Cover Pages: XML Daily Newslink: Thursday, 25 February 2010

A Cover Pages Publication http://xml.coverpages.org/
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
Sun Microsystems, Inc. http://sun.com

Headlines

OASIS SAF Technical Committee Publishes Clarified Charter
W3C Proposed Recommendation: XML Linking Language (XLink) Version 1.1
Universal Core Data Standard Gains Traction for Intelligence Sharing
OASIS Security Standards Interoperability Demo Showcase: XSPA, IMI, KMIP
quFiles: The Right File at the Right Time

OASIS SAF Technical Committee Publishes Clarified Charter
Staff, OASIS Announcement

Members of the OASIS Symptoms Automation Framework (SAF) Technical Committee have produced a clarified TC Charter which refines the statement or goals and work. "The aim of the Symptoms Automation Framework is to integrate information and processes across the organization and/or cloud-enabled services in a more holistic way by defining, enhancing, and maintaining a standard XML-based framework that will enable the collection, detection, isolation, and remediation/optimization of the operational or business characteristics of complex systems with applicability to both IT and non-IT domains including operational and service management, governance, and security.

The clarified charter describes the relevance of the TC work to cloud computing: "Applications, services, and processes hosted in the cloud tend to have even more "moving parts and layers" than when more traditionally distributed and deployed. In fact, adding the extra layers of abstraction across multiple vendors and domains will likely increase the cost of support and optimization without a standard like SAF to enable a more automated approach. SAF supports not only the autonomic management of individual layers in the Cloud deployment stack, i.e. IaaS, PaaS, SaaS, but also it facilitates the communication of problem (and optimization) information across the boundaries. For example, a Symptoms enabled PaaS could accept application level information from a SaaS to optimize provisioning at the IaaS level..."

The 'Symptoms' approach differs from traditional rule-based systems in that SAF utilizes two types of rules: (1) pattern recognition signatures, and (2) automated action directives. These "rules" differ from traditional systems in their ability to handle partial information, consider event adjacency, decouple recognition from actions, and achieve interoperability.

This TC effort will deliver on the following high-level goals: Ensure that the specifications can be applied to various sources of event data, enabling a methodology to perform pattern matching, diagnostics, and analysis in order to achieve a timely and accurate resolution of a wide range of IT and non-IT situations. Provide an implementation agnostic architecture to support both online processing and offline operations... The output specifications will uphold the basic principles of specifications in terms of independence and composition. Each of the elements of the symptoms information model will use implementation and language neutral XML formats defined in XML Schema. The TC will not define a mapping of the functions and elements described in the specifications to any programming language, to any particular messaging middleware, nor to specific network transports..."

W3C Proposed Recommendation: XML Linking Language (XLink) Version 1.1
Steve DeRose, Eve Maler, David Orchard, Norman Walsh (eds), W3C Technical Report

The W3C XML Core Working Group has published a Proposed Recommendation for XML Linking Language (XLink) Version 1.1, together with an Implementation Report for XLink 1.1 which lists preliminary implementation feedback about XLink 1.1 implementations. Though the previous version of this document was a Last Call Working Draft, there was an earlier Candidate Recommendation version of this document that has already resulting in successful implementation feedback. Given that the changes to this draft do not affect the validity of that earlier implementation feedback, the Working Group is now publishing this version as a Proposed Recommendation. The review period ends on 31-March-2010.

This specification implements all of the XLink 1.1 requirements documented in the Working Group Note "Extending XLink 1.0". These changes make XLink more useful in the places where it is already being used and make it practical in a variety of similar vocabularies. Proposed Changes in the Note included making simple XLinks an application-level default (any element with an 'xlink:href' attribute that does not specify a link type should be treated as a simple link), explicitly reserving all attributes in the XLink namespace, supporting IRIs, and providing sample non-normative XML Schema and RELAX NG Grammars.

XML Linking Language (XLink) Version 1.1 allows elements to be inserted into XML documents in order to create and describe links between resources. It uses XML syntax to create structures that can describe links similar to the simple unidirectional hyperlinks of today's HTML, as well as more sophisticated links. An important application of XLink is in hypermedia systems that have hyperlinks. A simple case of a hyperlink is an HTML A element, which has these characteristics: (1) The hyperlink uses IRIs as its locator technology; (2) The hyperlink is expressed at one of its two ends; (3) The hyperlink identifies the other end—although a server may have great freedom in finding or dynamically creating that destination; (4) Users can initiate traversal only from the end where the hyperlink is expressed to the other end; (5) The hyperlink's effect on windows, frames, go-back lists, style sheets in use, and so on is determined by user agents, not by the hyperlink itself. For example, traversal of 'A' links normally replaces the current view, perhaps with a user option to open a new window. This set of characteristics is powerful, but the model that underlies them limits the range of possible hyperlink functionality. The model defined in this specification shares with HTML the use of IRI technology, but goes beyond HTML in offering features, previously available only in dedicated hypermedia systems, that make hyperlinking more scalable and flexible. Along with providing linking data structures, XLink provides a minimal link behavior model; higher-level applications layered on XLink will often specify alternate or more sophisticated rendering and processing treatments..."

Universal Core Data Standard Gains Traction for Intelligence Sharing
Sean Gallagher, Defense Systems

Information sharing has been repeatedly identified as a critical requirement of both joint operations within the U.S. Defense Department and interagency cooperation across the federal government. In 2007, DOD and the U.S. intelligence community convened a task force to examine ways to make information sharing between services and agencies more seamless. Three years later, the initiative is beginning to bear fruit. In March 2009, the UCore Interagency Information Sharing Initiative released the second version of Universal Core (UCore), an Extensible Markup Language-based (XML) data structure designed to provide a standard way to share intelligence information across agencies.

In the year since its release, UCore has gained nearly 3,000 registered users, according to Dan Green, data strategy technical process owner at the Space and Naval Warfare Systems Command and former federal co-lead of the UCore Interagency Information Sharing Initiative.

UCore 2.0's data model consists of five primary parts. The first is a common vocabulary for the most commonly exchanged information concepts: 'who, what, when and where'; Green said: 'We took those concepts and burrowed them down into things that were codable—time, location and entities'. The data model also defines a message framework. The message can carry additional information for more context, including unstructured text data, such as narrative content about the person or thing being tracked. The framework wraps the rest of the data so it can be encapsulated and rendered the same way between various machines... The message framework is designed to be transport agnostic, according to Brian Freeman of Mitre and the UCore chief engineer at SPAWAR. The information in UCore could be transported via the Simple Object Access Protocol, provided as a Representational State Transfer-type service, or come across an enterprise service bus. UCore also includes security markings that can define which elements of information can pass outside a secure network...

To help enterprise search tools easily find UCore content, the standard provides a model for metadata, too. The metadata model incorporates the DOD Discovery Metadata Specification so that data sources can be indexed and searched across the DOD enterprise. And the UCore team continues to work to make sure UCore-based information assets can be easily discovered through catalogs and search... To promote adoption of UCore, Version 2.0 provides guidance so that users can extend the data model to add new elements. The developers created naming and design rules for those concepts so users can define the attributes and values that can be used within the XML specification..."

See also: the UCore web site

OASIS Security Standards Interoperability Demo Showcase: XSPA, IMI, KMIP
Staff, OASIS Announcement

An OASIS Security Standards Interoperability Demo Showcase is planned for the RSA 2010 (March 1-5, 2010, Moscone Center, San Francisco, California), OASIS Booth 2545. Members of OASIS showcase interoperable products that support security standards, including Cross-Enterprise Security and Privacy Authorization (XSPA), Identity Metasystem Interoperability (IMI), and Key Management Interoperability Protocol (KMIP). Demo participants were scheduled to include: CA, Inc., General Services Administration, Hewlett Packard, IBM, Information Card Foundation, Jericho Systems, Microsoft, Novell, SafeNet, Inc., Sun Microsystems, U.S. Department of Defense, U.S. Department of Veterans Affairs.

The OASIS Key Management Interoperability Protocol (KMIP) V1.0 interop demonstration "will show client programs implemented by HP, IBM, and Safenet using the KMIP v1.0 protocol, and communicating securely with key management servers implemented by HP and IBM. The clients and servers will demonstrate essential key management use cases such as generating cryptographic keys, locating existing keys, retrieving, registering, and deleting keys. This OASIS KMIP demo provides an excellent opportunity for vendors and end-users to see KMIP in practice, demonstrating the value of a standard comprehensive protocol for enterprise key management operations in multi-vendor environments."

The OASIS Identity Metasystem (IMI) V1.0 specification and the profile developed by the US Government (GSA/ICAM) "will be demonstrated. The IMI interop demonstration will show relying party software implemented by CA, Microsoft, and Novel using the IMI v1.0 protocol, in accordance with the US Government profile. Multiple Information Card Foundation (ICF) members will also be issuing IMI based cards during the demonstration. Card selector software from Microsoft and others will be used to provide users access to a number of government sites with commercially issued identities using the ICAM profile of IMI 1.0."

XSPA demo: The XSPA TC was chartered to specify sets of stable open OASIS standards and interoperability profiles, and create other standards or profiles as needed, to support secure and private exchange of healthcare information. Work to date supports and has been accepted by the U.S. Department of Health and Human Services Health Information Technology Standards Panel (HITSP) Access Control Transaction Package specification TP20, including access control capabilities required to support the HITSP Manage Consent Directive Package specification TP30. This includes the exchange of access control decision information such as requestor identity, role data, location that can be used by healthcare providers to enforce permitted operations on resources and associated conditions and obligations. The OASIS standards and profiles provide advanced security, privacy and integrity of sensitive patient data end to end."

quFiles: The Right File at the Right Time
Kaushik Veeraraghavan, Jason Flinn, Edmund Nightingale; FAST 2010 Paper

This paper was delivered at the Eighth USENIX Conference on File and Storage Technologies, held February 23-26, 2010, in San Jose, CA. FAST '10 brought together storage system researchers and practitioners to explore new directions in the design, implementation, evaluation, and deployment of storage systems.

Excerpts: "A quFile is a unifying abstraction that simplifies data management by encapsulating different physical representations of the same logical data. Similar to a quBit (quantum bit), the particular representation of the logical data displayed by a quFile is not determined until the moment it is needed. The representation returned by a quFile is specified by a data-specific policy that can take into account context such as the application requesting the data, the device on which data is accessed, screen size, and battery status. We demonstrate the generality of the quFile abstraction by using it to implement six case studies: resource management, copy-on-write versioning, data redaction, resource-aware directories, application-aware adaptation, and platform-specific encoding. Most quFile policies were expressed using less than one hundred lines of code. Our experimental results show that, with caching and other performance optimizations, quFiles add less than 1% overhead to applicationlevel file system benchmarks...

Security (context-aware data redaction): Mobile computers may be used at any location, including those that are insecure. For this reason, information scrubbing has been proposed to protect, isolate and constrain private data on mobile devices... We first created a quFile-aware utility that redacts XML files containing sensitive data. This utility is notified when files that may contain sensitive data are added to the file system. While our utility can redact any XML file using type-specific rules, we currently use it only for GnuCash, a personal finance program that stores data in a binary XML format. GnuCash runs on Linux and is compatible with the Quicken Interchange Format. Our utility parses each GnuCash file and generates a redacted version. The general-purpose redactor uses the Xerces XML parser to apply type-specific transformation rules that obfuscate sensitive data. Our current rules obfuscate details such as account numbers, transaction details and dates, but leave the balances visible. Finally, the utility creates a quFile and moves both the original and redacted files into the quFile using its raw view. The redactor generates these two static representations each time the file is modified. When an application reads this quFile, our contextaware declassification policy determines the location of the mobile computer using a modified version of Place Lab. If the computer is at a trusted location, as specified by a configuration file, the original version is returned. Otherwise the redacted version is displayed...

The quFile abstraction simplifies data management by providing a common mechanismfor selecting one of several possible representations of the same logical data depending on the context in which it is accessed. A quFile also encapsulates the messy details of generating and storing multiple representations and the policies for selecting among them. We have shown the generality of quFiles by implementing six case studies that use them..."


SEARCH \| ABOUT \| INDEX \| NEWS \| CORE STANDARDS \| TECHNOLOGY REPORTS \| EVENTS \| LIBRARY

Headlines

Sponsors