This issue of XML Daily Newslink is sponsored by:
Sun Microsystems, Inc. http://sun.com
- OASIS TC Charter Proposal: Quantities and Units of Measure Ontology
- IPTC Releases News Industry Text Format (NITF) Version 3.5
- W3C Issues Call for Implementation of Widget Packaging and Configuration
- Smart Grid Potential Gated By Broadband
- IMAP Support for UTF-8 Approved as IETF Experimental RFC
- Same-Origin Policy and Cross-Site Request Forgery (CSRF) Vulnerabilities
- DMTF Announces Partnership with Cloud Security Alliance
- dotCMS Web Content Management System (WCMS) Embraces CMIS Specification
- KnowledgeTree Version 3.7 Document Management Software Supports CMIS
OASIS TC Charter Proposal: Quantities and Units of Measure Ontology
Staff, OASIS Announcement
Representatives from NIST, US DoD, LBNL, BAE Systems, and others have submitted a Charter Proposal for an "OASIS Quantities and Units of Measure Ontology Standard (QUOMOS) Technical Committee." The objective "is to develop the draft of an international ontology standard for expressing 'Quantities and Units of Measure' which will be publicly available, free of charge. The reference normative form of the ontology will be expressed in the CLIF (Common Logic Interchange Format) language, with derived normative representations in OWL 2.0 Description Logics, and UML...
A number of standards projects and other large-scale projects are currently developing some kind of ontology for quantities and measurement units. This will quickly lead to a proliferation of formal models for quantities and units that are not quite comparable. That in turn will impede consistent specifications of quantities for publication and information exchange in many industries. A standard ontology for quantities and units, adopted at this time, can be incorporated into such projects, or used as a reference for the symbols they define, thus promoting consistent interpretation and interworking of specifications and measurements...
The work shall include the development of a core set of ontology modules covering quantities, units, scales, dimensions, base and derived SI units [System of Units, abbreviated SI, le Système international d'unités] and their relationships, and extension mechanisms to allow the later inclusion of non SI units and other measurement systems. The ontology shall be independent of industry sector and applications, and based on available specifications and standards, particularly the VIM. Where ambiguities and contradictions arise between different specifications and standards, these shall be referred back to the originating organizations for resolution...
The TC will liaise and strive to coordinate its development with the work of BIPM (International Bureau of Weights and Measures), ISO/IEC 80000 [Quantities and Units], VIM (International Vocabulary of Metrology), UnitsML, UCUM (Unified Code for Units of Measure) and UNECE Recommendation 20, and take into account existing quantities and units ontologies based on VIM, such as Sweet, QUDT and the QUDV component of SysML. It is expected that the scope of the QUOMOS ontology with respect to specific units will be influenced by the relationship to UnitsML and UCUM..."
IPTC Releases News Industry Text Format (NITF) Version 3.5
Michael Steidl, IPTC Announcement
On behalf of the International Press Telecommunications Council (IPTC), Managing Director Michael Steidl announced the release of the "News Industry Text Format (NITF)" standard version 3.5. "NITF uses the Extensible Markup Language (XML) to define the content and structure of news articles. Because metadata is applied throughout the news content, NITF documents are far more searchable and useful than HTML pages. By using NITF, publishers can adapt the look, feel, and interactivity of their documents to the bandwidth, devices, and personalized needs of their subscribers. These documents can be translated into HTML, WML (for wireless devices), RTF (for printing), or any other format the publisher wishes...
In NITF version 3.5, XML Schema files are available in addition to DTDs. Minor adjustments were made to the specifications, and all changes are backward compatible. The release includes: (1) the NITF 3.5 XSD Schema, with documentation embedded; (2) Schema RUBY inclusion; (3) NITF 3.5 DTD, with documentation embedded; (4) NITF 3.5 RUBY Inclusion; (5) RUBY plug-in module—identical to RUBY XHTML plug-in... An 'XSLT to Stylize NITF' is available via an online form; sample NITF files are transformed by an XSLT style sheet into a sample HTML output...
IPTC, based in London, UK, is a consortium of the world's major news agencies, news publishers and news industry vendors. It develops and maintains technical standards for improved news exchange that are used by virtually every major news organization in the world. The current work program includes the family of G2-Standards including NewsMLTM-G2, EventsML-G2 and SportsML-G2 which are all XML based standards for exchanging news content and metadata, the IPTC Photo Metadata Standard — a set of metadata properties for images — and the IPTC NewsCodes, a set of common set of metadata values. Still ongoing is the support for our existing standards including NITF and NewsML-1..."
See also: the IPTC main web site
W3C Issues Call for Implementation of Widget Packaging and Configuration
Marcos Caceres (ed), W3C Technical Report
In connection with the W3C Candidate Recommendation release of the Widget Packaging and Configuration specification, W3C has issued a call for implementations. W3C publishes a Candidate Recommendation to indicate that the document is believed to be stable and to encourage implementation by the developer community. The Web Applications (WebApps) Working Group expects to advance this document to Proposed Recommendation once the Working Group has demonstrated at least two interoperable implementations—interoperable meaning at least two implementations that pass each mandatory test in the P&C-Test-Suite. The WebApps Working Group expects to show these implementations as part of an Implementation Report and advance to Proposed Recommendation after 24-January-2010.
The "Widget Packaging and Configuration" specification standardizes a packaging format for software known as widgets. Widgets are client-side applications that are authored using Web standards, but whose content can also be embedded into Web documents. The specification relies on PKWare's Zip specification as the archive format, XML as a configuration document format, and a series of steps that runtimes follow when processing and verifying various aspects of a package. The packaging format acts as a container for files used by a widget. The configuration document is an XML vocabulary that declares metadata and configuration parameters for a widget. The steps for processing a widget package describe the expected behavior and means of error handling for runtimes while processing the packaging format, configuration document, and other relevant files. This specification is part of the Widgets family of specifications, which together standardize widgets as a whole.
Smart Grid Potential Gated By Broadband
Martin LaMonica, CNET News.com
"The U.S. Federal Communications Commission on 2009-11-30 held a 'field hearing' at the Massachusetts Institute of Technology on the role of communications in energy and environment. It was an information-gathering session designed to help set a national broadband strategy. The entire notion of the smart grid supposes connectivity at different points along the grid. Adding digital technologies to the existing system will allow energy to be used more efficiently, increase reliability, and let grid operators use more solar and wind power...
During the hearing, speakers argued that broader broadband coverage lays the foundation for those benefits by enabling smart-grid applications, such as home energy monitoring, alerting utilities to outages, and charging plug-in vehicles economically and without stressing the grid...
For utilities, connectivity is integral to improving the reliability of the grid, according to executives from utility companies who said that more radio spectrum would help ensure reliable communications to detect outages. The other area that needs work on the government level is standards and interoperability. The National Institute of Standards and Technology is now leading an effort to establish the necessary standards for smart-grid, covering everything from cybersecurity to in-home communication protocols. But there would need to be coordination among various government agencies for new grid products to be plug and play..."
IMAP Support for UTF-8 Approved as IETF Experimental RFC
Pete Resnick and Chris Newman (eds), IETF Request for Comment
The Internet Engineering Steering Group (IESG) has announced approval of the IMAP Support for UTF-8 specification as an Experimental RFC. This document is the product of the IETF 'Email Address Internationalization Working Group'. The IESG contact persons are Alexey Melnikov and Lisa Dusseault. The specification extends the Internet Message Access Protocol version 4rev1 (IMAP4rev1) to support unencoded international characters in user names, mail addresses and message headers. The IETF EAI Working Group has consensus on the mechanisms described in this document. Alexey Melnikov reviewed this document most carefully before he became AD. One implementation of the specification is known.
This specification creates five new IMAP capabilities to allow servers to advertise these new extensions, along with two new IMAP list extensions and a new IMAP list return option.
The IETF Email Address Internationalization Working Group was chartered to address one basic approach to email internationalization. That approach is based on the use of an SMTP extension to enable both the use of UTF-8 in envelope address local-parts and optionally in domain-parts and the use of UTF-8 in mail headers—both in address contexts and wherever encoded-words are permitted today. Its initial target is a set of experimental RFCs that specify the details of this approach and provide the basis for generating and testing interoperable implementations... Key parts of this effort include extended analyses and, if necessary, proof of concept in three areas in addition to smooth operation when all systems and components along a message path have been upgraded to support the new facilities.
An IETF "Experimental' designation typically denotes a specification that is part of some research or development effort. Such a specification is published for the general information of the Internet technical community and as an archival record of the work, subject only to editorial considerations and to verification that there has been adequate coordination with the standards process. An Experimental specification may be the output of an organized Internet research effort (e.g., a Research Group of the IRTF), an IETF Working Group, or it may be an individual contribution... If the IETF publishes something based on this on the standards track once we know how well this one works, it's 'Experimental'. This is the typical case of not being able to decide which protocol is "better" before we have experience of dealing with them from a stable specification. Also, if the document contains implicit or explicit success/failure criteria, and it's clear that the outcome can be used as the basis for a recommendation to the IETF community, it's 'Experimental' [per IETF RFC 2026, Section 4.2.1 Experimental].
Same-Origin Policy and Cross-Site Request Forgery (CSRF) Vulnerabilities
Adam Barth, Thomas Roessler (et al.), W3C Wiki Project
In connection with a new W3C web security discussion list, group members have created Wiki project pages for "Same-Origin Policy", "Trusted User Interface", etc. The scope of the discussion list is broad: 'Improving standards and implementations to advance the security of the Web'. What's meant by this is that this mailing list is the right place to discuss topics like: (1) new specifications that people want to bring to W3C, IETF, or other relevant standards bodies; (2) emerging security issues; (3) bigger themes, like how and where to document the same origin policy...
With respect to 'Same-Origin Policy': An origin is defined by the scheme, host, and port of a URL. Generally speaking, documents retrieved from distinct origins are isolated from each other... Although the same-origin policy differs between APIs, the overarching intent is to let users visit untrusted web sites without those web sites interfering with the user's session with honest web sites... For networking APIs, the same-origin policy distinguishes between sending and receiving information. Broadly, one origin is permitted to send information to another origin, but one origin is not permitted to receive information from another origin. The prohibition on receiving information is intended to prevent malicious web sites from reading confidential information from other web sites...
The same-origin policy restricts which network messages one origin can send to another. For example, the same-origin policy allows inter-origin HTTP requests with GET and POST methods but denies inter-origin PUT and DELETE requests. Additionally, origins can use custom HTTP headers when sending requests to themselves but cannot use custom headers when sending requests to other origins..."
See also: 'Trusted User Interface' Wiki project
DMTF Announces Partnership with Cloud Security Alliance
Staff, Distributed Management Task Force Announcement
"Distributed Management Task Force (DMTF) announced that it will partner with the Cloud Security Alliance (CSA) to promote standards for cloud security as part of the ongoing work within the DMTF Open Cloud Standards Incubator. The two groups will collaborate on best practices for managing security within the cloud. As DMTF develops its requirements for secure cloud management, it will work with the CSA to utilize best practices and feedback to improve the security, privacy and trust of cloud computing.
Both organizations plan to adopt appropriate existing standards, and assist and support recognized bodies that are developing new standards appropriate for cloud computing. Together they will promote a common level of understanding between the consumers and providers of cloud computing regarding necessary security. This partnership will help ensure alignment within the cloud computing industry... The partnership between DMTF and CSA was established as part of the DMTF Alliance Partner program, which enables formalized coordination with other standards development organizations...
The Cloud Security Alliance is a not-for profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry leaders, global associations and expert practitioners...
DMTF Open Cloud Standards Incubator process process enables DMTF members "to work together to produce informational specifications that can later be fast-tracked through the standards development process. The incubation process is designed to foster and expedite open, collaborative, exploratory technical work that complements the DMTF mission to lead the development, adoption and promotion of interoperable management initiatives and standards. The Open Cloud Standards Incubator Leadership Board included as of 2009-1201: AMD, CA, Cisco, Citrix, EMC, Fujitsu, HP, Hitachi, IBM, Intel, Microsoft, Novell, Rackspace, RedHat, Savvis, SunGard, Sun Microsystems, and VMware..."
See also: the Cloud Security Alliance (CSA)
dotCMS Web Content Management System (WCMS) Embraces CMIS Specification
Staff, dotCMS Announcement
"dotCMS, a leading Java-based, open source WCMS software company, announced at the Sixth Annual Gilbane Conference in Boston that the upcoming release of dotCMS will implement the CMIS 1.0 draft specification. dotCMS is the first Web Content Management System (WCMS) to integrate the newly released specification into a web management product... The adoption of the CMIS 1.0 specification within the dotCMS product will roll out in phases: Version 1.9 (due to be released in Q1 2010) will include a draft implementation that will be finalized by release 2.0, scheduled for Q3, 2010...
CMIS (Content Management Interoperability Services), was created to avoid the difficulties organizations face when integrating content with proprietary, partner and third party repositories. CMIS uses REST or web services as a unifying technology to allow content repositories to exchange information with any web services-enabled repository. Once adopted by the industry, it will allow any organization to reach across technological borders, retrieve permission-based content and information for use in multiple systems..."
See also: the CMIS Public Review announcement
KnowledgeTree Version 3.7 Document Management Software Supports CMIS
Staff, KnowledgeTree Announcement
"KnowledgeTree, an Enterprise Content Management (ECM) provider focusing on affordable document management software that is easily installed and used by business professionals, has announced the release of version 3.7 of its commercial edition, version 1.1 of its Microsoft Office Add-in, and an alpha release of KnowledgeTree Explorer CP (cross platform).
KnowledgeTree 3.7, deployed on Zend Server, features improved performance; tests indicate KnowledgeTree runs up to 40 percent faster through the inclusion of Zend Optimizer. It also introduces the first iteration of KnowledgeTree's new Content Management Interoperability Services (CMIS) interface, which is compliant with the 0.61 draft of the specification. By using Web services and Web 2.0 interfaces to enable rich information to be shared across Internet protocols, CMIS enables greater interoperability among ECM systems.
Daniel Chalef, KnowledgeTree CEO: 'KnowledgeTree continues to offer a simple, easy to use document management system that does not strain IT resources and is up and running in no time. By embracing open standards and other strategies that enable seamless integration with widely accepted platforms, such as Microsoft IIS and Kofax Capture, KnowledgeTree is answering the needs of the enterprise user'..."
See also: the KnowledgeTree CMIS Wiki
XML Daily Newslink and Cover Pages sponsored by:
|Sun Microsystems, Inc.||http://sun.com|
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: firstname.lastname@example.org
Newsletter unsubscribe: email@example.com
Newsletter help: firstname.lastname@example.org
Cover Pages: http://xml.coverpages.org/