MUST be included in the SAML assertion. They MUST also be included in a separate 'wst:Claims' element. In this way, the application may treat the assertion as opaque data, extracting any attributes it requires from the 'wst:Claims' element. Attributes SHALL be expressed as 'saml:Attribute' elements in accordance with the SAML V2.0 X.500/LDAP Attribute Profile.
See also: WS-Trust Version 1.4
Public Review Drafts for OASIS SAML 2.0/Kerberos Specifications
Staff, OASIS Announcement
Members of the OASIS Security Services Technical Committee have submitted two approved Committee Draft specifications for public review through March 29, 2010: SAML V2.0 Kerberos Subject Confirmation Method Version 1.0 and SAML V2.0 Kerberos Attribute Profile Version 1.0.
The Kerberos protocol (Kerberos Network Authentication Service) "provides a means of verifying the identities of principals, (e.g., a workstation user or a network server) on an open (unprotected) network. This is accomplished without relying on assertions by the host operating system, without basing trust on host addresses, without requiring physical security of all the hosts on the network, and under the assumption that packets traveling along the network can be read, modified, and inserted at will. Kerberos performs authentication under these conditions as a trusted third- party authentication service by using conventional (shared secret key) cryptography... An IETF Kerberos Working Group continues to improve the core Kerberos specification, develop extensions to address new needs and technologies related to improving the process of client authentication, and produce specifications for missing functionality."
"SAML V2.0 Kerberos Subject Confirmation Method Version 1.0" relates to the "SAML V2.0 Assertions and Protocols" specification, which defines a 'SubjectConfirmation' element which can provide evidence that, when applied to a process known as a Method, may be used by a relying party to confirm that the message came from a system entity that is associated with the subject of an assertion. The 'Subject Confirmation Method' specification defines a new subject confirmation method that uses evidence provided by the Kerberos protocol.
"SAML V2.0 Kerberos Attribute Profile Version 1.0" describes a SAML attribute profile that can be used to request and express Kerberos protocol messages. In this version of the specification, this is constrained to the Kerberos AP-REQ message type. The mechanisms that are used to generate the Kerberos message are outside the scope of the document, and are described by IETF RFC 4120.
W3C Working Group Publishes SPARQL 1.1 Property Paths and Updated Drafts
Andy Seaborne (ed), W3C Technical Reports
Members of the W3C SPARQL Working Group have published a First Public Working Draft for SPARQL 1.1 Property Paths, together with updates for six related SPARQL specifications.
SPARQL (SPARQL Protocol and RDF Query Language) is a query language for the Semantic Web. In January 2008, the RDF Data Access Working Group published three SPARQL recommendations (Query Language, Protocol, and Results Format). Since then, SPARQL has become very widely deployed. Usage and implementation of SPARQL have revealed requirements for additions to the query language and protocol that are needed by applications. The current W3C Working Group charter extends SPARQL technology to include some of the features that the community has identified as both desirable and important for interoperability based on experience with the initial version of the standard.
The new Working Draft for SPARQL 1.1 Property Paths defines a more succinct way to write parts of basic graph patterns and also extend matching of triple pattern to arbitrary length paths. A property path is a possible route through a graph between two graph nodes. A trivial case is a property path of length exactly 1, which is a triple pattern. Property paths allow for more concise expression of some SPARQL basic graph patterns and also add the ability to match arbitrary length paths... A property path expression (or just 'path') is similar to a string regular expression but over properties, not characters. Query evaluation determines all matches of a path expression and binds subject or object as appropriate. Only one match per route through the graph is recorded - no duplicates for any given path expression.
The SPARQL Working Group has also published six updates, and requests seeks feedback on open issues in particular. SPARQL 1.1 Query adds support for aggregates, subqueries, projected expressions, and negation to the SPARQL query language. SPARQL 1.1 Update defines an update language for RDF graphs. SPARQL 1.1 Protocol for RDF defines an abstract interface and HTTP bindings for a protocol to issue SPARQL Query and SPARQL Update statements against a SPARQL endpoint. SPARQL 1.1 Service Description defines a vocabulary and discovery mechanism for describing the capabilities of a SPARQL endpoint. SPARQL 1.1 Uniform HTTP Protocol for Managing RDF Graphs describes the use of the HTTP protocol for managing named RDF graphs on an HTTP server. SPARQL 1.1 Entailment Regimes defines conditions under which SPARQL queries can be used with entailment regimes such as RDF, RDF Schema, OWL, or RIF.
See also: the W3C SPARQL Working Group Charter
Making Things With UK Government Data Platform data.gov.uk
Chris Thorpe, The Guardian
"Last Thursday saw the beta release of the UK Government Data platform, data.gov.uk. There's a lot of fascinating and useful data in there and we thought we'd make something and describe the process as we go in a sort of diary of a government and Guardian DataStore driven app. Here we talk about retrieving some data using SPARQL from the Edubase store...
One of the key points of the data.gov.uk initiative is the adoption, where appropriate and expedient, of Linked Data and the Semantic Web. Sir Tim Berners-Lee set out very eloquently his vision for public data in a talk at TED2009 and has worked with the government as an advisor and champion behind the data.gov.uk project. Some of the really significant and large datasets in data.gov.uk are stored in RDF in a triple store.
There's a lot of key information within data.gov.uk which is of interest to our journalists and readers, so to begin to understand how to unlock it we decided to build a simple app based on Government data and data collated within our own Guardian Data Store which allows you to inspect lots of different quality metrics about schools and education in your local area. The place to start clearly is the master set of information of schools in the UK. This is held in a database called Edubase which has now been imported into a triple store, the endpoint for which can be found here. What follows below isn't intended to be a beginners guide to SPARQL here, we're just trying to show you a few of the queries we're using, sharing some of the useful things we've found along the way..."
Acccording to the W3C announcement: "The UK Government has unveiled its open data website, data.gov.uk, developed with the help of Tim Berners-Lee (W3C Director) and John Sheridan (Linked Data Lead for data.gov.uk and co-Chair of the W3C eGovernment Interest Group). Like data.gov in the United States, the UK site reflects a growing awareness inside and outside of government that standards-based open data is a key enabler of government services and a building block for new information services across government and industry. Additionally, this new site showcases Semantic Web and Linked Data technologies."
See also: the W3C news item
IETF Creates IRI Working Group for Internationalized Resource Identifiers
Staff, IETF Announcement
The Internet Engineering Steering Group (IESG) announced the formation of a new working group in the IETF Applications Area: Internationalized Resource Identifiers (IRI). The current IETF RFC (3987) "defines a new protocol element, the Internationalized Resource Identifier (IRI), as a complement to the Uniform Resource Identifier (URI). An IRI is a sequence of characters from the Universal Character Set (Unicode/ISO 10646). A mapping from IRIs to URIs is defined, which means that IRIs can be used instead of URIs, where appropriate, to identify resources. The approach of defining a new protocol element was chosen instead of extending or changing the definition of URIs. This was done in order to allow a clear distinction and to avoid incompatibilities with existing software. Guidelines are provided for the use and deployment of IRIs in various protocols, formats, and software components that currently deal with URIs.
The new IETF Working Group will produce a new version of RFC 3987: "Internationalized Resource Identifiers (IRIs)" using I-D 'draft-duerst-iri-bis' as the base, and a new version of RFC 4395: "Guidelines and Registration Procedures for New URI Schemes." The new version of RFC 3987 may be split into separate documents, if, in the opinion of the chair(s), it would facilitate distribution of the workload and allow more focused reviews. For example, the following breakdown has been suggested: Handling of Internationalized domain names in IRIs; Internationalization Considerations in IRIs, for BIDI, character ranges to avoid, special considerations; Syntax, parsing, comparison of IRIs.
The working group starts with a relatively mature update to RFC 3987 in preparation; the primary focus of the group is to resolve conflicting uses, requirements and best practices for internationalized URLs/URIs/IRIs and various other forms, among many specifications and committees, while moving toward consistent use of IRIs among the wide range of Internet applications that use them. In particular, the IRI specification(s) must (continue to) be suitable for normative reference with Web and XML standards from W3C specifications.
The group should coordinate with the W3C working groups on HTML5, XML Core, and Internationalization, as well as with IETF HTTPBIS WG to ensure acceptability. The IRI specification(s) should be follow best practices for domain names. The group should coordinate with the IETF IDNABIS working group and Unicode Consortium to assure acceptability. Explicit review by experts on (and native speakers) of RTL languages, of the recommendations for BIDI languages, is required...
See also: the designated W3C discussion list
Six Strategies for Extending XML Schemas in a Single Namespace
Dale Waldt, IBM developerWorks
"W3C XML Schemas have become the core of many business applications because of their powerful data typing and definition capabilities. But a data model isn't always static. Schemas often need ways to allow for extensibility over time to accommodate new information and element types. Several approaches can extend schemas to include new elements as needed: The six strategies described in this article provide techniques to extend single-namespace schemas. Using multiple namespaces to extend the data being processed requires an article of its own...
(1) Generic elements: A good example of data that changes over time is code lists. A code list is a list of unique code values that have specific meanings, such as product descriptors, frequently used terms, and lists of countries or cities. These values are often stored in a database row that you can add to over time and use to populate choices in an application window. (2) Modular schema assembly: You might modularize schemas for a lot of reasons, but this section focuses on using modularity to extend them. In short, creating several schema modules and including them into your base schema is a form of extending the base schema. (3) Abstract elements and substitution groups: The W3C XML Schema allows for a class of element types that generally appear in the same locations to be treated as a group of equivalent elements in type definitions. For example, you might have several types of named objects (that is, people, places, things) that appear in text as inline elements, including person, city, lodging, restaurant, and museum.
(4) Extension to an existing type: The W3C XML Schema lets you extend existing type definitions to add additional sub-elements, adding additional elements to the data model's structure. You can apply extensions to the types of element or attributes. (5) Redefining existing types: Types defined in one schema can be reused and redefined in another schema module. This behavior can be handy if you inherit a schema but want to modify the definition somewhat to work better in your environment. (6) Wildcards: The W3C XML Schema allows you to declare some elements using wildcards, or elements that can contain just about any other element or attribute—declared or otherwise. The wildcard ANY type is a placeholder whose content might or might not be validated against a schema. Validation is controlled by setting the 'processContents' attribute to skip, lax, or strict..."
See also: XML Schema languages
XML Daily Newslink and Cover Pages sponsored by:
|Sun Microsystems, Inc.||http://sun.com|
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: firstname.lastname@example.org
Newsletter unsubscribe: email@example.com
Newsletter help: firstname.lastname@example.org
Cover Pages: http://xml.coverpages.org/