Back to newsletter listDate:
Thu, April 10, 2008 09:17:44 AMFrom:
Robin Cover
Subject:
XML Daily Newslink. Wednesday, 09 April 2008
XML Daily Newslink. Wednesday, 09 April 2008
A Cover Pages Publication http://xml.coverpages.org/
Provided by OASIS http://www.oasis-open.org
Edited by Robin Cover
====================================================
This issue of XML Daily Newslink is sponsored by
IBM Corporation http://www.ibm.com
====================================================
HEADLINES:
* Mathematical Markup Language (MathML) Version 3.0 Draft Published
* Building an Entitlements Management Solution
* OGC Adopts ebRIM Application Profile for Catalogues
* Google's OpenID Provider Via Google Web Engine
* Public Review Draft for WebCGM Version 2.1
* Fake Blog from SC34 Meeting in Norway
* Also from Oslo: OOXML Triggers Demonstration in Norway
* SOA Software's SOLA Celebrates 5 Years
* Who Trumps bin Laden as a Cyberthreat? Look in the Mirror.
----------------------------------------------------------------------
Mathematical Markup Language (MathML) Version 3.0 Draft Published
David Carlisle, Patrick Ion, Robert Miner (eds), W3C Technical Report
W3C's Math Working Group has published a Working Draft of "Mathematical
Markup Language (MathML) Version 3.0." This is the third draft of
MathML, an XML application for describing mathematical notation and
capturing both its structure and content. The specification defines the
Mathematical Markup Language, or MathML, as an XML application for
describing mathematical notation and capturing both its structure and
content. The goal of MathML is to enable mathematics to be served,
received, and processed on the World Wide Web, just as HTML has enabled
this functionality for text. This specification of the markup language
MathML is intended primarily for a readership consisting of those who
will be developing or implementing renderers or editors using it, or
software that will communicate using MathML as a protocol for input or
output. It is not a User's Guide but rather a reference document. MathML
can be used to encode both mathematical notation and mathematical
content. About thirty-five of the MathML tags describe abstract
notational structures, while another about one hundred and seventy
provide a way of unambiguously specifying the intended meaning of an
expression. Additional chapters discuss how the MathML content and
presentation elements interact, and how MathML renderers might be
implemented and should interact with browsers. Finally, this document
addresses the issue of special characters used for mathematics, their
handling in MathML, their presence in Unicode, and their relation to
fonts. While MathML is human-readable, in all but the simplest cases,
authors use equation editors, conversion programs, and other specialized
software tools to generate MathML. Several versions of such MathML
tools exist, and more, both freely available software and commercial
products, are under development.
http://www.w3.org/TR/2008/WD-MathML3-20080409/
See also the W3C Math Home: http://www.w3.org/Math/
----------------------------------------------------------------------
Building an Entitlements Management Solution
David Garrison, BEA Blog
What does it take to build an Entitlements Management solution? That
depends on who you ask of course. However, when I look at commercial
products in this area I see certain common architectural patterns.
Many of the products that I've seen make use of a set of common elements
defined by the OASIS XACML standard (Extensible Access Control Markup
Language). The [referenced] picture shows the typical components of an
Entitlements Management solution. The XACML spec defines the role of
the Policy Administration Point (PAP), the Policy Decision Point (PDP),
the Policy Enforcement Point (PEP), and the Policy Information Points
(PIP). The Policy Administration Point (PAP) manages the creation and
storage of policy data in the Policy Store. The administrator interacts
with the PAP (typically) through a browser based management console
where roles, policies, resources, actions and so forth are defined and
managed. The policy store may be an LDAP directory or a database. The
PAP may also provide facilities for policy import and export. Most
products provide some management APIs that allow customers to embed
administrative functionality into their own applications. Runtime role
or authorization decisions are determine at the Policy Decision Points.
Typically I've seen two ways that PDPs are deployed: (1) As a
centralized entitlements server that can be invoked by remote clients
via RMI, Web Service calls or using the XACML 2.0 request/response
protocol. (2) As an embedded PDP deployed in same process space as
the application. The most common examples are PDPs embedded in a JVM
for plain Java applications or embedded in an application server for
J2EE applications... The PDPs can be configured to get data from one
or more Policy Information Points (PIPs). These PIPs can be user or
application directories or databases that contain information that
is required to make an access decision. Such information includes
user, group, and resource attributes (e.g. user profile information,
account balances and limits, etc.). These attributes can then be
used in the policies which control access...
http://dev2dev.bea.com/blog/dgarriso/archive/2008/04/building_an_ent.html
See also XACML references: http://xml.coverpages.org/xacml.html
----------------------------------------------------------------------
OGC Adopts ebRIM Application Profile for Catalogues
Staff, Open Geospatial Consortium Announcement
The Open Geospatial Consortium announced that its membership has
approved the OASIS ebRIM (Electronic Business Registry Information
Model) application profile of the OpenGIS Catalogue Service 2.1.2
standard. The Catalogue Standard specifies a design pattern that
allows for the definition of interfaces called application profiles
based on different standards, such as ZF39.50, ebRIM, UDDI, or ISO
metadata, that support the ability to publish and search collections
of descriptive information (metadata) about geospatial data, services
and related information objects. The ebRIM application profile was
developed and adopted because it enables catalogs to handle services
as well a variety of other geospatial resource types such as symbol
libraries, coordinate reference systems, application profiles, and
application schemas and geospatial metadata. The OGC is an international
industry consortium of more than 345 companies, government agencies,
research organizations, and universities participating in a consensus
process to develop publicly available interface specifications.
OpenGIS Specifications support interoperable solutions that geo-enable
the Web, wireless and location-based services, and mainstream IT. The
specifications empower technology developers to make complex spatial
information and services accessible and useful with all kinds of
applications.
http://www.opengeospatial.org/pressroom/pressreleases/854
See the OpenGIS Catalogue Service Implementation Specification: http://www.opengeospatial.org/standards/cat
----------------------------------------------------------------------
Google's OpenID Provider Via Google Web Engine
Steven Osborn, Blog
"Shortly after Google released Google Web Engine last night, Ryan
Barrett of Google released an application for the platform that
essentially makes Google an OpenID Provider. Check it out here [...]
You can use your Google Account to log into any site that supports
OpenID! Ryan wrote: "If you've talked to me about work during the last
couple years, I've probably downplayed it, resorted to generalities,
or just changed the subject. No longer! We've finally taken the wraps
off our project, Google App Engine. From the docs: 'Google App Engine
lets you run your web applications on Google's infrastructure. App
Engine applications are easy to build, easy to maintain, and easy to
scale as your traffic and data storage needs grow. With App Engine,
there are no servers to maintain: You just upload your application,
and it's ready to serve your users.' Personally, I spent most of my
time writing the datastore, both the backend and much of the Python API.
When I found extra time, though, I had a lot of fun writing apps and
libraries on top of App Engine. I particularly enjoyed writing an
interactive shell, an OpenID provider, and a full text search library.
From the OpenID Wiki: OpenID allows anyone who can run a web server to
run an identity server. Your identity server is separate from your
identity, so you are free to use any identity server that has some
ability to validate your identity and you can change between them at
will. An identity server is sometimes referred to as an identity provider.
If you wish, you can use the services listed below with your own website
as your identifier using delegation.
http://steven.bitsetters.com/articles/2008/04/08/googles-openid-provider-via-google-web-engine/
See also Public OpenID providers: http://wiki.openid.net//Public_OpenID_providers
----------------------------------------------------------------------
Public Review Draft for WebCGM Version 2.1
Benoit Bezaire, David Cruikshank, Lofton Henderson (eds), OASIS CD
Members of the OASIS CGM Open WebCGM Technical Committee have released
"WebCGM Version 2.1" as a Committee Draft for public review. The comment
period ends June 01, 2008. Computer Graphics Metafile (CGM) is an ISO
standard, defined by ISO/IEC 8632:1999, for the interchange of 2D vector
and mixed vector/raster graphics. WebCGM is a profile of CGM, which adds
Web linking and is optimized for Web applications in technical
illustration, electronic documentation, geophysical data visualization,
and similar fields. First published (1.0) in 1999, WebCGM unifies
potentially diverse approaches to CGM utilization in Web document
applications. It therefore represents a significant interoperability
agreement amongst major users and implementers of the ISO CGM standard.
The present version, WebCGM 2.1, refines and completes the features of
the major WebCGM 2.0 release. WebCGM 2.0 added a DOM (API) specification
for programmatic access to WebCGM objects, a specification of an XML
Companion File (XCF) architecture, and extended the graphical and
intelligent content of WebCGM 1.0. The content of the WebCGM 2.1 profile
comprises less than a dozen items that were arguably within the scope
of WebCGM 2.0, but which arose too late in the standardization of the
latter. On 30-January-2007, OASIS and W3C simultaneously published
WebCGM 2.0 as both an OASIS Standard and a W3C Recommendation, which
are identical in all technical aspects, and differ only in the format
and presentation styles of the respective organizations.
http://docs.oasis-open.org/webcgm/v2.1/cd01/webcgm-v2.1-index.html
See also the namespace document: http://www.cgmopen.org/schema/webcgm/
----------------------------------------------------------------------
Fake Blog from SC34 Meeting in Norway
Rick Jelliffe, O'Reilly Articles
[This blog entry is "fake" because] "I couldn't attend the latest SC34
meeting physically in Oslo (I corresponded by email on some WG1 issues
relating to Schematron and maintenance), but the public documents from
the meeting have now been released at the SC34 website, in particular
at the document website . One extraordinary document, which I was
graciously asked to co-sign, can be found on the front page. It is
"An open letter from SC 34 participants in the Oslo plenary, April
2008"... The Resolutions of the meeting include a few items of interest,
but I suppose readers will be most interested in the IS29500 (OOXML)
resolutions, so here is a summary: ISO/IEC JTC1 SC 34 will create three
distinct working groups to handle maintenance/liaison/development of
IS 26300 (ODF), IS 29500 (OOXML), and interoperability/convergence
between document standards. These should be operational at the next
SC34 meeting, in Korea in October. Ecma TC45 has been invited to
participate, with SC34 being the focus of activity rather than Ecma.
I anticipate that new feature requests (rather than defect fixes) will
need to be dealt with through the interoperabilty Working Group: it
will be a very interesting group with a lot of interest from governments
in particular. For the short-term, two ad hoc groups have been set up...
Related to this working group, SC34 is explicitly encouraging National
Bodies and liaison groups to submit their editorial and technical defect
reports, so that they can get dealt with sooner rather than later...
Another resolution of interest, is Resolution 1, which in part says
SC 34 resolves that accessibility considerations will be taken fully
into account in current and future projects and urges its members to
review the work of JTC1 SWG-A (especially PDTR 29138), W3C WAI and
others, and to play an active part in the implementation and further
development of accessibility guidelines." Note: Several other actions
are reported in the "Resolutions of ISO/IEC JTC 1/SC 34 Plenary
Meeting, 2008-04-05/09, Oslo, Norway."
http://www.oreillynet.com/xml/blog/2008/04/fake_blog_from_sc34_meeting_in.html
See also Resolutions of ISO/IEC JTC 1/SC 34 Plenary Meeting: http://www.itscj.ipsj.or.jp/sc34/open/1025.htm
----------------------------------------------------------------------
Also from Oslo: OOXML Triggers Demonstration in Norway
Blogger 'zoobab', "NO OOXML" Project
"People were demonstrating today in Oslo in front of the ISO SC34
meeting against the adoption of Microsoft OOXML as an ISO standard, and
especially against the behaviour of Standards Norway, who voted Yes to
the specification, despite a lack of support by a majority of the
technical committee. Geir Isene is reporting about the demonstration...
We are not here today in order to bash Microsoft. We are here because we
believe in open standards. We are not even here today because we are
opposed to OOXML. We are here because we are opposed to OOXML as an ISO
standard. We are not here because we want to discredit the ISO. We are
here because we want to defend ISO's integrity. We are here because we
want to draw attention to the scandalous behaviour of the people in
Standard Norway whose job it is to represent Norwegian users and software
vendors. And we are here because we want to prevent the adoption of a
damaging IT standard in Norway... It's never over until the fat lady
sings, and this fat lady only just got started...
http://www.noooxml.org/forum/t-52412/ooxml-triggers-demonstration-in-norway:let-s-throw-ooxml-out-of-iso
See also the DN-TV video 'Demonstrerte mot Microsoft': http://www.dagensit.no/bransje/article1376549.ece?WT.mc_id=dn_rss
----------------------------------------------------------------------
SOA Software's SOLA Celebrates 5 Years
Staff, SOA Software Announcement
SOA Software, a leading mainframe web services vendor, today announced
that SOLA, its flagship mainframe SOA product, has reached the five
year mark in running reliably extremely high volume production
environments. During this period SOLA has not been responsible for a
single production outage, despite handling tens of millions of
transactions every day. SOLA runs the world's largest mainframe SOA
implementations. A number of SOLA customers use it to run many millions
of mainframe web services transactions per day, and many customers'
plans anticipate volume in the 20-30 million transactions per day range.
Because SOLA offers a complete SOA solution there is no requirement to
integrate multiple products when building an enterprise-class SOA
incorporating the mainframe. SOLA includes a drag-and-drop graphical
development studio, an integrated UDDI registry, WS-Security, WS-Policy,
monitoring, logging, a management console and dashboard, SLA management,
BPEL, SAML, X509 Certificates, LDAP and Active Directory. SOLA eliminates
the complexity and expense of combining multiple products, such as CICS
TS 3.x, WebSphere and RAD... SOLA is the only mainframe SOA product to
offer closed-loop Governance automation. A service is automatically
governed from the point of creation because it inherits a security policy.
Policy, by means of WS-PolicyAttachment, is associated with the service
though all phases of the Software Development Lifecycle. It is not
possible to create or run an ungoverned service. Other features of SOLA
include integration with enterprise change management, Global Dictionary,
Logging, Auditing, Outbound SOAP requests, Batch support, Integration
with external UDDI, version control, support for the Software Development
Lifecycle, WSDL first and integration with SOA Management tools, making
SOLA the only secure, standards-based, and Governable product in the
space. SOLA also offers XACML for authentication and a comprehensive
identity mapping system that allows for the mapping of any credential
(LDAP, etc) to a mainframe RACF ID.
http://www.soa.com/index.php/section/company_press_detail/soa_softwares_sola_celebrates_5_years_of_100_availability/
----------------------------------------------------------------------
Who Trumps bin Laden as a Cyberthreat? Look in the Mirror.
Charles Coope, CNET News.com
From the San Francisco RSA 2008 Conference: "It turns out al-Qaida's
leader and his cohorts aren't the biggest threat to our cybersecurity.
You are... Security gurus have long urged the business world to turn
network security into part of the corporate DNA. The message is not
fully getting through. And now we're seeing the predictable results.
In years past, [Symantec CEO John] Thompson and other computer security
executives have pushed the idea of making cyber-security as familiar
to most people as the fire prevention campaign underwritten by the
government in the 1960s and 1970s. Considering the amount of money
Uncle Sam is spending on cyber-security these days, that's a pipedream.
Department of Homeland Security Secretary Michael Chertoff, who also
presented a keynote on Tuesday, offered litte indication Washington
was about to ride to the rescue. In remarks during his prepared speech
and subsequent press conference, Chertoff offered a dutiful recitation
of what he described as the President's interest in shoring up the
nation's digital security. Give Chertoff credit for being candid about
where DHS has come up short. He said the government needs to reduce
its (literally) thousands of network access points to around 50. At
the same time, Chertoff wants his department to faster detect and
analyze computer anomalies. A big part of that will involve a revamp
of U.S. CERT's early warning system... In the end, however, money
talks and you-know-what walks. The feds only have a $115 million budget
to work with. Chertoff's department has requested $192 million for
the new fiscal year but that's still doing it on the cheap. By
comparison, we spend $720 million in Iraq each day.
http://www.news.com/8301-10787_3-9914611-60.html
----------------------------------------------------------------------
XML Daily Newslink and Cover Pages are sponsored by:
BEA Systems, Inc. http://www.bea.com
EDS http://www.eds.com
IBM Corporation http://www.ibm.com
Primeton http://www.primeton.com
SAP AG http://www.sap.com
Sun Microsystems, Inc. http://sun.com
----------------------------------------------------------------------
XML Daily Newslink: http://xml.coverpages.org/newsletter.html
Newsletter archive: http://xml.coverpages.org/newsletterArchive.html
Newsletter subscribe: newsletter-subscribe@xml.coverpages.org
Newsletter ***: newsletter-***@xml.coverpages.org
Newsletter help: newsletter-help@xml.coverpages.org
Cover Pages: http://xml.coverpages.org/
----------------------------------------------------------------------
