This issue of XML Daily Newslink is sponsored by:
Microsoft Corporation http://www.microsoft.com
- W3C Proposed Edited Recommendation for XHTML Modularization 1.1
- Public Draft of Next Generation of ISO Schematron Available for Comment
- Public Review: SAML V2.0 Kerberos Web Browser SSO Profile Version 1.0
- A Uniform Resource Identifier for Geographic Locations ('geo' URI)
- Enterprises See Risks In Cloud
- Agility and Architecture: Can They Coexist?
W3C Proposed Edited Recommendation for XHTML Modularization 1.1
Daniel Austin, Subramanian Peruvemba, Shane McCarron, Masayasu Ishikawa (eds), W3C PER
A W3C Proposed Edited Recommendation has been published for XHTML Modularization 1.1 - Second Edition. This document has been produced by the W3C XHTML 2 Working Group as part of the HTML Activity. Public comment is invoted through May 12, 2010.
If approved, this specification will supersede the previous edition of XHTML Modularization 1.1. It reflects minor corrections to ensure consistency among various markup languages that rely upon XHTML Modularization. Most significant among these are: (1) Changing the datatype of the 'class' attribute so that it permits an empty value -- historically the class attribute was permitted to be empty. (2) Moving the 'name' attribute for the 'form' and 'img' elements out of the legacy module and into their base modules — this attribute is required for some scripting constructs. (3) Changing the datatype for the 'usemap' attribute from 'IDREF' to 'URIREF' — most user agents require that map references be relative URIs that are local to the document...
This document represents the second edition of version 1.1 of XHTML Modularization, an abstract modularization of XHTML and implementations of the abstraction using XML Document Type Definitions (DTDs) and XML Schemas. This modularization provides a means for subsetting and extending XHTML, a feature needed for extending XHTML's reach onto emerging platforms. This specification is intended for use by language designers as they construct new XHTML Family Markup Languages. This specification does not define the semantics of elements and attributes, only how those elements and attributes are assembled into modules, and from those modules into markup languages. This update includes several minor updates to provide clarifications and address errors found in version 1.1...
The use of standards is critical for modularized XHTML to be successful on a large scale. It is not economically feasible for content developers to tailor content to each and every permutation of XHTML elements. By specifying a standard, either software processes can autonomously tailor content to a device, or the device can automatically load the software required to process a module. Modularization also allows for the extension of XHTML's layout and presentation capabilities, using the extensibility of XML, without breaking the XHTML standard. This development path provides a stable, useful, and implementable framework for content developers and publishers to manage the rapid pace of technological change on the Web..."
See also: the W3C HTML Working Group
Public Draft of Next Generation of ISO Schematron Available for Comment
Rick Jelliffe, O'Reilly Technical
The Committee Draft (CD) of the new version of ISO Schematron is now available at the ISO/IEC JTC1 SC34 SC34 Website: ISO/IEC CD 19757-3. Information Technology — Document Schema Definition Languages (DSDL) — Part 3: Rule-based Validation — Schematron. In the JTC1 workflow, this is the version that National Bodies comment on over the next three months... After the ballot, we resolve any comments and put out a Final Draft International Standard (FDIS)... Then this FDIS gets voted on again. So it now is looking like 1Q2011 before the new version gets on the books at earliest: five years between versions seems healthy... All the features of the CD are already in the popular skeleton implementation at www.schematron.com, which has superceded my old Schematron 1.5 implementation at Academia Sinica; please use ISO Schematron for new projects...
New features of the draft: (1) Modularity: The 2006 standard had an include element however it was not very useful: it just stuck the external XML file and fragment inline. The 2010 CD enhances the extends element, which substitutes the contents of the located file and fragment; this simple macro mechanism allows containers without the complication of SD-style components. (2) Properties: The CD has a new Annex L, which gives many examples of what properties can be used for. Properties also provide a way of adding non-Schematron constraints, such as CRDL character repertoire typing. (3) XSLT2 and EXSLT: Schematron is not limited to using XSLT1, but the schemas can select which query language binding they use. The 2006 standard reserved several names for this purpose. The two most popular are XSLT2 and EXST, so the CD defines bindings for these...
(4) Structure Variables: The CD follows XSLT and also allows the value of a variable to be given in its content, which could include any arbitrary element content. (5) Support for Document Collections: The advent of the XML-in-ZIP formats has brought to a head the trend in XML away from single large documents towards smaller linked documents. But this changed has reduced the utility of validation: patterns may be distributed between documents! The 2006 standard already allowed the 'document()' function, which allowed an assertion or variable to access information in an external document, however the rule contexts were always the document being validated. In the CD, the pattern element may have a documents attribute that can have an XPath expression that evaluates to a list of URLs. The pattern is tested on each of these documents in turn...
On this last feature, there is a suggestion that the mooted ISO ZIP standard should provide a simple solution to the multiple-document XML-in-ZIP validation problem: a kind of reverse structure to NVDL which creates a temporary synthetic XML document containing the ZIP directory structure and any XML files put inline: this would allow a single conventional schema to validate the whole XML-in-ZIP document even with grammars, and it would interact with NVDL well..."
See also: the Schematron web site
Public Review: SAML V2.0 Kerberos Web Browser SSO Profile Version 1.0
Josh Howlett, Thomas Hardjono, Nate Klingenstein, Tom Scavo (eds), OASIS PRD
Members of the OASIS Security Services (SAML) Technical Committee have published Committee Draft 01 of the specification SAML V2.0 Kerberos Web Browser SSO Profile Version 1.0 for public review through June 15, 2010. The SAML V2.0 Kerberos Web Browser SSO Profile allows for transport of assertions using the Kerberos subject confirmation method by standard HTTP user agents with no modification of client software and maximum compatibility with existing deployments. The flow is similar to standard Web Browser SSO, but a Kerberos AP-REQ message is presented by the user agent via the HTTP Negotiate authentication scheme and the Kerberos GSS-API mechanism. The presentation of a valid Kerberos AP-REQ message whose client principal name matches the principal name given in the subject confirmation strengthens the assurance of the resulting authentication context and protects against credential theft.
In the scenario addressed by this profile, which is an alternate version of the SAML V2.0 Web Browser SSO Profile , a principal uses an HTTP user agent to access a web-based resource at a service provider. To do so, the user agent presents a SAML assertion that uses Kerberos subject confirmation acquired from its preferred identity provider.
The user may first acquire an authentication request from the service provider or a third party. The identity provider authenticates the principal by any method of its choosing and then produces a response containing at least one assertion using Kerberos subject confirmation and an authentication statement for the user agent to transport to the service provider. A Kerberos (RFC 4120) AP-REQ message, supplied through the HTTP Negotiate authentication scheme (RFC 4559) and the Kerberos GSS-API mechanism (RFC 4121), proves the attesting entity's authorization to wield the Kerberos principal name bound to the assertion's Kerberos subject confirmation. Finally, the service provider consumes the assertion to create a security context for the principal.
In this document a profile of the SAML Authentication Request Protocol is used in conjunction with an HTTP binding. It is assumed that the user wields an HTTP user agent, such as a standard web browser, capable of presenting a Kerberos AP-REQ using with the HTTP Negotiate authentication scheme and the Kerberos GSS-API mechanism.
A Uniform Resource Identifier for Geographic Locations ('geo' URI)
Alexander Mayrhofer and Christian Spanring (eds), IETF Internet Draft
The Internet Engineering Steering Group (IESG) announced the approval of A Uniform Resource Identifier for Geographic Locations ('geo' URI) as an IETF Proposed Standard. The specification was produced by members of the IETF Geographic Location/Privacy (GEOPRIV) Working Group. There is strong consensus in the working group that this document is a useful and user-friendly way to transmit location information. The document has been reviewed by key participants from the GEOPRIV and Open Geospatial Consortium (OGC) communities.
The document specifies a Uniform Resource Identifier (URI) for geographic locations using the 'geo' scheme name. A 'geo' URI identifies a physical location in a two- or three-dimensional coordinate reference system in a compact, simple, human-readable, and protocol-independent way. The default coordinate reference system used is WGS-84. Geographic locations in this document are defined using WGS-84 (World Geodetic System 1984), equivalent to the International Association of Oil & Gas Producers (OGP) Surveying and Positioning Committee EPSG (European Petroleum Survey Group) code 4326 (2 dimensions) and 4979 (3 dimensions).
Rationale: "An increasing number of Internet protocols and data formats are extended by specifications for adding spatial (geographic) location. In most cases, latitude as well as longitude of simple points are added as new attributes to existing data structures. However, all those methods are very specific to a certain data format or protocol, and don't provide a protocol-independent, compact and generic way to refer to a physical geographic location...
Location-aware applications and location-based services are fast emerging on the Internet. Most web search engines use geographic information, and a vivid open source mapping community has brought an enormous momentum into location aware technology. A wide range of tools and data sets which formerly were accessible to professionals only have became available to a wider audience. The 'geo' URI scheme is another step into that direction and aims to facilitate, support and standardize the problem of location identification in geospatial services and applications... For the sake of usability, the definition of the URI scheme is strictly focused on the simplest, but also most common representation of a spatial location — a single point in a well known CRS. The provision of more complex geometries or locations described by civic addresses is out of scope of this document..."
Enterprises See Risks In Cloud
W. David Gardner, InformationWeek
"'Cloud infrastructures aren't yet reliable or secure enough for mission critical applications' (users say in survey)... 'Would you move your mission critical apps to the cloud?' That was essentially the question Unisys asked 120 enterprise users in an online poll in an effort to determine what they thought about the risks of moving their various applications to the cloud.
A total of 46% of the respondents said they would start moving applications to the cloud with development/test and support workloads. Another 22% cited disaster recovery — an important app but one that's not considered mission critical — and said they would start the shift to cloud computing with it. An additional 17% said they would move quality assurance and pre-production systems before shifting other apps to the cloud.
In sharp contrast, core production workloads like enterprise requirements planning were cited by just 15% of the respondents, who cited those mission critical apps as candidates for early shifting to the cloud.
Colin Lacey, Unisys VP of solutions and services: 'The respondents are skeptical that the cloud infrastructure used by commodity providers can stand up to the stringent service levels that enterprise workloads require. Plus, they are often concerned about entrusting those applications to a third party without assurance that the data could be kept secure... The poll results showed enterprise users are still reluctant to give up control of their complex applications and sensitive information. The enterprise users also believe that cost management and operational efficiency of their IT operations can be improved by cloud computing'..."
See also: the Unisys announcement
Agility and Architecture: Can They Coexist?
P. Abrahamsson, M. Ali Babar, P. Kruchten (eds); IEEE Software
"Agile development has significantly impacted industrial software development practices. However, despite its wide popularity, there's an increasing perplexity about software architecture's role and importance in agile approaches. Advocates of architecture's vital role in achieving quality goals for large software-intensive systems doubt the scalability of any development approach that doesn't pay sufficient attention to architecture. This especially applies to domains such as automobiles, telecommunications, finance, and medical devices. Companies where architectural practices are well developed often tend to see agile practices as amateurish, unproven, and limited to very small Web-based sociotechnical systems.
Conversely, proponents of agile approaches usually see little value for a system's customers in the upfront design and evaluation of architecture. They perceive software architecture as something from the past, equating it with big design up-front (BDUF) — a bad thing -- leading to massive documentation and implementation of YAGNI (you ain't gonna need it) features. They believe that architectural design has little value, that a metaphor should suffice in most cases, and that the architecture should emerge gradually sprint after sprint, as a result of successive small refactoring...
Any debate, discussion, or effort to assess the necessity of combining agile and architecture should start with questions such as: Are these views contradictory, opposing, or complementary? Do the proclaimed dichotomies between agile and architecture have any truth? What steps will let project teams benefit from the best of both by ignoring unnecessary values or requirements? [...]
XML Daily Newslink and Cover Pages sponsored by:
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: firstname.lastname@example.org
Newsletter unsubscribe: email@example.com
Newsletter help: firstname.lastname@example.org
Cover Pages: http://xml.coverpages.org/