The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Last modified: September 16, 2010
XML Daily Newslink. Thursday, 16 September 2010

A Cover Pages Publication
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
Microsoft Corporation

Apache Chemistry Project Releases OpenCMIS Version 0.1.0
Gabriele Columbro, Apache Announcement

"The Apache Chemistry development team is pleased to announce the Apache Chemistry OpenCMIS 0.1.0 release under the Apache incubation. This is the first release for OpenCMIS—a collection of Java libraries, frameworks and tools around the CMIS (Content Management Interoperability Services) specification. The aim of OpenCMIS is to make CMIS simple for Java client and server developers. OpenCMIS provides APIs, SPIs and test tools allowing content server and application developers to focus on the ECM domain model, by incapsulating and hiding underlying protocol details.

OpenCMIS provides two CMIS client APIs that are called Client API and Client Bindings API. The Client API is a high-level, object orientated API and suitable for most use cases. It sits on top of the Client Bindings API. The Client Bindings API reflects the CMIS domain model. It allows fine-grained control which makes the interfaces a bit clunky.

The OpenCMIS Server Framework provides a server implementation of both CMIS bindings, AtomPub and Web Services, and maps them to Java interfaces. Requests and data from CMIS clients are converted and pushed to a repository connector. The connector translates the CMIS calls into native repository calls. It handles both CMIS bindings on the server side and maps them to a common set of Java interfaces. Repository vendors just need to implement those interfaces and don't need to worry about the protocol on the wire.

There are two repository implementations based on the Server Framework that are handy test tools for client developers. The InMemory Test Repository stores all data in main memory. The FileShare Test Repository turns a branch of your file system into a CMIS repository. In order to make the implementation of CMIS clients and server even simpler OpenCMIS comes with a set of tests and tools. Currently available are the CMIS Browser and CMIS Swing Client. The CMIS Browser is a simple web based tool to browse CMIS enabled repositories that support the AtomPub binding. It sits between the web browser of the end-user and the CMIS repository. It applies stylesheets to the Atom entries and feeds that repository returns and creates HTML pages that enable the end-user to navigate through the repository. The OpenCMIS Swing Client is a simple desktop client built with Swing and the OpenCMIS Client API. The client is not part of the OpenCMIS code base, but a separate project..."

See also: Apache Chemistry OpenCMIS

W3C Forms Unified Service Description Language (USDL) Incubator Group
Staff, W3C Announcement

W3C members Attensity Europe GmbH (formerly named Empolis GmbH), the German Research Center for Artificial Intelligence (DFKI GmbH), SAP AG, and Siemens AG have initiated a new W3C USDL Incubator Group as part of the W3C Incubator Activity. This XG is chartered through September 2011. The principal deliverable is a state-of-the-art document that assesses the existing landscape of service description languages. It should cover the identification of existing standards that feed technical aspects into the Unified Service Description Language; delineate needed, existing and required parameters and architectural concepts of service description language to allow a generic use of a service in multiple technical and business environments. The report will incorporate a formal draft specification for a Unified Service Description Language... The XG will concentrate on the specification and further development of USDL as an open standard.

The mission of the newly formed W3C Unified Service Description Language (USDL) Incubator Group is to define a language for describing general and generic parts of technical and business services to allow services to become tradable and consumable. Technical services are considered electronic services based on WSDL, REST or other technical specifications. Business services are defined as business activities that are provided by a service provider to a service consumer to create value for the consumer. Thus, the business services are more general and comprise manual and technical services. This enables new business models in the field of service brokerage because services can automatically be offered, delivered, executed, and composed from services of different providers.

To date, service description languages lack the inclusion of business and operational attributes to describe a service in its whole because they mostly target technical services instead of services as such. For instance, the description of a Web Service that provides weather data includes the technical interface but no information about how much the user has to pay for calling the service. Moreover, the use of services must not be limited to a specific application, interaction protocol, service type or deployment in certain technical infrastructures. Existing offers of pre-defined service descriptions are often bound to a dedicated service or application provider as for example Further initiatives such as APS Standard focus on specific application areas of services, software-as-a-service in this case. Moreover, the study of business needs revealed the need to enable any stakeholder to describe, publish and consume the described service.

The Unified Service Description Language Incubator Group is proposed by members of the THESEUS research program, which provides experience in foundations and practice of the Internet of Services. The XG builds on substantial scientific work which has already been carried out within the THESEUS-program and European and Australian research projects such as SOA4ALL, Premium Services, Smart Services CRC, ACTOR, FAST, ITAIDE, MASTER, MODELPLEX, MORE, PICTURE, RESERVOIR, Secure SCM, ServFace, SHAPE, SLA@SOI, SoKNOS, VIRTEX, XtreemOS. In particular, the research initiatives already created iterations of the Unified Service Description Language in THESEUS / TEXO and SOA4ALL and further to-be-announced project contributions. Hence, the XG can be expected to produce tangible results within one year..."

See also: a draft version of the USDL Participants Module

IETF Proposed Standard: Locating CalDAV and CardDAV Services
Cyrus Daboo (ed), IETF Internet Draft

The Internet Engineering Steering Group (IESG) has announced the publication of the Standards Track I-D Locating CalDAV and CardDAV Services as an IETF Proposed Standard. This specification is intended to update RFC 4791 Calendaring Extensions to WebDAV (CalDAV). Bernard Desruisseaux is the Document Shepherd, and Alexey Melnikov is the Responsible Area Director.

This specification "defines how SRV records and TXT records can be used to discover CalDAV and CardDAV services on the internet. It also describes how those can be used to "bootstrap" clients during accounts setup using well-known URIs and other standards features of WebDAV. The document is designed to address a clear need for standardized client account auto-discovery based on interoperability problems in current client/server solutions for CalDAV and CardDAV. Many of the existing CalDAV and CardDAV client and server developers have indicated strong interest in supporting this, and several have already implemented this draft. Expert review for the well-known was complete.

From the Introduction: "RFC 4791 defines the CalDAV calendar access protocol, based on HTTP, for accessing calendar data stored on a server. CalDAV clients need to be able to discover appropriate CalDAV servers within their local area network and at other domains, e.g., to minimize the need for end users to know specific details such as the fully qualified domain name (FQDN) and port number for their servers.

"vCard Extensions to WebDAV (CardDAV)" defines the CardDAV address book access protocol based on HTTP, for accessing contact data stored on a server. As with CalDAV, clients also need to be able to discover CardDAV servers. Finally, RFC 2782 defines a DNS-based service discovery protocol that has been widely adopted as a means of locating particular services within a local area network and beyond, using DNS SRV Resource Records (RRs). This has been enhanced to provide additional service meta- data by use of DNS TXT Resource Records... This specification defines new SRV service types for the CalDAV protocol, and gives an example of how clients can use this together with other protocol features to enable simple client configuration. SRV service types for CardDAV are already defined in Section 11 of "vCard Extensions to WebDAV (CardDAV)."

See also: the IETF Calendaring and Scheduling Standards Simplification (CALSIFY) Working Group

Vordel 6 Strengthens Security and Enhances Interoperability in SOA
Staff, Vordel Announcement

"Vordel, a provider of fast, safe, connectivity for SOA and Cloud services, today unveiled version 6.0 of its market leading Vordel Gateway. With Vordel 6, the company enables enterprises to improve the control of SOA services, alleviating the issues associated with the increasing complexity and scale of SOA deployments. Vordel 6 offers enhanced usability and interoperability, enabling enterprises to easily maintain a seamless and highly-controlled configuration and version change management process across the entire SOA network. These advances improve the overall productivity of engineering and architecture teams and reduce costs.

As businesses integrate their SOA and Cloud-based applications, policies have inevitably become increasingly complex. Vordel 6, unique among Gateways in the market, provides a highly-controlled policy lifecycle management environment simplifying service migration from development to production, from appliance to software and to virtualized Cloud-based instance. These benefits are coupled with the ability to monitor and analyze live streaming and historical data, while maintaining the highest levels of service performance without compromising on security or scalability. Additionally, Vordel provides the enterprise with a unified control framework to govern service usage and enables the efficent running of applications in SOA architectures.

With Vordel 6, users can: (1) Simplify service migration from production to development. Avoid costly time delays and scale deployments easily and effectively. (2) Balance agile development with managed deployment. Quickly bring services to market, without sacrificing governance. (3) Automate the management of large clusters of Gateways on the SOA network. Immediately scale their deployment without concerns over security or performance. (4) Ease negotiation of security protocols between clients and the Vordel Gateway. Quickly connect applications in a secure, high performance environment.

Vordel delivers fast, safe, connectivity for SOA and Cloud services. Customers rely on Vordel's Gateway and Cloud Service Broker to increase performance, strengthen security and enhance interoperability in SOA and Cloud deployments. Businesses leverage Vordel's unique management capability to govern service usage and enable the efficient running of applications in SOA or Cloud architectures. Vordel has global enterprise customers in banking, healthcare, insurance, manufacturing, media, pharmaceutical, telecoms, utility and government organizations..."

Google Re-Releases GWT Designer, Other Eclipse, Java Dev Tools
John K. Waters, Application Development Trends

"Google has announced that it is relaunching several products acquired in its August 2010 purchase of Instantiations under its own name and offering them to developers at no charge... Google has been courting developers for some time with offerings such as the Google App Engine, a suite of the tools and services for building and scaling Web apps on Google's infrastructure. Applications developed using the App Engine Software Development Kit (SDK) can be uploaded and hosted by Google..."

According to the blog from Chris Ramsdale (Google): "We're happy to announce today that we're relaunching the following former Instantiations products under the Google name and making them available to all developers at no charge. Now that these products are available again, we hope you'll start using them within your GWT projects. Meanwhile, our next step is to more deeply unify them into the GWT family of tools by blending the fantastic Instantiations technology into the Google Plugin for Eclipse (GPE). So, there's much more to come, including things we're pretty sure you'll like, such as UiBinder support in GWT Designer....

[1] GWT Designer is a powerful and easy to use bi-directional Java GUI designer that makes it very easy to create GWT GUI applications without spending a lot of time writing code to display simple forms. With GWT Designer you can create complicated windows in minutes. Use the visual designer and Java code will be generated for you. You can easily add controls using drag-and-drop, add event handlers to your controls, change various properties of controls using a property editor, internationalize your app and much more. GWT Designer is built as a plug-in to Eclipse and the various Eclipse-based IDEs—RAD, RSA, MyEclipse, JBuilder, etc... [2] CodePro Analytix is the premier Java software testing tool for Eclipse developers who are concerned about improving software quality and reducing developments costs and schedules. The Java software audit features of the tool make it an indispensable assistant to the developer in reducing errors as the code is being developed and keeping coding practices in line with organizational guidelines. The ability to make corrections to the code immediately can dramatically reduce developments costs and improve the speed of finished product delivery. Join the ranks of top software industry leaders and the Fortune 500 who have standardized around CodePro Analytix as the most cost effective fully featured tool in the industry...

[3] WindowBuilder Pro allows one to develop Java graphical user interfaces in minutes for Swing, SWT, RCP, XWT and GWT with WindowBuilder Pro's WYSIWYG, drag-and-drop interface. Use wizards, editors and intelligent layout assist to automatically generate clean Java code, with the visual design and source always in sync. [4] WindowTester Pro provides for streamline testing of Java rich client applications, including tools for automated recording, test generation, code coverage and playback of GUI interactions that can occur within an application. WindowTester Pro includes WindowTester SWT, WindowTester Swing and WindowTester Runner..."

See also: the blog by Chris Ramsdale

Role Attribute 1.0 Supports the Role Classification of Elements
Ben Adida, Mark Birbeck, T. V. Raman (et al, eds), W3C Technical Report

The W3C Protocols and Formats Working Group (PFWG) has published a Working Draft for Role Attribute 1.0: An Attribute to Support the Role Classification Of Elements. The Role Attribute defined in this specification "allows the author to annotate markup languages with machine-extractable semantic information about the purpose of an element. Use cases include accessibility, device adaptation, server-side processing, and complex data description. This attribute can be integrated into any markup language. In particular, schema implementations are provided to facilitate with languages based upon XHTML Modularization.

The role attribute takes as its value one or more whitespace separated TERMorCURIEorAbsURIs as defined in RDFA Core. Each element of the value maps to a URI that corresponds to a vocabulary term that should be defined using RDF. The attribute describes the role(s) the current element plays in the context of the document. This can be used, for example, by applications and assistive technologies to determine the purpose of an element. This could allow a user to make informed decisions on which actions may be taken on an element and activate the selected action in a device independent way. It could also be used as a mechanism for annotating portions of a document in a domain specific way (e.g., a legal term taxonomy). Although the role attribute may be used to add semantics to an element, authors should use elements with inherent semantics, such as 'p', rather than layering semantics on semantically neutral elements...

The Role Attribute does not represent a stand-alone document type. It is intended to be integrated into other host languages such as HTML or XHTML. A conforming Role Attribute document is a document that requires only the facilities described as mandatory in this specification and the facilities described as mandatory in its host language..."

The mission of the Protocols and Formats Working Group (PFWG), part of the WAI Technical Activity, is "to ensure W3C specifications provide support for accessibility to people with disabilities. The group advances this mission through review of W3C specifications, technical support materials, and specifications that bridge known gaps."

See also: the W3C Protocols and Formats Working Group (PFWG)

HL7 Ballot for September 2010 Relevent to Security and Privacy
John Moehrke, Blog

"There are a few HL7 ballots out this month that are relevent to Security and Privacy. This a rather light ballot compared to past, but those that are out there are well worth spending your time reviewing and commenting...

'HL7 Clinical Context Management Specification Version 1.6'—This ballot proposes some new additions to CCOW to support setting and getting the "User" context with SAML Assertions. The expectation is that with this addition the Context Manager and other Participating Applications can have a higher assurance that the user was authenticated, they can know how the user was authenticated, they can know other attributes about the user, and they can potentially get proxy SAML Assertions based on the user authentication SAML Assertion. The benefit of this is that the those Applications that are participating in a CCOW context can get something more 'secure' than simply a username and stored password. Now they can get SAML Assertions so that when they talk to their backends or external HIE they can use SAML Assertions. This supports Healthcare use of Identity Federation...

'HL7 Version 3 Standard: Privacy, Access and Security Services (PASS) - Audit Services, Release 1'— This ballot takes IHE ATNA audit log message and uses it as the core audit log schema for a SOA based Audit Log Repository. The first service entrypoint is a submit audit record that recognizes as compliant the IHE ATNA transaction. The second service entrypoint creates a query service endpoint that allows for retrieval of audit log entries that meet the query request. A prime use-case for this service entry point is to retrieve all the audit log entries that would inform an Accounting of Disclosures. This supports Accountability using ATNA Audit Controls..."

[And earlier], in "Healthcare use of Identity Federation"—"I think that SAML is a specifically useful protocol for Identity Federation for the purpose of identifying users requesting cross-enterprise based transactions. This is specifically the purpose behind the IHE Cross-Enterprise User Assertion Profile. This profile does not fully leverage all of the power of SAML, but tries to constrain SAML just enough to get Healthcare going at using this technology. IHE is now extending this profile with some more attributes about the user..."

See also: the OASIS Privacy Management Reference Model (PMRM) TC

How Do We Test a Web Browser? - One Year After
Philippe Le Hégaret, W3C Blog

Almost one year ago, I wrote about browser testing. The idea started with the fact that W3C has a number of Working Groups who are trying to review the way they do testing, but also increase the number of tests they are doing as well. Since then, the situation improved a bit but we're still far from reaching an appropriate comfort level.

There is now a new Mercurial (version control) server and you will find tests related to HTML5 or Web Applications. All of those tests are automatically mirrored on the site ''. The Mobile tests are also linked from there. The CSS and MathML test suites are still in a separate space. The SVG Group and Internationalization effort are in a transition phase.

A few of our Groups have documented how to contribute tests: the CSS Working Group, the HTML Working Group, and the SVG Working Group. The Internationalization effort has been reporting on test results for while, such as for language declarations. The HTML Working Group, working on HTML5, also started to publish ongoing test results. Thanks to a few contributions, we started to test a some features, including video and canvas...

The HTML test suite only contains 97 approved tests for the moment so don't draw too may conclusion from the result tabler. The number of tests needs to increase significantly if we want to test HTML5 properly. Around 900 tests are waiting to be approved within the task force but we're lacking participants. Help in identifying more test sets and submitting them to the group would also be appreciated. The Web browsers of tomorrow are being developed and tested today, so don't wait and help us make the Web a better place! So pick your favorite HTML, CSS, SVG, MathML, or API feature, write as many tests as you can on it, and submit those tests to us. Before sending bug reports to various browser vendors, that's your best chance to get your favorite feature properly implemented and the browser developers will even thank you..."

See also: the example HTML5 conformance tests

Public Review of Test Assertions v1.0 Specifications and Guidelines
Staff, OASIS Announcement

Members of the OASIS Test Assertions Guidelines (TAG) Technical Committee have approved Committee Draft specifications for 30-day public review through October 16, 2010. This OASIS TC was chartered in April 2007 in to "facilitate the creation and usage of test assertions by any group involved in designing a specification or standard of which software implementations are expected to be developed, with a primary focus on OASIS technical committees. The first step in achieving this is to establish a common and reusable model, metadata, methodology and representation for TAs (test assertions)."

Test Assertions Part 1 - Test Assertions Model Version 1.0 specifies "mandatory and optional components of a test assertion model. A test assertion is a testable or measurable expression for evaluating the adherence of part of an implementation to a normative statement in a specification. It describes the expected output or behavior for the test assertion target within specific operation conditions, in a way that can be measured or tested. A Test Assertion should not be confused with a Conformance Clause, nor with a Test Case... When defined at an early stage, test assertions may help provide a tighter specification: Any ambiguities, contradictions and statements which require excessive resources for testing can be noted as they become apparent during test assertion creation. If there is still an opportunity to correct or improve the specification, these notes can be the basis of comments to the specification authors..."

Test Assertions Part 2 - Test Assertion Markup Language Version 1.0 defines a markup for writing test assertions, where Section 3 presents the corresponding XML Schema for the vocabulary. Key markup language elements include testAssertion, normativeSource (precise specification requirements or normative statements that the test assertion addresses), target (the implementation or part of an implementation that is the object of a test assertion or test case, categorizing an implementation or a part of an implementation of the referred specification, whether a specific item or a category of items), prerequisite, predicate, prescription, description, tag, var, report. etc.

Test Assertions Guidelines is a non-normative document guidelines document that provides best practices in using the test assertions model defined in 'Test Assertions, Part 1;, as well as the test assertions XML mark-up language '"Test Assertions, Part 2'. However, this document alone is sufficient for the most common test assertion design, so that the reader does not need to be familiar with the above mentioned Test Assertion model and mark-up specifications. These referred specifications are only necessary for a deeper understanding of test assertion semantics or when using a formal representation of test assertions. Its purpose is to help the reader understand what test assertions are, their benefits, and most importantly, how they are created. As you will discover, test assertions can be an important and useful tool in promoting the quality of specifications, test suites and implementations of specifications. You will learn that there are many ways to create test assertions. By following the guidelines in this document, you will learn how to develop well-defined test assertions that can have useful purposes and applications such as the starting point for a conformance test suite for a specification..."

See also: the OASIS Test Assertions Guidelines (TAG) TC


XML Daily Newslink and Cover Pages sponsored by:

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation

XML Daily Newslink:
Newsletter Archive:
Newsletter subscribe:
Newsletter unsubscribe:
Newsletter help:
Cover Pages:

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: