The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Last modified: January 05, 2009
XML Daily Newslink. Monday, 05 January 2009

A Cover Pages Publication
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
Oracle Corporation

HIMSS Interop Scenarios: Demonstration of XSPA Profile of SAML
Duane DeCouteau (ed), Draft Contributed to the OASIS XSPA TC

This working draft was contributed to the OASIS Cross-Enterprise Security and Privacy Authorization (XSPA) Technical Committee. It describes an environment capable of supporting exchange of healthcare information consistent with TP20 and a set of use cases for demonstrating the XSPA Profile of SAML. "The OASIS Cross-Enterprise Security and Privacy Authorization (XSPA) Technical Committee was created by OASIS membership in support of the work of the Healthcare Information Technology Standards Panel (HITSP). Specifically, the Access Control Transaction Package, TP20. As part of that support, the XSPA TC has created this document describing a set of use cases for demonstrating the (XSPA) Profile of Security Assertion Markup Language (SAML) v2.0 for healthcare. TP20 and HITSP Security and Privacy Technical Note TN900 provide additional details in the protection of security and privacy in interactions between parties in the exchange of healthcare information... Access Control Service (Service User): The XSPA profile of SAML supports sending all requests through an Access Control Service (ACS). The Access Control Service receives the Service User request and responds with a SAML assertion containing user authorizations and attributes. To perform its function, the ACS may acquire additional attribute information related to user location, role, purpose of use, and requested resource requirements and actions. Access Control Service (Service Provider): The Service Provider ACS is responsible for the parsing of assertions, evaluating the assertions against the security and privacy policy, and making and enforcing a decision on behalf of the Service Provider. Attributes: Attributes include access control information such as user location, role, purpose of use, data sensitivity, etc. necessary to make an access control decision... Security Policy: The security policy includes the rules regarding authorizations required to access a protected resource and additional security conditions (location, time of day, cardinality, separation of duty purpose, etc.) that constrain enforcement. Matching the user attributes against the security policy provides the means to determine if access is to be permitted. Privacy Policy: The privacy policy includes the set of patient preferences and consent directives and other privacy conditions (object masking, object filtering, user, role, purpose, etc.) that constrain enforcement. Privacy policy constraints may narrow allowable access otherwise permitted by entities complying with the security policy...

See also: XSPA Profile of SAML for Healthcare

The Metalink Download Description Format
Anthony Bryan (ed), IETF Internet Draft

Anthony Bryan of the Metalinker Project has published an updated -04 version of the "Metalink Download Description Format" specification being developed in the IETF Standards Track. Metalink is an XML-based document format that describes a file or lists of files to be added to a download queue. Lists are composed of a number of files, each with an extensible set of attached metadata. For example, each file can have a description, checksum, and list of URIs that it is available from. The primary use case that Metalink addresses is the description of downloadable content in a format so download agents can act intelligently and recover from common errors with little or no user interaction necessary. These errors can include multiple servers going down and data corrupted in transmission. A Metalink Document describes a file or group of files, how to access them, and metadata that identifies them. Its root is the metalink: metalink element. Metalink Documents are specified in terms of the XML Information Set, serialized as XML 1.0 and identified with the "application/metalink+xml" media type... Many of Metalink's elements share a few common structures. When an element is identified as being a particular kind of construct, it inherits the corresponding requirements from that construct's definition. Project description: Metalink is described as "an open specification that harnesses the speed and power of peer to peer networking, FTP, and HTTP with a single click. The shortest description of a metalink is probably: 'an XML mirror list'. However, they can contain much more information then just a couple of links. Key parts of a metalink include: a description of the files, verification information and publisher information. This allows the clients to choose the right mirror and verify the data after downloading it. For users and content providers, Metalink makes things simpler, faster, and more reliable. If one link or server fails, download automatically continues using another server. It combines FTP and HTTP with optional Peer-to-peer (P2P, shared bandwidth). Downloads at extremely fast download speeds are verified for enhanced reliability; automatic error recovery and repair of corrupted downloads are supported. There is no Single Point of Failure (SPOF) like FTP or HTTP URLs, so it is more fault tolerant. Metalink minimizes and distributes traffic so individual servers are under less strain. Multiple files can be added to a download queue.

Dublin Core Metadata Initiative (DCMI) Now Incorporated in Singapore
Staff, DCMI Announcement

A communication from Makx Dekkers (Managing Director, Dublin Core Metadata Initiative) reports on the recent incorporation of DCMI in Sinngapore and a Memorandum of Understanding between DCMI and the National Library Board Singapore. "The Dublin Core Metadata Initiative (DCMI) has completed the legal steps for incorporation as a public, not-for-profit Company limited by Guarantee in Singapore. The founding members of the new legal entity are the National Library Board Singapore and the National Library of Finland. The other DCMI Affiliates, the Joint Information Systems Commission (JISC) in the UK, the National Library, National Archives and the State Services Commission of New Zealand and the National Library of Korea, will become Members in the weeks ahead. The incorporation as an independent entity is another step from DCMI's origins as an informal network of experts who came together in 1995 with the objective to define a core set of descriptors to enable discovery of Web resources, towards the establishment of a professional and sustainable organization that develops, maintains and promotes the Dublin Core metadata terms and associated documentation for a global audience. As an independently incorporated entity, DCMI will continue its work as an open, consensus-based organization with open participation and with free and unrestricted availability of its documentation." Makx Dekkers credits OCLC for its past support: "DCMI was hosted by OCLC until last year. OCLC's support over the years has enabled DCMI to reach maturity, and for that we are very grateful to OCLC. The incorporation of DCMI as an independent legal entity underlines once more the independence that has always been one of our main characteristics. With our Members and Partners we are looking forward to continuing and extending our support for the global metadata community." The Dublin Core Metadata Initiative Limited (DCMI) is an open organization engaged in the development of interoperable online metadata standards that support a broad range of purposes and business models. DCMI's objectives are to develop and maintain international standards for describing resources; to support a worldwide community of users and developers; and to promote widespread use of Dublin Core solutions. DCMI's activities include work on architecture and modeling, discussions and collaborative work in DCMI Communities and DCMI Task Groups, annual conferences and workshops, standards liaison, and educational efforts to promote widespread acceptance of metadata standards and practices.

See also: the DCMI Abstract Model specification

Criteria for the Review of Application Profiles
DCMI Usage Board, Guidelines Document

A new publication by the Dublin Core Metadata Initiative (DCMI) Usage Board presents guidelines articulating the criteria by which the DCMI Usage Board reviews an Application Profile. As of March 2008, the main points of reference for these review criteria are the "Singapore Framework for Dublin Core Application Profiles", "DCMI Abstract Model", and a draft "Description Set Profile Specification." Best-practice examples of application profiles include "Dublin Core Collections Application Profile", which was reviewed by the Usage Board, and the "Eprints Application Profile." An application profile is a document (or package of documents) which describes a metadata application in order to facilitate broader reuse of its metadata. A good profile provides enough detail and context to be of use to information providers who may need to integrate metadata from multiple sources, and [also to] developers who may want to build applications using the same (or similar) metadata. An application profile documents the following: (1) objectives and scope of the application; (2) functional requirements of the application; (3) data model of the entities described by the application; (4) a description set profile detailing the classes and properties used in an application, together with constraints on their usage. An application profile MUST provide a data model, if only a simple one, which describes the entities and relationships among the entities. The data model can be depicted in graphic form (e. g., as an UML class diagram) or in text. An application profile can be based on an externally defined data model. With regard to the data model the following questions have to be answered: [i] Does the model depict the set of entities to be described and the relationships among those entities? [ii] If an application profile uses an externally defined data model (Is the externally data model identified? Are deviations from the externally defined data model documented?]... A description set profile specifies a metadata record in terms of "templates" and "constraints"... Statement Templates are typically presented as small tables for each of the "terms used" in the metadata, together with information on how those terms are used (with what cardinality, encoding schemes, and the like), along with "cataloguing rules" or usage guidelines... Guidelines on syntax options and data formats may optionally be provided in an application profile. If such materials are provided, the reviewer should ascertain whether the syntax (or syntaxes) chosen support the constraints expressed in the Description Set Profile. For example, if a given encoding syntax does not support the DC-AM construct Vocabulary Encoding Scheme URIs, and constraints on Vocabulary Encoding Scheme URIs are defined in the Description Set Profile, then the reviewer should flag this inconsistency. Reviewers should consider the possibility that a Description Set Profile is not expressed in a data format directly, but by way of a transformation (e.g., GRDDL)...

See also: earlier DCMI references

W3C Publishes Five XQuery Working Drafts
Don Chamberlin, Daniel Engovatov, (et al., eds), W3C Technical Reports

W3C announced that members of the XML Query Working Group have published five Working Drafts relating to the XQuery language for querying and processing structured information. "XQueryX 1.1" is a First Public Working Draft. The XML vocabulary it defines is intended to be fully aligned with that of XQuery 1.1 and is intended to be fully 'upwards compatible' with the vocabulary defined in XML Syntax for XQuery 1.0 (XQueryX). No implementation report currently exists, but a Test Suite for XQueryX 1.1 is under development. This specification supports the "XQuery 1.1 Requirements", which states that "The XML Query Language may have more than one syntax binding; one query language syntax must be convenient for humans to read and write; one query language syntax must be expressed in XML in a way that reflects the underlying structure of the query." XQuery 1.1" defines an extended (small number of new features) version of the XQuery 1.0 Recommendation published on 23-January-2007. XML is a versatile markup language, capable of labeling the information content of diverse data sources including structured and semi-structured documents, relational databases, and object repositories. A query language that uses the structure of XML intelligently can express queries across all these kinds of data, whether physically stored in XML or viewed as XML via middleware. This specification describes a query language called XQuery, which is designed to be broadly applicable across many types of XML data sources. The latest release adds new features to XQuery including windowing and grouping. A considerable number of changes have been made to this document since publication of the First Public Working Draft. Among the most notable of those changes are: simplification (and liberalization) of the syntax of the FLWOR expression; addition of an 'outer for' capability, as well as a 'count' facility, both in the FLWOR expression; addition (finally) of a try-catch facility; and the addition of query prolog syntax to specify the manner in which decimal numbers are formatted. The companion "XQuery 1.1 Use Cases" specification has also been updated. "XQuery Scripting Extension 1.0" defines an extension to "XQuery 1.0" and "XQuery Update Facility". Expressions can be evaluated in a specific order, with later expressions seeing the effects of the expressions that came before them. This specification introduces the concept of a block with local variable declarations, as well as several new kinds of expressions, including assignment, while, and exit expressions. The "XQuery Scripting Extension 1.0 Use Cases" document presents use cases created by the XML Query Working Group to illustrate important applications for an XQuery scripting extension.

See also: the new syntax Working Draft

Book Review: "Everything You Know About CSS Is Wrong!"
Martin Heller, InfoWorld

Review of the book by Rachel Andrew and Kevin Yank. "The big issue here is that the most prevalent browser is Internet Explorer (IE), and that prior to version 8 IE did not support CSS tables. The authors show you a way to deal with this problem and use CSS tables, although their position is controversial. This aggressively titled, well-written book is about CSS tables. As you may know, most browsers already support CSS tables, meaning the CSS properties "display: table," "display: table-row," "display: table-cell," and so on... Now that IE 8 is about to ship, it might start to make sense to use CSS tables instead of CSS floats, which are hard to do well on multiple browsers, or HTML tables, which are easy to use but often don't look that great. But what can we do about people with IE 7 and IE 6? This is 2001 all over again, with IE 7 taking the place of Netscape 4, and the one big thing we learned back then is that people don't take kindly to being told what browser to use: they want the site to accommodate to the browser currently in use. Andrew and Yank make a compelling case for the position that it is time to adopt CSS tables, while handling older versions of IE with conditionally included CSS. They provide short, clear examples of how to do this, at least for some relatively simple common cases. The basic argument here is that adopting CSS tables is the way to move forward; the secondary argument is that using standard CSS tables and adding the conditionally included CSS for IE 6 and IE 7 is less of a development and testing burden than using CSS floats and tuning them to work on seven different browsers. That's right, seven browsers—in my experience, if you want to cover the gamut, you need to test on IE 8, IE 7, IE 6, Firefox, Safari, Opera, and Chrome. Most other browsers are variations on the above seven that don't introduce additional rendering engines or extensions, although that could change at any time; it was only a few months ago that I had to add Chrome to my testing list, and Google didn't exactly give us a lot of warning about it. Not everyone will agree with Andrew and Yank's position, least of all people with thousands of existing pages already designed, tested, debugged, and serving multiple browsers..."

See also: the sample chapter by Rachel Andrew

Building Flexible Business Processes Using BPEL and Rules
Mohamad Afshar and Bhagat Nainani, SYS-CON SOA World

Leading companies are tackling the complexity of their application and IT environments with service-oriented architecture (SOA), which facilitates the development of enterprise applications as modular business services that can be easily integrated and reused, thereby creating a truly flexible, adaptable IT infrastructure. Business process management (BPM) solutions such as those based on Business Process Execution Language (BPEL) enable services to be orchestrated into business processes. Processes built using a BPM solution can be reused, changed easily in response to business requirements, and enable real-time process visibility... Agility is one of the biggest promises of BPM: the ability to make rapid changes to processes in step with the changes that occur inside of your business. Such changes are not always changes to the process. Often they are changes to the rules that drive the process. A typical business process often includes a number of decision points. These decision points generally have an effect on the process flow; for example, someone's credit rating may determine whether he or she is approved for a low-cost loan. These decisions are evaluated based on certain conditions and facts, which may be internal or external to the business process, and predefined company policies or rules. Business rules engines (BREs) allow architects to easily define, manage, and update the decision logic that directs enterprise applications from a single location without needing to write code or change the business processes calling them. BREs have been used extensively in enterprises; e.g., to implement yield management in the travel industry (what price to sell a ticket?), credit risk assessment in the loan industry (what is the interest rate for my car loan?), operations scheduling in manufacturing (what should we build today to maximize throughput and keep customers happy?), and the list goes on. BREs are naturally of interest to enterprise architects building out SOAs, since they contribute to agility by enabling reduced time to automate, easier change, and easier maintenance for business policies and rules. BPM technology and BREs naturally fit together: BPM enables automated and flexible business processes; BREs enable automated and flexible business policies. In this article we outline three different approaches that you can take to incorporate rules into your process logic: code-based, model-driven, and service-oriented. We consider two classes of BPM systems: monolithic BPM suites—those that embed capabilities including a BRE into a suite, and open-standards BPM solutions, which are based on the BPEL standard and enable you to use your choice of rules engine or an embedded one. We show how each of two solution classes supports code-based, model-driven and service-oriented automation of business rules. A case study of a loan application processing will be outlined to show how business processes and rules exist together, and how the rules engine enables changes in business policies to be made easily by business analysts, without breaking the business process logic. We will then focus on how practitioners can go about building out their SOA using BPEL and their choice of rules engine, as well as how to integrate these capabilities (from an architectural perspective). We will also provide best practices on when to embed decisions in the process logic and when it's best to abstract and capture decisions/policies using a rules engine...

See also: BPEL references

Sun Releases xVM VirtualBox 2.1
John K. Waters, Application Development Trends

Sun Microsystems recently released the latest version of its desktop virtualization software. The xVM VirtualBox 2.1 comes with several enhancements, including accelerated 3D graphics, better network performance, additional storage support, plus improved support for Mac OS X on Intel Virtualization Technology (VT-x) as well as VMware's and Microsoft's virtualization formats, VMDK and VHD. Sun bills its VirtualBox software as the first major open-source hypervisor to support all of the most popular host operating systems, including Windows, Mac OS X, Linux, Solaris, and OpenSolaris. It's designed to allow developers to create virtual machines (VMs) into which they can install various operating systems. Working in the VM, developers can build, test and run cross-platform, multi-tier applications on a single laptop or desktop computer. The Santa Clara, Calif.-based systems company unveiled its first xVM product at the 2007 Oracle OpenWorld conference. Sun has actually been providing virtualization technology since the development of the first Java VM, but xVM was the company's first foray into hypervisor-based virtualization... Sun is reporting huge adoption numbers around its virtualization portfolio: The company claims 8 million downloads and 2.4 million registrations for the VirtualBox alone. The desktop virtualization software is part of a larger portfolio that includes the xVM Ops Center, xVM Server (the company's hypervisor for data centers), and the Sun Virtual Desktop Infrastructure (VDI). All are available under the GNU Public License (GPLv3). Tom Bittman, distinguished analyst at Gartner, said he expects Sun to continue playing the "dark-horse role" in the evolving virtualization market. That market is still dominated by VMware, Bittman observes, with serious competition from the likes of Microsoft, Red Hat, and Novell gaining momentum... The configuration settings of virtual machines are stored entirely in XML and are independent of the local machines. Virtual machine definitions can therefore easily be ported to other computers...

See also: the VirtualBox online description


XML Daily Newslink and Cover Pages sponsored by:

IBM Corporation
Microsoft Corporation
Oracle Corporation
Sun Microsystems, Inc.

XML Daily Newslink:
Newsletter Archive:
Newsletter subscribe:
Newsletter unsubscribe:
Newsletter help:
Cover Pages:

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: