The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Last modified: June 16, 2010
XML Daily Newslink. Wednesday, 16 June 2010

A Cover Pages Publication
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
Microsoft Corporation

NIST Draft Framework for Designing Cryptographic Key Management Systems
Elaine Barker, Dennis Branstad, Santosh Chokhani, Miles Smid; NIST Draft SP

The U.S. National Institute of Standards and Technology (NIST) has released an initial public draft version of NIST Special Publication (SP) 800-130, A Framework for Designing Cryptographic Key Management Systems. Public comment is invited through August 17, 2010. The document will be discussed at a Key Management Workshop scheduled for September 20-21, 2010 held at NIST.

This Framework for Designing Cryptographic Key Management Systems (CKMS) contains descriptions of CKMS components that should be considered by a CKMS designer and specifies requirements for the documentation of those CKMS components in the design. This Framework places documentation requirements on the CKMS design document. Thus, any CKMS, that is properly documented, could have a design document that is compliant with this Framework... The document is intended for designers, implementers, security analysts, managers, system procurers, and users of CKMS to manage and protect keys. While some introductory material is provided to explain the Framework components and to justify the requirements, this document assumes that the reader has knowledge of the principles of key management...

Cryptographic techniques use cryptographic keys that are managed and protected throughout their life cycles by the CKMS. Effectively- implemented cryptography can reduce the scope of the information management problem from the need to protect large amounts of information to the need to protect only keys and certain metadata (i.e., information about the key and its use, such as the algorithm with which the key is to be used, the security service applied using the key, etc.). The CKMS binds a key to its critical metadata in order to control the proper use of the key.

When designing a CKMS, the cryptographic techniques used to protect the keys managed by the CKMS should offer a level of protection (often measured in bits of security) that is infeasible to bypass by a would-be attacker. This design principle is comparable to a design principle used in building safes and vaults: the designer builds the vault to a standard that would discourage the rational attacker from attempting entry; the only way to open the safe is to open the safe door by trying possible combinations until the correct combination is selected. Similarly, the only way to decrypt previously encrypted data (without knowledge of the correct key) is to test possible keys until eventually the correct key is used to decrypt the ciphertext to obtain the correct plaintext. Just as the protection provided by a safe is dependent on the number of its possible combinations, the strength of a cryptographic algorithm is dependent on the number of possible keys..."

See also: Cryptographic Key Management

Devices Profile for Web Service (DPWS) for 6LoWPAN Networks
Guido Moritz (ed), IETF Internet Draft

Members of the IETF Working Group IPv6 over Low power WPAN (6LOWPAN) have released version -01 of the I-D DPWS for 6LoWPAN. This draft describes adaptions and enhancements for deploying the Devices Profile for Web Service (DPWS) in 6LoWPAN networks.

"The work of this TC is based on the former DPWS, WS-Discovery, and SOAP-over-UDP specifications. DPWS makes use of existing Web services protocols, but also adds several extensions to enable Web services based communication on embedded devices also. Thereby, DPWS includes features like (1) discovery of devices and metadata exchange with services even in dynamic changing environments (2) eventing about state changes by WS-Eventing (3) security and integrity for discovery, metadata exchange and service usages. Because DPWS bases on existing Web services standards, it is fully capable of being integrated in the Web services framework...

The draft describes several adaptions and enhancements to expand DPWS deployments to 6LoWPAN networks, but is far away from a comprehensive specification. It only presents a basis for further discussions. The main scope is the definition of a profile, to describe: message compression and bidirectional message reduction, while staying fully compliant with existing WS-DD specifications. The deployment of this profile is fully transparent for existing DPWS implementations and describes extension to be considered by 6LoWPAN networks only... DPWS describes two different modes for discovery of devices: ad-hoc mode and managed mode. In managed mode, a registry called Discovery Proxy is applied to suppress multicast messages... Because DPWS bases on SOAP and thus on XML for data representation, XML compression techniques and/or encoding concepts have to be used to reduce message sizes..."

The IETF IPv6 over Low power WPAN (6lowpan) Working Group was chartered to "generate the necessary documents to ensure interoperable implementations of 6LoWPAN networks and will define the necessary security and management protocols and constructs for building 6LoWPAN networks, paying particular attention to protocols already available... Well-established fields such as control networks, and burgeoning ones such as 'sensor' (or transducer) networks, are increasingly being based on wireless technologies. Most (but certainly not all) of these nodes are amongst the most constrained that have ever been networked wirelessly. Extreme low power (such that they will run potentially for years on batteries) and extreme low cost (total device cost in single digit dollars, and riding Moore's law to continuously reduce that price point) are seen as essential enablers towards their deployment in networks..."

See also: specifications from the OASIS WS-DD TC

Last Call Public Review for IETF Geolocation Privacy Preferences Policy
Henning Schulzrinne, Hannes Tschofenig, John Morris (et al., eds); IETF Internet Draft

The Internet Engineering Steering Group (IESG) announced receipt of a request to consider Geolocation Policy: A Document Format for Expressing Privacy Preferences for Location Information as an IETF Proposed Standard. The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the IETF mailing lists by 2010-06-30.

This document is the product of the IETF Geographic Location/Privacy Working Group. "The document has been reviewed by key participants from the GEOPRIV working group. The IESG contact persons are Robert Sparks and Gonzalo Camarillo. Version -11 of this document was presented as an IETF Last Call document in February 2007, but subsequent IESG review identified several issues. The resulting working group discussion resulted in significant changes to the document. There is strong, long-standing consensus in the working group that the policies described this document are a useful way to transmit geolocation-based privacy policies...

Location information needs to be protected against unauthorized access to preserve the privacy of humans. In RFC 3693, a protocol-independent model for access to geographic information is defined. The model includes a Location Generator (LG) that determines location information, a Location Server (LS) that authorizes access to location information, a Location Recipient (LR) that requests and receives location information, and a Rule Maker (RM) that writes authorization policies. An authorization policy is a set of rules that regulates an entity's activities with respect to privacy-sensitive information, such as location information. The data object containing location information in the context of this document is referred to as a Location Object (LO). The basic rule set defined in the Presence Information Data Format Location Object (PIDF-LO) can restrict how long the Location Recipient is allowed to retain the information, and it can prohibit further distribution. It also contains a reference to an enhanced rule set and a human readable privacy policy. The basic rule set, however, does not allow to control access to location information based on specific Location Recipients...

This document describes an enhanced rule set that provides richer constraints on the distribution of LOs. It extends the Common Policy framework defined in RFC 4745. That document provides an abstract framework for expressing authorization rules. As specified there, each such rule consists of conditions, actions and transformations. Conditions determine under which circumstances the entity executing the rules, for example a Location Server, is permitted to apply actions and transformations. Transformations regulate in a location information context how a Location Server modifies the information elements that are returned to the requestor, for example, by reducing the granularity of returned location information. The XML schema defined in Section 9 extends the Common Policy schema by introducing new child elements to the condition and transformation elements...."

See also: the IETF Geographic Location/Privacy (GEOPRIV) Working Group

Companies Conserving Water Surprised By Savings
Candace Lombardi, CNET

"Water is not only the next big environmental issue, but also the next savings opportunity, according to several companies. A survey conducted by research analyst Ethical Corporation in May 2010 found that 99 percent of corporate sustainability managers saw water becoming a top priority for businesses in the next 5 to 10 years. The report found that 52 percent of sustainability managers ranked 'water stewardship' within the top five most important issues they now deal with...

More interesting is the hard data supporting the trend. Companies have found that saving water equates with saving money even when including initial infrastructure investments, according to the report (which included interviews with global giants like Unilever, Kraft, Coca-Cola, and Shell. The report found many companies surprised by water savings outperforming estimates after they initiated company water conservation projects...

Sainsbury's, for example, a leading U.K. supermarket chain, has saved 1.6 million pounds (about $2.4 million) since fixing leaks, installing sensors on urinals, and reducing toilet water capacity, according to the report... Whitbread, a U.K. company that owns hotel and restaurant chains, saved 350,000 pounds ($519,000) annually after installing low flow-faucets and shower heads [...] Now the company has decided to implement more water conservation initiatives...

Both the report and interview underscore what companies and sustainability experts have individually been saying about water being the 'oil of the 21st century.' In January 2010, for example, Jackson Family Wines of Kendall-Jackson fame, announced it would be cutting its winery water usage by 70 percent. It also proposed that if just 35 percent of California wineries implemented the same technology, it could save the state 1 billion gallons of water annually..."

Opera Gains More HTML5 Features
Mikael Ricknäs, InfoWorld

The next version of Opera's browser adds support for more HTML5 features, and is now available in beta... The hype surrounding HTML5 is growing, but the standard also holds the promise to change the way the Web is used. It is a huge step on the way to turning the browser and the Web into a proper platform for running applications, according to Jan Standal, vice president of desktop products at Opera.

Implementing HTML5 is, just like the standard, is a work in progress. In version 10.6 Opera has expanded the browser's video capabilities by adding the new, open WebM file format, which Google announced last month. Mozilla, Opera, Adobe, and more than 40 other vendors back the standard, according to the project's Web site. The format is looking very promising, said Standal. Opera has also added AppCache, which is one of the components that will make it possible to run Web applications without being online...

In addition to these HTML5 improvements, Opera has also implemented the Geolocation API, which is being developed by W3C, and Web Workers, developed by the Web Hypertext Application Technology Working Group (WHATWG)..."

The W3C Geolocation API "defines a high-level interface to location information associated only with the device hosting the implementation, such as latitude and longitude. The API itself is agnostic of the underlying location information sources. Common sources of location information include Global Positioning System (GPS) and location inferred from network signals such as IP address, RFID, WiFi and Bluetooth MAC addresses, and GSM/CDMA cell IDs, as well as user input. No guarantee is given that the API returns the device's actual location. The API is designed to enable both "one-shot" position requests and repeated position updates, as well as the ability to explicitly query the cached positions. Location information is represented by latitude and longitude coordinates. The Geolocation API in this specification builds upon earlier work in the industry..."

See also: the W3C Geolocation API Specification

GE Offers E-Health Records as SaaS Offering
Lucas Mearian, ComputerWorld

"GE's health care division today announced its first electronic medical record (EMR) product in a software-as-a-service (SaaS) platform aimed at small or remote physician practices with a lower-cost, monthly fee model. GE Healthcare's Centricity Advance product offers a combination of EMR, physician administrative management and patient portals...

The SaaS offering differs from a traditional hosted or application service provider model in that after a start-up fee of $4,000 to $9,000, customers are charged a monthly subscription fee, according to Chittaranjan Mallipeddi, vice president and general manager of GE Healthcare IT's newly launched SaaS business unit..."

From the announcement: "The fact that Centricity Advance was designed from the ground up as a web service is significant. Instead of simply providing web-based gateway into a standard EMR application, the Centricity Advance is created with anywhere/anytime access in mind, resulting in an intuitive and efficient interface without sacrificing functionality. Since system management is centralized as part of the Centricity Advance service, small practices don't have to worry about data protection, updates, equipment failures and other typically stressful responsibilities of user-driven IT management.

Another key feature of Centricity Advance is the Patient Self-Service Portal, which connects patients to their care. By using their own secure password to log in, patients can communicate privately with their doctor and view their own information such as statements, prescriptions and lab results. Patients can also request and confirm appointments, request prescription refills and get automatic reminders for immunizations and lab tests..."

See also: XML Standards and Healthcare

OAGi Invites Comment on Chem eStandards 5.1 Public Review Package
Staff, Open Applications Group Announcement

Open Applications Group (OAGi) has announced a 45-work-day review period for version 5.1 of the Chemical Industry Council Chem eStandards. The purpose of the review session, which ends July 13, 2010, is to provide a forum for stakeholders to ask questions about the upcoming 5.1 release and provide feedback.

The v5.1 updates include 180 change requests from AgGateway, who is a member of the Chemical Industry Council. Some of these changes were made to enable new eBusiness processes for: (1) European horticulture, e.g., flowers, and (2) North American feed, seed, crop nutrient, and crop protection sectors of the agriculture industry...

The Chemical Industry Council was formed as a result of the merger of the Chemical Industry Data Exchange organization (CIDX) and the Open Applications Group (OAGi). The Chem eStandards that CIDX built are very successful in the industry, and the CIDX community began to look towards what's next. The next goal they decided to work towards was for cross-industry interoperability. The CIDX staff then researched other standards organizations they thought could best support this goal. The recommendation was made to merge with the Open Applications Group, an existing cross industry standard, and works towards that goal.

So at the end of 2008 CIDX transitioned its standards and operations to the Open Applications Group, Inc. (OAGi) and the American Chemistry Council's Chemical Information Technology Center (ChemITC), and ceased to exist as a corporation. The Chem eStandards will continue to be supported for the foreseeable future while the Chemical Industry Council works towards their new goal..."

See also: the OAGi web site


XML Daily Newslink and Cover Pages sponsored by:

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation

XML Daily Newslink:
Newsletter Archive:
Newsletter subscribe:
Newsletter unsubscribe:
Newsletter help:
Cover Pages:

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: