This issue of XML Daily Newslink is sponsored by:
ISIS Papyrus http://www.isis-papyrus.com
- NIST Cloud Computing Forum & Workshop: Toward a Cloud Computing Roadmap
- The Extensible Configuration Checklist Description Format (XCCDF)
- W3C Publishes Update for Progress Events Specification
- OASIS Public Review: The State of ODF Interoperability Version 1.0
- Cybersecurity Information Exchange Framework
- Apache Software Foundation Announces Apache Maven Version 3.0
NIST Cloud Computing Forum & Workshop: Toward a Cloud Computing Roadmap
Jerry Smith, NIST Announcement
NIST has announced the Cloud Computing Forum & Workshop II, "to be held on November 4 and 5, 2010 at the National Institute of Standards and Technology in Gaithersburg, Maryland. This workshop will provide information on the NIST strategy to develop a Cloud Computing Roadmap. It will also provide an updated status on NIST efforts to help develop open standards in interoperability, portability, and security in cloud computing.
The goals of this workshop are: (1) Public Announcement and initiation of the strategy to develop a Cloud Computing Roadmap; (2) Engagement with interested parties on development of a neutral cloud computing reference architecture and taxonomy; (3) Defining Target USG Cloud Computing Business Use Cases; (4) Public Announcement of access to the Standards Acceleration to Jumpstart the Adoption of Cloud Computing (SAJACC) portal.
Day 1 will consist of a series of opening remarks from Dr Patrick Gallagher, NIST Director; Vivek Kundra, US CIO; Cita Furlani, NIST ITL Director; and panel discussions on cloud security, standards roles, international aspects, and the role and use of a neutral reference architecture/taxonomy. Day 2 will consist of a series of breakout discussions on these topics and more. NIST welcomes participation in this open and collaborative process to make the event a success."
Background: "On May 20, 2010, NIST hosted the first Cloud Computing Forum & Workshop. The purpose of that initial workshop was to respond to the request of the Federal CIO to the National Institute of Standards and Technology (NIST) to lead federal efforts on standards for data portability, cloud interoperability, and security. The workshop's goals were to initiate engagement with industry to accelerate the development of cloud standards for interoperability, portability, and security; introduce NIST Cloud Computing efforts; and discuss the U.S. Federal Government's experience with cloud computing. The purpose of the second Workshop is to report on the status of these efforts and to socialize the NIST strategy to collaboratively develop a Cloud Computing Roadmap among multiple federal and industrial stakeholders, and to advance a dialogue between these groups..."
See also: NIST and Cloud Computing
The Extensible Configuration Checklist Description Format (XCCDF)
David Waltermire (ed), IETF Internet Draft
An initial lovel -00 Internet Draft The Extensible Configuration Checklist Description Format (XCCDF) Version 1.1.4 has been published by IETF. This specification is part of the new SCAP adoption effort within IETF: "Leaders in the SCAP community (including NIST, NSA, MITRE, and commercial vendors) have decided to explore taking the most stable and successful SCAP specifications to the IETF for adoption as Standards Track RFCs.
According to the memo "Introducing Security Content Automation Protocol (SCAP) to the Internet Engineering Task Force (IETF)": "From the beginning, the intent of the SCAP efforts has been to standardize areas allowing for real interoperability between security-related products. SCAP and its component open data exchange specifications are being used in many different areas of network and computer security today. From vulnerability management, to policy compliance, system configuration validation, network access, and threat reporting, SCAP usage is evolving and expanding. The security automation potential that SCAP provides is a real opportunity for the computing community to create a foundation of interoperability allowing much greater visibility into the state of our devices and networks. The potential of SCAP is starting to be realized. Independent testing labs have now validated SCAP compatibility in 40 products offered by 30 separate software vendors. Numerous organizations are successfully using these products to reduce costs while improving security. SCAP content can be and has been localized and is being sold globally. But the full value of SCAP will only come when it achieves ubiquitous, worldwide adoption."
From the Internet Draft Abstract: "This document specifies the data model and Extensible Markup Language (XML) representation for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1.4. An XCCDF document is a structured collection of security configuration rules for some set of target systems. The model and its Extensible Markup Language (XML) representation are intended to be platform- independent and portable, to foster broad adoption and sharing of checklist rules. The processing discipline of the format requires, for some uses, a service layer that can collect and store system information and perform simple policy-neutral tests against the system information; this is true for technical and non-technical applications of XCCDF...
The XCCDF specification is designed to support information interchange, document generation, organizational and situational tailoring, automated compliance testing, and compliance scoring. The specification also defines a data model and format for storing results of security guidance or checklist compliance testing. The intent of XCCDF is to provide a uniform foundation for expression of security checklists and other configuration guidance, and thereby foster more widespread application of good security practices..."
W3C Publishes Update for Progress Events Specification
Anne van Kesteren (ed), W3C technical Report
Members of the W3C Web Applications Working Group have published a revised Working Draft version of the Progress Events specification. This specification defines an abstract event interface that can be used for measuring progress; e.g. HTTP entity body transfers.
The W3C Web Applications (WebApps) Working Group is chartered to "develop specifications for webapps, including standard APIs for client-side development, and a packaging format for installable webapps. As Web browsers and the Web engine components that power them are becoming ubiquitous across a range of operating systems and devices, developers are increasingly using Web technologies to build applications and are relying on Web engines as application runtime environments. Examples of applications now commonly built using Web technologies include reservation systems, online shopping sites, auction sites, games, multimedia applications, calendars, maps, chat applications, clocks, interactive design applications, stock tickers, currency converters and data entry/display systems... The WG seeks to promote universal access to Web applications across a wide range of devices and among a diversity of users, including users with particular accessibility needs. The APIs must provide generic and consistent interoperability and integration among all target formats, such HTML, XHTML, and SVG.
Details: Specifically, the 'Progress Events' draft defines an abstract event interface called 'ProgressEvent' that can be used for measuring progress. Other specifications use this specification for that purpose.
The suggested event types for use with the ProgressEvent interface are (provisionally): loadstart (progress has begun), progress, error (progression failed), abort, load (progression is successful), loadend (progress has stopped). The error, abort, and load event types are mutually exclusive. Throughout the web platform the error, abort, and load event types have traditionally not had a default action and did not bubble so it is suggested that for consistency all event types using the ProgressEvent interface do not bubble and are not cancelable..."
OASIS Public Review: The State of ODF Interoperability Version 1.0
Robert Weir (ed), OASIS Public Review Draft
Members of the OASIS Open Document Format Interoperability and Conformance (OIC) Technical Committee have released an approved Committee Draft of The State of ODF Interoperability Version 1.0 for public review through November 04, 2010. This OASIS TC was chartered to produce materials and host events that will help implementors create applications which conform the ODF standard and which are able to interoperate. The OpenDocument Format for Office Applications (OpenDocument) OASIS Standard defines an XML schema and semantics for a document format for office applications. OpenDocument Format is suitable for office documents, including text documents, spreadsheets, charts and graphical documents like drawings or presentations, but is not restricted to these kinds of documents.
"OASIS OpenDocument Format (ODF) is a standard for office documents, including text documents, spreadsheets and presentations. ODF 1.0 was published in 2005, and ODF 1.1 was published in 2007. ODF 1.0 was also approved as ISO/IEC 26300:2006. The OASIS ODF Technical Committee is currently working on ODF 1.2.
The charter of the OIC TC also calls for it to periodically review the state of conformance and interoperability among ODF implementations, to report on overall trends in conformance and interoperability, to note areas of accomplishment as well as areas needing improvement, and to recommend prioritized activities for advancing the state of conformance and interoperability among ODF implementations.
This 'State of ODF Interoperability' report is the first of the OIC TC's reports on interoperability, and as such provides an overview of the topic and discusses the baseline level of achievement. Future reports will focus on progress achieved beyond this baseline..."
See also: the OASIS announcement
Cybersecurity Information Exchange Framework
Takeshi Takahash and Youki Kadobayashi (eds), IETF Internet Draft
"The cybersecurity information exchange framework, known as CYBEX, is currently undergoing its first iteration of standardization efforts within ITU-T. The framework describes how cybersecurity information is exchanged between cybersecurity entities on a global scale and how the exchange is assured. This framework is intended to facilitate cybersecurity entities to work together beyond national and/or organizational boundaries... Currently, ITU-T Draft Recommendation X.1500 defines the framework. On behalf of ITU-T Q.4/17, this draft introduces the overview of CYBEX in the IETF."
The CYBEX family of specifications includes: "CPE, CCE, CVE, CWE, CAPEC, MAEC, CVSS, CWSS, OVAL, XCCDF, ARF, IODEF, CEE, TS102232, TS102667, TS23.271, RFC3924, EDRM, X.dexf, X.pfoc, X.cybex.1, X.cybex-disc, X.chirp, EVCERT, TS102042 V2.0, X.eaa, TS102232-1, X.cybex-tp, X.cybex-beep... One important characteristics of CYBEX is that this de jure standard is based on current de facto standards, and that by creating CYBEX in cooperation with the creators of each de facto standards we can increase the utility and compatibility of CYBEX with these standards, so users will be able to use CYBEX seamlessly with available products, making CYBEX more practical and deployable...
From the 'Introduction': "In the Internet, sources of threats cross borders of countries and even continents. Countermeasures against these cybersecurity threats, however, are most frequently implemented by individual organizations in isolation. Consequently, an organization in one country may be attacked by malware whose countermeasures are already known and implemented within another organization in another country. Such incidents occur due to the lack of sharing of information among organizations. One of the biggest factors preventing organizations from sharing information with each other is the absence of a globally common format and framework for cybersecurity information exchange.
To cope with this problem, ITU-T is now building an emerging standard 'The Cybersecurity Information Exchange Framework (CYBEX)'. CYBEX provides a globally common format and framework for assured cybersecurity information exchange, which will eventually minimize the disparity of cybersecurity information availability on a global scale. Since cybersecurity information can be shared worldwide, no country or organization implementing CYBEX will be left behind in terms of its availability. Consequently, developing countries, which currently have fewer resources to put towards cybersecurity, can become equal partners with developed countries with appropriate investments. Therefore countermeasures will be implemented through global collaboration. The framework will also advance the development of automating cybersecurity information exchange..."
See also: the ITU-T CYBEX web site
Apache Software Foundation Announces Apache Maven Version 3.0
Staff, ASF Announcement
"In development for nearly 10 years, and an ASF Top-Level Project since 2003, Apache Maven is the build system of choice for millions of developers and thousands of organizations world-wide. Apache Maven is a software project management and comprehension tool. Based on the concept of a project object model (POM), Maven can manage a project's build, reporting and documentation from a central piece of information...
Maven allows a project to build using its project object model and a set of plugins that are shared by all projects using Maven, providing a uniform build system. Once you familiarize yourself with how one Maven project builds you automatically know how all Maven projects build saving you immense amounts of time when trying to navigate many projects...
Maven 3 represents the culmination of nearly two years of work re-architecting the internals of the system based on experience gained over the last five years with Maven 2.x. Maven 3 is faster, more reliable, and more extensible, with users already reporting 10-40% improvements in build time over Maven 2.
Highlights of the Version 3.0 release include: Parallel build capability; Conversion of IoC system from Plexus to Guice, including a Plexus compatibility layer; Rewritten dependency resolution logic, designed to be extensible and embedded in other applications; Improved POM validation during the build to warn users of potential problems; Improved error handling and messages; Decoupled reporting engine from the core; New inheritance and interpolation code designed to be extensible and allow composition of POMs in future releases; More robust handling of local repository data; True plugin classpath isolation; Massively improved regression test suite for Maven core and plugins..."
See also: the Maven 3 feature summary
XML Daily Newslink and Cover Pages sponsored by:
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter Archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: email@example.com
Newsletter unsubscribe: firstname.lastname@example.org
Newsletter help: email@example.com
Cover Pages: http://xml.coverpages.org/