This issue of XML Daily Newslink is sponsored by:
Sun Microsystems, Inc. http://sun.com
- OpenDocument Format: The Standard for Office Documents
- CSS Template Layout Module Supports Complex Web Pages and Forms
- Web Services Federation Language (WS-Federation) Version 1.2
- On the Security Road to 'De-Perimeterization'
- CMIS, ECM Interoperability, and Services-Oriented Content Management
- Extensible Provisioning Protocol (EPP)
- Patent Reform Moves Forward in U.S. Senate
OpenDocument Format: The Standard for Office Documents
Rob Weir, IEEE Internet Computing
For many years, when you used a word-processing application, your files were stored in a format that was fully understood only by the application you used. WordPerfect stored WordPerfect files, Microsoft Word stored Word files, and so on—and, while developers often included ad-hoc support for their competitors' formats, that was a hit-and-miss thing, vulnerable to changes in the proprietary formats. The same went for presentation slides and spreadsheets. We all have experience with the results of this, with the difficulties in exchanging files between different applications. OpenDocument Format (ODF) is an XML-based open standard file format for office documents such as these. ODF is application-, platform- and vendor-neutral, and thereby facilitates broad interoperability of office documents. In this issue's "Standards" department, IBM's Rob Weir, who worked on the ODF standard, will take us through some of the history and details of it... ODF Futures: The OASIS ODF TC is currently completing work on its draft of ODF 1.2, which we hope will be ready for formal public review and approval as an OASIS standard in mid-2009. ODF 1.2 will focus mainly on (1) the addition of an RDF/XML and OWL-based metadata framework to allow metadata annotations of ODF content at a fine-grained level, which will facilitate applications such as semantic tagging, real-time collaborative editing,and document compositing from shared fragments; (2) the specification of a detailed expression language for spreadsheet formulas, called OpenFormula, which contains hundreds of commonly used logical, mathematical, financial, and scientific functions; (3) additional enhancements to further increase accessibility. In a parallel effort, as ODF 1.2 is completed, the ODF TC has created an 'ODF-Next' requirements subcommittee to collect, classify, and prioritize feature proposals for subsequent ODF versions...The conventional WYSIWYG word processor could be nearing the end of its useful lifetime. ODF might evolve to take on greater sophistication in the area of semantic encoding, with facilities to let authors capture, in a structured way, more of what they're thinking. Human thought is far too rich and diverse to be captured merely as bold, italic, or underlined. An allowance for semantic layers could let authors encode not just their assertions but also their judgments, estimations of certainty and doubt, facts versus opinions, provenance, authority, and so on in a way that would better lend itself to visualization, mining, and analysis. The challenge, which we eagerly anticipate, is to evolve ODF in a direction that embraces these (and other) possibilities..." [Note: the URI provided is the author's copy; originally published in IEEE Internet Computing, Volume 13, Number 2 (March/April 2009), pages 83-87, doi:10.1109/MIC.2009.42.]
CSS Template Layout Module Supports Complex Web Pages and Forms
Bert Bos (ed), W3C Technical Report
Members of the W3C CSS Working Group (part of the Style Activity) have published a revised working draft for the "CSS Template Layout Module," updating the document of 2007-08-09. CSS is a simple, declarative language for creating style sheets that specify the rendering of HTML and other structured documents. This specification is part of level 3 of CSS ('CSS3') and contains features to describe layouts at a high level, meant for tasks such as the positioning and alignment of 'widgets' in a graphical user interface or the layout grid for a page or a window, in particular when the desired visual order is different from the order of the elements in the source document. Other CSS3 modules contain properties to specify fonts, colors, text alignment, list numbering, tables, etc. The features in this module are described together for easier reading, but are usually not implemented as a group. CSS3 modules often depend on other modules or contain features for several media types. Implementers should look at the various profiles of CSS, which list consistent sets of features for each type of media... The styling of a Web page, a form or a graphical user interface can roughly be divided in two parts: (1) defining the overall 'grid' of the page or window and (2) specifying the fonts, indents, colors, etc., of the text and other objects. The two are not completely separate, of course, because indenting or coloring a text influences the perceived grid as well. Nevertheless, when one separates the parts of a style that should change when the window gets bigger from the parts that stay the same, one often finds that the grid changes (room for a sidebar, extra navigation bar, big margins, larger images), while fonts, colors, indents, numbering styles, and many other things don't have to change, until the size of the window becomes extreme. The properties in this specification work by associating a layout policy with an element. Rather than letting an element lay out its descendants in their normal order as inline text or as blocks of text (the policies available in CSS level 1), the policy defined in this module, called template-based positioning, gives an element an invisible grid for aligning descendant elements...
See also: W3C Cascading Style Sheets
Web Services Federation Language (WS-Federation) Version 1.2
Marc Goodner and Anthony Nadalin (eds), OASIS Committee Specification
OASIS announced that an approved Committee Specification for "Web Services Federation Language (WS-Federation) Version 1.2" has been submitted for consideration as an OASIS Standard. The document was produced by members of the Web Services Federation (WSFED) Technical Committee. Statements of successful use of the specification were received from Microsoft, IBM, and Novell. The WS-Federation specification "defines mechanisms to allow different security realms to federate, such that authorized access to resources managed in one realm can be provided to security principals whose identities are managed in other realms. While the final access control decision is enforced strictly by the realm that controls the resource, federation provides mechanisms that enable the decision to be based on the declaration (or brokering) of identity, attribute, authentication and authorization assertions between realms. The choice of mechanisms, in turn, is dependent upon trust relationships between the realms. While trust establishment is outside the scope of this document, the use of metadata to help automate the process is discussed. A general federation framework must be capable of integrating existing infrastructures into the federation without requiring major new infrastructure investments. This means that the types of security tokens and infrastructures can vary as can the attribute stores and discovery mechanisms. Additionally, the trust topologies, relationships, and mechanisms can also vary requiring the federation framework to support the resource's approach to trust rather than forcing the resource to change. The federation framework defined in this specification builds on WS-Security, WS-Trust, and the WS-* family of specifications providing a rich extensible mechanism for federation. The WS-Security and WS-Trust specification allow for different types of security tokens, infrastructures, and trust topologies. This specification uses these building blocks to define additional federation mechanisms that extend these specifications and leverage other WS-* specifications. The mechanisms defined in this specification can be used by Web service (SOAP) requestors as well as Web browser requestors. The Web service requestors are assumed to understand the WS-Security and WS-Trust mechanisms and be capable of interacting directly with Web service providers. The Web browser mechanisms describe how the WS-* messages (e.g. WS-Trust's RST and RSTR) are encoded in HTTP messages such that they can be passed between resources and Identity Provider (IP)/ Security Token Service (STS) parties by way of a Web browser client. This definition allows the full richness of WS-Trust, WS-Policy, and other WS-* mechanisms to be leveraged in Web browser environments. It is expected that WS-Policy and WS-SecurityPolicy (as well as extensions in this specification) are used to describe what aspects of the federation framework are required/supported by federation participants and that this information is used to determine the appropriate communication options. The assertions defined within this specification have been designed to work independently of a specific version of WS-Policy...
See also: the announcement
On the Security Road to 'De-Perimeterization'
Jon Oltsik, CNET News.com
I first heard the term "de-perimeterization" back around 2004. This expression was attributed to the Jericho Forum, a group of chief information security officers and industry leaders who anticipated a new business requirement and security challenge. Jericho Forum knew that ubiquitous global connectivity spelled the end of the network "walled garden"—private corporate networks protected by perimeter devices like security gateways and firewalls. Jericho Forum now makes its home at the Open Group office in Reading, U.K., and is dedicated to open standards that make global data sharing and collaboration more secure. For my part, I fully support this effort. Here are a few standards that would help in this effort: (1) Key Management Interoperability Protocol (KMIP). This standard is being driven by EMC, IBM, Hewlett-Packard, Thales, and a few other vendors. The thought here is to provide any-to-any connectivity between cryptographic devices and key management systems. This could pave the way for encryption key sharing and key management system communication across disparate organizations. (2) Open Authentication (OATH). The thought here is to provide a reference architecture for strong authentication (i.e., tokens, smart cards, biometrics, etc.). Good idea but industry wrangling and politics seem to be holding this one back. I don't really care if OATH itself succeeds but we need an open authentication reference model ASAP. (3) Extensible Access Control Markup Language (XACML). Authentication gets you by the bouncer and in the club. Not everyone who gets inside has equal privileges however. How do you separate the VIPs from Joe Average? Entitlement management. XACML has the potential to make entitlement management much easier and responsive than it is today. This is just a sample... We also need standard tags for data classification and confidential data security policy enforcement. If an Excel spreadsheet contains Social Security numbers, the file should have a standard meta data tag that tells operating systems, e-mail, and gateway filters to take special actions like encrypting the file or preventing a user from making a copy to a USB drive...
See also: KMIP specification references
CMIS, ECM Interoperability, and Services-Oriented Content Management
Jeff Potts, Blog
The emerging Content Management Interoperability Services (CMIS) standard was the main buzz at the AIIM conference in Philadelphia this week (followed closely by social networking and Enterprise 2.0). Why does CMIS garner so much attention? Because as EMC's David Choy said, "Unless they are starting from scratch, everybody implementing ECM has an interoperability problem." The impact of the problem depends on who you are and what you're trying to do. If you use one ECM repository for email archiving and another to manage the content on your web site, it doesn't really matter that the two repositories aren't interoperable. But what if you have a portfolio of web sites and asset repositories across a variety of platforms and you need to share content across all of them? Then it's a problem. Customers in this situation have all kinds of issues they have to deal with, but several come down to a few basic needs having to do with interoperability: (1) It needs to be easy for front-ends to store and retrieve content across multiple repositories—different platforms; (2) It needs to be easy to move content between repositories; (3) It needs to be easy to find interesting and relevant content—which I may then want to access from the front-end or send to some other repository. This multi-site/multi-repository problem is common, and at Optaros, we think we can help address it with tools and services that are, in many cases, driven by CMIS... Replication: What if you want to move content between repositories? I've talked to folks who have Drupal web sites, but they'd like to take some of the user-generated content that comes from Drupal and treat it more formally—like maybe they want to route it through an internal workflow, tag it, and then make it available to some of the other sites in their portfolio that might or might not be Drupal. CMIS gives us a common way to export and import content (through ATOM XML). Throw a transformation in the middle to handle schema differences and you've got yourself a CMIS-based replication engine that can move content between different kinds of repositories... Services-Oriented Content Management: The individual services (CMIS adapters, Replication, and Feeds) are part of a Services-Oriented approach to Content Management. The services are interrelated, and there are others I haven't discussed, but the idea is that this type of approach can make a multi-silo'd content domain much more manageable and useful. Some of it depends on CMIS and some of it doesn't. These ideas are still being hammered out...
Extensible Provisioning Protocol (EPP)
Scott Hollenbeck (ed), IETF Internet Draft
An initial -00 updated version of the IETF "Extensible Provisioning Protocol (EPP)" Internet Draft (bis) has been published, projected to obsolete RFC 4930. Appendix B 'Media Type Registration' defines the 'application/epp+xml' MIME type. The document describes an application layer client-server protocol for the provisioning and management of objects stored in a shared central repository. Specified in XML, the protocol defines generic object management operations and an extensible framework that maps protocol operations to objects. This document includes a protocol specification, an object mapping template, and an XML media type registration... EPP is a stateful XML protocol that can be layered over multiple transport protocols. Protected using lower-layer security protocols, clients exchange identification, authentication, and option information, and then engage in a series of client-initiated command- response exchanges. All EPP commands are atomic (there is no partial success or partial failure) and designed so that they can be made idempotent (executing a command more than once has the same net effect on system state as successfully executing the command once). EPP provides four basic service elements: service discovery, commands, responses, and an extension framework that supports definition of managed objects and the relationship of protocol requests and responses to those objects. An EPP server MUST respond to client- initiated communication (which can be either a lower-layer connection request or an EPP service discovery message) by returning a greeting to a client. A server MUST promptly respond to each EPP command with a coordinated response that describes the results of processing the command. Interoperability considerations: XML has proven to be interoperable across WWW Distributed Authoring and Versioning (WebDAV) clients and servers, and for import and export from multiple XML authoring tools. For maximum interoperability, validating processors are recommended. Although non-validating processors can be more efficient, they are not required to handle all features of XML.
Patent Reform Moves Forward in U.S. Senate
Roy Mark, eWEEK
"U.S. Patent reform moved closer to reality April 2, 2009 as the Senate Judiciary Committee voted 15-4 for a compromise bill that seeks to bridge the longstanding dispute between technology companies and the pharmaceutical industry over patent infringement damages. Through six years of debate in the Senate and the House of Representatives, high-tech firms have fought to more narrowly define willful infringement damage rewards while big pharma and traditional manufacturing companies urged Congress to keep the infringement formula intact, fearing diluted damages would hurt the value of their patent portfolios... In the 110th Congress, the House approved patent reform favored by tech that would limit damages in relation to the economic value of the patent's contribution to an overall product, but the legislation never gained traction in the Senate. Currently, infringement damages are based on the entire value of the product. Legislation similar to Leahy and Hatch's bill is pending in the House... The Software & Information Industry Association also praised the Judiciary Committee's action. 'SIIA is especially pleased that the bill makes changes that begin to clarify the vague and uncertain rules for calculating damages, and to establish procedures for enhancing the quality of patents issued by the U.S. Patent and Trademark Office,' the trade group said in a statement. As a measure of the compromise nature of the bill, the Biotechnology Industry Organization even had warm words for the legislation... Horacio Gutierrez, Microsoft's corporate vice president and deputy general counsel, said the legislation may not have made everyone happy, including Microsoft, but nevertheless he praised the bill. 'As is necessary in any successful legislative initiative, the amended version of the bill reported by the Judiciary Committee reflects a compromise among the varying views of the members of the committee and among the very different perspectives expressed by stakeholders during the legislative process,' Gutierrez said. 'Together with administrative and judicial reform efforts, this legislation (if enacted) will help modernize the patent system in important respects and represents a significant step forward in efforts to bring balance and predictability to the outcomes in patent litigation cases'..."
XML Daily Newslink and Cover Pages sponsored by:
|Sun Microsystems, Inc.||http://sun.com|
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: firstname.lastname@example.org
Newsletter unsubscribe: email@example.com
Newsletter help: firstname.lastname@example.org
Cover Pages: http://xml.coverpages.org/