This issue of XML Daily Newslink is sponsored by:
Sun Microsystems, Inc. http://sun.com
- World Wide Web Foundation Launches Operations and First Projects
- Introducing the Open Web Foundation Agreement (OWFa)
- Reference Architecture Foundation for Service Oriented Architecture v1.0
- DMTF Identifies Next Steps for Cloud Standards Work
- Clear Metrics for Cloud Security?
- Healthcare Affiliates Unprepared for Data Breaches
- Introduction to XML Schema 1.1: Evolve Your Schema With Wildcard Support
- Servlet 3.0: A Sneak Preview
World Wide Web Foundation Launches Operations and First Projects
Staff, W3C Announcement
"Speaking at the Internet Governance Forum in Sharm el Sheikh, Egypt, Tim Berners-Lee announced today that World Wide Web Foundation is open for business. World Wide Web Foundation was created with W3C's support in September 2008, and focuses on advancing the Web as a medium that empowers people to make positive social and economic change. Web Foundation's first two projects will help people to better leverage the Web to support agriculture in near-desert environments in Africa, and empowering youth in inner-city centers by teaching them how to create Web content. Such projects are consistent with W3C's own work to ensure that One Web is available to all, including work on mobile Web for social development, accessibility, and internationalization. W3C looks forward to collaborating with World Wide Web Foundation to further lower barriers to access and to promote the development of free and open Web standards..."
According to the announcement: "Web Foundation unveiled the organization's new partnerships with VU University Amsterdam (VU) in the Netherlands and CDI (Center for Digital Inclusion) based in Brazil... A new program, Web Alliance for Re-greening in Africa (W4RA), will train and assist local developers to implement and deploy mobile Web- and voice-based platforms to improve communication between agricultural specialists and farmers in Burkina Faso, Mali and other countries. The W4RA facilitates the sharing of successful agricultural techniques developed by farmers for others to raise crops in the arid conditions of the Sahel, where climate change and drought threaten the livelihood of entire communities...
In addition, Web Foundation announced a project with CDI, an international, social enterprise dedicated to teaching disadvantaged youth how to use information technologies... Web Foundation and CDI will develop training programs that empower young people to create Web sites and applications. In an effort to improve the accessibility of this content, the system will be mobile ready and integrate the use of voice as an interface. Five pilot training programs will be established in inner-city community centers in Latin America, Europe and the Middle East..."
See also: the Web Foundation announcement
Introducing the Open Web Foundation Agreement (OWFa)
DeWitt Clinton, Open Web Foundation Announcement
"The Open Web Foundation is pleased to announce the availability of the Open Web Foundation Agreement (OWFa). The Open Web Foundation was founded to help developer communities collaborate and share technical innovation on the web, bringing to the world of formats and protocols the same successful grassroots approaches established by the open source community. Modeled after the Apache Software Foundation and Creative Commons, the Open Web Foundation seeks to facilitate the creation and implementation of specifications with legal agreements that make such work simple, safe, and sustainable.
The Open Web Foundation Agreement itself establishes the copyright and patent rights for a specification, ensuring that downstream consumers may freely implement and reuse the licensed specification without seeking further permission. In addition to the agreement itself, we also created an easy-to-read "Deed" that provides a high level overview of the agreement...
The Open Web Foundation Agreement is just the first step among many toward a comprehensive, straightforward approach to an open specification development process. In upcoming months, the Open Web Foundation will be developing reusable Contributor License Agreements, which can be adopted by specification communities during the development phase itself, even before a usable specification is completed, and will offer Best Practices guidelines for open development processes.
OWF also announced that the following companies have committed to apply the OWFa to a number of community and proprietary specifications: (1) MashSSL Open 1.2.0 - SafeMashUps; (2) Media RSS 1.5.0 - Yahoo!) (3) OAuth Core 1.0 Revision A - Facebook, Google, Yahoo!; (4) OAuth WRAP 0.9 - Facebook, Google, Microsoft, Yahoo!; (5) OpenService Format Specification version 0.8 - Microsoft; (6) PubSubHubbub - Google; (7) Salmon Protocol - Google; (8) Simple Web Tokens 0.9 - Facebook, Google, Microsoft, Yahoo!; (9) WebSlice Format Specification version 0.9 - Microsoft; (10) XML Search Suggestions Format Specification version as of 11/11/2009 - Microsoft..."
See also: the Open Web Foundation Agreement 0.9
Reference Architecture Foundation for Service Oriented Architecture v1.0
J. Estefan, K. Laskey, F. McCabe, D. Thornton; OASIS Public Review Draft
Members of the OASIS SOA Reference Model Technical Committee have released an approved Committee Draft specification "Reference Architecture Foundation for Service Oriented Architecture Version 1.0" for public review through January 13, 2010. The specification was previous submitted for a 60-day review on 09-May-2008 under the title "Reference Architecture for Service Oriented Architecture Version 1.0."
Service Oriented Architecture (SOA) is an architectural paradigm that has gained significant attention within the information technology (IT) and business communities. The SOA ecosystem described in this document occupies the boundary between business and IT. It is neither wholly IT nor wholly business, but is of both worlds. Neither business nor IT completely own, govern and manage this SOA ecosystem. Both sets of concerns must be accommodated for the SOA ecosystem to fulfill its purposes...
The OASIS Reference Model for SOA provides a common language for understanding the important features of SOA but does not address the issues involved in constructing, using or owning a SOA-based system. This document focuses on these aspects of SOA... The focus in this architecture is on an approach to integrating business with the information technology needed to support it. The issues involved with integration are always present, but, we find, are thrown into clear focus when business integration involves crossing ownership boundaries. This architecture follows the recommended practice of describing architecture in terms of models, views, and viewpoints, as prescribed in ANSI/IEEE 1471-2000 and ISO/IEC 42010-2007 Standards...
The Reference Architecture has three main views: the Service Ecosystem view which focuses on the way that participants are part of a Service Oriented Architecture ecosystem; the Realizing Services view which addresses the requirements for constructing a Service Oriented Architecture; and the Owning Service Oriented Architecture view which focuses on the governance and management of SOA-based systems..."
See also: the OASIS announcement
DMTF Identifies Next Steps for Cloud Standards Work
Staff, Distributed Management Task Force Announcement
On November 16, 2009, DMTF announced the availability of a new white paper entitled, "Interoperable Clouds: A White Paper from the Open Cloud Standards Incubator." This white paper summarizes the current work within the DMTF Open Cloud Standards Incubator, including usage scenarios for cloud interoperability, the cloud service lifecycle and a cloud reference architecture. The white paper also highlights the incubator's ongoing activities, including the formation of new sub-groups and upcoming informational specifications...
Abstract from the document DSP-IS0101: "This white paper describes a snapshot of the work being done in the DMTF Open Cloud Standards Incubator, including use cases and reference architecture as they relate to the interfaces between a cloud service provider and a cloud service consumer. The goal of the Incubator is to define a set of architectural semantics that unify the interoperable management of enterprise and cloud computing. This paper summarizes the core use cases, reference architecture, and service lifecycle. These building blocks will be used to specify the cloud provider interfaces, data artifacts, and profiles to achieve interoperable management."
"DMTF's Open Cloud Standards Incubator expects the cloud provider interface will encompass several major sub categories that make up the interface between cloud service providers and cloud consumers. These subcategories will ultimately be comprised of profiles that span object models and wire formats. The group anticipates that some profiles will be addressed through integration with other DMTF working groups, and through cooperation with other standards bodies..."
See also: the DMTF Open Cloud Standards Incubator
Clear Metrics for Cloud Security?
Ariel Silverstone, ComputerWorld
"The Jericho Forum proposed an interesting approach to cloud computing security. Starting with a description of cloud layers, it allows us to envision the problem. Here, the forum proposed that security (and identity management) are elements that cross all layers and in effect provide a design they call Collaboration Oriented Architecture (COA). At about the same time, the Cloud Security Alliance designed a not-too-different view. The CSA broke down cloud computing into three delivery types [...] and then proceeded to define the cloud consumption models: Private, Public, Managed, Hybrid...
Allow me here to define the problem statement a bit differently. Let's expand the basic three tenets of security (confidentiality, availability, integrity)... Clearly, in the case of cloud computing, and especially in the public/external case, we no longer have any control. Once the bits 'leave our network,' control passes elsewhere. Losing one control typically mandates an increase in the other controls. Here, we have another set of problems... Typically, we handle confidentiality through the use of technologies such as encryption and access control. We can still encrypt, but imagine what happens to a large data set. It has to be sent, or assembled, in the cloud, remain there in an encrypted form, and be transferred to us, for processing. Once the data is at our location, we have to decrypt it, perform the operations needed, then re-encrypt and resend to the cloud. Doable yes. But the performance tax here is huge. While today's routers and servers no longer have their performance brought down to 1/6th by encryption, we still pay a heavy price...
Authenticity of data is a problem that must be addressed. Sometimes seen as a combination of non-repudiation, integrity and accountability, authenticity is a super-set that defines the reliability we assign and the trust we place in our data. Should data in/from a cloud be seen as less-trusted data? If so, is there any worth to it? Would cloud end up being used only for data we could care less about? [...]"
Healthcare Affiliates Unprepared for Data Breaches
Mitch Wagner, InformationWeek
According to a new report from ID Experts ('Leader in Data Breach Prevention and Remediation'), patient privacy is at risk from the companies that healthcare providers do business with. The document "2009 HIMSS Analytics Report: Evaluating HITECH's Impact on Healthcare Privacy and Security" summarizes findings from a survey of senior executives from healthcare organizations and individuals working for business associates across the United States...
The report "looked at preparedness for healthcare providers business partners, such as billing, credit bureaus, benefits management, legal services, claims processing, insurance brokers, data processing firms, pharmacy chains, and temporary office personnel providers... The survey gauged the readiness of companies to comply with the security provisions of the Health Information Technology for Economic and Clinical Health Act, a component of the U.S. American Recovery and Reinvestment Act of 2009..."
Key findings in the report include: "(1) Risk assessments are common practice but alone do not mitigate breach risks. One-third (31 percent) of hospitals reported having a data breach at their organization in the last 12 months despite almost all (91 percent) having conducted a risk assessment and taken actions to address identified risks and gaps. (2) Large hospitals experience the most data breaches and are at the greatest risk for future incidents. (3) Business associates lag behind in all areas that were tested in this survey to measure awareness of the privacy requirements of the HITECH Act. Over 30 percent of business associates surveyed did not know the HIPAA privacy and security requirements have been extended to cover their organizations. (4) Healthcare organizations are prepared to sanction business associates that don't comply with the regulations outlined in the HITECH Act. 85 percent of hospitals indicated they will take action to protect their patient data that is held by a business associate, while a full 39 percent of business associates admitted they did not know what actions hospitals are taking. (5) Inter-departmental disconnects between IT and Compliance on data breach policies and procedures leave hospitals at risk..."
See also: the ID Experts web site
Introduction to XML Schema 1.1: Evolve Your Schema With Wildcard Support
N. Delima, S. Gao, M. Glavassevich, K. Noaman; IBM developerWorks
"A frequent goal of schema authors is to build schemas for extensibility, where wildcards play a key role in providing extensibility points. New wildcard features introduced in XML Schema 1.1 make it easier for schema authors to write extensible schemas that can tolerate changes in the future.
During the W3C Workshop on XML Schema 1.0 User Experiences, schema versioning was one of the major concerns from schema users. When the XML data changes, the corresponding schemas also need to change. How do you ensure a level of compatibility to reduce disruptions to the applications? [...] Because of the importance and difficulty in achieving forward compatibility, one of the major goals in XML Schema 1.1 is to make it easy to write forward compatible schemas. Wildcards play a key role in defining extension points in schemas...
In this third of a six part series of articles, authors Neil Delima, Sandy Gao, Michael Glavassevich, and Khaled Noaman take an in depth look at versioning features introduced by XML Schema 1.1, specifically the new powerful wildcard mechanisms and open content..."
See also: XML Schema languages
Servlet 3.0: A Sneak Preview
Sangeetha S. Nikhil Dhankani, Mahalakshmi K; devX.com
"Apart from the addition of functionalities such as filters and web application events, the Servlet specification (one of the key Java APIs for web application development) has not undergone any major changes since its introduction. However, the specification has remained robust, and the release of the new Servlet 3.0 specification (JSR 315) will effect a major change in the way developers build Java web applications.
This article offers a brief overview to the new features in Servlet 3.0. Then, using code samples, it dives into the details of using annotations for Servlet 3.0 filters and listeners. The discussion also touches on how to plug frameworks and other libraries into a web application using web fragments. The article concludes with a brief discussion of Servlet 3.0's support for asynchronous processing and highlights of the enhancements made to the existing APIs...
To make the development process easier, Servlet 3.0 introduces annotations. Similar to the changes in EJB 3.1, the introduction of annotations makes the web deployment descriptor 'web.xml' optional. The new pluggability feature in Servlet 3.0 makes web applications modular and easier to maintain: implemented through web fragments, pluggability relieves the developer from making too many Servlet configuration entries in the 'web.xml' file... Another significant change in the new Servlet specification is the support for asynchronous processing, a useful feature for AJAX applications. When a Servlet creates a thread to make a request, it often has to wait for a response from a resource like a database or message connection before it can perform another operation on that thread. Asynchronous processing avoids such blocking requests by allowing the thread to perform some other operation. Several other enhancements have been made to the existing API..."
XML Daily Newslink and Cover Pages sponsored by:
|Sun Microsystems, Inc.
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: firstname.lastname@example.org
Newsletter unsubscribe: email@example.com
Newsletter help: firstname.lastname@example.org
Cover Pages: http://xml.coverpages.org/