The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Last modified: April 09, 2008
XML Daily Newslink. Wednesday, 09 April 2008

A Cover Pages Publication
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
IBM Corporation

Mathematical Markup Language (MathML) Version 3.0 Draft Published
David Carlisle, Patrick Ion, Robert Miner (eds), W3C Technical Report

W3C's Math Working Group has published a Working Draft of "Mathematical Markup Language (MathML) Version 3.0." This is the third draft of MathML, an XML application for describing mathematical notation and capturing both its structure and content. The specification defines the Mathematical Markup Language, or MathML, as an XML application for describing mathematical notation and capturing both its structure and content. The goal of MathML is to enable mathematics to be served, received, and processed on the World Wide Web, just as HTML has enabled this functionality for text. This specification of the markup language MathML is intended primarily for a readership consisting of those who will be developing or implementing renderers or editors using it, or software that will communicate using MathML as a protocol for input or output. It is not a User's Guide but rather a reference document. MathML can be used to encode both mathematical notation and mathematical content. About thirty-five of the MathML tags describe abstract notational structures, while another about one hundred and seventy provide a way of unambiguously specifying the intended meaning of an expression. Additional chapters discuss how the MathML content and presentation elements interact, and how MathML renderers might be implemented and should interact with browsers. Finally, this document addresses the issue of special characters used for mathematics, their handling in MathML, their presence in Unicode, and their relation to fonts. While MathML is human-readable, in all but the simplest cases, authors use equation editors, conversion programs, and other specialized software tools to generate MathML. Several versions of such MathML tools exist, and more, both freely available software and commercial products, are under development.

See also: the W3C Math Home

Building an Entitlements Management Solution
David Garrison, BEA Blog

What does it take to build an Entitlements Management solution? That depends on who you ask of course. However, when I look at commercial products in this area I see certain common architectural patterns. Many of the products that I've seen make use of a set of common elements defined by the OASIS XACML standard (Extensible Access Control Markup Language). The [referenced] picture shows the typical components of an Entitlements Management solution. The XACML spec defines the role of the Policy Administration Point (PAP), the Policy Decision Point (PDP), the Policy Enforcement Point (PEP), and the Policy Information Points (PIP). The Policy Administration Point (PAP) manages the creation and storage of policy data in the Policy Store. The administrator interacts with the PAP (typically) through a browser based management console where roles, policies, resources, actions and so forth are defined and managed. The policy store may be an LDAP directory or a database. The PAP may also provide facilities for policy import and export. Most products provide some management APIs that allow customers to embed administrative functionality into their own applications. Runtime role or authorization decisions are determine at the Policy Decision Points. Typically I've seen two ways that PDPs are deployed: (1) As a centralized entitlements server that can be invoked by remote clients via RMI, Web Service calls or using the XACML 2.0 request/response protocol. (2) As an embedded PDP deployed in same process space as the application. The most common examples are PDPs embedded in a JVM for plain Java applications or embedded in an application server for J2EE applications... The PDPs can be configured to get data from one or more Policy Information Points (PIPs). These PIPs can be user or application directories or databases that contain information that is required to make an access decision. Such information includes user, group, and resource attributes (e.g. user profile information, account balances and limits, etc.). These attributes can then be used in the policies which control access...

See also: XACML references

OGC Adopts ebRIM Application Profile for Catalogues
Staff, Open Geospatial Consortium Announcement

The Open Geospatial Consortium announced that its membership has approved the OASIS ebRIM (Electronic Business Registry Information Model) application profile of the OpenGIS Catalogue Service 2.1.2 standard. The Catalogue Standard specifies a design pattern that allows for the definition of interfaces called application profiles based on different standards, such as ZF39.50, ebRIM, UDDI, or ISO metadata, that support the ability to publish and search collections of descriptive information (metadata) about geospatial data, services and related information objects. The ebRIM application profile was developed and adopted because it enables catalogs to handle services as well a variety of other geospatial resource types such as symbol libraries, coordinate reference systems, application profiles, and application schemas and geospatial metadata. The OGC is an international industry consortium of more than 345 companies, government agencies, research organizations, and universities participating in a consensus process to develop publicly available interface specifications. OpenGIS Specifications support interoperable solutions that geo-enable the Web, wireless and location-based services, and mainstream IT. The specifications empower technology developers to make complex spatial information and services accessible and useful with all kinds of applications.

Google's OpenID Provider Via Google Web Engine
Steven Osborn, Blog

"Shortly after Google released Google Web Engine last night, Ryan Barrett of Google released an application for the platform that essentially makes Google an OpenID Provider. Check it out here [...] You can use your Google Account to log into any site that supports OpenID! Ryan wrote: "If you've talked to me about work during the last couple years, I've probably downplayed it, resorted to generalities, or just changed the subject. No longer! We've finally taken the wraps off our project, Google App Engine. From the docs: 'Google App Engine lets you run your web applications on Google's infrastructure. App Engine applications are easy to build, easy to maintain, and easy to scale as your traffic and data storage needs grow. With App Engine, there are no servers to maintain: You just upload your application, and it's ready to serve your users.' Personally, I spent most of my time writing the datastore, both the backend and much of the Python API. When I found extra time, though, I had a lot of fun writing apps and libraries on top of App Engine. I particularly enjoyed writing an interactive shell, an OpenID provider, and a full text search library. From the OpenID Wiki: OpenID allows anyone who can run a web server to run an identity server. Your identity server is separate from your identity, so you are free to use any identity server that has some ability to validate your identity and you can change between them at will. An identity server is sometimes referred to as an identity provider. If you wish, you can use the services listed below with your own website as your identifier using delegation.

See also: Public OpenID providers

Public Review Draft for WebCGM Version 2.1
Benoit Bezaire, David Cruikshank, Lofton Henderson (eds), OASIS CD

Members of the OASIS CGM Open WebCGM Technical Committee have released "WebCGM Version 2.1" as a Committee Draft for public review. The comment period ends June 01, 2008. Computer Graphics Metafile (CGM) is an ISO standard, defined by ISO/IEC 8632:1999, for the interchange of 2D vector and mixed vector/raster graphics. WebCGM is a profile of CGM, which adds Web linking and is optimized for Web applications in technical illustration, electronic documentation, geophysical data visualization, and similar fields. First published (1.0) in 1999, WebCGM unifies potentially diverse approaches to CGM utilization in Web document applications. It therefore represents a significant interoperability agreement amongst major users and implementers of the ISO CGM standard. The present version, WebCGM 2.1, refines and completes the features of the major WebCGM 2.0 release. WebCGM 2.0 added a DOM (API) specification for programmatic access to WebCGM objects, a specification of an XML Companion File (XCF) architecture, and extended the graphical and intelligent content of WebCGM 1.0. The content of the WebCGM 2.1 profile comprises less than a dozen items that were arguably within the scope of WebCGM 2.0, but which arose too late in the standardization of the latter. On 30-January-2007, OASIS and W3C simultaneously published WebCGM 2.0 as both an OASIS Standard and a W3C Recommendation, which are identical in all technical aspects, and differ only in the format and presentation styles of the respective organizations.

See also: the namespace document

Fake Blog from SC34 Meeting in Norway
Rick Jelliffe, O'Reilly Articles

[This blog entry is "fake" because] "I couldn't attend the latest SC34 meeting physically in Oslo (I corresponded by email on some WG1 issues relating to Schematron and maintenance), but the public documents from the meeting have now been released at the SC34 website, in particular at the document website . One extraordinary document, which I was graciously asked to co-sign, can be found on the front page. It is "An open letter from SC 34 participants in the Oslo plenary, April 2008"... The Resolutions of the meeting include a few items of interest, but I suppose readers will be most interested in the IS29500 (OOXML) resolutions, so here is a summary: ISO/IEC JTC1 SC 34 will create three distinct working groups to handle maintenance/liaison/development of IS 26300 (ODF), IS 29500 (OOXML), and interoperability/convergence between document standards. These should be operational at the next SC34 meeting, in Korea in October. Ecma TC45 has been invited to participate, with SC34 being the focus of activity rather than Ecma. I anticipate that new feature requests (rather than defect fixes) will need to be dealt with through the interoperabilty Working Group: it will be a very interesting group with a lot of interest from governments in particular. For the short-term, two ad hoc groups have been set up... Related to this working group, SC34 is explicitly encouraging National Bodies and liaison groups to submit their editorial and technical defect reports, so that they can get dealt with sooner rather than later... Another resolution of interest, is Resolution 1, which in part says SC 34 resolves that accessibility considerations will be taken fully into account in current and future projects and urges its members to review the work of JTC1 SWG-A (especially PDTR 29138), W3C WAI and others, and to play an active part in the implementation and further development of accessibility guidelines." Note: Several other actions are reported in the "Resolutions of ISO/IEC JTC 1/SC 34 Plenary Meeting, 2008-04-05/09, Oslo, Norway."

See also: Resolutions of ISO/IEC JTC 1/SC 34 Plenary Meeting

Also from Oslo: OOXML Triggers Demonstration in Norway
Blogger 'zoobab', "NO OOXML" Project

"People were demonstrating today in Oslo in front of the ISO SC34 meeting against the adoption of Microsoft OOXML as an ISO standard, and especially against the behaviour of Standards Norway, who voted Yes to the specification, despite a lack of support by a majority of the technical committee. Geir Isene is reporting about the demonstration... We are not here today in order to bash Microsoft. We are here because we believe in open standards. We are not even here today because we are opposed to OOXML. We are here because we are opposed to OOXML as an ISO standard. We are not here because we want to discredit the ISO. We are here because we want to defend ISO's integrity. We are here because we want to draw attention to the scandalous behaviour of the people in Standard Norway whose job it is to represent Norwegian users and software vendors. And we are here because we want to prevent the adoption of a damaging IT standard in Norway... It's never over until the fat lady sings, and this fat lady only just got started...

See also: the DN-TV video 'Demonstrerte mot Microsoft'

SOA Software's SOLA Celebrates 5 Years
Staff, SOA Software Announcement

SOA Software, a leading mainframe web services vendor, today announced that SOLA, its flagship mainframe SOA product, has reached the five year mark in running reliably extremely high volume production environments. During this period SOLA has not been responsible for a single production outage, despite handling tens of millions of transactions every day. SOLA runs the world's largest mainframe SOA implementations. A number of SOLA customers use it to run many millions of mainframe web services transactions per day, and many customers' plans anticipate volume in the 20-30 million transactions per day range. Because SOLA offers a complete SOA solution there is no requirement to integrate multiple products when building an enterprise-class SOA incorporating the mainframe. SOLA includes a drag-and-drop graphical development studio, an integrated UDDI registry, WS-Security, WS-Policy, monitoring, logging, a management console and dashboard, SLA management, BPEL, SAML, X509 Certificates, LDAP and Active Directory. SOLA eliminates the complexity and expense of combining multiple products, such as CICS TS 3.x, WebSphere and RAD... SOLA is the only mainframe SOA product to offer closed-loop Governance automation. A service is automatically governed from the point of creation because it inherits a security policy. Policy, by means of WS-PolicyAttachment, is associated with the service though all phases of the Software Development Lifecycle. It is not possible to create or run an ungoverned service. Other features of SOLA include integration with enterprise change management, Global Dictionary, Logging, Auditing, Outbound SOAP requests, Batch support, Integration with external UDDI, version control, support for the Software Development Lifecycle, WSDL first and integration with SOA Management tools, making SOLA the only secure, standards-based, and Governable product in the space. SOLA also offers XACML for authentication and a comprehensive identity mapping system that allows for the mapping of any credential (LDAP, etc) to a mainframe RACF ID.

Who Trumps bin Laden as a Cyberthreat? Look in the Mirror.
Charles Coope, CNET

From the San Francisco RSA 2008 Conference: "It turns out al-Qaida's leader and his cohorts aren't the biggest threat to our cybersecurity. You are... Security gurus have long urged the business world to turn network security into part of the corporate DNA. The message is not fully getting through. And now we're seeing the predictable results. In years past, [Symantec CEO John] Thompson and other computer security executives have pushed the idea of making cyber-security as familiar to most people as the fire prevention campaign underwritten by the government in the 1960s and 1970s. Considering the amount of money Uncle Sam is spending on cyber-security these days, that's a pipedream. Department of Homeland Security Secretary Michael Chertoff, who also presented a keynote on Tuesday, offered litte indication Washington was about to ride to the rescue. In remarks during his prepared speech and subsequent press conference, Chertoff offered a dutiful recitation of what he described as the President's interest in shoring up the nation's digital security. Give Chertoff credit for being candid about where DHS has come up short. He said the government needs to reduce its (literally) thousands of network access points to around 50. At the same time, Chertoff wants his department to faster detect and analyze computer anomalies. A big part of that will involve a revamp of U.S. CERT's early warning system... In the end, however, money talks and you-know-what walks. The feds only have a $115 million budget to work with. Chertoff's department has requested $192 million for the new fiscal year but that's still doing it on the cheap. By comparison, we spend $720 million in Iraq each day.


XML Daily Newslink and Cover Pages are sponsored by:

BEA Systems, Inc.
IBM Corporation
Sun Microsystems, Inc.

XML Daily Newslink:
Newsletter Archive:
Newsletter subscribe:
Newsletter unsubscribe:
Newsletter help:
Cover Pages:

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: