The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Last modified: October 21, 2010
XML Daily Newslink. Thursday, 21 October 2010

A Cover Pages Publication
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
ISIS Papyrus

W3C Integrates Math on the Web with MathML 3
Staff, W3C Announcement

W3C has announced the publication of "an important standard for making mathematics on the Web more accessible and international, especially for early mathematics education. MathML 3 is the third version of a standard supported in a wide variety of applications including Web pages, e-books, equation editors, publishing systems, screen readers (devices that read aloud the information on a page) and braille displays, ink input devices, e-learning and computational software.

Mathematical Markup Language (MathML) Version 3.0 is part of W3C's Open Web Platform, which includes HTML5, CSS, and SVG. Browser vendors will add MathML 3 support as they expand their support for HTML5. Firefox and Camino already support MathML 2 natively, and Safari/WebKit nightly builds continue to improve. Opera supports the MathML for CSS profile of MathML 3. Internet Explorer users can install a freely-available MathPlayer plug-in. In addition, JavaScript software such as MathJax enables MathML display in most browsers without native support.

A key benefit of MathML 3 is enhancement of math accessibility for education. There is dizzying variation around the world in the visual layout of even the most common operations, including multiplication, long division, subtraction, and 'carries' and 'borrows' for addition. MathML 3 introduces new support for representing this diversity of notational styles while maintaining sufficient mathematical structure so that problems can be spoken comprehensibly by assistive technology such as screen readers.

George Kerscher is Secretary General of the DAISY Consortium, a W3C Member devoted to developing and promoting accessibility standards. He reports: 'We have incorporated MathML vocabulary into the DAISY Standard and it has proved very effective for middle and upper level math and science. With MathML 3 support for elementary math notation, materials used to teach math in elementary schools can now be made accessible. This will make production of math faster, cheaper, and better for those with print disabilities'... [And] Adil Allawi, Technical Director of Diwan Software Limited, a vendor of Arabic language publishing software notes: 'The right-to-left features of MathML 3.0 will make a real difference in the Arab education field. It makes it possible, for the first time, to build standards-based and truly interoperable electronic maths books for students in the Arab countries. Although many people think of mathematics as an international language, mathematical notations can vary greatly from region to region. An extreme case is the right-to-left layout of equations encountered in Arabic texts and other right-to-left languages'..."

See also: Mathematical Markup Language (MathML) Version 3.0

Problem Statement of P2P Streaming Protocol (PPSP)
Yunfei Zhang, Ning Zong, Gonzalo Camarillo (et al), IETF Internet Draft

Members of the IETF Peer-to-Peer Streaming Protocol (PPSP) Working Group have published an initial level -00 Internet Draft presenting the Problem Statement of P2P Streaming Protocol (PPSP). This IETF WG was chartered to develop two signaling and control protocols for a peer-to-peer (P2P) streaming system for transmitting live and time-shifted media content with near real-time delivery requirements. A companion specification "P2P Streaming Protocol (PPSP) Requirements" enumerates the requirements for the PPSP which should be considered when designing PPSP.

From the Problem Statement document: "Streaming traffic is among the fastest growing traffic on the Internet. As Cisco Visual Network Traffic index measured, video streaming already generates the largest volume of Internet traffic in 2010, and the percentage is expected to rise to as high as 91% of the total Internet traffic in 2014... P2P streaming is seeing rapid deployment. Large P2P streaming applications such as PPLive, PPstream, and UUSee each has a user base exceeding 100 millions. P2P streaming traffic is becoming a major type of Internet traffic in some Internet networks. For example, according to the statistics of a major Chinese ISP, the traffic generated by P2P streaming applications exceeded 50% of the total backbone traffic during the peak time in 2008. In early 2010, CNTV, China National Network Television for CCTV, launched its software named CBox, which supports P2P-based live and VoD programs. The user base of CBox has increased rapidly. During the opening of 2010 FIFA World Cup, the user base of CBox increased 5 times, reaching 3 million online users a day and altogether 350 million times view.

We propose to standardize the key signaling protocols among various P2P streaming system components including the tracker and the peers. These protocols, called PPSP, are a part of P2P streaming protocols. This document describes the terminologies, concepts, incentives, and scope of developing PPSP, as well as the use cases of PPSP... We argue that proprietary P2P streaming protocols lead to substantial difficulties when integrating P2P streaming as an integral component of a global content delivery infrastructure. For example, proprietary P2P streaming protocols do not integrate well with existing cache and other edge infrastructures.

The role of standardization in P2P streaming systems is to: (1) decouple the information exchange with the data delivery so that some most common functions of P2P streaming can use a generic and open protocol; (2) standardize the information exchange message so that network and service equipments from different providers can interact with each other to produce a complete P2P streaming system...

See also: the P2P Streaming Protocol (PPSP) Requirements

Father of CSS Plans for Web Publishing Future
Stephen Shankland, CNET

"Good news for anybody with a newspaper who needs to reckon with Internet publishing: the man behind a key Web technology has your needs in mind. After years of relative obscurity, the Web formatting standard called CSS, or Cascading Style Sheets has come into its own, taking a starring role as the mechanism for building a new generation of interactive, elaborate Web pages. CSS is growing in new directions now, and the technology's original creator believes its next direction for improvement will be dealing with more complicated Web page layout chores.

Håkon Wium Lie, Opera's chief technology officer: 'There is important work left to be done for layout. The new CSS3 under development now can handle multi-column text arrangements, but you couldn't replicate a printed newspaper in CSS. Now there's work under way to address that with CSS modules called grid layout and template layout... You paint a layout with ASCII art, a sort of visual design made out of text directly in the CSS code, then fill content into that. It's an experimental specification, but one I think has that compactness and terseness and minimalism that's part of CSS but still allows you to do quite advanced layouts'...

Even though the Web is expanding from online documents to online applications, publishing is still very important. In particular with the arrival of the iPad and other tablets, tools to create a polished, flexible layout are essential as publishers seek to capitalize on the medium. The layout tools likely will be a part of the current CSS3 specification under development, probably as modules...

Some new CSS3 feature include transformations (which for example let elements be moved around a Web page, resized, and rotated) and transitions, which control effects such as photos zooming into the background. Both of those benefit from hardware acceleration... Microsoft also has become active in CSS development, for example by submitting numerous tests to help browser makers ensure they truly support the standard. Also helping out the newspaper crowd is the addition of Web Open Font Format, which after years of fitful effort appears to have won over typography experts as a way to venture beyond the small collection of 'Web-safe' fonts..."

See also: the CSS Template Layout Module

OpenStack Austin Platform has First Major Release for Cloud Computing
Jack Clark, ZDNet Blog

"The open-standards and open-source cloud project OpenStack has released Austin, the first version of its production platform. OpenStack Austin is a cloud platform built on code from Rackspace's cloud files and cloud server systems, and from Nasa's Nebula Cloud Computing platform. Work on the cloud platform was initially announced in July 2010, and the release of Austin came after developers added in support for more hypervisors and alternative cloud services.

OpenStack now supports the Linux-based Kernel Virtual Machine (KVM) and the Citrix-owned XenServer hypervisors, along with User-mode Linux (UML), which modifies the Linux kernel to give a hypervisor-like functionality. When asked why there is no support for other hypervisors, such as VMware's models..."

According to the Rackspace/OpenStack announcement: "[We] announced the 'Austin' code release of OpenStack Compute and Object Storage. Since the project's inception three months ago, OpenStack has built an active community of contributors, delivered on its code release and feature commitments, attracted new member organizations and received significant interest from enterprises and service providers... The code for OpenStack Object Storage, a highly available cloud storage platform based on source code from Rackspace Cloud Files, was made available as a developer preview in July 2010. The Austin release makes it easier to install and deploy, and has dozens of bug fixes and feature additions including a statistics processor, enhanced access control and user-defined metadata.

The initial release of OpenStack Compute, a large-scale compute provisioning engine, is ready for testing and prototyping, and users are encouraged to participate in the open development process by installing the code and providing feedback. The goal with this release is to create an easier path to adoption for the three stakeholder communities: service providers building cloud offerings, enterprises and government agencies deploying private clouds, and the ecosystem of cloud technology providers integrating with OpenStack..."

See also: the OpenStack web site

Amazon Web Services (AWS) Offers Free Usage Tier
Staff, AWS Announcement

"To help new Amazon Web Services customers get started in the cloud, AWS is introducing a new free usage tier. Beginning November 1, 2010. new AWS customers will be able to run a free Amazon EC2 Micro Instance for a year, while also leveraging a new free usage tier for Amazon S3, Amazon Elastic Block Store, Amazon Elastic Load Balancing, and AWS data transfer. AWS's free usage tier can be used for anything you want to run in the cloud: launch new applications, test existing applications in the cloud, or simply gain hands-on experience with AWS...

The new AWS free usage tier applies to participating services across all AWS regions: US - N. Virginia, US - N. California, EU - Ireland, and APAC - Singapore. Your free usage is calculated each month across all regions and automatically applied to your bill; free usage does not accumulate.

These free tiers are only available to new AWS customers and are available for twelve months following your AWS sign-up date. When your free usage expires or if your application use exceeds the free usage tiers, you simply pay standard, pay-as-you-go service rates; see each service page for full pricing details. Restrictions apply; see offer terms for more details. These free tiers do not expire after 12 months and are available to both existing and new AWS customers indefinitely.

The AWS Free Usage Tier (Per Month) covers: (1) 750 hours of Amazon EC2 Linux Micro Instance usage—613 MB of memory and 32-bit and 64-bit platform support, enough hours to run continuously each month; (2) 750 hours of an Elastic Load Balancer plus 15 GB data processing; (3) 10 GB of Amazon Elastic Block Storage, plus 1 million I/Os, 1 GB of snapshot storage, 10,000 snapshot Get Requests and 1,000 snapshot Put Requests; (4) 5 GB of Amazon S3 storage, 20,000 Get Requests, and 2,000 Put Requests; (5) 30 GB per of internet data transfer—15 GB of data transfer 'in' and 15 GB of data transfer 'out' across all services except Amazon CloudFront; (6) 25 Amazon SimpleDB Machine Hours and 1 GB of Storage; (7) 100,000 Requests of Amazon Simple Queue Service; (8) 100,000 Requests, 100,000 HTTP notifications and 1,000 email notifications for Amazon Simple Notification Service... In addition to these services, the AWS Management Console is available at no charge to help you build and manage your application on AWS..."

Digital Signatures for the Open Web Authentication (OAuth) Protocol
Hannes Tschofenig and Blaine Cook (eds), IETF Internet Draft

An Informational IETF Internet Draft has been published on provisions for security in the use of OAuth: Thoughts about Digital Signatures for the Open Web Authentication (OAuth) Protocol. From the document Abstract: "The initial version of the Open Web Authentication Protocol (OAuth 1.0), often referred to as the community addition, included an mechanism for putting a digital signature (when using asymmetric keys) or a keyed message digest (when using symmetric keys) to a resource request when presenting the OAuth token. This cryptographic mechanism has lead to lots of discussions, particularly about the problems implementers had, the use cases it supports, and the benefit-cost tradeoff. This document tries to describe the use of the so-called 'OAuth Signature' mechamism in an unbiased and less emotional way with the main purpose to conclude the discussions."

Details: "From a cryptographic point of view the following aspects of the OAuth 1.0 specification are significant: (1) The format and content of the Access Token is not specified. (2) The authenticated request [typically, as illustrated is] essentially a basic HTTP authentication mechanism that supports symmetric as well as asymmetric credentials. The purpose is to authenticate Alice to Bob; no mutual authentication. The procedure for obtaining these credentials is outside the scope. To ensure liveness of the authentication a timestamp and a nonce is included in the request (and is included in the digital signature and the keyed message digest).

Finally, (3) the authenticated request signing is optional to implement and optional to use. When the authenticated request signature is omitted (called bearer token) then TLS. Details about what ciphersuite to use with TLS and what required features are needed are not available. The authors here argue that the best approach for providing security for OAuth is to describe security threats similar to the writeup in Section 3 (Security Threats, e.g., Token manufacture/modification, Token disclosure, Token redirect, Token reuse). We offer recommendations for the protection and the content of the token. A document with a detailed description of the token encoding and the token content (including security protection) is likely to provide users with help in designing their own custom extensions. This document does not need to be part of the OAuth 2.0 base specification.

We define a mandatory-to-implement solution based on 'key confirmation' (using symmetric keys) since it provides the fewest number of operational drawbacks. A symmetric key based approach was chosen because of performance reasons even though it requires Carol and Bob to share a long-term secret. We strongly recommend the usage of TLS between Alice and Bob mainly for the additional security services TLS provides, such as confidentiality protection. TLS will be useful for access to protected resources for the exchange of sensitive information. In case that server-side authentication is a concern the usage of channel bindings should be investigated since they allow binding an anonymous Diffie-Hellman exchange during the TLS handshake with the high-layer security exchange...."

See also: the IETF Open Authentication Protocol (OAuth) Working Group

WSO2 Launches Eclipse Tool for Carbon Middleware
Charles Babcock, InformationWeek

"WSO2, an open source company in Mountain View, Calif., and Columbo, Sri Lanka, now offers Carbon Studio for developing applications for its lightweight, web services-oriented Carbon middleware, now in use at eBay and major enterprise sites, such as Deutsche Bank, Prudential, and Kaiser Permanente...

Carbon Studio plugs into the Eclipse Programmer's workbench, giving its users the familiar Eclipse integrated development environment with code editing, debugging, and source code control. The emergence of its Eclipse tooling after two years in development allows WSO2 to reach a wider audience for its middleware..."

From the Carbon Studio web site: "WSO2 Carbon Studio represents a major step forward in providing a complete Eclipse-based SOA development environment for the award-winning WSO2 Carbon platform. Developers can now define a project representing a complete Carbon Application (CApp) spanning multiple types of artifacts—from Java to power WSO2 Web Services Application Server services and XML configurations for the WSO2 ESB to BPEL to provision the WSO2 Business Process Server.

Carbon Studio simplifies creation of these artifacts with graphical editors and management of the links and dependencies between these services. It further helps test and debug them within the IDE, and helps deploy them as Carbon Archives (.car) onto your WSO2 Carbon-based servers or onto a WSO2 Stratos-based cloud... With a single click, you can test your project on a Carbon server running directly inside Eclipse. Use the Eclipse debugger to step through Axis2-based services, Synapse Mediators, Registry Handlers, and Data Validators. To simplify the deployment of a composite application, a CApp project can be exported as a Carbon Archive; this package contains all the artifacts necessary to deploy your app into a production environment. Each server will filter out the artifacts to install just those appropriate to its role. For example, an ESB runtime will pick out the ESB configurations and ignore the BPEL ones and vice versa. And with the hot deployment and hot update capabilities available, deploying your artifacts has become even simpler with no manual intervention needed..."

See also: the WSO2 Carbon Studio web site

The Future of WCF Is RESTful
Abel Avram, InfoQueue

"Glenn Block, a Windows Communication Foundation (WCF) Program Manager, reported during an online webinar 'WCF, Evolving for the Web' that Microsoft's framework for building service-oriented applications is going to be refactored radically, the new architecture being centered around HTTP. Block started the online session by summarizing the current trends in the industry: a move to cloud-based computing; a migration away from SOAP; a shift towards browsers running on all sorts of devices; an increase in the adoption of REST; emerging standards like OAuth, WebSockets...

One of the key features of WCF is support for multiple transports (HTTP, TCP, named-pipes) under the same programming model. Unfortunately when it comes to HTTP, a lot of HTTP goodness (scale, content negotiation) is lost because WCF treats it as a transport. So Block is looking forward to see WCF supporting HTTP as a first class application protocol with simple and flexible programming model..

WCF will contain helper APIs for pre-processing HTTP requests or responses, doing all the parsing and manipulation of arguments, encapsulating the HTTP information in objects that can be later transferred for further processing. This will relieve the user from dealing with HTTP internals directly if he wants to. This feature will also present a plug-in capability for media-type formatters of data formats like JSON, Atom, OData, etc. WCF will support some of them out of the box, but the user will be able to add his own formatters.

We asked Glenn Block what it is going to happen to the other protocols, especially SOAP. His answer was that WCF is going to fully support the existing stack, and the current development is meant to evolve WCF to fully support HTTP without renouncing to anything WCF has so far..."

See also: on Windows Communication Foundation


XML Daily Newslink and Cover Pages sponsored by:

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation

XML Daily Newslink:
Newsletter Archive:
Newsletter subscribe:
Newsletter unsubscribe:
Newsletter help:
Cover Pages:

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: