This issue of XML Daily Newslink is sponsored by:
- What is in the New Draft of OOXML?
- SCAP Narrows Security Gap
- Defining NETCONF Data Models using Document Schema Definition Languages (DSDL)
- DocBook 5.0: The Definitive Guide Updates
- Two Ajax and XSLT Approaches: Transforming XML in Ajax with XSLT
- Ajax and XML: Ajax for Tables
- E-health Consortium's New Partners for the Patient Data Repository Plan
What is in the New Draft of OOXML?
Rick Jelliffe, O'Reilly Articles
Update on Office Open XML (OOXML): In late February 2008, a week-long Ballot Resolution Meeting (BRM) was held in Geneva, Switzerland. It was attended by 120 individual delegates from about 34 different National Standards Bodies. The outcome of the meeting was a series of editor's instructions to allow a new draft of the standard to be create: usually these instructions are completely specific though there may be some general ones, for example to use one term rather than another globally. At time of writing, March 2008, OASIS has been working on ODF 1.2 which is slated to improve several important ODF weakspots, in particular relating to formulas and metadata. It is mooted for re-submission to ISO during 2008. The results of the BRM are available online and National Bodies now have one month (end of March 2008) to decide if the changed draft meets their requirements. For the new draft to pass, it will require 5 National Bodies (of the 'P' class), to switch from Abstain or No votes (remembering that No with Comments may mean 'Conditional Yes') Of the 1027 Editor's responses, the BRM addressed 189 responses by specific resolutions and discussions of the BRM, and the rest using a paper ballot where each National Body in attendance voted: this accepted 825 of the Editor's recommendations and rejected 13. The issue of a paper ballot had been abstain on issues of lesser interest to them... The changes from the BRM usually relate to either correcting bugs or better documentation. Additions to functionality tended to be limited to providing better accessibility and better internationalization, rather than completing or expanding the general feature set. The Editor's Disposition of Comments clearly tried to reduce the amount of gratuitous breakage of documents or applications, and the explicit resolutions of the BRM continued this policy (IMHO). If the new draft is adopted as a standard, it does not remain static but can be maintained by the relevant ISO/IEC JC1 committee, SC34, Document Processing and Description Languages. Procedures exist for National Bodies to submit Defect Reports, which again attract the Editor's attention and National Body voting acceptance, so the kind of process seen at the BRM becomes an ongoing effort, if there is enough interest by National Bodies. The upshot is that, if DIS29500 mark II and ODF 1.2 both get accepted as standards, by the end of 2008 we should have two standards which together can thoroughly cover the field of representing current and legacy office documents, each representing one of the two dominant commercial traditions, with both under active and significantly open maintenance to fill in the remaining gaps and to repair pending broken parts, with clear cross-mapping to allow interconversion, with an increasing level of modularity so that the can share their component parts, and at least with a feasible agenda of co-evolution and other kinds of convergence.
See also: Tim Bray's blog
SCAP Narrows Security Gap
William Jackson, Government Computer News
Released by NIST last spring, the Security Content Automation Protocol (SCAP) is a suite of tools to help automate vulnerability management and evaluate compliance with federal information technology security requirements. It is an expansion of the National Vulnerability Database with an automated checklist that uses a collection of recognized standards for naming software flaws and configuration problems in specific products. SCAP has done a lot to help agencies in the uphill battle against security vulnerabilities, but it hasn't yet gotten them over the top. NIST is now accrediting independent labs for a SCAP product evaluation program, vendors are producing scanning tools using the protocol, and agencies are using them to automate compliance with IT security regulations. The more mature standards in the suite include: (1) The Common Vulnerabilities and Exposures Standard (CVE) from Mitre, which provides standard identifiers and a dictionary for security vulnerabilities related to software flaws. (2) Open Vulnerability and Assessment Language (OVAL), also from Mitre, a standard Extensible Markup Language for security testing procedures and reporting. (3) Extensible Configuration Checklist Description Format from the National Security Agency and NIST, a standard XML for specifying checklists and reporting results. (4) Common Vulnerability Scoring System from the Forum of Incident Response and Security Teams, a standard for conveying and scoring the impact of vulnerabilities. Less mature standards are: (5) Common Configuration Enumeration from Mitre, standard identifiers and dictionary for system security configuration issues. (6) Common Platform Enumeration from Mitre, standard identifiers and a dictionary for platform and product naming.
See also: Application Security Standards
Defining NETCONF Data Models using Document Schema Definition Languages (DSDL)
Rohan Mahy, Sharon Chisholm, and Ladislav Lhotka (eds), IETF Internet Draft
Members of the IETF Network Configuration (NETCONF) Working Group have published an updated draft for the specification "Defining NETCONF Data Models using Document Schema Definition Languages (DSDL)." The document describes a concrete proposal for creating Netconf and other IETF data models using the RelaxNG schema language and the Schematron validation language, which are both part of ISO's Document Schema Definition Languages (DSDL) standard. Appendix D preents the DHCP schema in Relax XML format For those who prefer the XML syntax of Relax NG, the "dhcp.rnc" file was converted to "dhcp.rng" using Trang. The NETCONF Working Group has completed a base protocol used for configuration management. This base specification defines protocol bindings and an XML container syntax for configuration and management operations, but does not include a modeling language or accompanying rules for how to model configuration and status information (in XML syntax) carried by NETCONF. The IETF Operations area has a long tradition of defining data for SNMP Management Information Bases (MIBs) using the SMI to model its data. The approach to data modeling described in this Internet Draft uses the two most mature parts of the ISO Document Schema Definition Languages (DSDL) multi-part standard: Relax NG and Schematron. The proposal then goes on to define additional processing and documentation annotation schema. Relax NG is a mature, traditional schema language for validating the structure of an XML document. Schematron is a rule-based schema validation language which uses XPath expressions to validate content and relational constraints. In addition, this document defines and reuses various annotation schema which can provide additional metadata about specific elements in the data model such as textual descriptions, default values, relational integrity key definitions, and whether data is configuration or status data. This combination was created to specifically address a set of Netconf-specific modeling requirements, and in addition should be useful as a general purpose data modeling solution useful for other IETF working groups. The authors believe that reusing schema work being developed and used by other standards bodies provides substantial long-term benefits to the IETF management community, so this proposal attempts to reuse as much existing work as possible.
DocBook 5.0: The Definitive Guide Updates
Norm Walsh, Blog
See also: the online book
Two Ajax and XSLT Approaches: Transforming XML in Ajax with XSLT
Mark Pruett, IBM developerWorks
Ajax and XML: Ajax for Tables
Jack D. Herrington, IBM developerWorks
See also: the live demo of paged tables with Ajax
E-health Consortium's New Partners for the Patient Data Repository Plan
Craig Stedman, ComputerWorld
The Dossia electronic health records consortium was dealt a blow last summer, when a highly publicized development deal that it announced in late 2006 with a nonprofit research organization ended in a legal dispute. But according to Dossia's chief technology officer, the group—which consists of Wal-Mart Stores Inc., Intel Corp., AT&T Inc. and five other large companies—is back up off the mat and plans to make the Web-based health records system broadly available to employees of its founding members later this year. The consortium also has started trying to entice other employers to join the group. And in the spring, Dossia plans to publish an API for the system and accelerate its efforts to get health care providers to agree to input the medical records of patients. Initially, the consortium is targeting health care organizations in geographic areas where its founding members have large numbers of employees. To try to ensure that only patients and the health care professionals they designate can access the medical records, Dossia is encrypting the data at both the application and database levels. It also is storing identifying information in a separate database, apart from the medical records themselves. In addition to Wal-Mart, Intel, AT&T and Cardinal Health, which sells medical instruments and supplies as well as health care software products, Dossia's current members include Applied Materials Inc., BP America Inc., Pitney Bowes Inc. and Sanofi-Aventis U.S. LLC. Dossia CTO Dave Hammond said the group is also doing development work aimed at enabling the health record system to scale "so it can support millions of people." In addition, the Dossia team is implementing "a very granular security model" that will enable patients to specify who can and can't access their data, down to the level of specific medical tests or immunizations.
See also: XML in Healthcare
XML Daily Newslink and Cover Pages are sponsored by:
|BEA Systems, Inc.||http://www.bea.com|
|Sun Microsystems, Inc.||http://sun.com|
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: firstname.lastname@example.org
Newsletter unsubscribe: email@example.com
Newsletter help: firstname.lastname@example.org
Cover Pages: http://xml.coverpages.org/