The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Last modified: October 13, 2010
XML Daily Newslink. Wednesday, 13 October 2010

A Cover Pages Publication
Provided by OASIS and Sponsor Members
Edited by Robin Cover

This issue of XML Daily Newslink is sponsored by:
Microsoft Corporation

Updated W3C CSS Text Level 3 Specification
Elika Etemad, Koji Ishii, Shinyu Murakami (eds), W3C Technical Report

A revised W3C Working Draft for the CSS Text Level 3 specification has been released, updating the earlier draft of 2007-03-06. Cascading Style Sheets (CSS) is a simple mechanism for adding style (e.g., fonts, colors, spacing) to Web documents. This CSS module has been produced as a combined effort of the W3C Internationalization Activity, and the Style Activity and is maintained by the CSS Working Group. It also includes contributions made by participants in the XSL Working Group.

This Text module and a separate (upcoming) Writing Modes module replace and obsolete the May 2003 CSS3 Text Module Candidate Recommendation. Since this is a thorough overhaul of the previous CR, a list of changes has been provided. Sections relating to bidirectional and vertical text layout will be moved to a separate Writing Modes module. These features may change greatly from the last revision, but they have not been dropped. The text-script property has been dropped, since it does not belong in the style layer. Controls over kerning have been moved to the CSS Fonts Module...

Principal sections in the specification include Transforming Text (transforms text for the styling purpose), White Space Processing, Line Breaking and Word Boundaries, Text Wrapping, Alignment and Justification (describes how inline contents of a block are horizontally aligned if the contents do not completely fill the line box), Spacing (Word Spacing, Tracking with the 'letter-spacing' property, Fullwidth Punctuation Kerning, Adding space with the 'text-autospace' property), Edge Effects (indentation and Hanging Punctuation, and Text Decoration.

As to White Space Processing: "The source text of a document often contains formatting that is not relevant to the final rendering: for example, breaking the source into segments (lines) for ease of editing or adding white space characters such as tabs and spaces to indent the source code. CSS white space processing allows the author to control interpretation of such formatting: to preserve or collapse it away when rendering the document... [For] Line Breaking and Word Boundaries: For most scripts, in the absence of hyphenation a line break occurs only at word boundaries. Many writing systems use spaces or punctuation to explicitly separate words, and line break opportunities can be identified by these characters; a lexical resource is [sometimes] needed to correctly identify break points in such texts..."

See also: the W3C Cascading Style Sheets (CSS) Working Group Home Page

Smart Grids Offer Cyber Attack Opportunities
Mathew J. Schwartz, InformationWeek

"Is your home electricity meter the next device you have to worry about getting hacked? Researchers at last week's IEEE SmartGridComm 2010 conference in Gaithersburg, MD., warned that as utilities transition to greater use of smart grids, their increased two-way communication would leave consumers and suppliers open to more forms of cyber attack. In fact, by 2015, they estimated, the smart grid will offer up to 440 million potential points to be hacked.

Why mess with someone's home heating bill? One significant worry is that intercepting and manipulating smart grid data could provide attackers with the means to benefit financially... Beyond financial remuneration, other leading attack scenarios include causing chaos, studying consumers' usage patterns to determine when they're on vacation and then burgling their house, or taking out sensitive facilities...

Another difficulty is that like SCADA systems, today's smart grid systems may have a lifespan of 10 or 20 years. During that time, their built-in security, if any, will become widely known and disseminated. In other words, today's new smart grid meter could be 2030's cyber-catastrophe, or at least give rise to some new variation on Stuxnet.

Accordingly, numerous moves are afoot to help nail the security of smart grids in their infancy. The National Institute of Standards and Technology, notably, has been developing a framework for creating interoperable as well as secure smart grids and related systems..."

Initial Working Drafts Contributed to New IETF ABFAB Working Group
Sam Hartman and Josh Howlett (eds), IETF Internet Drafts

On October 12, 2010, the IETF announced creation of a new Working Group 'Application Bridging for Federated Access Beyond Web (ABFAB)', chartered to specify a federated identity mechanism for use by Internet protocols not based on HTML/HTTP, such as for instance IMAP, XMPP, SSH and NFS. The design will combine existing protocols, specifically the Extensible Authentication Protocol (EAP - RFC 3748), Authentication, Authorization and Account Protocols (RADIUS - RFC 2865 and Diameter - RFC 3588), and the Security Assertion Markup Language (SAML). Federated identity facilitates the controlled sharing of information about principals, commonly across organisational boundaries. This avoids redundant registration of principals who operate in multiple domains, reducing administrative overheads and improving usability while addressing privacy-related concerns and regulatory and statutory requirements of some jurisdictions." Two initial contributions have been made to the new IETF WG.

The Standards Track "Name Attributes for the GSS-API EAP Mechanism" document "describes the necessary information to use GSS-API naming extensions API to access Authentication/Authorization/Accounting information. The naming extensions to the Generic Security Services Application Programming interface (GSS-API) of RFC 2743 provide a mechanism for applications to discover authorization and personalization information associated with GSS-API names. The Extensible Authentication Protocol GSS-API mechanism allows an Authentication/Authorization/ Accounting peer to provide authorization attributes along side an authentication response. It also provides mechanisms to process Security Assertion Markup Language (SAML) messages provided in the AAA response.

It seems desirable to extend GSS-API naming extensions to support concepts such as SAML names where the format is specified separately. The format of GSS-API attribute names should be changed. If no space character is found in the name, then the name is interpreted as a URI describing the attribute. Otherwise, the portion from the beginning of the buffer to the first space is interpreted as a URI describing the form and interpretation of the rest of the buffer; this portion is known as the attribute type URI..."

The second contributed Standards Track specification "A GSS-API Mechanism for the Extensible Authentication Protocol" defines "protocols, procedures, and conventions to be employed by peers implementing the Generic Security Service Application Program Interface (GSS-API) when using the EAP mechanism... The goal of this specification is to combine GSS-API's support for application protocols with EAP/AAA's support for common credential types and for authenticating to a server without requiring that server to specifically support the authentication method in use. In addition, this specification supports the use of the Security Assertion Markup Language (SAML) to transport assertions about attributes of client subjects to servers. Together this combination will provide federated authentication and authorisation for GSS-API applications..."

See also: the A GSS-API Mechanism for EAP

Bonita for Business Process Management: Configure a Simple Workflow
Bilal Siddiqui, IBM developerWorks

"A business process occurs when people interact in a coordinated manner to achieve a common business goal. Work flows from one person to the next, and each individual performs his or her own task or business role. For example, consider a simple workflow for checking a customer into a hotel. The receptionist books the room for the arriving guest. The room-booking information travels to the housekeeping department and the hotel's accountants. The housekeeping department ensures that the customer finds the room ready, and the accountants keep a record of the customer's payments.

Management of a business process is management of the flow of work. Business process management (BPM) tools allow you to express workflows in a way that lets computer systems understand them and act accordingly. The old way of doing this is to write code in some programming language. The BPM way is to do it administratively through configuration without writing a single line of code, using BPM software. Business Process Modeling Notation (BPMN) is a standard that lets you express a workflow's business requirements graphically. You first use a BPMN workflow editor to author the BPMN representation of your business process. Then you host the BPMN representation on a BPMN workflow engine, which handles the actual flow of work.

This two-part article introduces BPM concepts and shows the features of Bonita Open Solution—a BPM engine that implements the Business Process Modeling Notation (BPMN) standard. Part 1 discusses how various BPMN elements work and start configuring an example business-process workflow with Bonita. Part 2 completes the remaining configuration tasks to implement the workflow... The article presents the open source Bonita Open Solution, which combines three solutions in one: an innovative process design studio, a powerful BPM engine and a breakthrough end user interface. Bonita's graphical tool is simple to use, allowing drag and drop from a palette into an editor window called a whiteboard. After dropping components onto the whiteboard, you can configure each component individually according to business-process requirements...

Although BPM standardization is not yet complete, it is progressing. I am confident that within a few years, BPM will cover all workflow features, common or uncommon, so that standardized BPM training will become part of the IT curriculum, and product-specific ERP training will no longer be an issue..."

See also: Bonita Open documentation

U.S. Federal Geographic Data Committee (FGDC) Endorses Standards
Staff, National Spatial Data Infrastructure (NSDI) Announcement

The Steering Committee of the U.S. Federal Geographic Data Committee (FGDC) has officially endorsed sixty-four standards in accordance with the FGDC Policy on Recognition of Non-Federally Authored Geographic Information Standards and Specifications. These standards play an important role in enabling interoperability. Included are standards from the Open Geospatial Consortium; ISO Technical Committee 211, Geographic information/Geomatics; the American National Standards Institute (through International Committee for Information Technology Standards Technical Committee L1, Geographic information systems) and de facto standards.

FGDC is an interagency committee that promotes the coordinated development, use, sharing, and dissemination of geospatial data on a national basis. This nationwide data publishing effort is known as the National Spatial Data Infrastructure (NSDI). The NSDI is a physical, organizational, and virtual network designed to enable the development and sharing of digital geographic information resources.

The Open Geospatial Consortium (OGC) reported that a group of OGC standards along with other standards developed externally to FGDC has been recognized. These standards play an important role in enabling interoperability as part of the Geospatial Platform for GeoOneStop, place-based initiatives, and other potential future programs of the FGDC. Ivan DeLoatch, Executive Director of the FGDC: 'OGC's interface and encoding standards are an essential part of the National Spatial Data Infrastructure. They play a key role in providing technical interoperability among geospatial systems used at all levels of government...we encourage government agencies to include these standards, as well as FGDC's data standards, in the language of software and data procurement documents'...

Among standards produced by OGC: (1) 'Geographic information - Geographic Markup Language, applicable to the development of systems that have requirements to access or distribute geospatial data using the Extensible Markup Language (XML). (2) OpenGIS Web Feature Service Implementation Specification, applicable to the development of systems that have requirements to access or distribute geospatial feature data over a network. (3) OpenGIS Filter Encoding Implementation Specification, where a filter expression is a construct used to constrain the property values of an object type for the purpose of identifying a subset of object instances to be operated upon in some manner. This specification describes an XML encoding of the OGC Common Catalog Query Language (CQL) as a system neutral representation of a query predicate. Using the numerous XML tools available today, such an XML representation can be easily validated, parsed and then transformed into whatever target language is required to retrieve or modify object instances stored in some a persistent object store..."

See also: the OGC announcement

Apache CXF Open Source Service Framework Release 2.3.0
Staff, Apache Software Foundation Announcement

Members of the Apache CXF Development Team have announced the release of CXF 2.3.0 with significant new functionality. Apache CXF is "an open source services framework. CXF helps you build and develop services using frontend programming APIs like JAX-WS and JAX-RS. These services can speak a variety of protocols such as SOAP, XML/HTTP, RESTful HTTP, or CORBA and work over a variety of transports such as HTTP, JMS or JBI.

CXF includes a broad feature set, but it is primarily focused on the following areas: (1) Web Services Standards Support: CXF supports a variety of web service standards including SOAP, the WSI Basic Profile, WSDL, WS-Addressing, WS-Policy, WS-ReliableMessaging, WS-Security, WS-SecurityPolicy, WS-Trust, and WS-SecureConversation. (2) REST based service creation based on JAX-RS 1.1 standard API's. (3) Frontends: CXF supports a variety of 'frontend' programming models. CXF provides a JAX-WS 2.2 Compliant frontend. It also includes a 'simple frontend' which allows creation of clients and endpoints without annotations. CXF supports both contract first development with WSDL and code first development starting from Java. (4) Ease of use: CXF is designed to be intuitive and easy to use. There are simple APIs to quickly build code-first services, Maven plug-ins to make tooling integration easy, JAX-WS API support, Spring XML support to make configuration a snap, and much more.

CXF 2.3.0 now provides a SOAP/JMS spec implementation. While CXF has supported SOAP over JMS since 2.0, there wasn't a standard specification to describe how it should be done so different vendors did things differently and interoperability was impossible. The new SOAP/JMS specification support implements the new SOAP/JMS spec to achieve a higher degree of interoperability. Release 2.3.0 supports SDO databinding, as well ass Schema Validation support for Aegis Databinding if Woodstox 4 is used for the Stax parser...

CXF Release 2.3.0 is now JAX-WS 2.2 Compliant (passes TCK), and JAX-RS 1.1 Compliant. There are new annotations for Java first use cases to reduce the need for external configuration and provide more control over the runtime and generated WSDL ('@WSDLDocumentation' annotation to add documentation nodes to generated wsdl '@SchemaValidation' annotation to turn on schema validation '@DataBinding' to set the databinding used — if other than JAXB '@GZIP' to turn on GZIP compression '@FastInfoset' to turn on FastInfoset support '@Logging' to turn on and control various Logging functionality '@EndpointProperty' to configure endpoint properties '@Policy' to associate WS-Policy documents with the service)..."

See also: the Apache CXF Development Project


XML Daily Newslink and Cover Pages sponsored by:

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation

XML Daily Newslink:
Newsletter Archive:
Newsletter subscribe:
Newsletter unsubscribe:
Newsletter help:
Cover Pages:

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: