This issue of XML Daily Newslink is sponsored by:
Sun Microsystems, Inc. http://sun.com
- Extending and Versioning Languages: XML Languages
- Last Call Review: Evaluation and Report Language (EARL) 1.0 Schema
- Latest OpenSSO Extension: SAML 2.0 on Ruby
- Securent to Leverage XACML 2.0 OASIS Standard for Entitlement Management
- Microsoft Not a Cathedral; Open Source Not a Bazaar
- DocBook 5.0CR3 Third Candidate Release
- Changfeng Open Standards Platform Software Alliance Hosts New OASIS China Office in Beijing
- PHP Search Engine Showdown
Extending and Versioning Languages: XML Languages
David Orchard (ed), W3C Editorial Draft
W3C has announced the publication of significantly revised versions of the 2-part draft Tag Finding "Extending and Versioning Languages Part 1" and "Extending and Versioning Languages: XML Languages." Part 1 provides terminology for discussing language versioning, a number of questions that language designers must answer, and a variety of version identification strategies. The evolution of languages by adding, deleting, or changing syntax or semantics is called versioning. Making versioning work in practice is one of the most difficult problems in computing. Arguably, the Web rose dramatically in popularity because evolution and versioning were built into HTML and HTTP. Both systems provide explicit extensibility points and rules for understanding extensions that enable their decentralized extension and versioning. This finding describes general problems and techniques in evolving systems in compatible and incompatible ways. These techniques are designed to allow compatible changes with or without schema propagation. A number of questions, design patterns and rules are discussed with a focus towards enabling versioning in XML vocabularies, making use of XML Namespaces and XML Schema constructs. This includes not only general rules, but also rules for working with languages that provide an extensible container model, notably SOAP. The draft finding Part 1 is intended to motivate language designers to plan for versioning and extensibility in the languages from the very first version. It details the downsides of ignoring versioning. To help the language designer provide versioning in their language, the finding describes a number of questions, decisions and rules for using in language construction and extension. The main goal of the set of rules is to allow language designers to know their options for language design, and make backwards- and forwards-compatible changes to their languages to achieve loose coupling between systems should that desirable. Part 2 discusses the XML related aspects of versioning. It describes XML based terminology, technologies and versioning strategies. It provides XML Schema schemas for each of the strategies and discussion about various schema design. A number of XML languages, including XHTML and Atom, are used as case studies in different strategies. Part 2, section 4 treats "Component version identification strategies" where the editor claims that "The strategy for identifying the version of a component is perhaps the most important decision in designing an XML Language. The use of namespace names, component names, version numbers, and type information are all critical in achieving the desired versioning characteristics. The strategies range from many namespaces per version of a language to only 1 namespace for all versions of a language..." Various strategies: (1) all components in new namespace(s) for each version; (2) all new components in new namespace(s) for each compatible version; (3) all new components in new or existing namespace(s) for each compatible version; (4) all new components in existing or new namespace(s) for each version and a version identifier; (5) all components in existing namespace(s) for each version and a version identifier...
See also: Part2, XML Languages
Last Call Review: Evaluation and Report Language (EARL) 1.0 Schema
Shadi Abou-Zahra (ed), W3C Technical Report
W3C's WAI ERT Working Group announced the release of a Last Call Working Draft for the "Evaluation and Report Language (EARL) 1.0 Schema" specification. Public comments are welcome through 20-April-2007. The Evaluation and Report Language (EARL) is a standardized machine-readable language for expressing test results. The primary motivation for developing EARL is to facilitate the exchange of test results between different checkers, such as Web accessibility evaluation tools, in a vendor-neutral and platform -independent format. Web authoring tools and other applications can also use EARL to aggregate results from different testing tools including Web accessibility evaluation tools, validators, and other checkers. The objectives of EARL are to: (1) Create a standardised way to produce test reports; (2) Support the exchange of reports between testers—humans or testing tools; (3) Facilitate the comparison of test results; (4) Ease the aggregation of test results—e.g., a different set of tests on the same subject. It is also important that the extensibility of RDF (or EARL) allows to tool vendors or developers the addition of new functionalities to the vocabulary, without losing any of the aforementioned characteristics, as other testers might ignore those extensions that they do not understand when processing third party results. The EARL 1.0 specification defines an RDF Vocabulary that consists of classes and properties. An Assertion is a statement about the results of performing a test. The "earl:Assertion" class relates the required instances of an Assertor, Test Subject, Test Criterion, and Test Result to a specific Assertion. Each Assertion represents a single statement about a test that was carried out per conformance rules expressed in the EARL model. A Single Assertor is a single entity responsible for making the Assertion. Such an entity could be a single human, tool, or whole groups such as organizations. A Compound Assertor is a group of two or more entities that are responsible for making an assertion. An Assertor determines the results of a test (i.e. an assertor asserts and assertion). he Test Subject is the class of things that have been tested; this class is intentionally generic to serve a wide variety of usages. A Test Criterion is a testable statement, usually one that can be passed or failed. It is a super class for all types of tests including things such as validation requirements, code test cases, checkpoints from guidelines such as Web Content Accessibility Guidelines 1.0 or others. An EARL report is a set of instances of the Assertion class, where each assertion contains information about a single test that was carried out.
See also: the EARL Overview
Latest OpenSSO Extension: SAML 2.0 on Ruby
Pat Patterson, Blog
"Hot on the heels of our launch of OpenSSO Extensions comes the latest extension, contributed by Todd Saxton from New Zealand: a SAML 2.0 relying party implementation in Ruby. Todd used the existing SAML 2.0 PHP relying party (formerly known as Lightbulb) as a starting point and ported it to Ruby, using Roland Schmitt's WSS4R to handle the XML Security chores. Note that both the Ruby and PHP SAML 2.0 relying party implementations are very much 'proofs of concept'. They successfully complete SAML 2.0 single sign-on and single logout, but are not to be considered production quality. In particular, Andreas Solberg has identified some bugs and shortcomings in the PHP implementation and kindly offered to contribute his fixes... I just downloaded the Ruby SAML 2.0 code and... it works! I made one minor fix to account for differences in my environment, but everything else was just configuration. I created a checklist of what you'll need, using a very useful HOWTO on Rails installation as a base..." OpenSSO Extensions is an incubator for modules that build on the access control, single sign-on and federation technology in OpenSSO, but are not part of the core project. For example, currently there are developers working on an OpenID identity provider and a PHP client SDK.
See also: the OpenSSO web site
Securent to Leverage XACML 2.0 OASIS Standard for Entitlement Management
Staff, Securent, Inc. Announcement
Securent, Inc. announced that it has become a Sponsor Member of the Organization for the Advancement of Structured Information Standards (OASIS), seeking to work with OASIS toward the advancement of current and emerging standards, including Extensible Access Control Markup Language (XACML). Securent will share its expertise in open architectures and best practices learned by addressing customers' needs for application and data security, and compliance. Last year, Securent delivered its Entitlement Management Solution (EMS) as an XACML-compliant product, providing customers such as Credit Suisse and Qualcomm with a scalable and cost-effective alternative to custom coding fine-grained access controls into applications. Securent EMS is comprised of three XACML-based components that empower IT administrators and business users to administer, enforce, audit and review role- and rule-based policies—the Policy Administration Point (PAP), the Policy Decision Point (PDP), and the Policy Enforcement Point (PEP). The open architecture is vastly different from conventional entitlement management products and toolsets that are tied to specific vendor platforms, making them difficult to integrate, manage, and scale across heterogeneous IT environments. By complying with the XACML OASIS Standard, Securent addresses customer concerns about vendor lock-in of current proprietary solutions.
Microsoft Not a Cathedral; Open Source Not a Bazaar
Sean Michael Kerner, InternetNews.com
It's not every day that you see a Microsoft employee demonstrating Microsoft software running natively on Linux. Yet that's exactly what happened at AJAXWorld, as Brad Abrams, group program manager at Microsoft for ASP.NET AJAX (codenamed Atlas) did during a morning keynote. Abrams declared that Microsoft is not the cathedral and that open source isn't really a bazaar when it comes to AJAX, a claim that undermines one of the core underpinnings of the open source movement. In 1999, Eric S. Raymond published The Cathedral & the Bazaar, a seminal tome on the open source movement. Among open source's many core tenants the book highlighted is that proprietary vendors such as Microsoft are closed, monolithic structures—the cathedral—while open source operates in bazaar fashion where things are all done out in the open and with the community. Abrams argued that Microsoft is not the cathedral when it comes to ASP.NET AJAX but is quite transparent. On the open side of things, Abrams claimed that Microsoft was providing ASP.NET AJAX components with 100 percent source code availability. The components are being licensed under Microsoft's permissive license, which allows users to view, modify and redistribute source code for non-commercial and/or commercial purposes. Among the ASP.NET AJAX components that Microsoft is freely providing under its permissive license is the AJAX Control toolkit, which is a user-interface toolkit containing over 40 widgets. Beyond just making it freely available Abrams noted that it is fostering a vibrant community around the toolkit with approximately 40 contributors outside of Microsoft already helping out on the project.
DocBook 5.0CR3 Third Candidate Release
Norm Walsh, Blog
Team members in the OASIS DocBook Technical Committee have issued a third candidate release for DocBook Version 5.0. They also decided to set a feature freeze date for DocBook V5.0, which sets the team on a solid course for an official V5.0 release "in the next couple of months." Any requests for enhancement received after 20-April-2007 will not be considered for DocBook V5.0, though bug reports will continue to be addressed. Six REFs (managed on the SourceForge DocBook Project) have been accepted and incorporated into DocBook V5.0CR3: (1) changed semantics of of the "termdef" element: a "firstterm" is now required instead of a "glossterm", as in previous releases, which allows the definition of one term to refer to another (2) added 'pgwide' attribute to the "example" element; (3) added a 'label' attribute to CALS and HTML tables; (4) added an "acknowledgements" element, peer to "dedication", replacing "ackno" which had only been available at the end of "article"; (5) after several months of consideration and experimentation, decided to allow "info" in HTML tables; (6) adopted 'http://docbook.org/xlink/role/olink' as an XLink role (that is, the xlink:role attribute) value to identify OLinks expressed using XLink attributes. "DocBook is a markup language for technical documentation. It was originally intended for authoring technical documents related to computer hardware and software but it can be used for any other sort of documentation. One of the principal benefits of DocBook is that it enables its users to create document content in a presentation-neutral form that captures the logical structure of the content; that content can then be published in a variety of formats, including HTML, PDF, man pages and HTML Help, without requiring users to make any changes to the source. The DocBook XSL transformations can generate content from DocBook 5.0 XML documents. DocBook 5.0 is defined by a RELAX NG + Schematron schema. While there is a W3C XML Schema + Schematron version available, it is not considered the definitive, or "normative" version of the schema. There is also a DTD available, though it lacks the power to truly validate all DocBook 5 documents. DocBook 5 is defined in a namespace, whereas DocBook 4.x is not, as DTDs are not namespace aware; this allows DocBook 5 documents to more easily coexist with other namespaces (like SVG, MathML, etc). In DocBook 5, almost any element can have intradocument linking and extradocument linking attributes. Also, DocBook 5's schemas have versions that explicitly allow for XInclude semantics.
See also: the Wikipedia article
Changfeng Open Standards Platform Software Alliance Hosts New OASIS
China Office in Beijing
Staff, OASIS Announcement
A new OASIS China Office will focus on increased opportunities for participation and enhanced services for existing members in China. A Chinese version of the OASIS web site has been introduced in support of this outreach effort. According to Lan Xiao, Secretary General of Changfeng Alliance, "The driving philosophy behind OASIS is that all those affected by eBusiness standards should have a voice in their creation. We want to help Chinese organizations realize the benefits of working with other software developers from around the world to ensure China's needs are represented in the standards that affect trade, and to promote the adoption of OASIS Standards by Chinese software companies. Chinese companies are drawn to OASIS because the Consortium encourages open collaboration on interoperability issues critical to Asia, such as Web services and Service Oriented Architecture (SOA). The international focus of the Consortium facilitates global participation. Members of each OASIS technical committee specify which language they will use to conduct their work, and most discussions are held via email or conference calls to accommodate participants from multiple continents. In conjunction with the OASIS China Office launch, the OASIS Unstructured Operation Markup Language (UOML) Technical Committee was also announced. This new committee will advance an XML operation standard for unstructured documents based on a specification created by Beijing Sursen and supported by China's UOML Alliance. The chair of the OASIS UOML Technical Committee is based in China, and the Committee will bring developers in China together with others throughout the world.
PHP Search Engine Showdown
Michael Douma, O'Reilly ONLamp.com
It's a universal frustration. You just know that the piece of information you're looking for is somewhere on a site. You click one link, then another, and another. You go back to the home page and try a different branch of the site. After dozens of clicks, you still can't find the information you need. Then it's back to Google and on to another site... Search tools not only make your information easily accessible, but they also increase the time visitors spend on your site. An internal search engine may be a necessity if your site has more than 100 pages of content, if it is deeply hierarchical, or if its architecture is weak. If the purpose of your site is to provide in-depth information on a variety of specific topics, it's ineffective to force a visitor to browse through your site to find the information he seeks... When selecting a search tool, you have two options: a hosted remote search engine or a local search service. Remote site search services offer several advantages. Your costs are significantly lower, as the software and maintenance are often free. Likewise, because index files are stored on the host's servers, you save disk space. The primary disadvantages of remote site search services are that you have little control over the indexing process and that you can't change the code, add new features, or customize your search engine. The advantages of using the local approach are that you can ensure the privacy of your data, you can control the indexing process and search results, and that you have the freedom to implement new features... If you're going to install a local search engine and are using PHP, you have several great PHP engines to consider. There is no ideal PHP search engine, but our overall impression was that Sphider and MnogoSearch are the best contenders. In general, Sphider returns more accurate hits, and MnogoSearch is easier to set up.
Selected from the Cover Pages, by Robin Cover
On March 22, 2007, the Distributed Management Task Force (DMTF) announced a new DASH Initiative (Desktop and mobile Architecture for System Hardware). DASH Initiative Work Groups will produce a suite of specifications taking full advantage of the DMTF's Web Services for Management (WS-Management) specification to deliver standards-based Web services management for desktop and mobile client systems. The new initiative is designed to provide the next generation of standards for secure out-of-band and remote management of desktop and mobile systems. DASH becomes one of several DMTF Management Initiatives, providing a comprehensive framework for syntax and semantics necessary to manage computer systems, independent of machine state, operating platform, or vendor. Since the DMTF's Desktop and Mobile Working Group (DMWG) was announced, the group has attracted more than 180 members from over different companies, demonstrating a strong commitment by vendors and users across the industry to collaborate on this effort. Statements of support for the new DASH Initiative have been provided by AMD, Avocent, Broadcom, Dell, HP, IBM, Intel, Microsoft, Novell, NVIDIA, Symantec, and WBEM Solutions. DASH contains the models, mechanisms, and semantics necessary to manage mobile and desktop computers in use today, independent of service state. This includes the architectural, service and operations models, and covers boot and firmware update as well as service discovery. The profiles contain the required classes, instances, properties and methods necessary to manage systems. The transport and management protocols allow implementers to determine the communication requirements for compliant systems. Discovery and security requirements described help to understand their aspects in relation to the profiles and protocols. And the use cases should help implementers understand the communications that take place in certain circumstances.
XML Daily Newslink and Cover Pages are sponsored by:
|BEA Systems, Inc.||http://www.bea.com|
|Sun Microsystems, Inc.||http://sun.com|
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: firstname.lastname@example.org
Newsletter unsubscribe: email@example.com
Newsletter help: firstname.lastname@example.org
Cover Pages: http://xml.coverpages.org/