The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Last modified: June 07, 2010
XML Daily Newslink. Monday, 07 June 2010

A Cover Pages Publication
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
Oracle Corporation

Atom Link Extensions Specification: etag, modified, accessed, media
James M. Snell (ed), IETF Internet Draft

An updated IETF Internet Draft for the Atom Link Extensions memo includes support for an 'accessed' attribute for reference in other resources (e.g., time when the resource was accessed and at which time assertions are claimed to be true). The Atom Link Extensions specification has been created to add additional attributes to the Atom Syndication Format link and content elements that may be used to express additional metadata about linked resources.

The new 'accessed' Attribute specifies the most recent date and time when the resource identified by the atom:link or atom:content element was accessed. The value MUST conform to the 'date-time' production defined by RFC 3339. An uppercase 'T' character MUST be used to separate date and time, and an uppercase 'Z' character MUST be present in the absence of a numeric time zone offset. The 'accessed' attribute MAY appear as a child of the 'atom:link' and 'atom:content' elements. Signature: accessed = attribute accessed { xsd:dateTime }.

The 'etag' Attribute specifies an Entity Tag (per RFC 2616) for the resource identified by the atom:link or atom:content element as provided by the server hosting the resource. The 'etag' attribute MAY appear as a child of the atom:link and atom:content elements.

The 'modified' Attribute specifies the date and time when the resource identified by the atom:link or atom:content element was last modified. The value MUST conform to the "date-time" production defined by RFC 3339. An uppercase 'T' character MUST be used to separate date and time, and an uppercase 'Z' character MUST be present in the absence of a numeric time zone offset. The 'modified' attribute MAY appear as a child of the atom:link and atom:content elements. Signature: modified = attribute modified { xsd:dateTime }..."

See also: Atom references

Use XML Pattern Tools for Systems Analysis
Uche Ogbuji, IBM developerWorks

"It is now very common for real-world systems to transmit messages in XML formats through various flavors of Service-Oriented Architecture (SOA). Such systems often express business rules, vocabulary, classification, and descriptive systems in XML forms. Thus frequently, an important input into optimization efforts comes from pattern analysis of XML data sets and message statistics. In support of such analysis, the XML-savvy enterprise architect can find inexpensive and flexible ways to gather basic information to support Systems Optimization.

This article discusses conventions and techniques for applying the most effective XML processing practices in Operational Systems Analysis, organized around a selection of example scenarios. The most basic inputs to any systems optimization are patterns of actual usage. What operations are used the most? Are any patterns of parameters especially heavily used? These might be candidates for optimized resources or processing. In many modern, Internet-based systems, actual usage is represented by semi-structured messages over the wire, and these days it's common to have such messages represented in XML as SOAP Web services or XML messages HTTP POSTed to RESTful endpoints.

As Web APIs and social media penetrate the firewall directly and indirectly influence enterprise systems design, more of the information fueling systems is in formats amenable to semi-structured reporting tools, an important insight to consider as you prepare for the Monitor phase of Systems Optimization. At the same time, the globally decentralized nature of such modern systems makes it impractical to take a monolithic approach to systems analysis and optimization.

Operational Systems Analysis is a very important development in applying discipline for enterprise architects, as long as they realize that it's not possible to impose such discipline upon the real world. It is very important to have a flexible toolbox that you can reconfigure and redeploy to adapt to emerging scenarios..."

WSO2 Launches Open-Source Cloud Platform
John K. Waters, Application Development Trends

"Open-source middleware maker WSO2 has launched an open source cloud platform that should be of interest to enterprise Java developers. Called Stratos, it's a fully hosted application platform-as-a-service (PaaS) for building and deploying apps and services with instant provisioning of enterprise servers, including the portal, enterprise service bus (ESB) and application server... Stratos is built on top of the company's Carbon product, a service-oriented architecture (SOA) framework built on the OSGi specification. OSGi defines an architecture for developing and deploying modular applications and libraries; it's a real, dynamic component model for Java applications...

In a related announcement, WSO2 disclosed a new Cloud Partnership initiative aimed at SIs and infrastructure-as-a-service (IaaS) providers to streamline the development and deployment of applications and services that are fully optimized for enterprise clouds..."

From the announcement ('WSO2 Stratos Cloud Computing Platform for Enterprise Application Development'): "Because WSO2 Stratos is based on the open source WSO2 Carbon, applications can be migrated on premise, to a private cloud or to the public cloud. Not only does this provide unprecedented deployment flexibility, but for the first time, enterprises can smoothly and safely migrate to the cloud—without the complexity or fear of vendor lock-in.

WSO2 Stratos goes far beyond basic application frameworks to provide an enterprise cloud platform, which manages and deploys key services based on WSO2's production-quality runtime engines including: (1) ESB, based on WSO2 Enterprise Service Bus; (2) Portals, based on WSO2 Gadget Server; (3) Web applications and services, based on WSO2 Web Services Application Server; (4) Identity management, based on WSO2 Identity Server; (5) Governance and registry, based on WSO2 Governance Registry..."

See also: the announcement

Other Voices: An HTML5 Primer
Michael Mullany, DDJ

"With Google and Apple strongly supporting HTML5 as the solution for rich applications for the Internet, it's become the buzzword of the month—particularly after Google I/O. Given its hot currency, though, it's not surprising that the term is starting to become unhinged from reality. Already, we're starting to see job postings requiring 'HTML5 experience,' and people pointing to everything from simple JavaScript animations to CSS3 effects as examples of HTML5. Just as 'AJAX' and 'Web 2.0' became handy (and widely misused) shorthand for 'next- generation' web development in the mid-2000's, HTML5 is now becoming the next overloaded term...

When many folks say 'HTML5' they mean the broad collection technologies that are now being implemented in the Webkit-based browsers (Safari and Chrome), Opera and Firefox... The core W3C HTML5 spec is just one part of the collection of related technologies: The HTML5 specification proper; Cascading Style Sheets Version 3 (CSS3); Web Workers; Web Storage; Web SQL Database; Web Sockets; Geolocation; Microdata; Device API and File API...

The Web Sockets protocol is in the first stage of the standards process and has also been submitted as an IETF draft because it is a networking protocol. It defines a non-http-based asynchronous client/server protocol that can be used in place of the current AJAX methods for asynchronous server communication. It uses an initial http: request to bootstrap the new protocol.

Geolocation is a simple spec that provides a built-in a geolocation object that scripts can query. It also provides methods for defining location cache freshness requirements. This is fairly non-controversial and already in new browsers. File API allows single and multiple file uploads from the user desktop. It's unclear exactly who will support this, but there doesn't seem to be much confusion about what it's supposed to do..."

Don't You Know Who I Am?
John Paschoud, Ariadne Magazine

This article "looks into identity and access management in the pre-digital and digital age, and describes how the JISC Identity Management Toolkit can help us manage identities better. The Identity Management Toolkit includes comprehensive guides on the drafting and review of governance and policies (which have so often evolved over time, but not been written down or clearly owned by an identified individual or committee), the technology, processes and jargon, and the functionalities and standards to look for when assessing the increasing number of 'solutions' from IT vendors (which may cause more problems than they solve, if both supplier and customer do not really understand the existing requirements of the institution properly in the first place).

The Toolkit also contains the methodology and templates compiled by The Identity Project for carrying out a complete institutional audit to discover where, by whom and how identity management (often duplicated or worse) is happening in an institution already; and it covers the 'social factors' of user education on network security with a methodology for measuring this amongst students...

Identity management has been recognised as an important issue by (amongst others) university and college IT directors in Britain via their association UCISA (Universities and Colleges Information Systems Association), which highlighted identity and personal data management as one of the top ten key issues for member organisations. One outcome of this concern was a call for research from the JISC e-infrastructure programme in 2006 which funded two projects: ES-LoA which investigated security levels of assurance, and The Identity Project. The latter conducted a national survey of Further & Higher Education institutions to establish the broad state of play, and highly detailed audits of identity management policies and practices in ten particular institutions that were involved in the project.

A strong recommendation from the concluding reports of The Identity Project was that UK academic institutions (even larger universities with relatively large staff establishments to manage IT infrastructure) were in need of tools, guidance and standards on what they needed to do..." [Note: article from the April 2010 issue, published June 2010]

ITU-T Draft: Baseline Identity Management Terms and Definitions
Members, ITU-T Study Group 17 Draft Recommendation X.1252

This draft ITU-T Recommendation Baseline Identity Management Terms and Definitionswas considered for approval at the plenary meeting of Study Group 17 on April 16, 2010.... The recommendation "provides definitions of key terms used in identity management (IdM). They terms are drawn from many sources but all are believed to be in common use in IdM work. This Recommendation is not intended to be a huge compendium of IdM-related terms. Instead, the terms defined here are limited to those considered to constitute a baseline list of the most important and commonly-used IdM-specific terms. The Recommendation includes an Annex that explains the rationale for some of these key terms.

One of the main objectives of this Recommendation is to promote a common understanding of these terms among the groups currently developing (or planning to develop) IdM-related standards. The definitions are constructed so that, as far as possible, they are independent of implementations or specific context and, therefore, should be suitable as baseline definitions for any IdM work.

It is acknowledged that, in some instances and contexts, greater detail may be required for a particular term, in which case, elaboration of the baseline definition may be considered.

The use of the term 'identity' in this Recommendation relating to IdM does not indicate its absolute meaning. In particular, it does not constitute any positive validation of a person..."

See also: the posting

JSON Encryption Envelope
John Bradley and Nat Sakimura (eds), IETF Internet Draft

An initial level -00 IETF Internet Draft has been published for definition of a JSON Encryption Envelope. This document defines a lightweight mechanism for encrypting arbitrary data to be encrypted and enveloped in JSON (RFC 4627), together with necessary encryption parameters.

The IETF Informational Request for Comments 4627 bears the title The application/json Media Type for JavaScript Object Notation (JSON). JavaScript Object Notation (JSON) "is a lightweight, text-based, language-independent data interchange format. It was derived from the ECMAScript Programming Language Standard. JSON defines a small set of formatting rules for the portable representation of structured data..."

The JSON Encryption Envelope as presented in the -00 specification comprises a message bundled along with encryption parameters for that message, expressed as a series of parameters, and serialized as JSON. The envelope specifies the data that was encrypted, the MIME type of the data, the transfer encoding, and the encryption parameters...."

See also: IETF RFC 4627


XML Daily Newslink and Cover Pages sponsored by:

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation

XML Daily Newslink:
Newsletter Archive:
Newsletter subscribe:
Newsletter unsubscribe:
Newsletter help:
Cover Pages:

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: