Back to newsletter listDate:
Tue, December 18, 2007 05:42:33 AMFrom:
Robin Cover
Subject:
XML Daily Newslink. Monday, 17 December 2007
XML Daily Newslink. Monday, 17 December 2007
A Cover Pages Publication http://xml.coverpages.org/
Provided by OASIS http://www.oasis-open.org
Edited by Robin Cover
====================================================
This issue of XML Daily Newslink is sponsored by
BEA Systems, Inc. http://www.bea.com
====================================================
HEADLINES:
* W3C First Public Draft: Cool URIs for the Semantic Web
* The Open-ness of the Open Source Vulnerability Database
* Video Requirements for Web-based Virtual Environments Using Extensible
3D (X3D) Graphics
* JBoss, Geronimo, or Tomcat: Three Open Source Java Application Servers
* Ruby on Rails 2.0 Users Give Thumbs Up
* IBM Partners With ACI on SOA-Based Payments System
* Digital Libraries Are Taking Form
* Phishers Pinch Billions from Consumers' Pockets
----------------------------------------------------------------------
W3C First Public Draft: Cool URIs for the Semantic Web
Leo Sauermann and Richard Cyganiak (eds), W3C Technical Report
W3C announced that the Semantic Web Education and Outreach Interest Group
has released a first Working Draft for "Cool URIs for the Semantic Web."
Comments on this draft are requested by 21-January-2008. The document
explains the effective use of URIs to enable the growth of the Semantic
Web. URIs (Uniform Resource Identifiers) more simply called "Web
addresses" are at the heart of the Web and also of the Semantic Web.
It gives pointers to several Web sites that use these solutions, and
briefly discusses why several other proposals have problems. Web
documents have always been addressed with URIs (in common parlance often
referred as Uniform Resource Locators, URLs). This is useful because it
means we can easily make RDF statements about Web pages, but also
dangerous because we can easily mix up Web pages and the things, or
resources, described on the page. So the question is, what URIs should
we use in RDF? To identify the frontpage of the Web site of Example Inc.,
we may use 'http://www.example.com/'. But what URI identifies the company
as an organisation, not a Web site? Do we have to serve any content
(HTML pages, RDF files) at those URIs? In this document we will answer
these questions according to relevant specifications. We explain how to
use URIs for things that are not Web pages, such as people, products,
places, ideas and concepts such as ontology classes. We give detailed
examples how the Semantic Web can (and should) be realised as a part of
the Web. The draft document is a practical guide for implementers of the
RDF specification. It explains two approaches for RDF data hosted on
HTTP servers (called 303 URIs and hash URIs). Intended audiences are
Web and ontology developers who have to decide how to model their RDF
URIs for use with HTTP. Applications using non-HTTP URIs are not covered.
This document is an informative guide covering selected aspects of
previously published, detailed technical specifications.
http://www.w3.org/TR/2007/WD-cooluris-20071217/
See also the W3C Semantic Web Activity: http://www.w3.org/2001/sw
----------------------------------------------------------------------
The Open-ness of the Open Source Vulnerability Database
Serdar Yegulalp, InformationWeek Open Source Blog
There are a lot of open source initiatives out there that aren't just
software, but ways to get information into people's hands. Today an
open source supplier of security vulnerability information, the OSVDB,
just went live with a whole new revision to its service. According to
the web site description, OSVDB is "an independent and open source
database created by and for the security community. The goal of the
project is to provide accurate, detailed, current, and unbiased
technical information on security vulnerabilities. The project will
promote greater, more open collaboration between companies and
individuals, eliminate redundant works, and reduce expenses inherent
with the development and maintenance of in-house vulnerability databases.
[Where] Common Vulnerabilities and Exposures (CVE) provides a
standardized name for vulnerabilities, much like a dictionary, OSVDB
is database that provides a wealth of information about each
vulnerability. Where appropriate, entries in the OSVDB reference their
respective CVE names." The basic idea's pretty elegant: Take all the
ethically disclosed software security information you can find and make
it available in as detailed and up-to-date format as you can without
the interests of any particular software vendor. The results can and
have been integrated with a number of third-party security products
such as Nikto -- itself an open source product. [Note: OSVDB supports
three database types for XML importation: PostgreSQL, MySQL, and
Microsoft Access. The database may also be accessed through the XML
export file directly. The XML export was designed such that all database
integrity is stored within the structure of the XML file. By this means
anyone can keep a local copy of the current OSVDB snapshot, even in
the absence of a local database such as PostgreSQL. Another feature
of the chosen formatting is the ease in which this XML export can be
integrated into products using tools such as XPath to pull all the
information about a specific vulnerability straight from the XML file.]
http://www.informationweek.com/blog/main/archives/2007/12/the_openness_of.html
See also Common Vulnerabilities and Exposures (CVE): http://xml.coverpages.org/appSecurity.html#cve
----------------------------------------------------------------------
Video Requirements for Web-based Virtual Environments Using Extensible
3D (X3D) Graphics
Don Brutzman and Mathias Kolsch, W3C Workshop Presentation
This presentation from members of the Web3D Consortium was given at the
"W3C Video on the Web Workshop", held 12-13 December 2007, in San Jose,
California, USA and Brussels, Belgium. Real-time interactive 3D graphics
and virtual environments typically include a variety of multimedia
capabilities, including video. The Extensible 3D (X3D) Graphics is an
ISO standard produced by the Web3D Consortium that defines 3D scenes
using a scene-graph approach. Multiple X3D file formats and language
encodings are available, with a primary emphasis on XML for maximum
interoperability with the Web architecture. A large number of functional
capabilities are needed and projected for the use of video together
with Web-based virtual environments. This paper examines numerous
functional requirements for the integrated use of Web-compatible video
with 3D. Three areas of interest are identified: video usage within X3D
scenes, linking video external to X3D scenes, and generation of 3D
geometry from video. Extensible 3D (X3D) is a Web-based standard for
3D graphics, enabling real-time communication using animation, user
interaction and networking. The point paper lists current and expected
requirements, primarily divisible into usage of video within X3D graphics
scenes, linkage to video in web-based applications external to X3D
graphics scenes, and generation of 3D geometric content from spatially
annotated video inputs. Royalty-free video capabilities are critical
important to achieve essential requirements for interoperability and
performance. Standards-based X3D requirements also appear to be
representative of the needs presented by alternative proprietary
multiuser virtual environments. X3D capabilities are proposed,
implemented, evaluated and approved by members of the nonprofit Web3D
Consortium. X3D is an open, royalty-free standard that is rigorously
defined, published online, and ratified by the International Organization
for Standards (ISO). Multiple commercial and open-source implementations
are available.
http://www.w3.org/2007/08/video/positions/Web3D.pdf
See also the W3C Workshop Agenda and papers: http://www.w3.org/2007/08/video/agenda.html
----------------------------------------------------------------------
JBoss, Geronimo, or Tomcat: Three Open Source Java Application Servers
Jonathan Campbell, JavaWorld Magazine
Java Enterprise Edition (Java EE) application servers are the
Web-enabled standard when it comes to application development for the
enterprise. While there are commercial options, studies have shown that
open source technology has become a familiar, if not essential, part
of the corporate IT infrastructure. JBoss 4.2, Geronimo 2, and Tomcat
6 are three widely used open source Java EE servers. Of the three, JBoss
and Tomcat hold the majority share of the market, although neither one
is fully Java EE compliant. The fully Java EE compliant Geronimo,
meanwhile, is quickly gaining momentum. All open source Java EE
application servers are not created equal, however. In this article,
Jonathan Campbell compares JBoss 4.2, Geronimo 2, and Tomcat 6 based
on features, deployment, and performance.
http://www.javaworld.com/javaworld/jw-12-2007/jw-12-appservers.html
----------------------------------------------------------------------
Ruby on Rails 2.0 Users Give Thumbs Up
Darryl K. Taft, eWEEK
With Ruby on Rails 2.0 just a week old, developers already are weighing
in with what they like or dislike about the new release. Ruby on Rails
creator David Heinemeier Hansson announced the release of Ruby on Rails
2.0 on December 7, 2007 to a developer base set on seeing the next big
thing regarding the popular Web development framework. Chief among the
changes in Rails 2.0 are enhanced security and support for REST
(Representational State Transfer). Steven Beales, chief software
architect at Medical Decision Logic said Mdlogix has been using the
EdgeRails releases of Rails and had already incorporated many of the
Rails 2.0 features into its Rails-based solutions. Mdlogix develops a
clinical research management system based on Rails. Beales said the
most useful features of Rails 2.0 for Mdlogix have been Partial Layouts,
which reduce CSS (Cascading Style Sheets)/html duplication by allowing
parts of pages to use common layouts, RESTful Routing Updates, which
allow "prettier" URLs for custom actions, Asset Caching, which provides
new tags for compressing JavaScript easily, Initializers, which separate
out custom configuration into separate initializer files, and Fixtures,
which provide support for using fixture names in other fixture files
to relate fixtures. Simply put, Beales said RoR (Ruby on Rails) is the
most productive tool Mdlogix has for developing simple-looking Web
applications with advanced functionality.
http://www.eweek.com/article2/0,1895,2234741,00.asp
----------------------------------------------------------------------
IBM Partners With ACI on SOA-Based Payments System
Antone Gonsalves, InformationWeek
IBM announced that it has partnered with ACI Worldwide in building
electronic payment systems that are based on a service-oriented
architecture to make it easier to share payment information across
banking applications. The alliance is focused primarily on the financial
services industry, targeting banks that are trying to manage old
payments systems running on legacy platforms that are difficult to
integrate with newer systems and are expensive to maintain, IBM said.
ACI and IBM plan to offer an SOA approach for integration. SOA uses
technology based on extensible markup language, or XML, to loosely
couple systems for passing data between them. Phase one of the partnership
is expected to yield an optimized version of BASE24-eps on System z to
acquire, route, and authorize payments online; a wholesale payments
system to help European companies meet pending Single Euro Payments Area
regulations; and a real-time fraud detection system. Subsequent systems
will focus on dispute management, smart card management, online banking,
and trade finance. Under the deal, ACI will tailor its money transfer
system and BASE24-eps application to run on IBM's System z mainframe
hardware. The companies plan to form joint sales and technical teams
for selling the combined technologies, and for helping companies migrate
legacy systems to the new products.
http://www.informationweek.com/news/showArticle.jhtml?articleID=204805495
See also the announcement: http://www-03.ibm.com/press/us/en/pressrelease/23002.wss
----------------------------------------------------------------------
Digital Libraries Are Taking Form
Greg Goth, IEEE DS Online
Large-scale digital libraries and book digitization projects are poised
to go beyond prototypes into the mass market. "All the published
literature of humankind in the next generation will be in digital form,"
says Brewster Kahle, cofounder of the Internet Archive and one of the
driving forces behind the nonprofit Open Content Alliance (OCA) an open
digitization consortium. "And all the older materials that will be used
by younger people (except for a very few) will be online. So, if we want
something to be used by the next generation, it has to be online. That's
an understood premise. It's now also understood that it's not that
expensive to get there." Librarians tackling the new digitization
projects contend with complex technological issues. Notable among them
is creating metadata schemas that work across multiple technologies and
organizations. How best to provide multilingual services is another issue.
However, the issue of who will control the digitization process, and its
concomitant economic and access ramifications, is far more convoluted...
Interoperability poses several difficulties. Digitization is available
in several common formats for text-heavy books. Developing metadata for
such books is therefore easier than it is for multimedia materials spread
across multiple institutions. Metadata compatibility will likely present
the greatest challenges and the greatest opportunity for developers in
this market. The European Digital Library (EDL) will most likely opt for
a metadata scheme based on the Dublin Core standard. Presumably, as the
EDL work progresses, mapping technologies will evolve to support semantic
queries. This, in turn, will enable application-level interoperation
without the need for separate, complex, and expensive application-level
interoperability profiles.
http://dsonline.computer.org/portal/pages/dsonline/2007/12/oz004news.xml
See also the Open Content Alliance (OCA): http://www.opencontentalliance.org/
----------------------------------------------------------------------
Phishers Pinch Billions from Consumers' Pockets
Gregg Keizer, Computerworld
More than 3.5 million U.S. adults lost money to phishing scams and online
identity theft in the 12-month period that ended in August, a 57%
increase over the previous year, according to a Gartner fraud analyst.
The bad news, said analyst Avivah Litan, didn't end there. About 3.3% of
the 4,500 Americans polled in August said they had been victimized by a
phishing attack and had lost money in the deal. In 2006, the figure was
2.3%. And banking regulators are both "in the dark" and "asleep at the
wheel," she noted. In other words, phishing is far from ancient history.
Even consumers familiar with the concept -- and those, said Litan, remain
a minority -- are not necessarily immune from current scams. "Phishing
is much more surreptitious, much more devious; they're grabbing information
from Facebook and MySpace and sending e-mail like they're your friend.
Then there's greeting cards and charities, both of which are up
dramatically. It's not obvious, like it used to be, like with early
phishing techniques that used bank-branded e-mails that claimed the
recipient needed to enter her log-in information in the next 24 hours
or be locked out of her account. Now malware is being dropped from
e-mails, or from advertisements on Web pages, or from compromised Web
sites. Click on a link in an ad, and even if you don't enter any
information, you're still getting infected."
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9053323
See also the Anti-Phishing Working Group Report: http://www.antiphishing.org/reports/apwg_report_august_2007.pdf
----------------------------------------------------------------------
XML Daily Newslink and Cover Pages are sponsored by:
BEA Systems, Inc. http://www.bea.com
EDS http://www.eds.com
IBM Corporation http://www.ibm.com
Primeton http://www.primeton.com
SAP AG http://www.sap.com
Sun Microsystems, Inc. http://sun.com
----------------------------------------------------------------------
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: newsletter-subscribe@xml.coverpages.org
Newsletter ***: newsletter-***@xml.coverpages.org
Newsletter help: newsletter-help@xml.coverpages.org
Cover Pages: http://xml.coverpages.org/
----------------------------------------------------------------------
