The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Last modified: June 29, 2010
XML Daily Newslink. Tuesday, 29 June 2010

A Cover Pages Publication
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
Oracle Corporation

Apache Unleashes New Tomcat Open-Source Web Server
Darryl K. Taft, eWEEK

"The Apache Software Foundation (ASF) has announced the Version 7.0 release of Apache Tomcat, the popular open-source Java web server. Tomcat 7.0 is the first major release of the software since 2006... Apache Tomcat 7.0 fully implements the Java Servlet 3.0, JavaServer Pages (JSP) 2.2, and Expression Language (EL) 2.2 specifications for easier Web framework integration. One of the ASF's earliest projects, the Tomcat code base was first donated to the ASF in 1999; the first Apache release, v.3.0, was made later that year. Tomcat 7 makes it simpler to write and deploy complex Web applications, providing out-of-the-box support for development features that would otherwise be coded manually...

With more than 10 million downloads to date, Apache Tomcat powers a broad range of websites. Ross Mason, founder and CTO of MuleSoft: 'MuleSoft applauds the Apache Tomcat team on the release of Tomcat 7... the improvements in this new release leverage advances in Java, including the Servlet 3 specification, significantly improving the lives of the world's Web application developers; this release includes more than 10 years of active community development effort, continuing Tomcat's lead as the best Java web application server to power the enterprise'..."

From the Apache Tomcat Project description: "Version 7.0.0 beta of Apache Tomcat is the first Apache Tomcat release to support the Servlet 3.0, JSP 2.2 and EL 2.2 specifications. In addition, it includes numerous other improvements such as web application memory leak detection and prevention, improved security for the Manager and Host Manager applications, Generic CSRF protection, support for including external content directly in a web application (aliases), re-factoring (connectors, life-cycle) and lots of internal code clean-up...

Apache Tomcat is an open source software implementation of the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed under the Java Community Process. Apache Tomcat is developed in an open and participatory environment and released under the Apache License version 2. Apache Tomcat is intended to be a collaboration of the best-of-breed developers from around the world... Apache Tomcat powers numerous large-scale, mission-critical web applications across a diverse range of industries and organizations."

See also: the Apache Tomcat Project web site

W3C Last Call Working Draft for Media Fragments URI 1.0
Raphaël Troncy, Erik Mannens, Silvia Pfeiffer (et al, eds), W3C Technical Report

Members of the W3C Media Fragments Working Group have released a Last Call Working Draft for the specification Media Fragments URI 1.0. Reviewers are invited to submit comment to the public mailing list through August 27, 2010. This Last Call Working Draft meets the requirements specified in the Use Cases and Requirements for Media Fragments document and incorporates all comments received. The document is intended to be published and maintained as a W3C Recommendation after review and refinement.

The Media Fragments Working Group believes to have addressed all issues brought forth through previous Working Draft iterations. Members of the WG encourage feedback about this document by developers and researchers who have interest in multimedia content addressing and retrieval on the web and by developers and researchers who have interest in Semantic Web technologies for content description and annotation.

Summary: "Audio and video resources on the World Wide Web are currently treated as foreign objects that can only be embedded using a plugin capable of decoding and interacting with the media resource. Specific media servers are generally required to provide for server-side features such as direct access to time offsets into a video without the need to retrieve the entire resource... This specification provides for a media-format independent, standard means of addressing media fragments on the Web using Uniform Resource Identifiers (URI). In the context of this document, media fragments are regarded along three different dimensions: temporal, spatial, and tracks. Further, a fragment can be marked with a name and then addressed through a URI using that name. The specified addressing schemes apply mainly to audio and video resources -- the spatial fragment addressing may also be used on images.

The aim of this specification is to enhance the Web infrastructure for supporting the addressing and retrieval of subparts of time-based Web resources, as well as the automated processing of such subparts for reuse. Example uses are the sharing of such fragment URIs with friends via email, the automated creation of such fragment URIs in a search engine interface, or the annotation of media fragments with RDF. Such use case examples as well as other side conditions on this specification and a survey of existing media fragment addressing approaches are provided in the requirements Use cases and requirements for Media Fragments document that accompanies this specification document... The media fragment URIs specified in this document have been implemented and demonstrated to work with media resources over the HTTP protocol. This specification is not defining the protocol aspect of RTSP handling of media fragment. but it is expected that over time, media formats, media players, Web Browsers, media and Web servers, as well as Web proxies will be extended to adhere to the full specification, helping make video a first-class citizen of the World Wide Web..."

See also: W3C's Video in the Web Activity

An Architecture for Media Recording Using the Session Initiation Protocol
Andrew Hutton, Leon Portman, Rajnish Jain (et al, eds), IETF Internet Draft

Members of the IETF Session Initiation Protocol (SIP) Working Group have published an initial level -00 Informational specification for An Architecture for Media Recording Using the Session Initiation Protocol. From the Abstract: "Session recording is a critical requirement in many communications environments such as call centers and financial trading. In some of these environments, all calls must be recorded for regulatory, compliance, and consumer protection reasons. Recording of a session is typically performed by sending a copy of a media stream to a recording device. This document describes architectures for deploying session recording solutions in an environment which is based on the Session Initiation Protocol (SIP)."

Details: "This document focuses on how sessions are established between a Session Recording Client (SRC) and the Session Recording Server (SRS) for the purpose of conveying the Replicated Media and Media Recording Metadata (e.g. Identity of parties involved) relating to the Communication Session. Once the Replicated Media and Media Recording Metadata have been received by the Session Recording Server they will typically be archived for retrieval at a later time...

This document only considers active recording, where the Session Recording Client purposefully streams media to a Session Recording Server... The Recording Session that is established between the Session Recording Client and the Session Recording Server uses the normal procedures for establishing INVITE initiated dialogs as specified in RFC 3261 and uses SDP for describing the media to be used during the session as specified in RFC 4566. However it is intended that some extensions to SIP (e.g. Headers, Option Tags, Etc.) will be defined to support the requirements for media recording. The Replicated Media is required to be sent in real-time to the Session Recording Server and is not buffered by the Session Recording Client to allow for real-time analysis of the media by the Session Recording Server..."

SIP is a text-based protocol, similar to HTTP and SMTP, for initiating interactive communication sessions between users. Such sessions include voice, video, chat, interactive games, and virtual reality. The main tasks of IETF SIP Working Group group involve bringing SIP from proposed to draft standard and specifying and developing proposed extensions that arise out of strong requirements. The SIP Working Group concentrates on the specification of SIP and its extensions, responding to general-purpose requirements for changes to SIP provided by other working groups, including the SIPPING working group, when those requirements are within the scope and charter of SIP.

See also: the IETF Session Initiation Protocol (SIP) Working Group

Windows Live Messenger Connect Implements OAuth WRAP Specification
Sarah Faulkner, OAuth Discussion List Posting

"Windows Live just shipped a beta of our Messenger Connect platform. The platform uses OAuth WRAP (among other standards) and a new consent dialogue to enable third party websites to access a user's Windows Live data. Some of the data that Messenger Connect beta will give third party websites access to is: contacts, activity streams, calendar, and photos. Messenger Connect will also support sign-up and sign-in with a Windows Live ID and chat through web messenger on the third party site. For more information, read our blog post announcing the release, and check out the documentation. If you want to try it out, there are instructions for how to sign up for the Messenger Connect beta and get access to the libraries..."

The IETF OAuth Web Resource Authorization Profiles (OAuth WRAP) specification "allows a server hosting a Protected Resource to delegate authorization to one or more authorities. An application (Client) accesses the Protected Resource by presenting a short lived, opaque, bearer token (Access Token) obtained from an authority (Authorization Server). There are Profiles for how a Client may obtain an Access Token when acting autonomously or on behalf of a User."

From the referenced blog of Angus Logan: "[Messenger Connect] provides a flexible, yet prescriptive set of APIs to help create intuitive experiences that can be tightly integrated into a website or another app. Windows Live users Messenger, Hotmail, and SkyDrive users can opt in to provide access to their identity (sign-in, profile, relationships, and additional user data), share updates about the things they've done via Messenger social, and chat with their friends, all from within the experience of another website or app... This is the first time we've delivered a suite of standards-based, self-service APIs as a package for authorization using the emerging standards/specifications (OAuth WRAP, Portable Contacts,, and OData)...

Messenger Connect enables three core scenarios for websites and app developers, including: (1) Identity: makes it easy for users to sign in and sign up to your web site using their Windows Live ID; (2) Social distribution: lets users share the things they do on your website with their friends. Activities appear in Messenger, Hotmail, and across Windows Live properties, and other places Messenger social is displayed—including Windows Phone 7 and the very popular Windows Live Messenger iPhone app; (3) Realtime shared experiences: lets users share an experience in real time with their friends..."

See also: the Angus Logan blog

W3C Device API Access Control Notes Published
Alissa Cooper, Frederick Hirsch, John Morris (eds), W3C Group Notes

Members of the W3C Device APIs and Policy Working Group have published two Group Notes: Device API Access Control Requirements and Device API Privacy Requirements. The mission of this W3C Working Group is to create client-side APIs that enable the development of Web Applications and Web Widgets that interact with devices services such as Calendar, Contacts, Camera, etc. Additionally, the group will produce a framework for the expression of security policies that govern access to security-critical APIs... The scope of this Working Group is this creation of API specifications for a device's services that can be exposed to Widgets and Web Applications. Devices in this context include desktop computers, laptop computers, mobile internet devices (MIDs), cellular phones, etc. The WG scope also includes defining a framework for the expression of security policies that govern access of Web Applications and Widgets to security-critical APIs."

The specification Device API Access Control Requirements is a first public Working Group Note, expected to be further updated based on both Working Group input and public comments. [Because much personal information] is sensitive and potentially misused, the DAP working group charter explicitly calls out the need to control access to this information, such as through the use of policy. This is complicated by constraints in two dimensions: end user affiliation and application type.

End user affiliation plays a role in determining what a user is allowed to do. An end user might be an employee of a corporation or subscriber to an operator network. In either case, the corporation or network operator may wish to set constraints on what applications the user accesses may do, by defining and using an access control policy. Alternatively a user may not be acting as an employee and not subject to network operator constraints (at least for now with many Internet connections), but may wish to personally control what Internet applications are allowed to do. Second, there are two types of application under consideration by the DAP WG. First, there are W3C widgets, applications that are created with certain constraints, that might be signed by a source, enabling source authentication. Second: full web applications, which may come from any web site the user may access... 'Device API Access Control Requirements' defines requirements for controlling access to device APIs, illustrated by corresponding use cases."

The Device API Privacy Requirements specification provides definitions, use cases, and requirements for making device APIs more privacy-friendly. Privacy considerations are important to Device APIs, since misuse of information exposed by the APIs can have potentially harmful financial, physical safety, reputational and other impacts. Privacy needs a systemic solution that includes functional requirements on user agents, web sites and other components of the system, since any opportunity for misuse of private information is a risk. Addressing privacy may include functional requirements in technical standards, laws and regulations, and best practices. While privacy is an important consideration for all APIs, privacy risks may vary according to the information exposed by an individual API. For example, inappropriate disclosure of contacts or location information could create serious personal safety issues in a broad range of cases, while disclosure of certain system information might create privacy risks in fewer contexts..."

See also: the W3C Device APIs and Policy Working Group

A Dedicated Routing Policy Specification Language Interface Identifier for Operational Testing
Brian Haberman (ed), IETF Internet Draft

The Internet Engineering Steering Group (IESG) announced approval of the specification A Dedicated Routing Policy Specification Language Interface Identifier for Operational Testing as an IETF Proposed Standard. This is a fairly simple draft that has been reviewed by individuals who understand the Routing Policy Specification Language (RPSL).

Summary: "The deployment of new IP connectivity typically results in intermittent reachability for numerous reasons which are outside the scope of this document. In order to aid in the debugging of these persistent problems, this document proposes the creation of a new Routing Policy Specification Language attribute that allows a network to advertise an IP address which is reachable and can be used as a target for diagnostic tests (e.g., pings)... Routing Policy Specification Language Next Generation (RPSLng), as specified in RFC 4012, introduces a new set of simple extensions to the Routing Policy Specification Language (RPSL), enabling the language to document routing policies for the IPv6 and multicast address families currently used in the Internet...

