XML Family of Languages Overview and Classification of W3C Specifications

Total Page:16

File Type:pdf, Size:1020Kb

XML Family of Languages Overview and Classification of W3C Specifications XML Family of Languages Overview and Classification of W3C Specifications Airi Salminen 05 February 2003 This version: http://www.cs.jyu.fi/~airi/xmlfamily-20030205.html Latest version: http://www.cs.jyu.fi/~airi/xmlfamily.html Previous version: http://www.cs.jyu.fi/~airi/xmlfamily-20021022.html Table of Contents 1. Introduction 2. Classification of the Languages 3. XML 4. XML Accessories 5. XML Transducers 6. XML Applications 6.1 Non-textual Data 6.2 Web Publishing 6.3 Semantic Web 6.4 Web Communication and Services About this report 1. Introduction XML is a markup language for presenting information as structured documents. The language has been developed from SGML (Standard Generalized Markup Language, ISO 8879) as an activity of the World Wide Web Consortium (W3C). Within W3C there is going on a number of other XML-related language development activities where the intent is to specify syntactic and semantic rules either for some specific kind of XML data or for data to be used together with XML data for a specific purpose. Together with XML, we call this group of languages the XML family of languages. The purpose of this report is to give a concise overview of the languages in the family and the current state of their development at W3C. The document introduces a classification for the languages and also serves as a portal to the specifications of the languages. Results of W3C development activities are published as W3C Technical Reports. The process of developing technical reports is described in the W3C Process Document. This overview is based on the analysis of current technical reports of four types: Working Drafts, Candidate Recommendations, Proposed Recommendations, and Recommendations. The four types differ in their maturity from lower to higher: · A Working Draft (WD) represents work in progress, it is a draft document and may be updated, replaced or obsoleted by other document any time. · A Candidate Recommendation (CD) has received significant review from its immediate technical community. The document is an explicit call for implementation and technical feedback. · A Proposed Recommendation (PR) represents consensus within the group that produced it and has been proposed by the Director to the Advisory Committee for review. · A Recommendation (R) represents consensus within W3C. W3C makes every effort to maintain its Recommendations (e.g., by tracking errata, providing testbed applications, helping to create test suites, etc.) and to encourage widespread implementation. The practice in W3C is to collect all known errors in a Recommendation into an errata document referred to in the Recommendation. 2. Classification of the Languages Considering the purpose of the XML-related languages developed at W3C, four main categories can be identified. The first category consists of the different versions of XML itself. XML is intended for representing information as structured documents on the Web and for defining special languages for special purposes. The other three categories are called XML Accessories, XML Transducers, and XML Applications: XML Accessories are languages which are intended for wide use to extend the capabilities specified in XML. Examples of XML accessories are the XML Schema language extending the definition capability of XML DTDs and the XML Names extending the naming mechanism to allow in a single XML document element and attribute names that are defined for and used by multiple software modules. XML Transduces are languages which are intended for transducing some input XML data into some output form. Examples of XML transducers are the style sheet languages CSS and XSL intended to produce an external presentation from some XML data and XSLT intended for transforming XML documents into other XML documents. A transducer language is associated with some kind of processing model which defines the way output is derived from input. XML Applications are languages which define constraints for a class of XML data for some special application area, often by means of a DTD. Examples of XML applications are MathML defined for mathematical data or XML- Signature intended for digital signatures. XML accessories and XML transducers are often XML-based languages and thus also XML applications. In this report a language is however classified as an XML application only if it has not been included in the accessories or transducers. The languages in the XML applications category can be further divided into four subcategories according to the application area: l Non-textual forms of data like mathematical data or voice. l Web publishing, to replace HTML by XML-based representation format. l Semantic web. l Web communication and services. The following sections introduce the languages according to the classification given above. The sections include tables listing the specification documents and those W3C Technical Reports which are closely related to the specifications. In the tables there are links to the specifications and other reports as they were at the date of this report. In cases were the target of a link in this overview document would outdated, a link to the latest version of the W3C document is provided in the target. The tables also show the current phase of the specification process (WD = Working Draft, CR = Candidate Recommendation, PR = Proposed Recommendation, or R = Recommendation). As a reminder of the emergent nature of the W3C specifications and their continuing redevelopment, the links to Recommendations (R) are associated with links to their errata documents. It has to be noticed that all specifications described by Working Drafts (WD) are work in progress and any changes in them may happen. [Introduction | XML | XML Accessories | XML Transducers | XML Applications] 3. XML The XML development started in 1996. The use of HTML (HyperText Markup Language) as the publishing language of the Internet had quickly expanded in the begin of 1990’s. The capabilities of the HTML to encode information were however very limited and there was a need to find an agreement about a generic markup language straightforwardly usable over the Internet. SGML (Standard Generalized Markup Language), published as an ISO standard in 1986, had been widely accepted as a generic markup language for digital documents, but the large collection of rules in SGML and the number of different optional features caused problems in the implementation and utilization of SGML. The goal in the XML development was to restrict the rules of SGML and thus to ease the writing of programs for processing documents. The first W3C Recommendation for XML 1.0 was published in February 1998, the second in October 2000. The Second Edition of XML 1.0 incorporates the changes dictated by the first edition errata. The second edition does not specify a new version of XML. Work has started for XML version 1.1 (formerly known as XML Blueberry). Table 1 includes links to the different XML specifications and also to those W3C documents which describe an abstract model for XML documents. Table 1. Specifications for XML Document, Phase (R, PR, CR, WD), Month, Year - Extensible Markup Language (XML) 1.0, R, Feb. 1998 XML 1.0 Specification Errata - Extensible Markup Language (XML) 1.0 (Second Edition), R, Oct. 2000 XML 1.0 Second Edition Specification Errata - XML 1.1, CR, Oct. 2002 - XML Blueberry Requirements, WD, Sept. 2001 Abstract models for XML documents: - XML Information Set, R, Oct. 2001 - XML Path Language (XPath) Version 1.0, R, Nov. 1999 - Document Object Model (DOM) Level 1 Specification Version 1.0, R, Oct. 1998 - Document Object Model (DOM) Level 2 Core Specification Version 1.0, R, Nov. 2000 - XQuery 1.0 and XPath 2.0 Data Model, WD, Nov. 2002 The XML specifications describe the concrete syntax of XML documents, and partially the behaviour of an XML processor, i.e., a software module used to read XML documents and to provide access to their content and structure. Slightly different abstract models for information available in XML documents have been introduced at W3C: · The XML Information Set specification defines an abstract data set called XML Information Set (Infoset). The definitions in the specification are intended for other specifications that need to refer to information in a well- formed XML document. · The XPath Data Model is included in the XML Path Language (XPath) specification to allow the specification of addressing parts of an XML document. · DOM (Document Object Model) is an application programming interface for XML and HTML documents. It defines the way data in a document is structured, accessed and manipulated. The DOM Level 1 Specification was published in 1998, the DOM Level 2 specifications published in November 2000 extend and update the Level 1 specification. The Level 2 consists of five parts: Core, Views, Events, Style, and Traversal and Range. The underlining data structure of XML documents is in the Core specification. The specification of the DOM Level 3 Core has started. · XQuery 1.0 and XPath 2.0 Data Model is intended to define the information contained in the input to an XSLT or XQuery processor. All of the four models describe an XML document as a tree structure but there are differences in the trees and in the information available in the trees. XML is intended to be universal format for data on the Web. To support references to Internet resources, the use of different character sets, and the use of different natural languages of the world, the XML specification uses a set of specifications introduced by other development authorities than W3C. These specifications are listed in Table 2. Unicode has replaced several different character encoding systems by a uniform encoding where a unique number is provided for every character, to be used in different platforms, by different programs, and for different languages of the world. In principle, it allows data to be transported through different systems without corruption.
Recommended publications
  • On the Integrity and Trustworthiness of Web Produced Data
    CORE Metadata, citation and similar papers at core.ac.uk Provided by Open Repository of the University of Porto On the Integrity and Trustworthiness of web produced data Luís A. Maia Mestrado Integrado em Engenharia de Redes e Sistemas Informáticos Departamento de Ciência de Computadores 2013 Orientador Professor Doutor Manuel Eduardo Carvalho Duarte Correia, Professor Auxiliar do Departamento de Computadores, Faculdade de Ciências da Universidade do Porto Todas as correções determinadas pelo júri, e só essas, foram efetuadas. O Presidente do Júri, Porto, ______/______/_________ Acknowledgments I would like to express my appreciation for the help of my supervisor in researching and bringing different perspectives and to thank my family, for their support and dedication. 3 Abstract Information Systems have been a key tool for the overall performance improvement of administrative tasks in academic institutions. While most systems intend to deliver a paperless environment to each institution it is recurrent that document integrity and accountability is still relying on traditional methods such as producing physical documents for signing and archiving. While this method delivers a non-efficient work- flow and has an effective monetary cost, it is still the common method to provide a degree of integrity and accountability on the data contained in the databases of the information systems. The evaluation of a document signature is not a straight forward process, it requires the recipient to have a copy of the signers signature for comparison and training beyond the scope of any office employee training, this leads to a serious compromise on the trustability of each document integrity and makes the verification based entirely on the trust of information origin which is not enough to provide non-repudiation to the institutions.
    [Show full text]
  • XML Signature/Encryption — the Basis of Web Services Security
    Special Issue on Security for Network Society Falsification Prevention and Protection Technologies and Products XML Signature/Encryption — the Basis of Web Services Security By Koji MIYAUCHI* XML is spreading quickly as a format for electronic documents and messages. As a consequence, ABSTRACT greater importance is being placed on the XML security technology. Against this background research and development efforts into XML security are being energetically pursued. This paper discusses the W3C XML Signature and XML Encryption specifications, which represent the fundamental technology of XML security, as well as other related technologies originally developed by NEC. KEYWORDS XML security, XML signature, XML encryption, Distributed signature, Web services security 1. INTRODUCTION 2. XML SIGNATURE XML is an extendible markup language, the speci- 2.1 Overview fication of which has been established by the W3C XML Signature is an electronic signature technol- (WWW Consortium). It is spreading quickly because ogy that is optimized for XML data. The practical of its flexibility and its platform-independent technol- benefits of this technology include Partial Signature, ogy, which freely allows authors to decide on docu- which allows an electronic signature to be written on ment structures. Various XML-based standard for- specific tags contained in XML data, and Multiple mats have been developed including: ebXML and Signature, which enables multiple electronic signa- RosettaNet, which are standard specifications for e- tures to be written. The use of XML Signature can commerce transactions, TravelXML, which is an EDI solve security problems, including falsification, spoof- (Electronic Data Interchange) standard for travel ing, and repudiation. agencies, and NewsML, which is a standard specifica- tion for new distribution formats.
    [Show full text]
  • Sams Teach Yourself XML in 21 Days
    Steven Holzner Teach Yourself XML in 21 Days THIRD EDITION 800 East 96th Street, Indianapolis, Indiana, 46240 USA Sams Teach Yourself XML in 21 Days, ASSOCIATE PUBLISHER Michael Stephens Third Edition ACQUISITIONS EDITOR Copyright © 2004 by Sams Publishing Todd Green All rights reserved. No part of this book shall be reproduced, stored in a retrieval DEVELOPMENT EDITOR system, or transmitted by any means, electronic, mechanical, photocopying, record- Songlin Qiu ing, or otherwise, without written permission from the publisher. No patent liability MANAGING EDITOR is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and Charlotte Clapp author assume no responsibility for errors or omissions. Nor is any liability assumed PROJECT EDITOR for damages resulting from the use of the information contained herein. Matthew Purcell International Standard Book Number: 0-672-32576-4 INDEXER Library of Congress Catalog Card Number: 2003110401 Mandie Frank PROOFREADER Printed in the United States of America Paula Lowell First Printing: October 2003 TECHNICAL EDITOR 06050403 4321 Chris Kenyeres Trademarks TEAM COORDINATOR Cindy Teeters All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Sams Publishing cannot attest to the accuracy INTERIOR DESIGNER of this information. Use of a term in this book should not be regarded as affecting Gary Adair the validity of any trademark or service mark. COVER DESIGNER Warning and Disclaimer Gary Adair PAGE LAYOUT Every effort has been made to make this book as complete and as accurate as possi- ble, but no warranty or fitness is implied.
    [Show full text]
  • Bibliography of Erik Wilde
    dretbiblio dretbiblio Erik Wilde's Bibliography References [1] AFIPS Fall Joint Computer Conference, San Francisco, California, December 1968. [2] Seventeenth IEEE Conference on Computer Communication Networks, Washington, D.C., 1978. [3] ACM SIGACT-SIGMOD Symposium on Principles of Database Systems, Los Angeles, Cal- ifornia, March 1982. ACM Press. [4] First Conference on Computer-Supported Cooperative Work, 1986. [5] 1987 ACM Conference on Hypertext, Chapel Hill, North Carolina, November 1987. ACM Press. [6] 18th IEEE International Symposium on Fault-Tolerant Computing, Tokyo, Japan, 1988. IEEE Computer Society Press. [7] Conference on Computer-Supported Cooperative Work, Portland, Oregon, 1988. ACM Press. [8] Conference on Office Information Systems, Palo Alto, California, March 1988. [9] 1989 ACM Conference on Hypertext, Pittsburgh, Pennsylvania, November 1989. ACM Press. [10] UNIX | The Legend Evolves. Summer 1990 UKUUG Conference, Buntingford, UK, 1990. UKUUG. [11] Fourth ACM Symposium on User Interface Software and Technology, Hilton Head, South Carolina, November 1991. [12] GLOBECOM'91 Conference, Phoenix, Arizona, 1991. IEEE Computer Society Press. [13] IEEE INFOCOM '91 Conference on Computer Communications, Bal Harbour, Florida, 1991. IEEE Computer Society Press. [14] IEEE International Conference on Communications, Denver, Colorado, June 1991. [15] International Workshop on CSCW, Berlin, Germany, April 1991. [16] Third ACM Conference on Hypertext, San Antonio, Texas, December 1991. ACM Press. [17] 11th Symposium on Reliable Distributed Systems, Houston, Texas, 1992. IEEE Computer Society Press. [18] 3rd Joint European Networking Conference, Innsbruck, Austria, May 1992. [19] Fourth ACM Conference on Hypertext, Milano, Italy, November 1992. ACM Press. [20] GLOBECOM'92 Conference, Orlando, Florida, December 1992. IEEE Computer Society Press. http://github.com/dret/biblio (August 29, 2018) 1 dretbiblio [21] IEEE INFOCOM '92 Conference on Computer Communications, Florence, Italy, 1992.
    [Show full text]
  • XML for Java Developers G22.3033-002 Course Roadmap
    XML for Java Developers G22.3033-002 Session 1 - Main Theme Markup Language Technologies (Part I) Dr. Jean-Claude Franchitti New York University Computer Science Department Courant Institute of Mathematical Sciences 1 Course Roadmap Consider the Spectrum of Applications Architectures Distributed vs. Decentralized Apps + Thick vs. Thin Clients J2EE for eCommerce vs. J2EE/Web Services, JXTA, etc. Learn Specific XML/Java “Patterns” Used for Data/Content Presentation, Data Exchange, and Application Configuration Cover XML/Java Technologies According to their Use in the Various Phases of the Application Development Lifecycle (i.e., Discovery, Design, Development, Deployment, Administration) e.g., Modeling, Configuration Management, Processing, Rendering, Querying, Secure Messaging, etc. Develop XML Applications as Assemblies of Reusable XML- Based Services (Applications of XML + Java Applications) 2 1 Agenda XML Generics Course Logistics, Structure and Objectives History of Meta-Markup Languages XML Applications: Markup Languages XML Information Modeling Applications XML-Based Architectures XML and Java XML Development Tools Summary Class Project Readings Assignment #1a 3 Part I Introduction 4 2 XML Generics XML means eXtensible Markup Language XML expresses the structure of information (i.e., document content) separately from its presentation XSL style sheets are used to convert documents to a presentation format that can be processed by a target presentation device (e.g., HTML in the case of legacy browsers) Need a
    [Show full text]
  • Introduction to XML
    Introduction to XML CS 317/387 Agenda – Introduction to XML 1. What is it? 2. What’s it good for? 3. How does it work? 4. The infrastructure of XML 5. Using XML on the Web 6. Implementation issues & costs 2 1. What is it? Discussion points: First principles: OHCO Example: A simple XML fragment Compare/contrast: SGML, HTML, XHTML A different XML for every community Terminology 3 1 Ordered hierarchies of content objects Premise: A text is the sum of its component parts A <Book> could be defined as containing: <FrontMatter>, <Chapter>s, <BackMatter> <FrontMatter> could contain: <BookTitle> <Author>s <PubInfo> A <Chapter> could contain: <ChapterTitle> <Paragraph>s A <Paragraph> could contain: <Sentence>s or <Table>s or <Figure>s … Components chosen should reflect anticipated use 4 Ordered hierarchies of content objects OHCO is a useful, albeit imperfect, model Exposes an object’s intellectual structure Supports reuse & abstraction of components Better than a bit-mapped page image Better than a model of text as a stream of characters plus formatting instructions Data management system for document-like objects Does not allow overlapping content objects Incomplete; requires infrastructure 5 Content objects in a book Book FrontMatter BookTitle Author(s) PubInfo Chapter(s) ChapterTitle Paragraph(s) BackMatter References Index 6 2 Content objects in a catalog card Card CallNumber MainEntry TitleStatement TitleProper StatementOfResponsibility Imprint SummaryNote AddedEntrySubject(s) Added EntryPersonalName(s) 7 Semistructured Data Another data model, based on trees. Motivation: flexible representation of data. Often, data comes from multiple sources with differences in notation, meaning, etc. Motivation: sharing of documents among systems and databases.
    [Show full text]
  • Feasibility and Performance Evaluation of Canonical XML
    Feasibility and Performance Evaluation of Canonical XML Student Research Project Manuel Binna Student: E-mail: [email protected] Matriculation Number: 108004202162 Supervisor: Dipl.-Inf. Meiko Jensen Period: 20.07.2010 - 19.10.2010 Chair for Network and Data Security Prof. Dr. Jörg Schwenk Faculty of Electrical Engineering and Information Technology Ruhr University Bochum Feasibility and Performance Evaluation of Canonical XML Manuel Binna Abstract Within the boundaries of the XML specification, XML documents can be formatted in various ways without losing the logical equivalence of its content within the scope of the application. However, some applications like XML Signature cannot deal with this flexibility, thus needing a definite textual representation in order to distinguish changes which do or do not alter the logical equivalence of XML content. Canonical XML provides a method to transform textually different yet logically equivalent XML content into a single definite textual representation. This work evaluates the upcoming new major version Canonical XML Version 2.0 with respect to feasibility and performance. Chair for Network and Data Security, Ruhr University Bochum 2 Feasibility and Performance Evaluation of Canonical XML Manuel Binna Declaration I hereby declare that the content of this thesis is a work of my own and that it is original to the best of my knowledge, except where indicated by references to other sources. ____________________________ ______________________________________ Location, Date Signature Chair for Network and Data Security, Ruhr University Bochum 3 Feasibility and Performance Evaluation of Canonical XML Manuel Binna Table of Contents 1. Introduction! 5 1.1.XML 5 1.2.Canonicalization 6 1.3.History 7 1.4.Canonicalization and XML Signature 16 2.
    [Show full text]
  • Web API Protocol and Security Analysis Web
    EXAMENSARBETE INOM DATATEKNIK, GRUNDNIVÅ, 15 HP STOCKHOLM, SVERIGE 2017 Web API protocol and security analysis Web API protokoll- och säkerhetsanalys CRISTIAN ARAYA MANJINDER SINGH KTH SKOLAN FÖR TEKNIK OCH HÄLSA Web API protocol and security analysis Web API protokoll- och säkerhetsanalys Cristian Araya and Manjinder Singh Degree project in Computer science First level, 15hp Supervisor from KTH: Reine Bergström Examiner: Ibrahim Orhan TRITA-STH 2017:34 KTH The School of Technology and Health 141 52 Flemingsberg, Sweden Abstract There is problem that every company has its own customer portal. This problem can be solved by creating a platform that gathers all customers’ portals in one place. For such platform, it is required a web API protocol that is fast, secure and has capacity for many users. Consequently, a survey of various web API protocols has been made by testing their performance and security. The task was to find out which web API protocol offered high security as well as high performance in terms of response time both at low and high load. This included an investigation of previous work to find out if certain protocols could be ruled out. During the work, the platform’s backend was also developed, which needed to implement chosen web API protocols that would later be tested. The performed tests measured the APIs’ connection time and their response time with and without load. The results were analyzed and showed that the protocols had both pros and cons. Finally, a protocol was chosen that was suitable for the platform because it offered high security and fast connection.
    [Show full text]
  • A Layered Approach to XML Canonicalization
    A Layered Approach to XML Canonicalization A Position Paper for the W3C Workshop on Next Steps for XML Signature and XML Encryption Ed Simon, XMLsec Inc. [email protected] 1 Background ● XML Canonicalization enables reliable textual and binary comparison of XML documents through the removal of irrelevant differences in structure and content ● Current approach is to write a single specification that details how all parts of XML instances are to be canonicalized ● Proposed alternative approach is to layer canonicalization rules according to the XML stack: core, schema-specific, namespace-specific ● Potential advantages include flexibility and significant optimization of processing 2 Canonicalization Layers ● Core – Normalizes the elements, attributes, and whitespace of an XML instance ● Schema-Aware – Normalization of schema- aware aspects including default attributes, schema-defined data types, etc ● Namespace-Aware – Normalization of XML information set nodes that belong to, or are contained by nodes that belong to, an XML node declared with a particular namespace. Includes the normalization of namespace declarations themselves. 3 Core Canonicalization ● Defined much as per W3C XML Canonicalization version 1.1 ● Only canonicalizes what can be derived from the text of the XML instance ● Includes formatting of XML elements and attributes, whitespace, line breaks, CDATA, entities, etc... ● No namespace normalization (but don't worry, it's coming!) 4 Core Canonicalization Example <xsl:stylesheet version='2.0' xmlns="http://www.w3.org/1999/xhtml" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:ns1="http://www.xmlsec.com/namespaces/a" > <xsl:template match="/"> <p>Total Amount: <xsl:value-of ... ...select="ns1:expense-report/ns1:total"/></p> </xsl:template> </xsl:stylesheet> ...will be, after core canonicalization, found to be identical to..
    [Show full text]
  • TU07 XML at The
    ApacheCon 2004 November 2004 XML at the ASF Ted Leung [email protected] Copyright © Sauria Associates, LLC 2004 1 ApacheCon 2004 November 2004 Overview xml.apache.org ws.apache.org Xerces XML-RPC Xalan Axis FOP WSIF Batik JaxMe Xindice cocoon.apache.org Forrest XML-Security Cocoon XML-Commons Lenya XMLBeans Copyright © Sauria Associates, LLC ApacheCon 2004 2 There are three major XML focused projects at the ASF. Originally there was one project, xml.apache.org. Earlier this year, the Cocoon and web services projects were formed. Xml.apache.org contains a number of projects that are general purpose XML tools. Most of these tools are based on specifications from the World Wide Web Consortium. This includes XML itself, XSLT, XSL Formatting object, Scalable Vector Graphics, and XML Signature and XML Encryption The web services project, ws.apache.org contains projects that cluster around standards for dealing with Web Services, including SOAP and XML-RPC The Cocoon project is oriented around the Cocoon Web publishing framework which is basd on XML, XSLT, and a number of other XML related technologies. I’m not going to be able to give you any deep technical details regarding all of these projects. Instead, I’m going to try to describe what these projects are, what standards they implement, and talk about situations where you might use them. Unless I say otherwise, I’m going to be covering the Java projects. There are a few projects which have C/C++ versions and I’ll mention that where applicable. Copyright © Sauria Associates,
    [Show full text]
  • The OWASP Foundation OWASP XML External Entity Attacks (XXE)
    AppSec Germany 2010 XML External Entity Attacks (XXE) Sascha Herzog Compass Security AG [email protected] OWASP +41 55 214 41 78 20.10.2010 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation http://www.owasp.org XML External Entity Attacks (XXE), Sacha Herzog AppSec Germany 2010 Agenda Introduction Server2Server Communication – Web Services Client2Server Communication – Web 2.0 (AJAX) XML Basics DTD XML Schema XML Attacks Generator Attacks XML Parser Attacks Mitigation Xerces Hardening OWASP OWASP AppSec Germany 2010 Conference XML External Entity Attacks (XXE), Sacha Herzog AppSec Germany 2010 B2B / Server2Server XML Data Exchange in Web Services B2B integration with XML documents SOAP Services ORDER XML Shop Internet Supplier CONFIRM XML Example Order processing systems OWASP OWASP AppSec Germany 2010 Conference XML External Entity Attacks (XXE), Sacha Herzog AppSec Germany 2010 B2B / Server2Server Example: Web Service Integration of Web Services into portal (Stock Quotes) Data or presentation oriented Remote Portlets can be distinguished. OWASP OWASP AppSec Germany 2010 Conference XML External Entity Attacks (XXE), Sacha Herzog AppSec Germany 2010 XMLHttpRequest / Client2Server XML Data Exchange XMLHttpRequest Object JavaScript OWASP OWASP AppSec Germany 2010 Conference XML External Entity Attacks (XXE), Sacha Herzog AppSec Germany 2010 Web 2.0 - Data Exchange Formats Upstream Data Format Web 2.0 GET & POST(form, txt/xml, soap-xml) Downstream Data Format Web 2.0 html,css,xml,java-script,json,custom OWASP OWASP AppSec Germany 2010 Conference XML External Entity Attacks (XXE), Sacha Herzog AppSec Germany 2010 XML Basics: Introduction XML is a standard for exchanging structured data in textual format <?xml version="1.0" encoding="UTF-8"?> <order> <product>1234</product> <count>1</count> <orderer> <contact>Jan P.
    [Show full text]
  • Securely Streaming SVG Web-Based Electronic Healthcare Records Involving Android Mobile Clients
    146 JOURNAL OF EMERGING TECHNOLOGIES IN WEB INTELLIGENCE, VOL. 1, NO. 2, NOVEMBER 2009 Securely Streaming SVG Web-Based Electronic Healthcare Records involving Android Mobile Clients Sabah Mohammed and Jinan Fiaidhi Department of Computer Science, Lakehead University, Thunder Bay, Ontario P7B 5E1, Canada {mohammed, jfiaidhi}@lakeheadu.ca Osama Mohammed Department of Software Engineering, Lakehead University, Thunder Bay, Ontario P7B 5E1, Canada [email protected] Abstract— Although Electronic Healthcare Records (EHRs) system to provide it in a paper fashion. Healthcare has technology largely facilitates patient care by providing long relied upon paper based record systems which have clinicians with the ability to review a more complete medical become cumbersome and expensive to manage and record, interoperability and privacy issues present present significant challenges related to speed of significant barriers to their implementation. This article accessibility and security. Thus the emerging benefit of proposes the open source SVG (Scalable Vector Graphics) standard for representing electronic healthcare records for mobile Internet technology to healthcare is to provide interoperability purpose where security can be enforced mobile access to medical records. Again, using mobile using lightweight SAX streaming filters. The SVG filters are technology means that the treatment process can be sped based on the Java SAX API to push pieces of the SVG to the up and the potential for medical errors can be reduced. encryption/decryption handlers. The SAX handlers can With motivations such as patient privacy protection and filter, skip tags, or encrypt tags partially or universally at laws like the US Health Insurance Portability and any time from the stream of the SVG EHRs.
    [Show full text]