This issue of XML Daily Newslink is sponsored by:
- OASIS Forms Interoperability Panel
- Open-Source Software Community Project: ODF Toolkit Union
- SIL's Graphite and Wen Quan Yi
- Some Computer Science Issues in Creating a Sustainable World
- W3C Proposed Recommendation: mobileOK Basic Tests 1.0
- Why Traditional Security Doesn't Work for SOA
- Web 2.0 Summit Now Underway in San Francisco, CA
OASIS Forms Interoperability Panel
Herb Torrens, Government Computer News
OASIS has formed a new committee to foster interoperability and conformance with the OpenDocument Format (ODF) standard. ODF, or ISO/IEC 26300:2006, is one of two international standards covering open XML document formats used in office productivity suites. The other is ISO/IEC 29500, which is based on the Office Open XML document formats used in Microsoft Office 2007. ODF is used in office productivity suites from Sun Microsystems, IBM and others. The new OASIS ODF Interoperability and Conformance (OIC) Committee consists of representatives from industry, government and other institutions. The OIC Committee members will be working to "deliver true data interoperability for office applications," according to an OASIS-issued statement. More specifically, the committee aims to draw up guidelines that will help implementers write applications that conform to the ODF OASIS Standard. The OIC Committee includes members from IBM, Oracle, Sun Microsystems, Google, Novell, Red Hat, the U.S. Department of Defense, Belgian FEDICT, the South Africa Dept. of Science and Technology and others... Enterprises, governments and institutions see a need for the use of open standards, especially as proprietary document formats get abandoned. Interoperability also remains a key issue. Alex Brown, a convener of the Office Open XML standardization process, illustrated the interoperability problem in a recent blog. He described how a simple table with cells of varying colors—all conforming to the ODF standard—showed significantly different renderings in OpenOffice 2.4, Word 2007 and Google Docs. Brown described it as "a minor failure of interoperability," but noted that such a failure could have significant effect on cells containing important information, such as in medical or financial reports...
See also: the OASIS OIC TC announcement
Open-Source Software Community Project: ODF Toolkit Union
Staff, Sun Microsystems Announcement
"IBM and Sun Microsystems, Inc. have announced the launch of the OpenDocument Format (ODF) Toolkit Union, a new open-source software community project organized to make document software more innovative, versatile and useful for business. The ODF Toolkit will use an initial software code contribution from Sun to provide developers with an easy-to-use Application Programming Interface (API) for reading, writing and manipulating ODF documents while accelerating additional application development. One part of the initial code contribution is an ODF Validator, a tool that validates OpenDocument files and checks certain conformance criteria. Capitalizing on the open, elegant nature of ODF, the Toolkit targets developers who want to create new applications and solutions ranging from content management, business workflows and activities to Web-based document solutions. The ODF Toolkit will break down barriers between people and their data by providing support for a wide range of new applications. The ODF Toolkit Union will complement other industry efforts such as the ODF standardization work done at the Organization for the Advancement of Structured Information Standards (OASIS). These initiatives collectively are eliminating the economical and technical barriers to creativity, use and overall utility of documents. One example could involve the ability to process invoice and shipping data in ODF formatted purchasing documents. Coupled with ordering and shipping applications, real-time stock and inventory information could always be available and kept current by multiple applications mining the same structured XML-based ODF information generated..." From the web site: "The ODF Toolkit provides a home for libraries that ease the development of applications that support ODF , the unique vendor neutral open standard for office documents. The ODF Toolkit further provides a home for tools that process ODF or check ODF conformance. The range of projects that are available in the ODF Toolkit goes from small tools that simplify using ODF in the software development process, over an ODF validation tool up to large ODF Java and .NET libraries that can be used within other projects. And this is just the start. Developers are invited to freely host their open source ODF libraries and tools within the ODF Toolkit, to join the existing projects, and to collaborate with ODF developers everywhere. The ODF Toolkit provides Mercurial for hosting your code, forums, mailing lists, wikis, an issue tracking system, and personalized home pages..."
See also: the ODF Toolkit web site
SIL's Graphite and Wen Quan Yi
Rick Jelliffe, O'Reilly Technical
"In about 1980, taking a holiday in the highlands of Papua New Guinea, I saw a crazy thing: in the middle of the jungle, at Ukarumpa was a PDP-11 chugging away, doing text processing for the Summer Institute of Linguistics. (My brother's father-in-law was a field translator for them.) SIL's name comes up a lot in internationalization circles: their involvement in remote languages and scripts, and their willingness to tackle the really hard problems, gets one kind of respect; their academic credentials get another; and their involvement with open source software gives another. I found a really good recent paper, for anyone wanting to keep generally aware of complex script support issues, in Sharon Correll's Graphite: 'Smart-Font Technology to Bridge the Digital Divide'. Graphite fonts have knowledge of the arcane rules of the writing system built-in, and which frees the application from having to do this; however, it does mean that different fonts may act differently, depending on their knowledge of a script. SIL distributes a fork of Open Office 3.0 with Graphite integrated. They put out a new beta version last week, with installers for Windows and Linux. TrueType merged into OpenType and is now an ISO Standard, Open Font..." From Correll's paper: "The motivation for Graphite lies in SIL's work among linguistic minority groups. Because of the linguistic diversity that exists in many countries and regions, there is often a need for a minority group to make adaptions in order to use the national script for their language. The minority language may differ profoundly from the national language, requiring unique characters, character combinations, diacritics, tone markings, etc. For reasons of economics or simple lack of knowledge, these needs are often not supported well by software developed by the major industry players. Another obstacle is the fact that the characters used by minority languages are not part of international standards such as Unicode... There are two main approaches to complex-script rendering. Technologies that are based on OpenType, such as Harfbuzz, Uniscribe, and Pango, separate script knoweldge from font knowledge, with the former incorporated into standard software modules and the latter into font tables. (In fact, OpenType itself does not have the power to handle all script-related behaviors, such as reordering.) Graphite and AAT, on the other hand, are both 'pure' smart-font technologies, in that all the knowledge governing rendering, both scriptrelated and font-specific, is represented by font tables...
See also: Sharon Correll Graphite presentation
Some Computer Science Issues in Creating a Sustainable World
Jennifer Mankoff, Robin Kravets (et al.), IEEE Invisible Computing
Among the biggest challenges the world faces today are the climate crisis and the broader issues of environmental sustainability. A commonly stated goal is to reduce world energy use to 1990 levels, thereby stabilizing atmospheric CO2 emissions at 350 parts per million. Computer scientists can help reach this goal in four ways. Two of these involve mitigating the direct negative impact of computers -- their power consumption as well as the economic and social costs associated with the manufacturing, maintenance, and disposal of components. The other two relate to the indirect positive impact of computers—their ability to increase energy efficiency by changing systems and ways of being, thereby potentially reducing world emissions by as much as 15 percent by 2020, according to the Climate Group's June 2008 report; and to help provide answers to important scientific questions. According to the Climate Group, total energy consumption by computers—including the power consumption and embodied energy of data centers, PCs and peripherals, and networks and devices—accounted for 830 million metric tons of carbon dioxide, or 2 percent of the total world carbon footprint, in 2007. These figures are roughly equivalent to the total CO2 emissions of Nigeria, Iran, and Poland, respectively. Data centers alone use almost 0.5 percent of the world's energy, and this figure is likely to quadruple by 2020 Global climate change is one of the most pressing problems of our time. Government agencies, universities, and businesses are starting to step up and invest in research, but even more change is needed, ranging from standards and policies to research innovations and new businesses. Now is the time for computer scientists to use their skills and resources to help create an energy-efficient sustainable future.
W3C Proposed Recommendation: mobileOK Basic Tests 1.0
Sean Owen and Jo Rabin (eds), W3C Technical Report
W3C announced that the Mobile Web Best Practices Working Group has published the Proposed Recommendation of W3C mobileOK Basic Tests 1.0. Public comments are welcome through December 01, 2008. mobileOK Basic is a scheme for assessing whether Web resources (Web content) can be delivered in a manner that is conformant with Mobile Web Best Practices to a simple and largely hypothetical mobile user agent, the Default Delivery Context. This document describes W3C mobileOK Basic tests for delivered content, and describes how to emulate the DDC when requesting that content. The intention of mobileOK is to help catalyze development of Web content that provides a functional user experience in a mobile context. It is not a test for browsers, user agents or mobile devices, and is not intended to imply anything about the way these should behave. mobileOK does not imply endorsement or suitability of content. For example, it must not be assumed that a claim that a resource is mobileOK conformant implies that it is of higher informational value, is more reliable, more trustworthy or is more appropriate for children than any other resource... The changes made to the document since last publication as a Last Call Working Draft are editorial clarifications with a view to removing potential ambiguities in the way some of tests need to be conducted. See the accompanying diff document to view the list of changes made to this document since the previously published Last Call Working Draft. Main changes are: (1) The text on invalid certificates for URIs with the scheme HTTPS was adjusted and moved to a separate section on HTTPS; (2) Handling of HTTP errors was adjusted in the HTTP Response section; (3) The cases when an object element should be treated as an Included Resource were clarified; (4) The Object Element Processing rule was completed with a few additional warnings; (5) Redundancy in the 'STYLE_SHEETS_USE' test was removed.
Why Traditional Security Doesn't Work for SOA
Chris Clark, InfoWorld
Many organizations are embracing SOA as a way to increase application flexibility, make integration more manageable, lower development costs, and better align technology systems to business processes. The appeal of SOA is that it divides an organization's IT infrastructure into services, each of which implements a business process consumable by users and services. For example, a service may expose the functionality to add a new employee to the employer's payroll and benefits system. To make services usable in multiple contexts, for both lowered cost and increased process consistency, each service provides a contract describing how it may be used and what functionality it contains. But the SOA approach turns on its head the traditional security approach used by enterprises today. The mix-and-match nature of SOA services, and the use of messaging as the orchestration mechanism for SOA's composite applications, eliminates the ability to build clear boundaries around—and security barriers for—enterprise apps. The very thing that gives SOA its flexibility also increases its security risk... It's true that WS-Security can provide SSL-like guarantees over message security, but the flexibility and complexity of the WS-Security standard increases the risk that sensitive information within the message will not get appropriate encryption or integrity protections. Likewise, service registries are a risky intermediary that the SOA approach depends on to function. They are similar to a DNS for services. When a service consumer wants to find the appropriate service provider, the consumer will query the service registry to find the current address of the provider. In many deployments, the service registry can be dynamically updated by administrators or by the providers themselves. This provides the SOA benefit of easy reconfiguration as the addresses for services change due to movement of services. But that configuration control is what makes service registries an attractive target for attackers. For example, attackers could manipulate the registry to return addresses pointing to services hosted by the attacker. If the attacker targets the correct service, such as the security service, the attacker may be able to craft custom responses to clients trying to use the security service. In one client's deployment, I was able to hijack the security service and issue blanket approvals for all access requests. To deploy a secure and dynamic SOA, developers and architects must consider which portions of the system to make dynamic and which portions to keep static. The configuration elements of the SOA that enable reconfiguration must be reviewed for security issues that would let the attacker orchestrate the environment.
Web 2.0 Summit Now Underway in San Francisco, CA
Web 2.0 Summit is underway in San Francisco, California. The Summit brings the intelligence, innovation, and leadership of the Internet industry together in one place at one time. What business models are working? What's next on the horizon? How will all of this will affect your own business? From "Web Meets World": In the first four years of the Web 2.0 Summit, we've focused on our industry's challenges and opportunities, highlighting in particular the business models and leaders driving the Internet economy. But as we pondered the theme for this year, one clear signal has emerged: our conversation is no longer just about the Web. Now is the time to ask how the Web—its technologies, its values, and its culture—might be tapped to address the world's most pressing limits. Or put another way—and in the true spirit of the Internet entrepreneur—its most pressing opportunities. As we convene the fifth annual Web 2.0 Summit, our world is fraught with problems that engineers might charitably classify as NP hard -- from roiling financial markets to global warming, failing healthcare systems to intractable religious wars. In short, it seems as if many of our most complex systems are reaching their limits. It strikes us that the Web might teach us new ways to address these limits. From harnessing collective intelligence to a bias toward open systems, the Web's greatest inventions are, at their core, social movements. To that end, we're expanding our program this year to include leaders in the fields of healthcare, genetics, finance, global business, and yes, even politics...
See also: the Summit coverage highlights
XML Daily Newslink and Cover Pages sponsored by:
|Sun Microsystems, Inc.||http://sun.com|
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: email@example.com
Newsletter unsubscribe: firstname.lastname@example.org
Newsletter help: email@example.com
Cover Pages: http://xml.coverpages.org/