XML Daily Newslink. Wednesday, 28 February 2007

[Robin Cover <robin@oasis-open.org>]

XML Daily Newslink. Wednesday, 28 February 2007
A Cover Pages Publication http://xml.coverpages.org/
Provided by OASIS http://www.oasis-open.org
Edited by Robin Cover

====================================================

This issue of XML Daily Newslink is sponsored by
BEA Systems, Inc.  http://www.bea.com

====================================================

HEADLINES:

* Anti-SPIT : A Document Format for Expressing Anti-SPIT Authorization
  Policies
* W3C Launches Security Specifications Working Group
* Where is XML Going?
* Planning to Upgrade XSLT 1.0 to 2.0, Part 5: Make Your Stylesheets
  Work With Any Processor Version
* Web Services Policy 1.5: W3C Call for Implementations
* Microsoft Closer on 'Office Open' Blessing
* Assisting Novice Analysts in Developing Quality Conceptual Models
  with UML
* U.K. Launches Open-Source Policy Group
* RIAA Opposes New Fair Use Bill

----------------------------------------------------------------------

Anti-SPIT : A Document Format for Expressing Anti-SPIT Authorization
Policies
Hannes Tschofenig, Dan Wing (et al.), IETF Internet Draft

The problem of SPAM for Internet Telephony (SPIT) is an imminent
challenge and only the combination of several techniques can provide
a framework for dealing with unwanted communication. The responsibility
for filtering or blocking calls can belong to different elements in
the call flow and may depend on various factors. This document defines
an authorization based policy language that allows end users to upload
anti-SPIT policies to intermediaries, such as SIP proxies. These
policies mitigate unwanted SIP communications. It extends the Common
Policy authorization framework with additional conditions and actions.
The new conditions match a particular Session Initiation Protocol (SIP)
communication pattern based on a number of attributes. The range of
attributes includes information provided, for example, by SIP itself,
by the SIP identity mechanism, by information carried within SAML
assertions. A SPIT authorization document is an XML document, formatted
according to the schema defined in RFC 4745 (Common Policy: A Document
Format for Expressing Privacy Preferences). SPIT authorization
documents inherit the MIME type of common policy documents,
'application/auth-policy+xml'. This document is composed of rules which
contain three parts: conditions, actions, and transformations. Each
action or transformation, which is also called a permission, has the
property of being a positive grant to the authorization server to
perform the resulting actions, be it allow, block etc . As a result,
there is a well-defined mechanism for combining actions and
transformations obtained from several sources. This mechanism therefore
can be used to filter connection attempts thus leading to effective
SPIT prevention. Policies are XML documents that are stored at a Proxy
Server or a dedicated device. The Rule Maker therefore needs to use a
protocol to create, modify and delete the authorization policies
defined in this document. Such a protocol is available with the
Extensible Markup Language (XML) Configuration Access Protocol (XCAP).
Referenced I-Ds: (1) SPAM for Internet Telephony (SPIT) Prevention
using the Security Assertion Markup Language (SAML); (2) Conveying
CPC Using the SAML.

http://xml.coverpages.org/draft-tschofenig-sipping-spit-policy-00.txt
See also SPAM for Internet Telephony (SPIT) Prevention: http://xml.coverpages.org/draft-schwartz-sipping-spit-saml-01.txt

----------------------------------------------------------------------

W3C Launches Security Specifications Working Group
Staff, W3C Announcement

W3C has announced the creation of the XML Security Specifications
Maintenance Working Group.  Frederick Hirsch (Nokia) chairs the group,
which is chartered to perform maintenance work on Recommendations from
the XML Signature and XML Encryption families of security
specifications. Past W3C security work was focused on foundation
technologies: The joint IETF-W3C XML Signature Working Group specified
mechanisms to digitally sign XML documents and other data, and to
encapsulate digital signatures in XML. The W3C XML Encryption Working
Group specified mechanisms to encrypt XML documents and other data,
and to encapsulate the encrypted material and related meta-information
in XML. Canonical XML 1.0 is required for implementations of the XML
Signature Syntax and Processing Recommendation. The XML Core Working
Group is chartered to revise Canonical XML, and is publishing the
result as Canonical XML 1.1. This version of Canonical XML will
address incompatibilities between that specification and the xml:id
and xml:base Recommendations, and possible future attributes in the
'xml' namespace. It is also known that the Decryption Transform for
XML Signature Recommendation includes processing of xml namespace
attributes that is analogous to that in Canonical XML 1.0, and leads
to similar issues. This Working Group is chartered to update the
XML Signature Syntax and Processing Recommendation and the Decryption
Transform for XML Signature Recommendation to be compatible with the
evolving XML environment. The update will also take known errata
into account. These include the XML Signature Errata and the
Decryption Transform Errata. The Working Group is also chartered to
collect and study additional issues with the XML Encryption and XML
Signature suite of specifications, and to propose a draft charter for
work to address these issues. It is anticipated that the Working
Group will collaborate with: (1) Internet Engineering Task Force
(IETF Public-Key Infrastructure Working Group -- PKIX); (2) OASIS
(Security Services TC and Web Services Security TC); (3) Liberty
Alliance.

http://www.w3.org/2005/Security/xmlsig-charter
See also the W3C Security Home: http://www.w3.org/Security/

----------------------------------------------------------------------

Where is XML Going?
Kurt Cagle, O'Reilly Opinion

What I see is the rise of core XML technologies -- XSLT being the
biggest by far, but even XQuery and XForms are beginning to show up --
in the job listings. There's a rising demand for XSLT developers right,
and I suspect that as people begin to start incorporating XSLT 2.0
that this will increase still further (and should - XSLT 2 is just,
better). XHTML is becoming 'standard', at least at the corporate level,
and this in turn is feeding back into the rise of the manipulation
tools that XHTML opens up. I've even seen a rise in demand for
ontologists and RDF specialists, as people begin to harness the ability
to create metadata structures. It should be interesting to see what
happens as RDFa begins to become more regularly incorporated into XHTML
generation tools... Microsoft has greenlighted a version of XSLT 2.0
to be deployed with the next version of Visual Studio. My suspicion
here is that if Red Hat hasn't also raised the possibility of pushing
libXSLT to the 2.0 level then it should do so: XSLT2 leaves XSLT1 in
the dust in terms of both usability and performance, and I suspect that
we'll see more commercial level XSLT2 transformations appear over the
course of the next year. The complexity, verbosity and need to resort
to recursive programming has signficantly limited XSLT 1.0 adoption
over the years -- by largely eliminating the need for unnecessarily
recursion and cutting down the amount of code by a factor of three or
more to accomplish most transformations, XSLT 2.0 saves development
cycles, more readily integrates with third party extensions... To me,
the interesting things being done in XML are increasingly occurring
in the application and vertical markets: HL7 in the health care field,
GML in the mapping and geographical location space, XBRL or UBL in
the business space and so forth represent sophisticated ontologies
rather than formal schemas, the understanding being that getting
complete agreement on the structure of any field of endeavor may be
doomed to failure between differing participants, but you can (for the
most part) agree upon the general terminology and language for those
core concepts. This approach actually makes a great deal of sense --
a dictionary is a self-descriptive ontology...

http://www.oreillynet.com/xml/blog/2007/02/where_is_xml_going_1.html

----------------------------------------------------------------------

Planning to Upgrade XSLT 1.0 to 2.0, Part 5: Make Your Stylesheets
Work With Any Processor Version
David Marston and Joanne Tong, IBM developerWorks

XSLT 2.0, the latest specification released by the W3C, is a language
for transforming XML documents. It includes numerous new features,
with some specifically designed to address shortcomings in XSLT 1.0.
This article provides examples of stylesheets that are portable between
versions 1.0 and 2.0, with special guidance for those who must run
both 1.0 and 2.0 processors for a long transition period. The new 2.0
features may occur in the form of instruction elements, declaration
elements, XPath operators, functions, or new attributes or children
on elements that existed in 1.0. For each form of enhancement, only
certain techniques apply.  The article spells out the consequences of
retaining a 1.0 processor in production use while you begin to use new
2.0 features in your stylesheets. Your users who are served through an
XSLT 2.0 processor should gain better performance or appearance, though
they won't realize that the stylesheets are becoming more readable and
maintainable. Once all the 1.0 processors are replaced by 2.0
processors, you can rip out the old code and the guarding mechanisms
that caused the 1.0 processors to select it. Ripping out old code is
especially easy if it was already separated by imported modules, as
shown in the example. In this series of articles, you'll get a high-
level overview and an in-depth look at XSLT 2.0 from the point of view
of an XSLT 1.0 user who wants to fix old problems, learn new techniques,
and discover what to look out for. Examples derived from common
applications and practical suggestions are provided if you wish to
upgrade.

http://www-128.ibm.com/developerworks/library/x-xslt20pt5.html

----------------------------------------------------------------------

Web Services Policy 1.5: W3C Call for Implementations
A. Vedamuthu, D. Orchard, F. Hirsch (et al., eds), W3C TRs

W3C has announce the advancement of Web Services Policy 1.5 to
the status of Candidate Recommendation, indicating that the document
is believed to be stable, and to encourage implementation by the
developer community. The W3C Web Services Policy Working Group expects
to request that the Director advance this document to Proposed
Recommendation once the Working Group has demonstrated four or more
interoperable implementations, with the exception of ignorable policy
assertions, which shall require two or more implementations. The
Working Group does not plan to request to advance to Proposed
Recommendation prior to 30-June-2007. The Policy Framework defines
a model for expressing the nature of Web services in order to convey
conditions for their interaction. A policy is a collection of policy
alternatives, where a policy alternative is a collection of policy
assertions. A policy assertion represents a requirement, capability,
or other property of a behavior. A policy expression is an XML Infoset
representation of its policy, either in a normal form or in its
equivalent compact form. Some policy assertions specify traditional
requirements and capabilities that will manifest themselves in the
messages exchanged (e.g., authentication scheme, transport protocol
selection). The "Attachment" specification defines how to associate
policies, for example within WSDL or UDDI, with subjects to which
they apply.

http://www.w3.org/TR/2007/CR-ws-policy-20070228/
See also W3C Web Services Activity: http://www.w3.org/2002/ws/

----------------------------------------------------------------------

Microsoft Closer on 'Office Open' Blessing
Michael Hickins, InternetNews.com

Microsoft is one step closer to having its Office Open XML (OOXML)
format adopted as an international standard in short order. Ecma, the
standards body pushing OOXML on behalf of Microsoft, confirmed that it
made today's deadline for responding to comments on its initial
application for fast-track approval to the International Standards
Organization (ISO). The matter now rests with the secretariat of the
ISO joint technical committee (JTC1) reviewing Microsoft's application,
said Jan van den Beld, secretary general of Ecma. The best-case scenario
for Microsoft is that the secretariat allows a full vote on the standard
under the organization's fast-track process, which will take five months
to complete. Van den Beld noted that votes on standards generally take
up to thirty-six (36) months. Opponents to OOXML, which include IBM and
the Open Document Foundation, have argued that Microsoft's specifications
are unwieldy and that the standard application is redundant with the
Open Document Format (ODF), which already exists. Microsoft has
countered that the OOXML format is valuable because it is closer to
Office 2007 and is backwards-compatible with older versions of Office.
"Although both ODF and Open XML are document formats, they are designed
to address different needs in the marketplace," the company wrote in
an open letter published earlier this month.

http://www.internetnews.com/dev-news/article.php/3662681

----------------------------------------------------------------------

Assisting Novice Analysts in Developing Quality Conceptual Models
with UML
Narasimha Bolloju and Felix S.K. Leung, ACM Queue (CACM Reprint)

Knowing the kinds of modeling errors they are most likely to produce
helps prepare novice analysts for developing quality conceptual models.
During the analysis phase of information systems development, systems
analysts capture and represent systems requirements using conceptual
models (such as entity-relationship diagrams, class diagrams, and use
case diagrams). Considering the fact that the reported failures of a
significant percentage of developed systems are linked to faulty
requirements, it is extremely important for these analysts and critical
to the system's ultimate success to ensure the quality of the conceptual
models they develop in the early phases of systems development.
However, developing good-quality conceptual models is a challenge for
many analysts... Though UML is widely used, the UML diagrams are not
highly rated by analysts in terms of usability. Here, we present the
results of an empirical study we conducted aimed at identifying the
most typical set of errors frequently committed by novice systems
analysts in four commonly used UML artifacts -- use case diagrams,
use case descriptions, class diagrams, and sequence diagrams -- and
discuss how they affect the quality of artifacts developed. Ensuring
that artifacts are free of such errors helps novice analysts develop
better-quality UML artifacts. Our findings are relevant to instructors
of systems analysis courses, software quality-assurance teams, CASE
tool developers, and researchers in the field of conceptual modeling,
as well as to the analysts themselves.

http://www.acmqueue.org/modules.php?name=Content&pa=showpage&pid=458
See also Conceptual Modeling and Markup Languages: http://xml.coverpages.org/conceptualModeling.html

----------------------------------------------------------------------

U.K. Launches Open-Source Policy Group
Jeremy Kirk, InfoWorld

A new U.K. think tank will analyze how open-source software can be
used in government and the private sector. The National Open Center
will be the U.K.'s first organization dedicated to studying open-source
software issues. The National Open Center, based in Birmingham,
England, will be composed of working groups that will study open-
source issues, such as the use of standards and procurement guidelines,
according to Ed Downs, of the National Computing Center, a professional
IT membership organization. Unlike other European countries, the U.K.
lacked an organization dedicated to studying open-source software, he
said. Many of the innovations on the Internet would not have been
possible without open-source software like the Apache Web server, said
Scott Thompson, one of the founders of the National Open Center;
companies like Google and Yahoo use open source to drive down their
software costs.  Acccording to the Web site description: "The National
Open Centre will have a schedule of events organised around the key
issues that they are addressing, as determined by the Advisory Board.
This will involve a call for participation including subject panels,
an exchange of ideas, one or more seminars and ultimately the
dissemination of the resulting paperss. The overall work plan will be
guided by the Advisory Board which will identify key OS&S related
issues for the UK which can benefit from clarification and the
development of strategic thinking. This board will seek to represent
a broad range of expertise and interest including, but not limited to,
the OS community, vendors and users, those with interests in software,
standards and society, and standards, public, private and voluntary
sectors, commercial, new media and embedded applications."

http://www.infoworld.com/article/07/02/26/HNukopensourcegroup_1.html
See also the National Open Centre: http://www.nationalopencentre.org.uk/

----------------------------------------------------------------------

RIAA Opposes New Fair Use Bill
Grant Gross, InfoWorld

A new bill in the U.S. Congress aimed at protecting the fair use rights
for consumers of copyright material would "legalize hacking," the
Recording Industry Association of America (RIAA) said. The Freedom and
Innovation Revitalizing U.S. Entrepreneurship (FAIR USE) Act, introduced
Tuesday by U.S. Representatives Rick Boucher, a Virginia Democrat, and
John Doolittle, a California Republican, would allow customers to
circumvent digital copy restrictions in six limited areas when copyright
owners' business models are not threatened, Boucher said in a press
release. So-called fair use doctrine allows customers of copyright
works to make limited numbers of copies, particularly for reviews, news
reporting, teaching and research. The bill would allow exemptions to
the anticircumvention restrictions in the Digital Millennium Copyright
Act (DMCA), passed by Congress in 1998. The bill is revamped from
similar bills introduced in the last two sessions of Congress. The
Boucher bill would limit the availability of statutory damages against
individuals and firms who may be found to have engaged in contributory
infringement, inducement of infringement, or other indirect infringement.
The bill would allow libraries to circumvent digital locks or secure
copies of works that have been damaged, lost or stolen. The Consumer
Electronics Association applauded the bill, saying it would give
protections to consumers, educators, and libraries. Without fair use
protections, consumers couldn't use devices such as VCRs and digital
TV recorders, the trade group said. Boucher: "The fair use doctrine
is threatened today as never before; historically, the nation's
copyright laws have reflected a carefully calibrated balanced between
the rights of copyright owners and the rights of the users of
copyrighted material. The Digital Millennium Copyright Act dramatically
tilted the copyright balance toward complete copyright protection at
the expense of the public's right to fair use."

http://www.infoworld.com/article/07/02/28/HNriaaopposesfairuse_1.html
See also XML and DRM: http://xml.coverpages.org/drm.html

----------------------------------------------------------------------

XML Daily Newslink and Cover Pages are sponsored by:

BEA Systems, Inc.         http://www.bea.com
IBM Corporation           http://www.ibm.com
Innodata Isogen           http://www.innodata-isogen.com
SAP AG                    http://www.sap.com
Sun Microsystems, Inc.    http://sun.com

----------------------------------------------------------------------

Newsletter subscribe: xml-dailynews-subscribe@lists.xml.org
Newsletter unsubscribe: xml-dailynews-unsubscribe@lists.xml.org
Newsletter help: xml-dailynews-help@lists.xml.org
Cover Pages: http://xml.coverpages.org/

----------------------------------------------------------------------