A week ago I entered a Gravis Store for the very first time and tested an iPod touch. One of the outstanding features is its display and navigation by using a finger. Also, it provides a WLAN unit, so I typed in the browser URl of a quite challenging site: demo.activemath.org. It’s amazing, I never expected a good output. CSS is no problem and most formulae were rendered correctly. Except for the limit symbol/function. But this is an old well-known problem for which we have no fix yet. However, the display quality is great. And here we go. Click on the images to open large pictures.

Unfortunately, I could not run a full test. That is, I did not login and I did not test any exercise. But at least, we expect that the input editor won’t work because it is embedded in a Java applet. Also, Java Script does not work properly as formula highlighting did not work. After a while, I must have done something wrong, because I could not follow any link on any page. Seems like the iPod touch crashed.

I have to write this article for myself, because I am very forgetful. In a world dominated by so many technical terms and products it is not easy to find the right sources and solution. In my case, the following scenario is present: I want to have a web application including a database storage and remote services. This incorporates a set of classes, a database schema and a XML representation of my data model. In addition, the xml representation can comply to some well-known XSD standard or it can be formulated in some Semantic Web language such as OWL. Because so many components interact with each other they share a common data model but each component uses its own representation of the information.

• The relation database uses a database schema formulated in SQL
• The Java classes comply to a Java specification.
• Semantic Triple stores base on RDFS and/or on OWL
• Web Services communicate via WSDL.
• And finally there also exist XSD definitions of a data model for interoperability.

The ultimate question is, how can I select one representation and generate all other representations? This approach is data-driven.

Hibernate Tools allow to create a set of POJOs from a database schema and vice versa a database schema from a set of JPA annotated classes. AppFuse applies HibernateTools for database creation from POJOs. POJOs also serve as sources for generation of WSDL files. Java XML Binding frameworks such as JAXB, JaxMe, or XMLBeans help to create POJOs from XSD files. POJOs created by these tools can be streamed to XML files that correspond to the origin XSD. And finally, RDFReactor can take an OWL file and create a POJO which can be used for persisting into a triple store.

So, you see the flow is not easy, as it is interrupted. While you can create POJOs with Java XML Binding tools, these POJOs are not annoted by JPAs such that an automatic generation of a database schema is not possible. In any case, if a solution exists that unifies all streams then it should be an easy-to-use approach. And this is hard to find.

Java XML Binding:

• JAXB This is a reference implementation. There is a lot action here and the hige community.
• JaxMe 2 In my opinion, this started as an ambitious project but lost much motivation. I do not know whether it cas been stopped, but the last news message is from 2006. A pity, because it delivered a “complete” approach tying POJOs/Beans, XML files, and (XML) databases together.
• XMLBeans Though still one of the most active projects, I always considered this as a package monster. Good for Java/XML Binding.
• Castor provides Java-to-XML binding, Java-to-SQL persistence, and more.
• JibX is a fast Java XML Binding framework.

Java Database Binding:

• Hibernate Tools; needs JPA annotation
• Castor provides Java-to-XML binding, Java-to-SQL persistence, and more.

Java RDF/OWL Binding:

• Jastor This an open source Java code generator that emits Java Beans from Web Ontologies (OWL) enabling convenient, type safe access and eventing of RDF stored in a Jena Semantic Web Framework model. As mentioned it is programmed against Jena making an application dependent on a particular RDF Triple Store.
• RDFReactor RDFReactor views the RDF data model through object-oriented Java proxies. It makes using RDF easy for Java developers. It is independent of a specific RDF store. It is still under development and rather a research project.

Application Frameworks

• AppFuse
• IBM semantic Application Layer / Boca It seems as if work on this interesting project stopped in Feb 2007.

Further Reading:

• Wikipedia on XML Bindin
• Article on Java XML Binding
• Another article
• A series of Java and XML data binding articles.

Electronic Media offer many possibilities, but information can be misused. To protect an individual’s right, appropriate laws are needed. E-portfolios are vulnerable to misused data. For instance the data stored in an e-portfolio might break the copyright of the origin author or the data can be accessed by an unwanted party. In both cases, protection is required. In a company environment, the employer does not want to be accused for his employee’s being suspected of plagiarism, and employees do not want the employer to access all their e-portfolio data.

In the following, an illustration of German data protection laws is presented. It shows that an implementation of e-portfolios in the public and commercial sector is quite difficult and requires in each scenario a proper setting of many legal issues agreed upon by all participating players. Note: most information is retrieved from Wikipedia (here and here).

Data protection: context

The importance of data protection gained more and more significancy in parallel to the development of the digital technology as data accquisition, data storage, data transfer and data analysis became simpler. Technical innovations such as Internet, e-mail, mobiles, video control, and electronic payment open new facilities for data accquisition. Public agencies as well as private corporations are interested in individual-related information. For instance, security agencies wish to reduce the crime rate by dragnet investigation or by the surveillance of communication channels; tax authorities are interested in account transactions to reveal tax delicts; companies wish to achieve a higher efficiency by surveillance of their employees, customer profiles can help to devise marketing strategies, access to bank accounts can provide information whether a customer is solvent. However, the majority of Germany’s population has an indifferent attitude towards this development and its consequences for the individual.

Due to the wordwide network, and in particular due to the Internet, the risks related to individual-related data protection keep growing stronger.

Data protection: regulation

The international valid Guidelines on the Protection of Privacy and Transborder Data Flows of Personal Data exist since 1980. Their objective is to harmonise data protection regulation between states, to facilitate a free exchange of information, to prevent unjustified handicaps to trade, and to prevent a gap between European and US-American developments.

In 1981, the European council passed a data protection convention, one of the first international agreements on data protection. The convention is still in effect. However, it has merely a recommending character. In contrast to this, data protection guidelines established by the European Union are binding and have to be nationally implemented by the Union’s members. Germany implemented the guidelines in 2001. They also regularise the transfer of individual-related data to non-EU states. According to article 25, a transfer is legal if the target state ensures a suitable protection level. In Germany, data protection is considered a base right (right on informational self-determination). Basically, only the individual decides to whom he passes what personal information. However, this base law is not mentioned explicitly in the basic constitutional law. As opposed to this, most federal state constitutions include the base law.

On federal level, the federal data protection law (BDSG) regularises data protection for the federal agencies and for the private sector. In addition, the state data protection law of the federal states regularises data protection on state and regional level. Also, there exists a multitude of sector-specific data protection regularisations which precede regularisations of the right on general data protection.

Data protection: practice

Key data protection principles are

• Data prevention and data economy
• Necessity
• Earmarking

Once data is collected technical and/or organisational means have to ensure data protection such that only authorised agents are allowed to access the data. In particular, automation of data access methods (also online methods) requires special attention.

From the principles of data economy and necessity it follows that information that is not needed any more has to be deleted or in case of documentation liabilities it has to be locked.

In addition to the basic data protection requirements, the concerned individual has the right to ask for information. Also, the data should be supervised by an independent data protection entity.

At the international data protection conference in 2005, the data protection commissioners reminded in their Declaration of Montreux the internationally accepted data protection principles. These are:

• Principle of legitimacy of data acquisition and analysis
• Principle of correctness
• Principle of earmarking
• Principle of commensurability
• Principle of transparency
• Principle of individual self-determination and access guaranty
• Principle of non-discrimination
• Principle of safety
• Principle of liability
• Principle of an independent controlling instance and of legal penalties
• Principle of an appropriate protection level for transnational data transfer

Data protection: control

For control in the public sector there exist:

• The federal data protection commissioner for federal agencies
• The state data protection commissioner for state agencies
• Special data protection commissioners for corporations, institutions, and foundations of the public law

Additionally, agencies can appoint official data protection commissioners. These are in charge of single tasks, but they do not prevent the control of the superordinate commissioner.

In the non-public sector, data protection control is handled on the state level. This can be the regional government, Ministry of the Interior, or the state commissioner for data protection. From a certain company size, an operational commissioner has to be appointed according to the Federal Data Protection Law.

Data protection: critics

From a semantic point of view, it is criticised that the jurisprudential requirements for a terminology have not been fulfilled yet. The normative terms are incoherent and with no clear objectives.

Critics say that too much data protection (in wrong places) can also cause damage, e.g., insufficient data exchange between attending physicians (electronic card in eHealth) or the obstruction of research. However, research data is rather anonymous and therefore, less relevant for data protection than individual-related data.

Also the access to private data by the federal or state police is extensively discussed. Agents criticise that data protection complicates their work in reducing the crime rate. However, for many arrangements by the police, the accuracy of the protected data cannot be judged beforehand. Also, the rate between the value (security) and the damage (privacy, citizenship) has a lopsided overbalance to the disadvantage of privacy. Hence, a big brother scenario is strictly rejected. Recent technological developments such biometric data or RFID chips in passports caused an intensive dispute.

Then, there is a tension between data protection and the wish for transparency in policy. Opposed to the transparency interests of the public (e.g., access to emission values of factories, or the salary of members of a board of managers) are the interests of the individual to protect his data.

Employee data protection

The employee data protection is the protection of rights to informational self-determination of individuals acting as employees.

It considers specific characteristics of the employment contract related to data protection of the employee. Employer and employee are legally equal partners, but in fact, the employer is economically and structurally superior to the employee. The employer decides on the details of a contract and on the working conditions. He orders when, where, and how the employee has to act. In general, the employer cannot elude these pre-established guidelines. Due to this dominance of the employer the employee needs specific protection.

The protection neediness becomes particularly apparent with regard to data protection: the employees right to determine if and what personal data can be passed to a third person collides with the employer’s right on direction. Hence, self-determination and foreign-determination collide. The employee data protection tries to establish a balance between these two interest groups.

Eventually, it is the question, what kind of employer access to employee’s rights on informational self-determination and his personal rights is legal.

Employee data protection regulation

Despite of the practical and legal importance, the German employee data protection is not explicitly regulated by law. Therefore, data protection in an employer-employee relationship is ruled by the federal data protection law. Additionally, specific arrangements such as the telecommunication data protection law or the works council constitution act have to be considered in individual cases.

Though, this law for employee data protection is discussed for 20 twenty years and it is being strongly supported and put forward by data protectors and trade unions (DGB, ver.di) it is not expected that the German government will enact a law in the near future.

In larger companies, relevant issues related data protection are regularised by the operating agreement. The agreement can justify interferences in the employee’s right on informational self-determination. At the same time, it establishes limits that should not be exceeded by the employer. Typical operating agreements comprise arrangements on the usage of e-mail and Internet services at work and when and how the employer is allowed to control these arrangements.

In an e-portfolio scenario, works commitees and trade unions have to agree upon a compromise to successfully implement an e-portfolio solution. Typical problems and objections are that an analysing software can not only spot the 5 best employees, but also the 5 worst according to their portfolio and their list of competencies. Surprisingly, a list of the 5 best employees can turn into a problem, too, as these employees become “top products” and increase the competition between departments of a company to obtain that particular product.

As the the laws do not fully regularise data protection at work and as not all details are considered by operating agreements many new questions arise which are decided by local labour courts. The decisions provide further directives.

This article is one of a series and presents details that contributed to the European Study on e-Portfolios which has been iniitiated by Eifel. The details relate to the German activity landscape. They are under copyright by Martin Homik and Erica Melis (DFKI GmbH) who coordinated the German part of the study. The study part dates back to spring 2007.

Yesterday, I tried to run my AppFuse application with PostgreSQL instead of MySQL. I ran into a CLEAN_INSERT problem which was a result of an earlier mistake. In MySQL I used a longtext type for a description field. This type corresponds to a column JPA annotation having a length attribute with the value ‘2147483647′. Obviously, this value is too high. Note, the storage required for a ‘longtext’ is L + 4 bytes, where L < 2^32. According to PostgreSQL documentation “the longest possible character string that can be stored is about 1 GB”.

In a first solution, I removed the length attribute from the JPA annotation. PostgreSQL creates per default a “character varying(255)” data type with a fixed limit of 255 characters. On the database level, it is possible to omit the limit value, the system takes then the maximum value. But, I do not know how to specify this in a JPA annotation. Anyway, now, my AppFuse runs with PostgreSQL, too.

This was quite a bit of ’small-steps’ work.