The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Last modified: April 01, 2009
XML Daily Newslink. Wednesday, 01 April 2009

A Cover Pages Publication
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
Sun Microsystems, Inc.

An Introduction to the Key Management Interoperability Protocol (KMIP)
Robert Griffin, Robert Haas, Tony Nadalin, René Pawlitzek; Webinar Presentation

The presentation slides are available for a overview of the Key Management Interoperability Protocol (KMIP), now scheduled for standardization in an OASIS Technical Committee. The four presenters covered: The Need for Interoperable Key Management, a KMIP Overview, a KMIP Specification Drilldown, and KMIP Use Cases. The OASIS webinar was attended by nearly a hundred participants. Presentation excerpts: (1) The Need for Interoperable Key Management: Today's enterprises operate in increasingly complex, multi-vendor environments. Enterprises need to deploy better encryption across the enterprise. A key hurdle in IT managers deploying encryption is their ability to recover the encrypted data. Today, many companies deploy separate encryption systems for different business uses — laptops, storage, databases and applications — resulting in cumbersome, and often manual efforts to manage encryption keys, increased costs for IT, challenges meeting audit and compliance requirements, and the threat of lost data. Often, each cryptographic environment has its own key management system; often, each cryptographic environment has its own protocol. KMIP defines the protocol for encryption client and key-management server communication. Key lifecycle operations supported include generation, submission, retrieval, and deletion of cryptographic keys. Vendors will deliver KMIP-enabled encryption applications that support communication with compatible KMIP key-management servers. The Key Management Interoperability Protocol (KMIP) enables key lifecycle management. KMIP supports legacy and new encryption applications, supporting symmetric keys, asymmetric keys, digital certificates, and other 'shared secrets.' KMIP offers developers templates to simplify the development and use of KMIP-enabled applications... KMIP defines a set of Operations that apply to Managed Objects that consist of Attributes and possibly cryptographic material... Protocol messages consist of requests and responses, each with a header and one or more batch items with operation payloads and message extensions. KMIP use-case categories: basic functionality (create, get, register, delete symmetric keys and templates), life-cycle support (key states), auditing and reporting, key exchange, asymmetric keys, key roll-over, archival functions, vendor-specific message extensions..." [Note: the OASIS KMIP TC organizers welcome participation from all interested parties; one must register by April 09, 2009 in order to be reckoned a TC Voting Member as of the first KMIP TC meeting on April 24, 2009.]

See also: Key Management Interoperability Protocol references

Vendors Demonstrate CMIS Implementation at info360
Staff, Industry Announcement

AIIM, Alfresco, EMC Corporation, and Nuxeo announced the development of a demonstration implementation of the proposed Content Management Interoperability Services (CMIS) specification at info360 (AIIM International Exposition and Conference) at the Pennsylvania Convention Center in Philadelphia, Pennsylvania, March 31 through April 2, 2009. CMIS, which is currently being advanced through the open standards process at OASIS, makes use of web services to ensure content repositories and solutions are able to interoperate independent of operating systems and architectures. The demonstration [showed] the use of the proposed CMIS version 0.5 specification to access several Content Management repositories or systems in a common and unified manner to make finding and accessing content easier regardless of the storage location. The vendors participating in the demonstration included Alfresco, EMC Corporation, and Nuxeo. Each of the vendors operated their specific content repository which has been populated with AIIM E-DOC Magazine content along with vendor supplied content such as white papers and case studies. The AIIM iECM committee working with representatives from Alfresco, EMC, and Nuxeo developed this federated and distributed ECM system based on the proposed CMIS 0.5 specification currently under development at OASIS. The federator component integrates multiple CMS (Content Management Systems) solutions to make the content in the various repositories available as if it was contained in one repository. The CMIS Demonstration concept and its requirements were developed by the iECM committee members. The software design and development of the Federator were lead by iECM members Thomas Pole of Harris Corporation and Laurence Hart of Washington Consulting, Inc. with development support from their respective companies. Definition of the MetaModel and coordination with the vendors was supported by various iECM members including but not limited to Pat Frank, Sumanth Molakala, and Owen Ambur and system testing was graciously supplied by several of Thomas Pole's graduate students in his SOA class at Johns-Hopkins University.

See also: CMIS references

MindTouch 2009: Composite Apps Connect Teams, Applications, and Systems
Paul Krill, InfoWorld

MindTouch is releasing MindTouch 2009, extending the development platform's collaboration capabilities through a bidirectional message bus. With the bus, push-based e-mail notifications can be sent. MindTouch is an open source platform for building enterprise collaborative applications and communities. It offers a development paradigm for composite applications to connect teams, applications, and systems. "This is the most significant MindTouch product release in two years," the company stated in a video presentation on the product, "and with this release, we're taking a huge step forward in reinventing enterprise collaboration." The bus lets users set up and receive change notifications when changes are made within MindTouch 2009 or applications plugged into the platform, such as databases, enterprise systems, and office productivity applications. Also featured in the 2009 product is an auto-complete suggest capability that displays existing tags when a user wants to add tags to a page. Developers can build rich Internet applications taking advantage of integration between DekiScript and JavaScript utilizing JEM (JavaScript with Events and Messages) technology. DekiScript is a scripting language for mashing up data from Deki, which serves as a base platform for MindTouch. With JEM, developers can leverage DekiScript and JavaScript technology to build AJAX-based composite applications, mashups, and interactive portals. JEM also enables visualization of data sources and supports XML literals and better URI string manipulation for building dynamic page links. Dynamic list and map construction is supported as well. The list and map capability enables, for example, listing of customer orders above a certain amount and sales by region.

See also: the announcement

Test XSLT with XSpec
Jeni Tennison, XML Prague 2009 Presentation

Test-driven development is one of the corner stones of Agile development, providing quick feedback about mistakes in code and freeing developers to refactor safe in the knowledge that any errors they introduce will be caught by the tests. There have been several test harnesses developed for XSLT, of which XSpec is one of the latest. XSpec draws inspiration from the behaviour-driven development framework for Ruby, called RSpec, and focuses on helping developers express the desired behaviour of their XSLT code. This talk will discuss the XSpec language, its implementation in XSLT 2.0, and experience with using XSpec on complex, large-scale projects..." XML Prague is a conference on XML for developers, markup geeks, information managers, and students. In its fourth year [2009], XML Prague focuses on emerging trends in core XML technologies and their application in the real world. The XML Prague 2009 conference took place on 21-22 March 2009 at Charles University in the beautiful city of Prague, Czech Republic. Speakers included: Robin Berjon, George Cristian Bina, Alex Brown, Florent Georges, Tony Graham, G. Ken Holman, Mark Howe, Michael Kay, Murata Makoto, Petr Nálevka, Ari Nordstram, Jeni Tennison, Vojtěch Toman, Václav Trojan, Priscilla Walmsley, and Norman Walsh.

See also: the presentation video

XML Schema Moves Forward
Michael Kay, XML Prague 2009 Presentation

The XML Schema (XSD) specification from W3C is a paradox: it is one of the most heavily criticised specifications to come out of the organisation, but at the same time it has been widely adopted and implemented, and it can be said to have met all its design objectives. For some time the responsible working group has been developing a new version, XSD 1.1, which is starting to get close to the finish line. Many of the difficulties with the specification (such as its immense complexity) will still be there, but some of the criticisms, notably those concerned with the limited functionality of the spec, are met head on with some powerful new features. This talk will give a quick overview of what's new, while concentrating in particular on the way in which Assertions are likely to change the way in which XSD is used. Assertions, borrowed from Schematron, supplement the ability to define constraints using grammar and datatypes by a general predicate mechanism based on XPath. Already implemented in Saxon, they offer far more than the obvious ability to define boolean constraints: the talk will explain how they can be used as a powerful mechanism for tailoring and specializing schemas for use in different environments within an industry community. The speaker, Dr Michael Kay, is founder of Saxonica Limited which develops the popular Saxon XSLT, XQuery, and XML Schema engine. He is a member of the W3C working groups for all three languages, and author of XSLT 2.0 Programmer's Reference, the definitive Wrox guide to the language, recently republished in a fourth edition.

See also: the presentation video

Managing XSLT Projects with XPath
Rick Jelliffe, O'Reilly Technical

One of the biggest changes in the way we [Allette Systems] do things at my office over the last five years has been a thorough but largely unplanned adoption of XPaths as a key tool for managing XSLT projects. It started with our Topologi utilities, one of which generated various metrics, including a complete list of all unique XPaths in the document. It turns out that this is surprisingly useful information for effective project management of XSLT developments. For example, when costing and estimating variations in development projects, we can use the change in the number of XPaths. Now I did make a more sophisticated version of this with my XML Structured Document Metrics, however it seems the raw unique XPath lists have taken off more, because the lists can be used for more things. The Structured Document Metrics are still useful at more top-level checkpoints, it seems... For example, today I saw an interesting use from a colleague. He writes XSLTs to generate InDesign XML documents from data from a collaborative CMS (PageSeeder.) When he first gets his sample input documents, he runs an XSLT to generate a spreadsheet with all the unique XPaths and their counts. When he writes his XSLT code, he also generates an instrumented version of the code which generates elements that give the XPath of the element in the original document—no index predicates are necessary here. Now, running the input documents through this augmented version, and then running a report transform on the augmented output documents, he obtains a list and count of all unique XPaths that were consumed in processing the document. This gets fed back into the spreadsheet, and, Bob's your uncle, he has a nice list showing the current coverage by the XSLT program of his input documents... Isn't this another kind of unit testing? Well, perhaps, but it is very effective because spreadsheets have one great quality that unit-test listings don't have: they are very manager-friendly. Quasi-technical managers can get the idea of an XPath easily, and the idea of a count. And the counts help estimate completion rates and so on. So lets hear it for the humble XPath...

Cloud Security Alliance Formed to Promote Best Practices
Ellen Messmer, Network World

A group calling itself the Cloud Security Alliance announced its formation Tuesday, with eBay and ING as founding members. The alliance, which plans to make its first big splash at the upcoming RSA Conference, was formed to promote security best practices in a cloud computing environment. The on-demand cloud computing model is putting new demand on security, according to statements from Dave Cullinane, CISO at eBay. "The very nature of how businesses use information technology is being transformed by the on-demand cloud computing model," he said. "It is imperative that information security leaders are engaged at this early stage to help assure that the rapid adoption of cloud computing builds in information security best practices without impeding the business." "Enterprises need pragmatic advice to qualify and engage with cloud providers in a way that is in alignment with organizational risk tolerances," says Alan Boehme, Cloud Security Alliance founding member and senior vice president of IT strategy and architecture at ING, a large global financial-service firm. Chris Hoff, technical advisor to the Cloud Security Alliance, says the group, which includes a mix of user companies and vendors (PGP, Qualys and zScaler are among those announced) wants to sort out issues coming up in the cloud computing environment today... The group will seek not to define standards but set a common baseline for understanding security for cloud computing. The group will likely tackle recommendations about security for cloud computing, and according to the group's Web site, it will be examining "15 domains of concern." These include areas such as governance and enterprise risk, information and life-cycle management, compliance and audit, eDiscovery, encryption and key management, application security, identity and access management and incident response. In related news, a document called the Open Cloud Manifesto, signed by dozens of vendors in support of cloud computing interoperability, was released Monday. This document, issued by a group said to include IBM, Sun Microsystems, VMware and several others, tackles issues surrounding security, integration, interoperability, portability, governance/management and metering/monitoring in a cloud environment..."

See also: the announcement


XML Daily Newslink and Cover Pages sponsored by:

IBM Corporation
Microsoft Corporation
Oracle Corporation
Sun Microsystems, Inc.

XML Daily Newslink:
Newsletter Archive:
Newsletter subscribe:
Newsletter unsubscribe:
Newsletter help:
Cover Pages:

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: