The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Last modified: July 29, 2010
XML Daily Newslink. Thursday, 29 July 2010

A Cover Pages Publication
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
Microsoft Corporation

DMTF Forms Cloud Management Workgroup (CMWG)
Staff, Distributed Management Task Force (DMTF) Announcement

DMTF, "bringing the IT industry together to collaborate on systems management standards development, validation, promotion and adoption, has announced the availability of two new documents produced by its Open Cloud Standards Incubator. In addition, DMTF has also launched the Cloud Management Workgroup (CMWG) to develop cloud management standards based on the recommendations outlined in the Incubator documents.

The new documents "Use Cases and Interactions for Managing Clouds" and "Architecture for Managing Clouds" will form the foundation for DMTF's ongoing cloud standards work. These documents describe how standardized interfaces and data formats can be used to manage cloud environments. Together, they provide a comprehensive overview of DMTF's recommended use cases, interactions, data formats and overall architecture for cloud management.

Moving forward, the Cloud Management Workgroup (CMWG) will focus on using this information to develop a set of standards that deliver architectural semantics and implementation details to achieve interoperable management of clouds between service providers and their consumers and developers... DMTF announced the formation of the Open Cloud Standards Incubator in April 2009, to address the need for open management standards for cloud computing. Led by many key stakeholders in the cloud computing space, the Incubator developed a set of informational specifications and processes to advance the standardization of cloud management.

Additional areas of emphasis within the workgroup will include creating cloud service management models and developing mappings to prevalent infrastructure models, including DMTF's Open Virtualization Format (OVF). The CMWG will also continue collaborating with DMTF alliance partners including Storage Networking Industry Association (SNIA), Open Grid Forum (OGF), TeleManagement Forum (TM Forum), and Cloud Security Alliance (CSA)..."

See also: the DMTF Cloud Management Working Group Charter

DocBook V5.1 Beta 2 Supports Topic-Based Documentation via Assemblies
Norm Walsh, Specification Beta Announcement

On July 27, 2010, Norm Walsh announced the availability of DocBook V5.1b2, the second beta release of what will become DocBook V5.1. Version 5.1 includes significant new features for topic-based authoring as well as a number of bug fixes.

From the blog article: "Earlier this month, I very quietly released DocBook V5.1b1. No one's suggested that I got it totally wrong, and there's evidence that at least a few people noticed, so today, I released DocBook V5.1b2 with its corresponding documentation. The star feature of DocBook V5.1 is support for 'topic-based' documentation. At a minimum, that means we'll be adding a new component-level element with the semantically neutral name 'topic' and providing some mechanism for composing topics.

Deciding to use 'topic' structure makes a statement about the kind of documentation that you're building. Although you can make a 'book' of topics, you can't mix topics willy-nilly amongst the more traditional narrative elements. A 'topic' is a modular unit of documentation not part of any particular narrative flow... Topics by themselves aren't especially useful, to reap the real benefits of the topic-based authoring paradigm, you must be able to reuse them, to compose them together into new modules or structures—be they books, help systems, web sites, or what-have-you...

For this purpose, DocBook V5.1 introduces the 'assembly'. An assembly defines the hierarchy and relationships for a collection of resources. Assemblies are the mechanism by which authors can compose topics (or, in fact, other narrative elements) together. My XML Prague presentation, Automating Document Assembly in DocBook explored one toolchain for processing assemblies. I've only just now realized that I never published that anywhere else. Tools support for topic-based authoring in DocBook is under active development, as is the schema itself. I'll be presenting DocBook V5.1 at XML 2010 in Philadelphia in October 2010..."

See also: the updated 'DocBook 5

iCalendar Message-Based Interoperability Protocol (iMIP)
Alexey Melnikov (ed), IETF Internet Draft

Members of the IETF Calendaring and Scheduling Standards Simplification (CALSIFY) Working Group have published a revised Standard Track Internet Draft iCalendar Message-Based Interoperability Protocol (iMIP). This document has been produced in part through the activities of The Calendaring and Scheduling Consortium (CalConnect). The document specifies "a binding from the iCalendar Transport-independent Interoperability Protocol (iTIP) to Internet email-based transports. iCalendar defines a MIME content type for exchanging electronic calendaring and scheduling information. This Internet Calendaring and Scheduling Core Object Specification, or iCalendar, allows for the capture and exchange of information normally stored within a calendaring and scheduling application such as Personal Information Manager (PIM) or a Group-Scheduling product...

iTIP specifies a protocol that uses the iCalendar object specification to provide scheduling interoperability between different calendaring systems. This is done without reference to a specific transport protocol so as to allow multiple methods of communication between systems. Subsequent documents will define profiles of this protocol that use specific, interoperable methods of communication between systems. Thus iTIP complements the iCalendar object specification by adding semantics for group scheduling methods commonly available in current calendaring systems. These scheduling methods permit two or more calendaring systems to perform transactions such as publishing, scheduling, rescheduling, responding to scheduling requests, negotiating changes, or canceling.'

This iMIP binding document provides the transport specific information necessary to convey iTIP over Internet email (using MIME) as defined in RFC 5322 and RFC 2045. For MIME Message Format Binding we have 'originator' and the 'recipient' of an iMIP message. In the case of a 'request' method, the originator is the 'Organizer' and the recipient is an 'Attendee' of the event. In the case of a 'response' method, the originator is an 'Attendee' and the recipient is the 'Organizer' of the event... The RFC 5322 'Reply-To' header field typically contains the email address of the originator of the scheduling message. However, this cannot be guaranteed because the sender of the iMIP message might not be the originator of the scheduling message and the sender's Mail User Agent (MUA) might not enforce iMIP semantics by translating the originator's address into the 'Reply-To' email header field...

A MIME entity containing content information formatted according to this document will be referenced as a 'text/calendar' content type. It is assumed that this content type will be transported through a MIME electronic mail transport..."

See also: the OASIS WS-Calendar activity

User-Managed Access (UMA) and OAuth 2: First Impressions
Phil Hunt, Blog

"I recently attended a briefing by Eve Maler, chair of the UMA Work Group. As usual, Eve had lots of info to share, and I'd like to pass it on. First, for those of you who don't know, OAuth 2.0, is a protocol designed to allow people to authorize one web service to access the resources of another web service. For example, allowing a photo printing service to access photos on Flickr. [The purpose of the UMA Work Group, in its own words is 'to develop a set of draft specifications that enable an individual to control the authorization of data sharing and service access made between online services on the individual's behalf, and to facilitate the development of interoperable implementations of these specifications by others'.

UMA takes the concept of OAuth a step further and places the authorization server to a third party that works on behalf of an individual. By doing this, UMA take authorization from a resource perspective, and turns it into a consent server for users. That's pretty cool. So far, we've not had a good inter-site model for handling consent. Whereas in the typical OAuth 2 deployment, user authorization and resource owner authorization are combined, UMA instead separates the processing of a user's consent, from authorizing access by the resource owner, e.g., Flickr.

Aside from the benefits Eve describes, here are a couple more things I like about the UMA proposal. (1) UMA recognizes that user information exists in many places on the Internet, and not just at a single IDP/OPs etc. (2) It supports a federated (multi-domain) model for user authorization not possible with current enterprise policy systems. (3) It's a great way to separate the issue of user consent away from the resource owner's access control policy. (4) It becomes possible to handle consent when individuals are offline...

The only downside I can see at the moment, is that the UMA Authorization server would get to know a lot about its users. What type of organizations would/could successfully offer UMA consent services? Any organization attempting this would have to have a strong privacy brand indeed. Monetizing private information would be a tough sell. Yet would users pay for the service? Anyway, not to worry, I'm sure someone will figure this out soon, if not already. Will this be useful to the enterprise community? As with OAuth, I think so. This is an evolving space to watch..."

See also: the UMA Work Group

CA Executes on Cloud Strategy with Identity and Access Management
Staff, CA Announcement

"CA Technologies has announced new product, customer and partner proof points of how its identity and access management (IAM) technology supports use of cloud applications by enhancing security, helping to ease compliance efforts, and automating processes for improved operational efficiencies in managing the IT supply chain.

The announcement includes the availability of new CA Identity Manager capabilities that extend identity management to cloud applications; it highlights how a customer has leveraged the CA SiteMinder portfolio to control access to its SaaS applications; and it features how CA Technologies is providing IAM as a service from the cloud. It also includes technology integration to streamline Identity Governance processes, and help ensure security policies are followed, and access and entitlements are appropriately granted and certified.

CA Technologies is focused on delivering a single identity management system to manage identities for applications internal to the enterprise and external in the cloud... CA Identity Manager now supports user provisioning to Google AppsTM, Google's suite of communication and collaboration tools which includes Gmail and Google Docs, available to businesses, schools, governments and non-profits. Organizations now can automate identity management functions, such as role-based user provisioning and de-provisioning, and self-service access requests, to deliver a single, automated system for managing identities for Google Apps in the cloud, as well as existing in-house applications..."

According to Matthew Gardiner's blog ('Identity is at the Center of Security Management for the Cloud'): "Enterprises need to be able to extend their traditionally internal identity processes to incorporate their stable of cloud services—extending these processes to the cloud. Conversely, cloud service providers themselves need to be able secure and manage their services to earn the trust of cloud consumers -- improve the management of identity for their cloud services. And finally, and as a direct reaction to the drive for vertical disintegration, enterprises are beginning to outsource multiple identity functions previously done in-house to specialized cloud providers, thus consuming these identity services from the cloud instead of conducting them all internally..."

See also: Matthew Gardiner's blog

OASIS Specification Publishing in DocBook XML Version 0.5
Ken Holman, Contribution to OASIS Tools Suite

G. Ken Holman, veteran member of the OASIS community and participant in several TCs, has contributed a collection of XML and XSLT tools for the authoring and production of specifications that conform to the OASIS templates. Working Draft 03 of this toolset provides an environment and methodology for writing an OASIS specification document using XML markup, and publishing the resulting document to HTML and printed results conforming to OASIS layout conventions.

From the documentation: "An important objective of using XML markup when writing content is to separate what you are writing from how it is formatted and presented. Moreover, describing the individual components of your writing uniquely can allow machine processing of your content. Such machine processing can identify constructs and process them individually as required for the processed result. The vocabulary of XML markup is the level of granularity used to identify constituent information items, and the collection of element and attribute labels applied to the granules.

Applying styling to documents is an example of machine processing. The processed result is a formatted representation of your document. When many authors use the same vocabulary, or a given author creates many documents with the same vocabulary, a single set of processes will produce consistently formatted results across the document set. This process is analogous to using styles found in most desktop publishing applications, however by removing from the author the ability to inject arbitrary formatting of information items in their content, two benefits are realized: (a) the author no longer needs to think about formatting, only about appropriately labeling the information items in the content; and (b) authors cannot inadvertently format components of a document with incorrect or inconsistent results... When creating OASIS specifications using XML the burden of formatting is placed on the stylesheets, not on the writer. The obligation of the writer is only to be conformant to the document model for which the stylesheets have been designed, and there are automated validation tools with which the writer can validate the constraints have not been respected...

The stylesheets as zipped in the distribution package provide a turnkey environment ready to unpack for offline use. This solution is used to validate DocBook XML, render HTML in the required OASIS specification format, and create XSL-FO suitable for processing with an XSL-FO engine—which is not included, however. Of course, one is not obliged to use the processors referenced as one can use any XML DTD validation tool and any XSLT processor. Appendix C documents set of invocations for validating OASIS specification documents and producing an HTML rendering suitable for web browsers and an XSL-FO result suitable for an XSL-FO engine... Note that but for not having a core Ant task for the invocation of an XSL-FO processor, these guidelines would include such an example using that cross-platform Java-based build tool..."

See also: the DocBook specification

W3C Privacy Workshop: Participants to Study Data Usage and Handling
Staff, W3C Call For Participation

W3C has announced organization of a Workshop on Privacy and Data Usage Control to take place in Cambridge, MA, USA on October 4-5, 2010. All participants are required to submit a position paper by 10-September-2010. W3C membership is not required to participate in this workshop. and a a limit might be imposed on the maximum number of participants per organization.

Background: "Users trust enormous amounts of personal information to a large variety of online services including social network sites, search engines, photo and video sharing services, and hosted email solutions. As all those services become ever more tightly integrated, it becomes increasingly difficult to control the dispersion of information throughout the Web. It also becomes ever more difficult for services to respect users' privacy while participating in interweaved service networks that the benefit the users. There is a necessity to share data with other services to create better offers, but this does not mean we cannot have privacy as well. What is needed to ensure services respect their users' privacy? There are initiatives to provide users with information on what data is being collected about them and ways to customize what data can be collected. Other techniques focus on enabling services to better control and audit data usage, namely who accessed data and what processing was done. However, this addresses only part of the problem. What happens when personal data that was released for a certain purpose is misused ?

This workshop will explore solutions to privacy based on controlling data usage and on data handling. We also solicit contributions on techniques for ''sticky policies'' that ensure that policies constantly move along with the related data. While data usage control in a single enterprise can live with ad-hoc defined semantics, dataflows across enterprise borders need agreed upon semantics to avoid very costly and time consuming transformation. Semantic interoperability by an agreed common privacy vocabulary may be a remedy, but this may not be the only one...

The workshop is expected to attract a broad set of stakeholders, including researchers, database manufacturers, CRM-system manufacturers, Social Networking Providers. This workshop will determine whether there is interest in further work on policy languages and data handling/data usage work within W3C..."

See also: the W3C Privacy Projects

OAuth 2.0 Token Upgrade Extension
David Recordon (ed), IETF Internet Draft

Members of the IETF Open Authentication Protocol (OAuth) Working Group have published an initial level -00 Standards Track Internet Draft for OAuth 2.0 Token Upgrade Extension. The specification defines an OAuth 2.0 assertion request format for upgrading OAuth 1.0 token and secret pairs to OAuth 2.0 access tokens.

The extension defines an assertion format as described in section 4.1.3 of 'The OAuth 2.0 Protocol' ('Assertion'): 'The client includes the assertion using the assertion access grant type and the following parameters: (a) assertion_type - REQUIRED, where the format of the assertion as defined by the authorization server and the value MUST be an absolute URI; (b) assertion - REQUIRED...'

For an Assertion Request the client will make a request to the authorization server as described in section 4.1.3 of OAuth 2.0 with the following parameters: [1] assertion_type, REQUIRED, ""; [2] assertion, REQUIRED, where the OAuth 1.0 token and token secret to be upgraded as a JSON object with the keys 'token' and 'token_secret'; [3] client_id, REQUIRED; [4] client_secret,REQUIRED.

For the Assertion Response the authorization server must validate the client credentials, token, and token secret. If they are all valid, the authorization server issues an access token response as described in Section 4.2 of the OAuth 2.0 specification. The new access token should have the same expiration and scope as the OAuth 1.0 token which the client is upgrading...

See also: The OAuth 2.0 Protocol from IETF

Last Call Working Draft: Cascading Style Sheets (CSS) Snapshot 2007
Elika J. Etemad (ed), W3C Technical Report

Members of the W3C Cascading Style Sheets (CSS) Working Group have published a Last Call Working Draft for Cascading Style Sheets (CSS) Snapshot 2007. The document collects together into one definition all the specs that together form the current state of Cascading Style Sheets (CSS) as of 2007. The primary audience is CSS implementors, not CSS authors, as this definition includes modules by specification stability, not Web browser adoption rate.

From the Introduction: "When the first CSS specification was published, all of CSS was contained in one document that defined CSS Level 1. CSS Level 2 was defined also by a single, multi-chapter document. However for CSS beyond Level 2, the CSS Working Group chose to adopt a modular approach, where each module defines a part of CSS, rather than to define a single monolithic specification. This breaks the specification into more manageable chunks and allows more immediate, incremental improvement to CSS.

Since different CSS modules are at different levels of stability, the CSS Working Group has chosen to publish this profile to define the current scope and state of Cascading Style Sheets as of late 2007. This profile includes only specifications that we consider stable and for which we have enough implementation experience that we are sure of that stability. Note that this is not intended to be a CSS Desktop Browser Profile: inclusion in this profile is based on feature stability only and not on expected use or Web browser adoption. The profile defines CSS in its most complete form.

Note also that although the Working Group does not anticipate significant changes to the specifications that form this snapshot, their inclusion does are not mean they are frozen. The Working Group will continue to address problems as they are found in these specs. Implementers should monitor 'www-style' and/or the CSS Working Group Blog for any resulting changes, corrections, or clarifications..."

See also: the W3C Cascading Style Sheets (CSS) Working Group

Enhancements to Open Source Java CMS Aimed at Enterprise
John K. Waters, Application Development Trends

"The latest version of dotCMS, the open source, Java-based Web content management system (WCM), is all about the enterprise. This version sports a totally re-built user interface designed to provide data and HTML-driven commands, as well as a number of enterprise-grade enhancements.

The dotCMS pitch is an unusual one for a Java tool: If you use it, you won't have to hire so much Java development talent. dotCMS is an enterprise-grade open source J2EE/Java Web Content Management System. The system is designed to allow those with moderate or no technical capability to make massive changes in a site, which allows corporations, institutions and organizations to move at a quicker pace by removing the need for Java development talent within a Web Team...

dotCMS 1.9 comes with a bunch of new features aimed at closing the gap between the speed of business and the speed of online change, including multi-site/multi-tenant support; a new integrated form builder; an enterprise grade database and app server support; conversion to the Dojo JavaScript framework for Ajax functions; support for the PHP, Groovy, Python, and Ruby scripting languages; and compliance with the CMIS (Content Management Interoperability Services) 1.0 specification..."

According to the announcement: "Currently, 93 sites worldwide are running on the Enterprise Editions of dotCMS 1.9, leveraging new features such as multi-tenant, form builder and a new UI. Over the past few months, a number of organizations participated as early adopters, building new sites with 1.9. Together, dotCMS and the early adopters worked closely on developing and implementing, collaborating and improving the product in real time..."

See also: the dotCMS 1.9 announcement


XML Daily Newslink and Cover Pages sponsored by:

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation

XML Daily Newslink:
Newsletter Archive:
Newsletter subscribe:
Newsletter unsubscribe:
Newsletter help:
Cover Pages:

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: