This issue of XML Daily Newslink is sponsored by:
- DMTF to Develop Standards for Managing a Cloud Computing Environment
- OASIS Public Review: Reference Model for OAXAL Version 1.0
- Proposed Guidelines Offer Help in Managing Passwords in the Enterprise
- W3C Invites Implementations of Media Queries Specification
- Internet Calendaring and Scheduling Core Object Specification (iCalendar)
- Evaluation and Report Language (EARL) 1.0 Schema: Working Draft Published
- DomainKeys Identified Mail (DKIM) Service Overview
- Mobile Workforce Operational Support Using Eclipse RCP
- Oracle-Sun Deal Renews Calls for OpenOffice's Independence
DMTF to Develop Standards for Managing a Cloud Computing Environment
Staff, Distributed Management Task Force Announcement
DMTF, an organization bringing the IT industry together to collaborate on systems management standards development, validation, promotion and adoption, announced that it has formed a group dedicated to addressing the need for open management standards for cloud computing. The 'Open Cloud Standards Incubator' will work to develop a set of informational specifications for cloud resource management. Incubator Scope Statement (from the Charter): "The DMTF's Open Cloud Standards incubator will develop a suite of DMTF informational specifications that deliver architectural semantics to unify the interoperable management of enterprise computing and cloud computing. This may include extensions to existing DMTF specifications including the Common Information Model (CIM), Open Virtualization Format (OVF), WBEM Protocols, member submissions and investigation of opportunities for collaboration with other industry standards bodies. The scope of this activity is focused on mainly cloud resource management aspects of Infrastructure as a Service (IaaS) with some work touching on Platform as a Service (PaaS) including SLAs, QoS, utilization, provisioning and accounting and billing..."
According to the announcement, the initial incubator leadership board consists of AMD, Cisco, Citrix, EMC, HP, IBM, Intel, Microsoft, Novell, Red Hat, Savvis, Sun Microsystems, and VMware. The work of the Open Cloud Standards Incubator will focus on ways to facilitate operations between private clouds within enterprises and other private, public, or hybrid clouds by improving the interoperability between platforms through open cloud resource management standards. The group also aims to develop specifications to enable cloud service portability and provide management consistency across cloud and enterprise platforms. The Open Cloud Standards Incubator was formed as part of the DMTF Standards Incubation process, which enables like-minded DMTF members to work together and produce informational specifications that can later be fast-tracked through the standards development process. The incubation process is designed to foster and expedite open, collaborative, exploratory technical work that complements the DMTF mission to lead the development, adoption and promotion of interoperable management initiatives and standards. [To date] no specific standards currently exist for enabling interoperability between private clouds within enterprises and hosted or public cloud providers. DMTF's Open Cloud Standards Incubator will focus on addressing these issues by developing cloud resource management protocols, packaging formats and security mechanisms to facilitate interoperability...
See also: the DMTF Open Cloud Standards Incubator
OASIS Public Review: Reference Model for OAXAL Version 1.0
Andrzej Zydron and Derek Saldana (eds), OASIS Public Review Draft
Members of the OASIS Open Architecture for XML Authoring and Localization Reference Model (OAXAL) Technical Committee approved a Committee Draft for "Reference Model for Open Architecture for XML Authoring and Localization Version 1.0" and have released it for public review. The review period ends June 24, 2009. A "reference model" in this context is an abstract framework for understanding significant relationships among the entities of some environment. It enables the development of specific reference or concrete architectures using consistent standards or specifications supporting that environment. A reference model consists of a minimal set of unifying concepts, axioms, and relationships within a particular problem domain and is independent of specific standards, technologies, implementations, or other concrete details... The Open Architecture for XML Authoring and Localization (OAXAL) provides a comprehensive, efficient, and cost-effective model for building an XML lifecycle production framework based completely on Open Standards.
OAXAL encompasses the following key Open Standards: (1) XML: Extensible Markup Language (XML) is a simple, flexible text format originally designed to meet the challenges of large-scale electronic publishing. XML also plays an increasingly important role in the exchange of a wide variety of data on the Web and elsewhere. (2) Unicode: A character encoding scheme that encompasses all character sets. (3) W3C ITS: An XML vocabulary that defines translatability rules for a given XML document type. (4) SRX: Segmentation Rules eXchange, a LISA OSCAR standard defining text-subdivision rules for each language. (5) xml:tm: XML-based text memory, a LISA OSCAR standard for author memory (a history of segments and revisions) and translation memory (a history of translated segments). (6) GMX: Global Information Management Metrics Exchange, a LISA OSCAR standard for word and character count and metrics (for volume, complexity, and quality) exchange. (7) TMX: Translation Memory eXchange, a LISA OSCAR standard for exchanging translation memories. (8) Unicode TR29: The primary Unicode standard defining word and sentence boundaries. (9) Open Standard XML Vocabularies, including DITA, Docbook, XHTML, SVG, ODF, and others that may emerge as standards. (10) XLIFF: XML Localization Interchange File Format, an OASIS standard for exchanging Localization data.
The key characteristic of OAXAL is the use of an Open Architecture based on Open Standards with XML as the source format for both the document format and, in most cases, the vocabulary of the standards. XML underpins the foundations of OAXAL. The XML source content provides semantic and structured text that can be localized. XML provides many benefits regarding authoring and Localization: (A) The separation of form and content provides an elegant and convenient way of identifying text and markup. (B) The extensible nature of XML allows the creation of specialist vocabularies that can be shared and adopted by interested parties. (C) The syntax of XML allows for the quick and easy validation of XML document instances against specific rules. (D) The widespread adoption of XML means that there are many tools to validate and transform XML documents. At the center of authoring and Localization is the actual XML document text to be authored and/or localized.
See also: the OASIS announcement
Proposed Guidelines Offer Help in Managing Passwords in the Enterprise
William Jackson, Government Computer News
To help agencies select and implement proper controls for password management, the U.S. National Institute of Standards and Technology (NIST) has released a draft version of Special Publication 800-118, titled Guide to Enterprise Password Management, for public comment. The document was edited by Karen Scarfone and Murugiah Souppaya. "The purpose of the guide is to assist organizations in understanding common threats against their character-based passwords and how to mitigate those threats within the enterprise. Topics addressed in the guide include defining password policy requirements and selecting centralized and local password management solutions. Non-character-based passwords, such as graphic-based passwords, are outside the scope of this guide. The guide is intended for computer security staff and program managers, system and network administrators, and other staff who are responsible for the technical aspects of enterprise password management. Managers can also use the information presented in the guide to facilitate the decision-making processes associated with password management, such as password policy creation. Section 3 of the guide describes the four major types of threats to passwords: password capture, exploitation of weak passwords and password hashes, password replacement, and attacker reuse of compromised passwords. It also provides recommendations for mitigating these threats. Appendix A discusses several common types of passwords for devices and other hardware..."
Passwords probably are the most commonly used method of authentication for access to information technology resources, but despite their apparent simplicity, they can be difficult to manage. Long, complex passwords should be more secure than simpler ones, but they also are more difficult for the user to remember, leading to the increased possibility they will be improperly stored. Threats to confidentiality of passwords include capturing, guessing or cracking them through analysis. Password guessing and cracking become more difficult with the complexity of the password. The number of possibilities for a given password increases with the length of the password and the possible number of choices for each character. The possible choices for each character of a numerical password are 10 (0 through 9). Possible choices for passwords using letters are 26 for each character. By combing upper and lower case letters, numerals and special characters, there can be as many as 95 possibilities for each character... One method of password management is to use a single sign-on (SSO) tool, which automates password authentication for the user by controlling access to a set of passwords through a single password. This can make it more feasible for a user to use and remember a single, complex password. However, "in nearly every environment, it is not feasible to have an SSO solution that handles authentication for every system and resource—most SSO solutions can only handle authentication for some systems and resources, which is called reduced sign-on," NIST states.
See also: the NIST Guide
W3C Invites Implementations of Media Queries Specification
Håkon Wium Lie, Tanek Çelik, Daniel Glazman, Anne van Kesteren (eds); W3C Technical Report
The W3C Cascading Style Sheets (CSS) Working Group now invites implementation feedback for the Candidate Recommendation version of "Media Queries." HTML4 and CSS2 currently support media-dependent style sheets tailored for different media types. For example, a document may use sans-serif fonts when displayed on a screen and serif fonts when printed. 'screen' and 'print' are two media types that have been defined. Media queries extend the functionality of media types by allowing more precise labeling of style sheets. A media query consists of a media type and zero or more expressions to limit the scope of style sheets. Among the media features that can be used in media queries are 'width', 'height', and 'color'. By using media queries, presentations can be tailored to a specific range of output devices without changing the content itself. This Candidate Recommendation has been widely reviewed and ready for implementation.
Exit criteria: For this specification to exit the Candidate Recommendation stage, the following conditions shall be met: (1) There must be at least two interoperable implementations. For the purposes of this criterion, we define "interoperable" to mean passing the respective test case(s) in the CSS test suite, or, if the implementation is not a Web browser, an equivalent test. Every relevant test in the test suite should have an equivalent test created if such a user agent (UA) is to be used to claim interoperability. In addition if such a UA is to be used to claim interoperability, then there must one or more additional UAs which can also pass those equivalent tests in the same way for the purpose of interoperability. The equivalent tests must be made publicly available for the purposes of peer review. An "implementation" is a user agent which implements the specification, is available (i.e., publicly downloadable or available through some other public point of sale mechanism), and is shipped, or is a "nightly build" (i.e., a development version for the next release), but is not experimental (i.e., a version specifically designed to pass the test suite and not intended for daily usage going forward). (2) There must be a Test Suite; none is available at the time of this publication. (3) A minimum of another six months of the CR period must elapse. That is, this specification will not exit CR before 23-October-2009. When the specification exits CR, an implementation report will be published; at this point, no such report exists.
See also: the W3C CSS Working Group
Internet Calendaring and Scheduling Core Object Specification (iCalendar)
Bernard Desruisseaux (ed), IETF Internet Draft
The Internet Engineering Steering Group (IESG) has announced the approved the Internet Calendaring and Scheduling Core Object Specification (iCalendar) specification as an IETF Proposed Standard. This document is the product of the Calendaring and Scheduling Standards Simplification Working Group; the IESG contact persons are Lisa Dusseault and Alexey Melnikov. The document defines the iCalendar data format for representing and exchanging calendaring and scheduling information such as events, to-dos, journal entries and free/busy information, independent of any particular calendar service or protocol. The working group proceeded with the work in an orderly fashion, opening tickets for all the found issues in the original RFC 2445, and then systematically closing them until no known issues remained. There are a number of existing implementations of the original RFC 2445 specification that are likely to upgrade their implementation to the new specification. During the process of developing this document, the CalConnect.org industry consortium provided various types of vendor feedback and errata over the original specification. The working group took special care to take into account this feedback as well as the feedback received from a number of other contributors, some of which are also mentioned in the document's Acknowledgements section.
Overview: "The use of calendaring and scheduling has grown considerably in the last decade. Enterprise and inter-enterprise business has become dependent on rapid scheduling of events and actions using this information technology. This memo is intended to progress the level of interoperability possible between dissimilar calendaring and scheduling applications. This memo defines a MIME content type for exchanging electronic calendaring and scheduling information. The Internet Calendaring and Scheduling Core Object Specification, or iCalendar, allows for the capture and exchange of information normally stored within a calendaring and scheduling application; such as a Personal Information Manager (PIM) or a Group Scheduling product. The iCalendar format is suitable as an exchange format between applications or systems. The format is defined in terms of a MIME content type. This will enable the object to be exchanged using several transports, including but not limited to SMTP, HTTP, a file system, desktop interactive protocols such as the use of a memory- based clipboard or drag/drop interactions, point-to-point asynchronous communication, wired-network transport, or some form of unwired transport such as infrared might also be used. The memo also provides for the definition of iCalendar object methods that will map this content type to a set of messages for supporting calendaring and scheduling operations such as requesting, replying to, modifying, and canceling meetings or appointments, to-dos and journal entries. The iCalendar object methods can be used to define other calendaring and scheduling operations such a requesting for and replying with free/busy time data. Such a scheduling protocol is defined in the iCalendar Transport-independent Interoperability Protocol (iTIP)..."
Evaluation and Report Language (EARL) 1.0 Schema: Working Draft Published
Shadi Abou-Zahra and Michael Squillace (eds), W3C Technical Report
Members of the W3C Evaluation and Repair Tools Working Group have released a Working Draft for the "Evaluation and Report Language (EARL) 1.0 Schema" specification. The document describes the formal schema of the Evaluation and Report Language (EARL) 1.0. The Evaluation and Report Language (EARL) defines a vocabulary for expressing test results. It enables any person, software application, or organization to assert test results for any test subject tested against any set of criteria. The test subject might be a Web site, an authoring tool, a user agent, or some other entity. The set of criteria may be accessibility guidelines, formal grammars, or other types of quality assurance requirements. Thus, EARL is flexible with regard to the contexts in which it can be applied. EARL is not a comprehensive vocabulary for describing test procedures, test criteria, or test requirements but, rather, for describing the outcomes from such testing. EARL can be supplemented by test description vocabularies or other vocabularies for different aspects of the testing cycle. A companion document, Evaluation and Report Language (EARL) 1.0 Guide, to this specification provides more introductory material and explanation of the use cases for EARL. The companion document also highlights specific considerations, such as security and privacy... The Evaluation and Repair Tools Working Group (ERT WG) believes to have addressed all issues brought forth through previous Working Draft iterations. The Working Group encourages feedback about this document, Evaluation and Report Language (EARL) 1.0 Schema, by developers and researchers who have interest in software-supported evaluation and validation of Web sites, and by developers and researchers who have interest in Semantic Web technologies for content description, annotation, and adaptation. In particular, the Working Group is looking for feedback on the following items which are also highlighted within the document: (1) Adoption of foaf:Document external link as a further refinement for 'earl:TestSubject'; (2) Providing subclasses for 'earl:TestMode', similarly to the approach taken by 'earl:OutcomeValue'; (3) Replacing or partially replacing ;earl:Software; with terms from the DOAP vocabulary; (4) Structure and clarity of the entire conformance section.
DomainKeys Identified Mail (DKIM) Service Overview
Tony Hansen, Dave Crocker, Phillip Hallam-Baker (eds), IETF Internet Draft
IETF has announced the Last Call Review for DomainKeys Identified Mail (DKIM) Service Overview. The document has been produced by members of the IETF Domain Keys Identified Mail (DKIM) Working Group, chartered to produce standards-track specifications that allow a domain to take responsibility, using digital signatures, for having taken part in the transmission of an email message and to publish "policy" information about how it applies those signatures. This document provides a description of the architecture and functionality for DomainKeys Identified Mail (DKIM)... A person or organization has an "identity" -- that is, a constellation of characteristics that distinguish them from any other identity. Associated with this abstraction can be a label used as a reference, or "identifier". This is the distinction between a thing and the name of the thing. DKIM uses a domain name as an identifier, to refer to the identity of a responsible person or organization. In DKIM, this identifier is called the Signing Domain IDentifier (SDID) and is contained in the DKIM-Signature header fields "d=" tag. Note that the same identity can have multiple identifiers. A DKIM signature can be created by a direct handler of a message, such as the message's author or an intermediary. A signature also can be created by an independent service that is providing assistance to a handler of the message. Whoever does the signing chooses the SDID to be used as the basis for later assessments. Hence, the reputation associated with that domain name might be an additional basis for evaluating whether to trust the message for delivery. The owner of the SDID is declaring that they accept responsibility for the message and can thus be held accountable for it... The organization can be a direct handler of the message, such as the author's, the originating sending site's or an intermediary's along the transit path. However it can also be and indirect handler, such as an independent service that is providing assistance to a direct handler. DKIM defines a domain-level digital signature authentication framework for email through the use of public-key cryptography and using the domain name service as its key server technology. It permits verification of the signer of a message, as well as the integrity of its contents. DKIM will also provide a mechanism that permits potential email signers to publish information about their email signing practices; this will permit email receivers to make additional assessments of unsigned messages. DKIM's authentication of email identity can assist in the global control of "spam" and "phishing"...
Mobile Workforce Operational Support Using Eclipse RCP
Benjamin Lieberman, IBM developerWorks
There are many kinds of field support services that require a highly mobile workforce. Increasingly, there is a need to provide computing support for these remote operation teams to aid them in the performance of their jobs. A wide variety of applications, often custom-written for just one specific task, must be created at high expense and with limited or no general applicability to other field personnel. There exists a real need for a universal open platform to provide common services and features that can be extended to meet the specific needs of each group of field staff... Providing a mobile support platform can also promote the idea of 'green computing' through the reduction in paperwork and travel. For example, at the Mine Safety and Health Administration (MSHA), inspectors routinely take notes on paper, travel to a home office, transcribe those notes into a computer file, then file the paper into a case history. This results in delay in reporting, additional effort, data entry errors, etc. A far more efficient and accurate mechanism is to provide direct computer-based entry to avoid the paper-based intermediary. Moreover, using a multidevice platform approach allows remote workers to use smaller, more energy efficient devices with less power consumption and increased battery life. This article focuses on the value of a common open source platform to myriad remote teams, the reduction in paper and travel to perform synchronization, and improved paper-free access to critical information when "off the net." The Mobile Workforce Framework project, also known as Maestro, illustrates how many architectural drivers like synchronization, plug-in functionality, and offline support are met by the using the Eclipse RCP. The Maestro Mobile Workforce Framework project is established as a SourceForge incubator project. The intent of the project is to develop and deploy a useful and extensible platform supporting mobile workforces in the field and in the office. The initial development for this project is focused on the creation of the formal platform (based on Eclipse RCP), with initial emphasis on inspection teams. Later efforts will include perspectives for field trainers, auditors, and engineering support staff. In addition to the base framework platform that will be deployed to full-scale computing devices (that is, laptop computers), the project also envisions supporting a variety of handheld or other mobile devices.
Oracle-Sun Deal Renews Calls for OpenOffice's Independence
Eric Lai, InfoWorld
Questions remain about best role model for OpenOffice: Mozilla, Apache, or Linux Foundation? Oracle's [announced] purchase of Sun Microsystems last week is reviving calls for Sun's open-source OpenOffice.org suite to be spun out into an independent foundation. Oracle is one of the top corporate contributors to Linux and many other open-source software projects. However, that has long been overshadowed by the tens of billions of dollars Oracle reaps annually from proprietary enterprise software, as well as brazen attacks it has made on open-source stalwarts like Red Hat. Some insiders say Oracle CEO Larry Ellison's iron fist could actually help OpenOffice.org by helping streamline software development, or by better competing against Microsoft Office—two longtime complaints leveled against Sun, which remains the group's primary financial sponsor and the source of most of its programmers nine years after making it open-source...
Or: OpenOffice.org might benefit Oracle as a valuable weapon in its never-ending war against Microsoft. The latest version, OpenOffice 3.0, has been downloaded more than 50 million times in its first six months... Michael Meeks, a developer at Novell who is overseeing Novell's custom branch of the OpenOffice.org software, is more blunt. "We need to fix the deeply conservative, entrenched group-think around development process in the project ... Currently we have a total mess in this regard," he said. Bruce D'Arcus, a college professor and co-lead for OpenOffice.org's bibliographic project, said he thinks the Oracle-Sun deal is a "good opportunity" for the project to be completely spun off... Sun says its managers and developers still dominate OpenOffice.org because no other vendors are willing to step up. Not so, says Novell's Meeks. Rather, Sun continues trying to "own" OpenOffice.org, acting "rather like an under-talented manager vetoing the hiring of a more talented employee. That needs to change." Several open-source foundations stand out for having created strong developer communities, including the Eclipse Foundation and the Apache Foundation. IBM would likely support this model, having been integral to the formation of both. Despite IBM's continued strong presence in Apache, the group is viewed "as an example of a developer- controlled meritocracy...
See also: the OpenOffice.org web site
XML Daily Newslink and Cover Pages sponsored by:
|Sun Microsystems, Inc.||http://sun.com|
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: firstname.lastname@example.org
Newsletter unsubscribe: email@example.com
Newsletter help: firstname.lastname@example.org
Cover Pages: http://xml.coverpages.org/