This issue of XML Daily Newslink is sponsored by:
ISIS Papyrus http://www.isis-papyrus.com
- CMIS Version 1.0 Submitted for Consideration as an OASIS Standard
- Chemistry and OpenCMIS Technical Comparison
- Extension U for BCP 47 - Tags for Identifying Languages
- W3C First Public Working Draft: The Capture API
- ISIS Papyrus: Newest OASIS Foundational Sponsor Supporting Open Standards
- Researchers Find Security Holes in Smart Meters
- Engine Yard Offers Professional JRuby Developer Support
CMIS Version 1.0 Submitted for Consideration as an OASIS Standard
Staff, OASIS Announcement
Members of the OASIS Content Management Interoperability Services (CMIS) Technical Committee have submitted an approved 'Committee Specification 01' of the Content Management Interoperability Services (CMIS) Version 1.0 for consideration as an OASIS Standard. Voting on CMIS V1.0 by the OASIS membership has been scheduled to take place April 16 through April 30, 2010. Statements of successful use for the specification have been provided by John Newton (Alfresco), Martin Hermes (SAP), and Florent Guillaume (Nuxeo).
CMIS 1.0 was edited by Al Brown (IBM), Ethan Gur-Esh (Microsoft), Ryan McVeigh (Oracle), and Florian Mueller (OpenText), and was produced by members of the CMIS TC under TC Chair David Choy (EMC). An initial 60-day public review of CMIS 1.0 was held 23-October-2009 through 22-December-2009; a second 15-day public review was held 28-January-2010 through 12-February-2010.
The Content Management Interoperability Services (CMIS) standard "defines a domain model and Web Services and Restful AtomPub bindings that can be used by applications to work with one or more Content Management repositories/systems. The CMIS interface is designed to be layered on top of existing Content Management systems and their existing programmatic interfaces. It is not intended to prescribe how specific features should be implemented within those CM systems, not to exhaustively expose all of the CM system's capabilities through the CMIS interfaces. Rather, it is intended to define a generic/universal set of capabilities provided by a CM system and a set of services for working with those capabilities.
CMIS is functionally similar to JCR (Content Repository for Java) and WebDAV. JSR 170 (aka JCR 1.0) and JSR 283 (aka JCR 2.0), developed under the Java Community Process (JCP), also define an interoperable interface for content management systems...JCR is a Java API, whereas CMIS is a protocol-layer interface. The two interfaces can be complementary to each other. For example, a CMIS interface may be layered on top of a JCR repository to provide interoperability between JCR and non-JCR (or non-Java) repositories. JCR prescribes certain behaviors of a content management system and defines an interface that is fairly functionally complete. CMIS describes a set of basic concepts and functions that can be easily layered on top of existing content management systems for interoperability, but full functionality is not a design goal for CMIS. WebDAV, developed under the Internet Engineering Task Force (IETF), is a set of HTTP extensions offering some capabilities similar to CMIS's. CMIS supports multiple network protocols. Its AtomPub protocol binding uses the GET, PUT, POST, and DELETE methods of HTTP but not the WebDAV extensions. Some CMIS concepts such as typed object, peer-to-peer relationship, rendition, and administrative policy, are not supported by WebDAV. CMIS supports a simpler versioning model which can be more easily mapped to a content management system's versioning capability than WebDAV's versioning capability (defined by the IETF Delta-V Working Group) can..."
Chemistry and OpenCMIS Technical Comparison
Florent Guillaume, Florian Müller (et al), Apache CMIS Project Report
Numerous commercial and open source implementations of the draft CMIS 1.0 specification are now available. "Apache Chemistry consists of two separate Java projects: Chemistry and OpenCMIS... Chemistry's goal is to provide general purposes libraries for interaction using Content Management Interoperability Services (CMIS) between a server and a client. Chemistry provides a high level object-oriented API so that an application developer can manipulate objects like documents or folders and can call simple methods on them without having to deal with details of a specific low-level communication transport. In addition to that, Chemistry also provides a SPI (Service Provider Interface) for backend developers, making it quite easy to use Chemistry to store documents in a project-specific manner. The SPI can also be used by the application developer if he wishes to get to the 'bare metal' of the CMIS protocol. Underlying this, Chemistry has implementations for the two CMIS transports, AtomPub and SOAP.
OpenCMIS is a collection of Java libraries, frameworks and tools around the CMIS specification. The aim of OpenCMIS is make CMIS simple for Java client and server developers. It hides the binding details and provides APIs and SPIs on different abstraction levels. It also includes test tools for content repository developers and client application developers...
The document "Chemistry and OpenCMIS Technical Comparison" provides a (draft) technical comparison of the interfaces and classes present in both Chemistry and OpenCMIS... In Chemistry the session and the Connection are the same thing. The connection has different implementations depending on the way it's connected to an underlying protocol. The connection implements methods from the high-level API, and also gives access to the low-level SPI implementing different methods. In OpenCMIS the Session is a semi-generic context-like object (PersistentSessionImpl). Eventually, there will be two Session implementations. In the persistent model (almost) all changes are immediately passed to the repository. In the transient model all changes are cached until save() is called on the Session object. A Session can be "connected" using parameters to instantiate internally a low-level provider (CmisProvider). The provider holds configuration parameters that enable it to create a low-level SPI through a CmisSpiFactory. Through the SPI you can get to the various SPI Service implementations.
In Chemistry you get to a repository instance based on general repository parameters, and from it you can open connections with a username and password. The repository instance can be introspected (types, etc) without opening a session. In OpenCMIS, you get a session factory, from which you open a session, from which you can get to the repository info (types, etc.). All connection parameters are passed to the createSession() method, including repository URL..."
See also: the OASIS CMIS TC web site
Extension U for BCP 47 - Tags for Identifying Languages
Mark Davis, Addison Phillips, Yoshito Umaoka (eds), IETF Internet Draft
A specification BCP 47 Extension U has been published by the Internet Engineering Task Force (IETF). This document specifies an Extension to BCP 47 which provides subtags that specify language and/or locale-based behavior or refinements to language tags, according to work done by the Unicode Consortium.
IETF Request for Comments #5646 Tags for Identifying Languages (Best Current Practice 47) 'describes the structure, content, construction, and semantics of language tags for use in cases where it is desirable to indicate the language used in an information object. It also describes how to register values for use in language tags and the creation of user-defined extensions for private interchange. The language of an information item or a user's language preferences often need to be identified so that appropriate processing can be applied. For example, the user's language preferences in a Web browser can be used to select Web pages appropriately. Language information can also be used to select among tools (such as dictionaries) to assist in the processing or understanding of content in different languages. Knowledge about the particular language used by some piece of information content might be useful or even required by some types of processing, for example, spell-checking, computer- synthesized speech, Braille transcription, or high-quality print renderings. One means of indicating the language used is by labeling the information content with an identifier or 'tag'. These tags can also be used to specify the user's preferences when selecting information content or to label additional attributes of content and associated resources..."
The Unicode Consortium defines a standardized, structured set of locale data and identifiers for locale data in the 'Common Locale Data Repository' or 'CLDR'. The maintaining authority for the extension defined by this document is the Unicode Consortium. The specification of extension subtags is provided by Section 3, Key Type Definitions of Unicode Technical Standard #35: Unicode Locale Data Markup Language (UTS 35). As required by BCP 47, subtags follow the language tag ABNF and other rules for the formation of language tags and subtags, are restricted to the ASCII letters and digits, are not case sensitive, and do not exceed eight characters in length. LDML specifies a canonical representation, and the LDML specification is available over the Internet and at no cost, and is available via a royalty-free license LDML is versioned, and each version of LDML is numbered, dated, and stable. Extension subtags, once defined by LDML, are never retracted or change in meaning in a substantial way.
The subtags available for use in the 'u' extension consist of a set of attributes, keys, and types. Attributes, keys, types, and their respective meanings are defined in Section 3 (Unicode Language and Locale Identifiers) of Unicode UTS 35, where: (a) an 'attribute' is a subtag with a length of three or more characters following the singleton and preceding any 'keyword' sequences. No attributes were defined at the time of this document's publication; (b) a 'keyword' is a sequence of subtags consisting of a 'key' subtag, followed by zero or more 'type' subtags. Each 'key' MUST be unique within the extension. The order of the 'type' subtags within a 'keyword' is sometimes significant to their interpretation. Note that 'keys' can appear without a subsequent 'type' subtag... As to canonicalization: case is not significant. The canonical form for all subtags in the extension is lowercase. The canonical order of attributes is in US-ASCII order (that is, numbers before letters, with letters sorted as lowercase US-ASCII code points). The canonical order of keywords is in US-ASCII order by key. The order of subtags within a keyword is significant; the meaning of this extension is altered if those subtags are rearranged. Thus, the canonical form of the extension never reorders the subtags within a keyword..."
W3C First Public Working Draft: The Capture API
Dzung Tran, Ilkka Oksanen, Ingmar Kliche (eds), W3C Technical Report
The W3C Device APIs and Policy Working Group has published a First Public Working Draft for The Capture API, which defines an Application Programming Interface (API) supporting access to the audio, image and video capture capabilities of a device.
The Capture API defines a high-level interface for accessing the microphone and camera of a hosting device. Examples: (1) launching a device camera application and retrieving the pictures taken; (2) retrieving image sizes and formats supported by hosting device camera.
The API defined in this specification launches the capture application which allows the user to take pictures, record voice or record video and provides a handle to the content. This information can potentially compromise user privacy and a conforming implementation of this specification must provide a mechanism that protects the user's privacy and this mechanism should ensure that such operations must be authenticated... [So] a conforming implementation of this specification must provide a mechanism that protects the user's privacy and this mechanism should ensure that privacy information is not revealed without user's informed consent...
The W3C Device APIs and Policy Working Group was chartered to create client-side APIs that enable the development of Web Applications and Web Widgets that interact with devices services such as Calendar, Contacts, Camera, etc. Additionally, the group will produce a framework for the expression of security policies that govern access to security-critical APIs..."
ISIS Papyrus: Newest OASIS Foundational Sponsor Supporting Open Standards
Staff, OASIS Announcement
"OASIS now welcomes ISIS Papyrus, a provider of process and content management software solutions, as its newest Foundational Sponsor. ISIS Papyrus joins IBM, Microsoft, Oracle, and Primeton in supporting the mission of OASIS at the highest level.
'ISIS Papyrus is demonstrating its leadership and commitment to advancing open standards. Their support makes it possible for OASIS to promote interoperability, lower cost and provide more freedom of choice for users,' said Laurent Liscia, executive director of OASIS. 'As a not-for-profit consortium, OASIS relies on Foundational Sponsors like ISIS Papyrus to ensure that all those affected by standards have a voice in their development. We applaud ISIS Papyrus for its role in making this possible.'
ISIS Papyrus will apply its expertise in content management and adaptive process technologies with participation in several OASIS standards initiatives, including the Content Management Interoperability Services (CMIS) Technical Committee and the Darwin Information Typing Architecture (DITA) Technical Committee, with others to be determined.
'Over the years, we have repeatedly experienced the necessity for open standards when installing the Papyrus Platform as the umbrella user front end for financial institutions that need to backend-connect a number of silo applications,' said Max J. Pucher, chief architect at ISIS Papyrus. 'We look forward to advancing open standards related to content and process management as well as security and chose to work with OASIS as the leading standards organization in these areas'..."
See also: the ISIS announcement
Researchers Find Security Holes in Smart Meters
Martin LaMonica, CNET News.com
"Security consulting company InGuardians was hired by three utilities to test the vulnerability of smart meters from five manufacturers and the systems used to manage them, according to an Associated Press report. The company has found holes in two-way meters that could allow a person with a laptop to tap into the communications between people's homes and utility companies. The test results showed that smart meters, which create a network link between customers and utilities, have a number of potential vulnerabilities that could lead to scenarios such as a criminal remotely turning someone's power on or off, according to the AP report..
The communications standard used by smart meters, in particular, was an area that was a cause for concern, according to Joshua Wright, a senior security analyst with InGuardians. If criminals are able to tap into the network, they could potentially doctor another person's bills or even stage bigger attacks on the grid, according to the report. InGuardians has published a number of research papers on vulnerabilities in power grid security. They cover topics such as the security of Zigbee, the wireless standard used by some smart meters for in-home communications, as well as an 'attack methodology' for two-way meters.
Security researchers have said that smart-grid technologies need to have security designed into them from ground up. Right now, the National Institute of Standards and Technology (NIST) is leading an effort in the U.S. to agree on a number of smart-grid standards, with security being one of the high-priority items...
Engine Yard Offers Professional JRuby Developer Support
Darryl K. Taft, eWEEK
'Engine Yard, a provider of a cloud computing platform for Ruby and Ruby on Rails applications, has announced a new professional support offering for JRuby developers. With the core JRuby team now residing at Engine Yard, the company is now providing an industry first in delivering professional services for JRuby developers. JRuby is an implementation of Ruby that runs on top of the Java Virtual Machine (JVM).
JRuby allows Java developers to use Ruby to efficiently expand the capabilities of Java applications, or create entirely new applications that leverage an existing investment in Java. By utilizing professional support for JRuby, customers can take advantage of Engine Yard's world-class Ruby, Rails and JRuby experts to accelerate success of their projects. Enebo, JRuby co-lead Charles Nutter and JRuby developer Nick Sieger, among others, joined Engine Yard from then Sun Microsystems last August...
A Java implementation of the Ruby programming language, JRuby allows organizations to build secure, high-performance application functionality with Ruby while utilizing existing Java code and the JVM, Engine Yard said: JRuby, Ruby on Rails, and the JVM provide a razor sharp tool set to deliver SOA to existing Java applications, along with rapid development of new applications. Combined with our support offering, enterprises will realize a greater ROI on their Java investments... Java-based enterprises demand commercial support for any technology they use...
XML Daily Newslink and Cover Pages sponsored by:
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: firstname.lastname@example.org
Newsletter unsubscribe: email@example.com
Newsletter help: firstname.lastname@example.org
Cover Pages: http://xml.coverpages.org/