The protection of your site against hackers is one of the most difficult tasks for a modern administrator. The Web Security Handbook is a must-have for the people that need their sites to be as safe as possible.

Once with the very quick development of Internet and information-sharing mechanisms that use it, the flow of information is becoming harder and harder to secure and to control. So, nowadays the skills of controlling and securing the access to information have a key-role in the overall development of the Internet. This book is oriented towards all kinds of people that work with Internet, starting with Web masters, Web managers and ending with Web designers. It will teach you to build secure sites by writing secure Java applets and CGI scripts, using network-protection software, such as firewalls and use cryptography for protecting the data on the site.

Every possible area of expertise is thoroughly explained in the book by an expert. Three security experts discuss the browser area of security: user passwords and IDs, anti-cookie policy and the advanced anonymity strategies. The server-side security is being sustained by firewalls, privacy-conscious Java applets, CGI scripts and by encrypting the payment protocol pages. Also, a great place in assuring the security comes from encryption. The basics of encryption can de found in an appendix to the book.

This book contains the most valuable information a system administrator must possess. It is filled with basic to advanced security techniques from client-side and server-side security practices, browser security, writing secure CGI scripts, and very interesting topics such as firewalls and securing the nowadays developing e-commerce. The most important thing that the book contains is the link to a website that contains the newest security practices and information on the latest security problems and their solutions.

The Web Security Handbook will help you not only to secure your website, but also it can help secure your own PC from the attacks that come from the Internet.

XML Encryption is a new standard defined by W3C, which defines the encryption of data, afterwards representing it as XML. It can encrypt virtually any type of data, including arbitrary data, an XML element and an XML element content.

The result of the data encryption is an XML document, which contains the encrypted data or a link to it. It has been called XML encryption or XML-enc because an XML element refers to or contains the cipher text, keyring information and the algorithms used for encrypting the data. For deciphering the encrypted data, XML Encryption uses the KeyInfo element that is a child of a SignedInfo, EncryptedData or EncryptedKey element and contains or provides the link to a recipient what is the keyring to use in validating the encrypted text or the signature.

If the encryption is being done on an XML element or an element content the EncryptedData element is put in the place of the original element in the encrypted version of the XML document. But if encrypting arbitrary data, there are two ways the data can be represented: it may be either the root of the newly-created document, or become a child element in the finite application-chosen XML document.

The XML Encryption W3C document was officially released 10 December 2002, being produced by the W3C XML Encryption Working Group. It’s main purpose was to create a specification that would be sufficient for the creation of independent interoperable implementations. It was released as W3C’s XML Encryption Recommendation (REC). It is a stable document and can be used as reference material and therefore cited from other documents.

W3c created this Recommendation in order to draw attention to the XML encryption Specification in order to promote its widespread deployment, as this would bring a great amount of flexibility and additional functionality and interoperability to the Web.

The Semantic Web is a new idea that came from the creator of the WWW, URIs, HTTP and HTML. Imagine yourself the information from all over the world being linked as in a global database, in such a way that the information would be easily processable by the machines, on the global scale. This could be the next step in improving the efficiency of representing the data from the Internet.

W3C is already working on creating the new Internet standard, as many tools, languages and publications that are focused on semantic web have already been created. But anyway, as these technologies are yet in their infancy, it is very hard to imagine how the Internet will look after the implementation of the Semantic Web standards.

The greatest part of the data is published in such a way, that it is very difficult to use it on a large scale due to the fact that there is no global system for publishing the data in such a way, that it can be easily used and processed by everyone. The Internet in now full of data, and our main problem now is how to properly manage it. If we look at sites that present sports events, weather information, plane times, local news, we understand that because the news are represented in HTML, its usage is limited. So the problem that is thought to be solved by the introduction of the semantic internet would be the openness of the information, so that it could be used in many various ways.

But the semantic web comes not only as an engineering solution. Because, in time, it will be easier to publish data in a repurposable form, more and more people would want to publish data. In time there might also appear applications that would evolve the Internet, increasing the modularity of the Web applications.

When you are working with HTML, the chance that you would make mistakes in the code is great, and rising with the length of the document. In order to help the HTML coders work with great amount of code, creating from the sloppy and badly-written code a clear and nicely laid markup, David Ragget wrote the HTML TIDY utility.

TIDY can correct the mismatched tags, correct the tags put in the wrong order, and it can perfect the lists that miss some required tags. It practically reduces to zero the work needed to be done by the coder on correcting errors.

This utility is famous for being able to fix a great range of problems, and also bring to your attention the errors it doesn’t know how to solve by itself. TIDY will show you what error is unable to solve, with the line and column numbering the code. The other problems it is able to solve by itself will be shown as warnings.

Now, Dave Ragget no longer works on this project, it is being continued by a group of volunteers on the Source Forge community. The source code remains open under an open source license, and if you found some problems or bug, or you have some enhancements requests, or wrote some patches.

Another way TIDY s known to make miracles is editing the HTML produces from WYSIWYG HTML editors. It changes radically the code received from Word 2000 and even from Word 1997, is you use the “Word-2000” config option.

TIDY was made for Linux, so it was created according to the UNIX philosophy: a program should do one thing, but should do it good. Even though it has no GUI and you have to read the manuals in order to be able to use it and know all the available options, it does its own job excellently.

Modern Web is developing at a very fast pace, therefore it’s very hard to find sites that would assure accessibility for everybody, including the people with disabilities. In order to assure the accessibility for everybody, the University of Illinois launched the HTML/XHTML Best Practices site.

The site is a set of practices that are used on the University’s site to provide support  for everybody on the university’s site. Now it’s the place where all the Internet meets to learn on making a website accessible. The HTML/XHTML Best Practices Site was made with the following purposes in mind: it must benefit the people with disabilities in the first place, bring benefits to web developers and all other users, and in the end, encourage the creation of sites that would support automated testing.

The old approach of making a site “accessible” is the repair approach, where the web-designer simply brings the site to the requirements of WCAG or of the Section 508. While this makes the site more usable from the technical part, anyway it doesn’t help a lot. The Best Practices on the other way, focuses on creating a functionally easier environment, that improve the experience of all the users, not only the ones with disabilities. The site is mentoring the so-called “user-centered” design approach, that are inspired by the needs of people with disabilities, but also allow other users to get additional control when accessing the web resources.

The user-centered approach is centered around making assumptions not about what technologies should be used when accessing a web-resource, but more options can be implemented to use a larger range of technologies, so that the information could be restyled for the needs of the developer. In such a way, basing on the fact that all the users benefit from this design approach, developers can test to see if their resources are conforming to the user-centered design.

The new public review draft of the document “ebXML Registry Profile for Web Ontology Language (OWL) Version 1.5″ has been released. Being produced by the OASIS ebXML Registry Semantic Content Management Subcommittee, it defines a new version of the ebXML profile used for publishing, management, discovery and reuse of the ontologies developed by the OWL Lite standards.

This document tries to define the normative ebXML Registry Profile for the OWL (Web Ontology Language) Lite. It has the purpose to normatively specify how the OWL Lite constructs are to be represented by ebXML RIM constructs without inflicting any changes in the ebXML specifications.

It was designed to define such things, such as requirements and usage cases in order to manage semantic content with the ebXML Registry 4,  so that there would be the possibility to establish a formal liaison with relevant groups that come with the Semantic Web Activity (SWA) at W3C. In order to be compatible with the standards, it must be able to include the ability of using ontologies for the classification of RegistryObjects and to enable the using of intelligent discovery through ontology-based queries. In order to assure full compatibility, the SCMSC group has the purpose of identifying the specific semantic web-technologies, that fulfill the requirements identified for the semantic content management.

By using the constructs defined, a great amount of semantics can be defined in the registry. Bu because of some application domains using the ontologies for adding knowledge to their data and applications, it is nowadays becoming a much broader problem than it was.

The annotation is essentially the association of some metadata with some other object, called target data.  The target data can be everything, starting with a table in a database, a file or document, or virtually any type of information. The annotation also has a wide range of meanings, so that it can be either a link to another table in a database or another database, a comment for a document, or the classical sticky note that is put on the fridge’s door. The annotations a very important when working with great amount of data, the scientists and the legal specialists extensively use the annotations.

In order to arrive to a manageable and useful API, due to the great variety of the types of annotations, the design of the API must be narrowed. To do this, first the goals of the annotation system must be enumerated, and afterwards create the data model of the annotations and create the API itself.

The most important goal of the Annotation Web Service API is to be able to activate an annotation for virtually any type of digital information, regardless of its type, size or content. In such a way, there would be possible to use a single API for annotating both the legal documents and briefs and also the results of scientific experiments. The timestamps must be tied not with the name, timestamps or other secondary data of a file, but directly with the contents of the file, so that even if you change the name of the file and copy it to your coworker, he must be able to see the annotations tied with it. In order to accomplish this, there must be created a model where the annotations are stored separately from the target data objects and their identity would be identified regardless of their meta-information.

There are also several other design goals that would be included in the Annotation Web Service API, such as the “sticky note paradigm” implementation, access control and the bidirectional access between the annotations and the target data. Also, another goal of the developers would be maximum configuration, flexibility and extensibility by the implementers.

Troubleshooting P3P may sometimes be very frustrating. There are thousands of mail messages that are posted on the www-p3p-policy mailing list from the webmasters that are working on enabling P3P on their web-sites, but have run into difficulties. In some cases, people simply do not understand the way P3P works, but in other cases the webmasters have partially enabled P3P, but with some details not right.

The first thing that must be done, after enabling P3P on your site, would be to check it, to ensure that this implementation is correct. W3C’s P3P Validator is an excellent tool for doing this. Used with at least one P3P user agent, it’s the best way a developer is able to test a P3P site.

The P3P Validator is used for checking the syntactic correctness and the proper placement of the P3P files on your web-server. In the case that the Validator reports any errors, you must read them carefully and solve them one at a time until you get no errors. Also, you should check the list of the known P3P validator bugs and see if there are some of them that may be applied to your site. If the server is configured to send P3P headers, you have to make sure that those headers are really being emitted. The validator report will contain the information whether are the P3P headers received from your site.

After validating the site, you must check how it works with a P3P user agent. Of course, it would be better if there would be done some tests on all the available user agents that the visitors of the web-site might be using. The most used agents are Microsoft’s Internet Explorer, Netscape and the AT&T Privacy Bird. You must check whether all the clients are able to produce a human readable report about your P3P server, and if the reports correspond to your privacy policy. If you have encoded your policy in XML, this would be a good way to check for errors. Also, after making changes to your policy, it would be the best to clean the browser’s cache, in order to always get the updated information.

SMIL (Synchronized Multimedia Integration Language) is an XML application, created by the W3C Consortium. The most recent SMIL standard version is 2.0, and it has been released on 7 August 2001. Its main purpose was to define a language optimal for writing interactive multimedia presentations, also with support of reusing the syntax and semantics of SMIL to ther XML languages, such as XHTML.

It is a very powerful language, giving you a lot of control over the contents of the presentation. You can integrate different types of media simultaneously, such as audio, video, images and text. It allows you to synchronize different pieces of text with images, or to play a small video at the end of the presentation.

SMIL represents a cross-industry agreement for the publication of presentations online. There are a wide variety of SMIL players, between which the most popular are Oratrix’s GRiNS, RealPlayer, Apple’s QuickTime and Microsoft Internet Explorer. The closer one to W3C SMIL 2.0 recommendations

There are very many advantages of using SMIL. Between them the most important are:

• SMIL is vendor-independent, easy to use declarative language for web-presentations. It uses a text format, so you can create a SMIL presentation with any text editor, like Notepad.
• It allow the integration of different types of media, such as images, video and text. A SMIL presentation does not contain the images or video. Instead it streams them from outside the document, simply by referencing to them and letting the included software play it.
• SMIL supports spatial layouts, such as regions and more advanced multiple windows layouts and hierarchical layouts. That would create an abstract rendering surface, where you could decide what types of media you can present for every space.
• The most important advantage of SMIL is the advanced timing and synchronization features. You could use the elements <par>, <seq> and <excl>, so that you could ideally coordinate and synchronize  the presentation in the best way you want on a specified timeline. As an example, you could specify that the beginning of an audio narration comes after an image is shown for 5 seconds.

Forms are a part of our lives. They are used day by day in the ordinary life, but online they have a special place. They are the primary way of collecting information, being used for search engines, polls, surveys, electronic commerce, and even on-line applications. Every type of user-interaction on-line is done through web-forms of some sort. However, this technology is already showing it’s age. Being created 5 years before XML, it has limitations, that make developer’s and user’s lives harder. Among them are:

• As forms are older than XML, the integration between them is very poor
• Every common tasks made on form’s information requires a great amount of scripting
• Forms run well only on desktop browsers, depending on the device it is being run on
• They have great limits in accessibility
• They are hard to learn, because of the blending of purpose and presentation.

A new W3C standard, the XForms, come to substitute the old forms, in order to add some additional features and ease the work for the developers. The goals that XForms tend to accomplish are:

• Improvement on XML and XML Schema integration
• Simplification of common-related tasks, so that less scripting would be required
• Device-independence, so that it could work on all types of computers
• Universal Accessibility
• Separation of purpose from presentation.

XForms is an XML technology, that is very close to XSLT processing. They both use the instance data that is based on XML and defined in terms of XPath’s internal tree representation. Of course, there are some differences between them. XSLT is usually defined in terms of three trees, resultant from parsing XML documents. But XForms combines the input and output trees, so often in the diagrams you would see it as the representation of only two trees, resulted from parsing XML documents. The flow of data in XForms is in the following way:

1. The information that comes either inline, or from an XML document is parsed into memory.
2. The information from the instance data is being processed. That involved the interaction with the user and recording of the received data.
3. The submitted data is processed, being transformed usually into XML, and sent to the server