The goal of the Interface Identifier diagnostic address is to provide operators a means to advertise selected hosts that can be targets of tests for such common issues as reachability and Path MTU discovery. Network operators wishing to provide a diagnostic address for its peers, customers, etc. may advertise its existence via the Routing Policy Specification Language

The presence of one or more pingable attributes signals to network operators that the operator of the target network is providing the address(es) for external diagnostic testing. Tests involving the advertised address(es) should be rate limited to no more than ten probes in a five minute window unless prior arrangements are made with the maintainer of the attribute...."

Using Internet Data in Android Applications: XML, JSON, Protocol Buffers
Michael Galpin, IBM developerWorks

"Android applications often must access data that resides on the Internet, and Internet data can be structured in several different formats. This article illustrates how to build an Android application that works with two popular data formats—XML and JavaScript Object Notation (JSON) — as well as the more exotic protocol buffers format from Google...

First we develop a Web service that converts CSV data into XML, JSON, and protocol-buffers formats. Then we build a sample Android application that can pull the data from the Web service in any of these formats and parse it for display to the user.

XML is a first-class citizen on Android, which is a good thing given how many Web services rely on XML. Many services also support JSON, another popular format. It is usually a little more compact than XML, but it is still human-readable, making it easy to work with and easy to debug applications that use it. Android includes a JSON parser...

Protocol buffers is a language-agnostic data-serialization format developed by Google, designed to be faster than XML for sending data over a network. It is the de facto standard at Google for any server-to-server calls. Google made the format and its binding tools for the C++, Java, and Python programming languages available as open source..."

See also: the Protocol Buffers overview

Hospital CIOs Confused Over E-Health Records Rollout Standards
Lucas Mearian, InfoWorld

Reported: "Eight out of ten hospital CIOs recently surveyed by PricewaterhouseCoopers (PwC) said they're concerned they will not be able to demonstrateechnology 'meaningful use' of electronic health records (EHRs) — and therefore won't qualify for federal reimbursements for rolling out the technology. Ninety-four percent of CIOs in the survey said they are concerned they can't meet government requirements about how to report meaningful use of EHRs, and 92 percent are concerned about a lack of clarity in the criteria used by the government.

Last year, the American Recovery and Reinvestment Act (ARRA) set aside $36 billion to help hospitals and doctors purchase equipment to computerize patient medical records, but even the most sophisticated hospitals in the country are struggling to qualify for the payments, PwC's study indicated. Clinicians and hospitals that deploy the technology and prove that it meets a set of government "meaningful use" standards showing it's being effectively used can receive up to $44,000 per doctor in reimbursement funds beginning next year... There is a four-year window to receive the reimbursement funds, and by 2015, facilities that have not deployed EHRs will face Medicare and Medicaid reimbursement cuts..."

From the PricewaterhouseCoopers' Health Research Institute (HRI) announcement ('Meaningless Adoption of Electronic Health Records Could Put Meaningful Use Goals at Risk'): "According to PricewaterhouseCoopers' report, many hospitals are behind the curve on the path to meaningful use. The biggest barriers include: [A] Lack of clarity and a final ruling hinder meaningful use implementation; guidelines for system certification were issued by the US Department of Health and Human Services on June 7, 2010, but final guidelines for meaningful use criteria are not expected until fall of 2010, leaving many CIOs and their vendors at an impasse. [B] Shortage of skilled staff: there is a shortage of professionals in the labor market with the appropriate mix of skills to help integrate information technology usage into clinical, operational and administrative practices. [C] Vendor readiness and fallout from consolidation are unclear: more than one-third of CIOs surveyed by PricewaterhouseCoopers said they are concerned or very concerned about vendor readiness overall. [D] Existing infrastructure capabilities are being questioned: complex networking capabilities and increased bandwidth are needed to reliably handle the massive influx of data that needs to flow 24X7, and hospital CIOs are concerned about the unknown cost of maintaining back-up plans should the system go down and they have to revert to paper records...

In today's health industry, 'meaningful use' has a specific definition: compliance with a new set of regulatory metrics, which are to be phased in over five years: (1) Stage 1: 2011, Capture/share data: E-copies of health information to patients; Claims and eligibility checking; Quality and immunization reporting; 10% of all orders, including medications, through computer-ized physician order entry (CPOE); Drug-drug, drug-allergy, drug-formulary checks; medication lists/reconciliations; Lab results delivery; (2) Stage 2: 2013, Advanced care processes with decision support: Health summaries for continuity of care; Registry reporting and reporting to public health; Populate PHRs; CPOE for all order types; Evidence-based order sets; Clinical decision support at point of care; All clinical documentation in EHR (3) Stage 3: 2015, Improved Outcomes: Minimal levels of performance on quality, safety and efficiency measures; Clinical decision support for national high-priority conditions; Access comprehensive data from all available sources; Experience-of-care reporting; Medical device interoperability; Dynamic/ad hoc quality reports; Real-time surveillance; Multimedia support (e.g. X-rays) Patients have access to self-management tools; Use of epidemiologic data; Clinical dashboards; Provide patients with accounting of treatment, payment, and healthcare operations disclosures (upon request)..."

See also: the PricewaterhouseCoopers announcement

NetBeans 6.9 Release Emphasizes JavaFX
John K. Waters, Application Development Trends

"In the NetBeans version 6.9 release, the first under Oracle's stewardship, the company is spotlighting a new plug-in: JavaFX Composer, which is a visual layout tool for building JavaFX GUI apps, along the lines of the Swing GUI builder for Java SE applications. The capabilities and features listed on the NetBeans community Web site includes a visual editor for a form-like UI using components in JavaFX 1.2.1 SDK; dynamic design editing based on states; data access to Web Services, databases and local storages; support for JavaFX binding; a simple animation editor; and multi-screen-size editing.

JavaFX is the Java-based rich Internet application (RIA) platform created by Sun. The Composer component is designed to allow developers to 'quickly build, visually edit, and debug [RIAs] and bind components to various data sources, including Web services'... This release also supports JavaFX 1.3, Java Card Connected 3, the Spring 3.0 framework, the PHP Zend Framework and Ruby on Rails 3.0... With NetBeans 6.9, Oracle appears to making good on its promise to promote NetBeans as a development environment for dynamic scripting languages. Oracle now owns three IDEs: JDeveloper; the Eclipse IDE, which Oracle supports with the Oracle Enterprise Pack for Eclipse; and NetBeans.

According to the Oracle announcement: "NetBeans IDE 6.9 provides improved editing and development capabilities, including: Improved Java language editing with more than 80 new hints, to enhance developer productivity; Additional support for Java Enterprise Edition 6, including Contexts and Dependency Injection (CDI) and JSR-299. New JavaFX Composer enables visual editing of form-based user interfaces; Enhanced JavaFX script editing and refactoring; Support for CSS code completion, find usages, and renaming capabilities for HTML and CSS; The ability to quickly code, test, and deploy OSGi bundles using Maven and Felix; Bundled Felix container with the ability to deploy other containers, such as Equinox; Support for the Spring 3.0 framework; PHP Zend framework, as well as better PHP formatting and code completion; Ruby on Rails 3.0 and specification of which gems the IDE should reference...

NetBeans IDE 6.9 introduces JavaFX Composer, a visual editor and layout tool for building JavaFX applications. With JavaFX Composer, organizations can quickly build, visually edit, and debug Rich Internet Applications (RIA) and bind components to various data sources, including databases and Web services. NetBeans IDE 6.9 also offers OSGi interoperability, enabling developers to easily create OSGi bundles for applications based on the NetBeans Platform..."

See also: Gautam Muduganti's blog


XML Daily Newslink and Cover Pages sponsored by:

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation

XML Daily Newslink:
Newsletter Archive:
Newsletter subscribe:
Newsletter unsubscribe:
Newsletter help:
Cover Pages:

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: