SharePoint Governance - Part 1

You may also be interested in: SharePoint Solutions In-A-Box from Alcero


Editor’s note: Contributor Pramod Attarde is a Senior SharePoint Solutions Architect at the United Nations. Follow him @spproficient

2012-03-29-SPGovernance-Part01-03.jpgMicrosoft®SharePoint® 2010 is user-friendly server side software from Microsoft, which helps the users develop, publish, collaborate, tag, and rate their own solutions. However, organizations using SharePoint need to control and maintain consistency so as to enjoy the benefits of SharePoint. This is where Governance of SharePoint comes into the picture. This article covers a few guidelines for the Governance of activities at the organizational level.

What is Governance?

Governance comes from the Latin word meaning ‘steer’. In SharePoint terminology, governance is setting up processes, policies, roles, and responsibilities for individuals using Microsoft SharePoint. This can enable organizations to control, direct, and guide the individuals to achieve organizational goals as a united team. A good governance plan will help you to successfully streamline product deployment, enforce best practices in information architecture and protect your organization from security threats.

What needs Governing?

As every organization is unique, the needs of each organization are unique too! Depending on the organizational needs one needs to plan a governance strategy. Every organization needs to determine the policies to control and limit the services they provide. Common administrative tasks for a set of sites can be governed in multi-tenancy features. If an IT group is performing this task then it allows them to focus attention on the service itself.

Following are a few pointers on which the governance strategy can be based:

  • Information architecture
  • IT Service hosting SharePoint Server
  • Customization Policy
  • Branding
  • Training

Information architecture:

Information architecture helps you to collect, store, retrieve, and use the information to achieve business goals. Governance of Information architecture helps you to identify and assess problems such as; inconsistent use of metadata, poor management and storage of data, poor presentation of information, multiple and misleading versions of documents and so on.

IT Service Hosting SharePoint Server:

Organizations may need a comprehensive governance plan for new features included in SharePoint Server 2010. For example, you may need governance for a new service application architecture that replaces the SSL model. You may also need to govern the backup and restore improvements in the new SharePoint Server. You may want to govern the multi-tenancy feature, which creates a true hosting environment and makes it possible to share service resources across customers. You may want to ensure that managed accounts that automate password changes are governed.

Enterprises using SharePoint Server should have a solid governance plan to avoid rapid and uncontrolled growth of individually managed Web servers running SharePoint Server. A lack of governance plan may result in many unanticipated results such as; Servers hosting applications that are not secure, isolated servers hosting a loosely organized group of sites without common search index, navigation or security scheme, critical activities and maintenance missed and so on.

In Part 2, Pramod will discuss Customization Policy and Branding.

SharePoint 2010 - Document Management - Part 1

You may also be interested in: SharePoint Hosting by


Editor’s note: Contributor Jasper Oosterveld is a SharePoint Consultant at Wortell. Follow him @SharePTJasper


I would like to dedicate a couple of articles to the document management functionalities in SharePoint 2010. I regularly teach end users using SharePoint 2010. They are used to working with file shares and folders and are completely new to the concept of document libraries, views and metadata. I always like to show them what an improvement SharePoint is compared to file shares.

There are many articles and blogs on this subject and for non SharePoint newbies there may not be much new information. Although I am sure that there are still people out there who don’t know (all) the DM features and would like to know more about it. I am also going to include tips and tricks so maybe even the non newbies will learn something ;-)

I want to address the following DM components:

  • Metadata
  • Office integration
  • Security
  • Workflow
  • Collaboration
  • Versioning
  • Templates

In this blog I would like to start by talking about Office integration.

Office integration

You can open and edit Office documents in the browser or open the documents in the Office client application. To be able to open and edit Office documents in the browser the Office Web Apps need to be installed and activated. Are you using SharePoint Online? You have to be sure that the Office Web Apps are included in your license package and also attach the license to the users.

The Office Web Apps are a powerful and useful feature in SharePoint 2010. The major advantage is that you don’t need a local Office client, such as Word, to open and edit documents. Instead, this can be done with only the browser! This means that you can view documents from every computer which has a browser and internet connection of course ;-). It is also easy to edit a document in the browser. The following screenshot shows an example:

There are fewer options using this method but I don’t think that it’s a major problem for most users. I’ve found that most of the time users want to edit the text and nothing more. I still hope that in the future the options will get closer to the On Premise version. Seeing how Microsoft is trying to get SharePoint Online to have the same functionalities as SharePoint On Premise this will probably happen.

Metadata and Office

Office documents are stored in a SharePoint document library. The document libraries will always use metadata such as the document creation and modification date or the version. This metadata is also available within the Office document. Let’s look at the following example:

There is basic information such as pages and words but there is also the custom metadata column I created, called: Category. I created this column in the document library and now it’s also saved as a document property. That is pretty cool. I can change additional properties by clicking Properties and Advanced Properties:

If I am correct, fields such as Keywords should be indexed by the SharePoint search engine. That makes this document more ‘findable’ within the search results.

Office 2010 co-authoring

Another really cool feature is co-authoring. You can now work together, at the same time, on Office documents! I have done this with Word and it works really well. The Word document shows the co-authoring as follows (I had to borrow these screen-shots from the Internet because I had no time to simulate this with a co-worker):

As you can see there is no way to change each other’s text because the paragraph is blocked. You can also see by whom. Nice!

The user names are displayed. I hope you have Lync because now you can start a chat and talk about the changes you are making to the document. Collaboration at it’s best!

There are a couple of things you need to consider:

  • You can work together in Office client applications such as PowerPoint and Word.
  • You can only use the Excel Web App for co-authoring.
  • A OneNote book needs to be published to SharePoint before you can use the co-authoring feature.

The next version of SharePoint and Office will probably support co-authoring in the Excel client application.

Tips and tricks

Here are some tips and tricks:

  • Always check if the Office Web Apps are activated at the Site Collection level.
  • The advanced settings of the document library contain the option Opening documents in browser. You can set this to Yes so you are guaranteed that documents are opened in the browser.
  • Are you using SharePoint Online? Be sure that you have the Office Web Apps license and don’t forget to attach it to the user(s).
  • The co-authoring can only work if the check out option is disabled. So be sure that option is deactivated in the versioning settings.

How to get absolute URLs in SharePoint

You may also be interested in: UserVersity lessons from Mindsharp


Editor’s note: Contributor Wendy Neal is a SharePoint 2010 Developer/Architect for GreatAmerica Leasing Corp. Follow her @SharePointWendy

Recently I was working on a project where I am building a Site Directory that lists all top-level site collections and their first level sub sites.  In addition, for each listing we wanted to display the site image and some other information.  We encourage our users to change their site image and theme to make their sites their own, and many do.

The site images were displaying fine for those that typed absolute URLs into the Logo URL field; however, for the ones that were using relative URLs, those images were not rendering because they did not exist at that relative path on the site collection that was hosting the site directory.

I did some searching and found this great post that explains exactly how to derive the absolute URL from any relative URL in SharePoint:

Use the SPSite.MakeFullUrl() function:

Simply pass in the string of the relative URL and it returns you the absolute URL.

For example:

Returns you the full absolute Url of the site image.

This article was originally posted on Wendy’s blog SharePointWendy.

SHARE: The SharePoint Conference for Business Users Comes to Atlanta, April 23-26!

You may also be interested in: SharePoint training by SharePoint911


Editor’s note: Contributor Bonnie J. Surma is a SharePoint community evangelist, sponsor manager for, advertising and services for, SharePoint end user support consultant for TCSC, Midlothian, Virginia. Follow her @sharepointmom.

This is the first in a series of articles Bonnie will be writing, detailing major SharePoint industry conferences.

SharePoint business users have spent valuable time and resources over the past few years attending conferences, only to come away still hungering for more information. SHARE, after much research into the needs of the business, has grown globally to address these cries. Why in the world do we need one more SharePoint conference, you ask? Whether you are a trainer, a site owner, a site administrator, a business analyst, a CIO, etc., etc., this conference is for you! And, if you’re a techie, you will also be welcomed with opened arms to learn about… the business!

Since many in the SharePoint community are on Twitter, following conference #hashtags and tweets is commonplace. It’s even an added bonus to follow other folks who may not be part of your realm of usual tweets. During SHARE Australia in November, I locked in to one attendee who continued to post. Ali Mountifield’s posts caught my eye, not only for content of her posts but because of her Twitter name-@alitripletmom. It’s wasn’t long before I was following her. We had a lot in common-she was a mom of multiples and so am I, and we both love SharePoint.

Ali works for the Australian federal government and was fortunate to attend the very first SHARE Conference in Australia in 2010. That first year she wanted “to get an insight into SharePoint 2010 as they were migrating 150 sites the next year.” With sites deployed, Ali did not hesitate to return the next year to see what others were doing and how to get people “to come back to a site again and again.”

Traveling to Australia for SHARE as well as evangelizing the SHARE Conference efforts in South Africa, Veronique Palmer, SharePoint Most Valuable Professional (MVP), has helped the communities in South Africa grow in their understanding of SharePoint through training, user adoption strategies, and working with them to understand and create their governance or guidelines around the solutions. Veronique brightens any room she enters and shares and understands stories from the SharePoint trenches! She started her own company called Lets Collaborate that bridges this gap in the SharePoint world.

“The great thing about SHARE is it is all about the customer stories. You get to see how people just like you are overcoming SharePoint challenges in creative ways. It gives you dozens of new things to try in your world. The networking opportunities are invaluable!”

Veronique continues to encourage participation at SHARE because “clients can learn new things and make new friends, job hunters and seekers have plenty of opportunities, techies can become rock stars by attending and understanding business challenges, and vendors can strut their stuff. It’s a win-win situation.” For the site collection administrator and site owner managing large structures and those rolling out SharePoint to the organizations, Veronique encourages that “SHARE is absolutely for you.”

Veronique points out that “business users are not early adopters, but they are the ones who get stuck leveraging the technology long term and have to figure out how to address those using it.”

Business users have not been purposefully left out of conferences, but the main thrust of many SharePoint conferences leans heavily on the technical side. Business users want solutions to their challenges. They want to see what others are doing with SharePoint and ideas on how to get their sites more appealing with increased traffic and usability. Business users want to do their jobs better and be empowered to build solutions at their fingertips

“SharePoint Saturdays and other conferences focus on all types of audience participants. This means they all include content specific to technical developers, technical IT pros, and technical architects. Navigating this can be a challenge, so can participating in conversations and discussions with other attendees. However this event is focused on the business and the end users instead of the technical side,” states Richard Harbridge, community leader and evangelist for the business users.

There’s still time to be part of this first gathering of business professionals in the United States who build and manage solutions using Microsoft SharePoint. No need to wait for another team member or someone at your company. If you are the one who is carrying the torch in your company for your team site or your entire SharePoint implementation, gathering with this group of professionals is essential. The SharePoint community is the most supportive technology community around today. Connecting with them face to face will give you a clear understanding of their commitment to you and what you are doing in your company.

SHARE Atlanta brings SharePoint professionals focusing on the business to one place to meet one purpose—YOU! Plan to attend this four-day conference and ignite your passion for SharePoint. An additional bonus is a FREE workshop to be held on Monday afternoon, April 23, called “Delivering Enterprise SharePoint Success at Share.” In addition, attendees can register for a deep dive in “How to Effectively Plan, Manage, and Control SharePoint,” a full-day workshop led by Dux Sy and provides six PDUs. Join Michael Sampson for “Strategies for User Adoption” and Ant Clay, chief strategy officer, 21 apps, gathers the crowds for “SharePoint Innovations Games Workshop for Requirements.” The workshops cost an additional fee, but the information gathered will be well worth the cost.

SHARE is produced by The Eventful Group and brings the best to the SharePoint business community. Ali Mountifield found it helpful that The Eventful Group staff connected her with other SharePoint professionals who were experiencing the same situations. She was amazed that they knew their attendees that well and could make those connections. Veronique and Richard also witnessed firsthand how much The Eventful Group cares about what they do and about you as a SharePoint professional. Connecting you to other professionals is their priority.

Come hungry and be fed. Plan now to attend SHARE Atlanta. Registration is open. Bring the team or come alone where networking with others will happen naturally. Don’t miss this event. It will change your professional life and provide resources for your company beyond what you can imagine.

For more information on SHARE and to register, visit

Responsive Design for SharePoint (internet sites)

You may also be interested in: The SharePoint Shepherd’s Guide for End Users from SharePoint Shepherd


Editor’s note: Contributor Will Saville is a co-founder of BrightStarr. Follow him @sharepointux

Overview of Responsive Design

The argument to provide multi-device and multi-channel support for your website is compelling. Three years ago, desktops made up around 90% of the devices we used to connect to the internet. That percentage has now dropped to around 50%, solely due to the number of smartphones and tablets contented to the internet – a trend that it’s fair to assume will continue and over the next few years there will be more people using these devices than desktops.

Anyone that is serious about their web strategy clearly needs to ensure that they can optimise the user experience for mobile users and deliver relevant content across different devices and platforms.

Responsive design is one of a number of techniques that enables content to be delivered in a mobile optimised way. It is literally a ‘one sized fits all’ approach to delivering cross-device content and uses CSS media queries to detect the screen size of the device the content is being viewed on, and displays the content in accordance with the size of the device (whether it’s a large format plasma TV or a small screen smart phone).

Responsive design and SharePoint

Responsive design sits really well with content management systems such as Microsoft SharePoint. With responsive design, you can achieve a cross-platform, cross-device experience without having to build additional native mobile applications or content management tools. This means that SharePoint can still be a single repository for all your media and content.

Once a responsive framework is in place, content can be managed in SharePoint without any change to the editing process or workflow. Editors can continue to manage their content in the same way they always have done. The only real content challenges come into play when you take a purist approach to responsive design. Let me explain. Responsive design scales media assets to fit the size of the screen; this means, for example, a large image will shirk to fit a mobile device. Great I hear you say, but that image will still be the same file size, this ultimately means that the weight of the page will be the same on a desktop (where you need large media assets) as it is on a mobile (where you need smaller assets). There are really two answers to this problem; 1) the first is to create additional mobile media assets in SharePoint and then use a mobile framework to serve those assets based on the device that’s view the site. 2) the second is to do nothing and except that the ability for content managers to deliver content faster (by only having one set of media content to create) outweighs the need to reduce page weight and therefore load time on mobile devices.

A responsive approach

Planning and delivering a responsive website in SharePoint requires a bit of a mind shift and a change in approach if you want to be successful. There are really 3 key things you need to do to ensure successful delivery:

  1. Mobile first mind-set
    Your team needs to think mobile, mobile, mobile. Let’s face it, we’ve all been used to looking at websites on desktop devices but to be successful at mobile design you need to think mobile. This usually means focusing on the most important content and information that an end user will see and interact with. There isn’t any room on a small screen for unnecessary screen elements or content. Although this can be a mind shift at first, it usually results in an overall better user experiences that’s focused on the essentials.

  2. Find a suitable responsive framework
    There are a number of frameworks out there now and there is no point in reinventing the wheel. I would recommending testing out a few different frameworks and find the one that works best with your requirements and the skills of your team.

  3. An iterative project approach
    Designing and planning a site to be cross-device is challenging. For example, standard techniques like wire-framing can fall over when you’re planning to go across different devices. Having just completed my first responsive SharePoint web project (, I would strongly recommend the use of an agile iterative methodology that will enable you to explore ideas and concepts across devices, test them out and then tweak and change them based on user feedback.

So where is the return on investment?

The return on responsive is pretty straightforward. The more people you can communicate to on the web through different devices, the more likely your products and services are likely to be found and purchased by perspective customers.

There are also cost savings to be made when it comes to responsive design and SharePoint. For example, maintaining a single code base that can deliver an optimum experience across all internet connected devices means that additional applications don’t need to be developed and more importantly, changes can be made in a single place rather than on multiple platforms.

Responsive design also means that content managers only need to use SharePoint to manage their content, resulting in reduced training cost and time savings.

With responsive design delivering content across devices, using WCM platforms like SharePoint doesn’t need to be difficult. There will be challenges along the way but these are far outweighed by the potential benefits.

Using jQuery to Modify the Name Displayed on the Welcome Menu

You may also be interested in: SharePoint-based solutions by B&R Business Solutions


Editor’s note: Contributor Chris Grist is a Senior Technical Consultant for Loftus IT. Follow him @gristdog

This weekend I was working on a project, doing some branding, in lots of screenshots of SharePoint sites I had seen instead of the usual “Chris Grist” site welcome menu, something more interesting, so I decided to investigate and use jQuery to set a nice greeting message for the user.



The first step is make sure you have jQuery registered on your page, you can link directly if your box has internet access, or embed it from the Style Library yourself like so:

<script type="text/javascript" src="/Style Library/CustomBranding/js/jquery−1.5.2.min.js">

The next step is the sjQuery, which basically gets the username and concatenates three strings and replaces what was already there.

<script type="text/javascript">
ExecuteOrDelayUntilScriptLoaded(AddWelcomeToUsername, "sp.js"); 
function AddWelcomeToUsername() {
var userName = $('[id$=_Menu_t]').children("a").children("span").text(); 
var welcome = "“Welcome "; 
var ex = "!"”; 
userName = welcome + userName + ex; 

In this example: the author switches firstname and lastname when the organisation displays it in the format Grist, Chris.

Happy SharePointing.

Mobile SharePoint Clients Review:

You may also be interested in: O’Reilly - SharePoint 2010 at Work


Editor’s note: Contributor Chris Howell is Acting IT Systems Analyst at WorkCover NSW. Follow him @enigmaticit

Following the posting of my Mobile SharePoint Clients Overview article on Nothing But SharePoint, I became aware of this application. I had not previously come across for iOS when preparing for this series of reviews and in the end only found the application when searching by name within the App Store. Icon is available for both iPhone and iPad and is a free download. At the time of writing this review (26 March 2012) the application is at version 1.1 and is only a 1.7 MB download.

This review is written based on using the application on an iPad 2 running iOS 5.01. The application has primarily been used with an Office 365 site but I also connected to a SharePoint 2007 site.

The application is very simply described as:

"Share documents and collaborate with your colleagues by connecting to Microsoft SharePoint sites"

Unlike other Lite or free applications, there are no listed restrictions or limits to how the application can be used.

Tapping the application icon, launches and appears to work only in a portrait orientation. This applies even if the iPad is locked to landscape orientation. The fixed orientation works well but I personally prefer to use the keyboard in a landscape mode (bigger keyboard).

This aspect of the application was going to make this a long post due to image size so I’ve truncated some of the screen shots.


After the application splash screen has displayed, you will be presented with the nice, clean and simple interface showing the Sites page: Sites Page

Other icons along the bottom of the screen include:

  • Browse
  • Locations
  • People
  • Settings

To configure a SharePoint site, tap the + symbol in the top left corner. This brings up the following window for you to enter details of the site: Add Site

  • Enter the URL of the site inclusive of the http:// or https:// to avoid any error when trying to save the site
  • Select your authentication mode from the available options: Automatic or Browser

If you select Browser, you will not be required to enter any further details. If you choose Automatic, you must enter:

  • User name
  • Password

Tap save when you’ve finished. If there are any errors you are given the chance to resolve or alternatively you can still save the site even though it won’t connect. Once saved, you are returned to the Sites page: Site Added

Tapping the Edit button in the top right hand corner will allow you to amend any settings, amend the order your sites appear in (when you have more than one) or delete a connection to a site.


Tapping to select a site will then take you into Browse mode: Browse Site Content

Personally, I’d like to see a count indicator that shows the amount of content within a folder e.g. Shared Documents.

From here you can drill down into any available subsites or access site content such as the Shared Documents library: Shared Documents

Tapping in the top right corner allows you to select the sort options for the library content. Tapping on a document icon allows you to favourite content.

You also have the option to use the search field to find content.

Tapping on an item of content will bring up the information panel for the item: Document Properties

In addition to seeing the document information in the above example, you have a number of icons down the left hand side

  • Send - Send as Link or Send as Attachment
  • Copy Link - Self explanatory
  • Open With - Quick Look, Open In "Pages" (or equivalent installed App) or Open In…
  • Properties - More detailed properties including ratings with option to edit
  • Check Out - allows you to Discard Check Out or Check In


The locations area allows you to view the history of locations that you have visited. If you have made any content a favourite then it will also be shown here.

You can edit any content that appears in this section by tapping the button in the top right corner. Using this option, you can clear a favourite and also clear your viewing history.


This is a very interesting feature of the application and something I would very much like to see in other SharePoint applications on iOS.

Using this feature, you can search the social server configured within settings to find user profile information. The screen shot below shows information that is coming from the Office 365 My Site user profile: People Search

You can tap the email address to either send an email to the person or copy their email address to paste elsewhere.

On the iPad, you can tap the Work Phone number to either Add to Contacts or Copy. On the iPhone, you can call the number.

Skills, Ask Me About, Interests and About Me are all brought in from the SharePoint 2010 site.

At the very bottom of the screen there is the option to view updates from this person. I wasn’t able to get this feature to update despite several attempts and leaving for some time to allow any timer jobs to run.


This area of the application allows you to configure a number of areas of the application: Settings


Allows you to configure the Social Server to be used for people search based off sites that have been added within the application.

You can also configure options to display the My Site within the application and define the My Site Host URL. If this option is switched on, the My Site will appear in the Sites area.


Allows you to configure the number of last visited locations to be remembered. The default setting is 15.


Allows you to configure the timeout value (default: 30 mins) and the max items to be cached (default: 150).


Allows you to configure whether SSL Certificate Validation is to occur. Default value is on.


Allows you to configure logging for General, Network and UI. The default setting is off.

There is also an option to submit logs to support.


Allows you to clear any proxy credentials.


For a free application, this is very impressive. It has a nice clean user interface and is easy to use. The inclusion of People Search makes this stand out from other free applications and I believe this needs to be an inclusion in other applications (and not just at an Enterprise level).

The lack of any obvious security features means this application would be for casual use and not suitable for the Enterprise with sensitive content. Saying that, I’d be prepared to consider paying a reasonable price for an upgrade to a full version with security features.

The thing that appears to impact this application most is its lack of visibility within the App Store; if you search for "SharePoint" you don’t find it.


  • Feature rich free client with no apparent imposed limitations
  • Incorporates People Search which would assist collaboration
  • Great interface design
  • Ease of use


  • This application lacks visibility within the Application Store. If I hadn’t searched by name I wouldn’t have found it.
  • Lack of security options/features
  • Wasn’t able to get My Site updates working in the application

How’s your SharePoint Spanish?

You may also be interested in: Assigning SharePoint Column View Permissions by SharePointBoost


2012-03-27-SkunkWorksSouthAmerica.gifMy good friend Fabian Imaz just sent me over a link to SkunkWorks SharePoint Portal, an online magazine for all versions of SharePoint. What makes it unique? It’s in Spanish!

This is confirmation that the Sharing the Point Tour South America/Antarctica really did reach the community of SharePoint users down south. I asked him to send me over a blurb so we can start spreading the word. Fabian and his team look forward to your support as their community continues to grow.

Please leave greetings and support in the comments below… in ANY language :-)

From Fabian Imaz:

CompartiMOSS, es una revista digital de SharePoint para compartir información acerca de la plataforma y las tecnologías relacionadas. Esta revista  está siendo lanzada cada 3 meses donde autores de diferentes países de américa del sur, España y otros países de habla hispana colaboran con este proyecto.

Los 3 directores, MVP en SharePoint, han estado trabajando en cada número, editando, diseñando y escribiendo incluso artículos para lograr que la misma tenga el contenido que nuestros lectores están acostumbrados. Lo mejor de todo es que número a número la cantidad de lectores va en aumento y muchos de ellos quieren compartir sus experiencias con todos nosotros. 


CompartiMOSS it’s a SharePoint digital magazine to that shares information about the platform and related technologies. The magazine is being released every 3 months, with the collaboration of different authors from South America, Spain and other Spanish speaking countries.

The 3 directors, all of them SharePoint MVPs, have been working on each issue of the magazine, designing, editing, and writing articles to create this great magazine. The best thing is that with each release there’s an increasing number of readers and people interested in collaborating with this project by writing an article or sharing their experiences in the magazine.

Making Sense of HTML5 with SharePoint: What Is HTML5?

You may also be interested in: Secure SharePoint with User Claims White Paper from Titus


Editor’s note: Contributor Marc D Anderson is the Co-Founder and President of Sympraxis Consulting LLC. Follow him @sympmarc

This iteration of HTML is the first in a long time (HTML 4.01 – the current standard - was published as a W3C Recommendation way back in 1999), and I’d argue that it’s the first in the new age of branding, logos, and chiclets for everything that anyone thinks up. Because of this, there has been far more hype for HTML5 than we used to see with a new technical standard. In the old days, the techies working directly with a standard might get excited about it, but word spread more slowly and there were few podia from which to extol their virtues.

Nowadays, everything gets a brand and blog posts and press releases, all of which zing around the planet at light speed, and HTML5 is no exception. The HTML5 logo is showing up all over the place - at least in the places where I hang out. HTML5 has become a term which describes one thing – or many things. Because of this, there’s some confusion about what it even is. It may even be a floor wax and a dessert topping.

Depending on what you read or who you talk to, you may hear that HTML5 is one of the following:

  • A new standard for the HTML markup language
  • A melding of new HTML, JavaScript, and CSS capabilities to provide zingy new capabilities
  • An entirely new way to think about and work with the Web

In my opinion, on the spectrum of options 1 to 3 above, HTML5 is definitely the first, is strongly connected to the second, and may well lead to the third.

The truth is, we’re always inventing a "brand new Web". As time goes by, there are new ways to do things and some truly innovative changes. jQuery is certainly one of those innovations, as it has allowed us to bring high levels of interactivity to Web pages with far less effort than plain old JavaScript.

When it comes to SharePoint, we have some challenges. Due to SharePoint’s generally three-year release cycle and the pace of change on the Web, SharePoint is always behind when it comes to the latest Web technologies. Some of us work to enhance past that, but it can be a struggle with a platform that is a static as SharePoint is. The flip side of this, of course, is that SharePoint is an "enterprise class" platform that can be far more reliable and predictable than some of its more frequently updated cousins. (Cue laugh track here from many SharePoint developers, but trust me that it’s true.) There’s always the danger that today’s shiny new penny will be tomorrow’s recycling, so jumping on every hot new technical option right away can be a huge mistake. With SharePoint, Microsoft insulates us from that problem, yet at the same time our options can be somewhat limited.

But enough rhetoric and opinion. What is HTML5 really, anyway?

When I first start to learn about something in the technology space, I’ll often go and visit the Wikipedia page for it. I don’t always read all of the definition – oftentimes they go straight into the weeds – but just the first paragraph or two. That gives me a good feeling for what the thing is all about.

Here’s the first paragraph about HTML5 on Wikipedia (as of 26 March 2012, footnotes removed):

 - HTML5 is a language for structuring and presenting content for the World Wide Web, and is a core technology of the Internet originally proposed by Opera Software. It is the fifth revision of the HTML standard (created in 1990 and standardized as HTML4 as of 1997) and as of March 2012 is still under development. Its core aims have been to improve the language with support for the latest multimedia while keeping it easily readable by humans and consistently understood by computers and devices (web browsers, parsers, etc.). HTML5 is intended to subsume not only HTML 4, but XHTML 1 and DOM Level 2 HTML as well. -

What this tells us is that HTML5 is simply a progression from earlier versions of HTML – no surprise there based on its name. It also tells us that it includes improvements for the "modern" things we see on the Web, such as the "latest multimedia". Today that means videos and audio, but it may well mean new things we don’t even know about down the road. (Anyone remember Smell-o-Vision?) The new HTML5 standard adds new elements and attributes to the HTML standard and also deprecates some others (e.g., font, center).

One of the main goals for HTML5 is to bring us closer to what has been called the "Semantic Web". This is another term I find confusing. Turning again to Wikipedia for a definition (again, as of 26 March 2012, footnotes removed):

 - The Semantic Web is a collaborative movement led by the World Wide Web Consortium (W3C) that promotes common formats for data on the World Wide Web. By encouraging the inclusion of semantic content in web pages, the Semantic Web aims at converting the current web of unstructured documents into a "web of data". It builds on the W3C’s Resource Description Framework(RDF). 

According to the W3C, "The Semantic Web provides a common framework that allows data to be shared and reused across application, enterprise, and community boundaries." - 

Gobbledy-gook, if you ask me. The point is to improve the way we mark up and delineate content in Web pages so that other applications can better understand that content and use it in other contexts. Hopefully that’s a little clearer, but let me give a very small example.

In a Web page today, we’re very likely to see something like this markup:

<div class="my-app-title-class">This is the Title of an Article</div>
<div class="my-app-body-class">Praesent porta massa vel lacus sodales placerat. Nam diam orci, pulvinar eu dapibus bibendum, rutrum in arcu. Etiam lorem mauris, vehicula dignissim commodo ut, tempus id sapien...</div>

This is all well and good. The title is displayed in the user’s browser with some CSS applied to it that makes it stand out somehow, the body text follows with some appropriate formatting, and they read it - grand. But other applications can’t look at that markup and make sense of it unless they understand the arbitrary CSS classes we’ve decided to use. What the Semantic Web principles say is that we should make it far clearer what that content is.

Here’s another way to publish that same content:

  <h1>This is the Title of an Article</h1>
  <p>Praesent porta massa vel lacus sodales placerat. Nam diam orci, pulvinar eu dapibus bibendum, rutrum in arcu. Etiam lorem mauris, vehicula dignissim commodo ut, tempus id sapien...</p>

It’s a tiny example, but by adding that new article element, we can indicate to other applications that this page contains, well, an article. That’s the basic idea behind the Semantic Web - making the content more understandable both internally to the browser and externally to other applications.

The HTML5 standard contains new elements that help to move us closer to the Semantic Web idea. Here is the list, taken from the HTML5 standard, which helps us to improve structure:

  • section represents a generic document or application section. It can be used together with the h1, h2, h3, h4, h5, and h6 elements to indicate the document structure.

  • article represents an independent piece of content of a document, such as a blog entry or newspaper article.

  • aside represents a piece of content that is only slightly related to the rest  of the page.

  • hgroup represents the header of a section.

  • header represents a group of introductory or navigational aids.

  • footer represents a footer for a section and can contain information about the  author, copyright information, etc.

  • nav represents a section of the document intended for navigation.

  • figure represents a piece of self-contained flow content, typically referenced as a single unit from the main flow of the document.

  • figcaption can be used as caption (it is optional).

As you can hopefully see from this list, we can more clearly indicate what the content in the page actually is, rather than just getting it on the page looking right.

There are many other new elements and attributes, changed elements and attributes, and "absent" (or no longer OK) elements and attributes listed in the HTML5 standard. Rather than copying them all into this post, I’d recommend that you peruse HTML5 differences from HTML4 if you are interested in the details.

Of course, everyone wants to know about the stuff that will make pages more zingy and fun in SharePoint, and in upcoming articles, I’ll go into much more detail on those changes. The improvements I touch on above, while not as flashy, may well have a bigger impact on the Web at large. You just may not see the differences right away.

SharePoint, Security, and Compliance - Part 1: Compliance

You may also be interested in: SharePoint Solutions In-A-Box from Alcero


Editor’s note: Contributor Mike Fleck is Co-founder of CipherPoint Software, Inc. Follow him @mfleckca

2012-03-09-SPSecurityCompliance-Intro-01.pngIn our first article in this series, we promised to tackle SharePoint security and compliance topics.

Let’s start with compliance and SharePoint. Nothing makes most peoples’ eyes glaze over faster than compliance (except for maybe governance). But stay with me here; it’s an important topic that is worth thinking about in the context of SharePoint for at least three reasons. First, compliance failures can land your organization in the news for the wrong reasons, so it’s important to understand your compliance obligations, and to ensure that your SharePoint infrastructure and security controls are up to snuff. Second, compliance and security are inextricably linked, such that much of what we do to secure SharePoint sites and content helps to achieve compliance, and vice versa. Finally, as most IT security folks will tell you, there is a "silver lining" associated with compliance. Compliance has been driving security decisions and budgets for the past few years. Depending on the industry you are in, it may well be that mentioning "PCI compliance", "HIPAA/HITECH compliance", "SOX compliance", etc. can help to magically free up budget for things that you need to both ensure compliance, and adequately secure your SharePoint sites and content.

Compliance is a much abused term. For the purposes of this discussion, we’ll assume that compliance = compulsory requirements that your organization must adhere to in order to secure information. These may include requirements imposed by government regulations, they may include industry standards that are mandated within a specific industry (PCI DSS for credit card data is an example), and they may include company standards that you must adhere to. Whatever the source of your requirements, compliance means understanding the requirements, implementing controls in your IT systems to meet the requirements, and producing evidence of compliance on a regular or as-needed basis.

The most likely points of compliance intersection for SharePoint sites (and we believe the most important potential consequences) arise from these regulations, in these areas:

HIPAA/HITECH, which requires various security controls to protect access to electronically protected healthcare information (EPHI). Covered entities include healthcare providers and payers, including large organizations that self-insure, and service providers who handle and process ePHI on behalf of these organizations.

Payment Card Industry Data Security Standard (PCI DSS). In an attempt to self-regulate, the large credit card brands developed this industry standard, adherence to which is compulsory for all retail organizations, as well as banks and others in the payment processing chain.

Gramm Leach Bliley Act (GLBA). This financial industry regulation and the associated guidance from various regulators specify numerous security controls that are to be used to protect access to customer non-public personal information (NPI). Firms affected by GLBA include banks, savings and loans, credit unions, insurers, mortgage firms, and others in the financial services industry.

State privacy laws. At last count, forty-five states have enacted data privacy laws, which generally require breach disclosure for security breaches which result in the loss or theft of their citizen’s personally identifiable information (PII). PII includes such things as social security numbers, account numbers, driver’s license numbers, and so on.

It may be non-intuitive that some of these regulations would impact SharePoint sites, even within firms in the regulated industries. Without overgeneralizing, the extent to which your SharePoint sites fall under these compliance regulations is driven by the data captured and stored in SharePoint. If the sites capture, process, or store credit card information, then they are considered to be part of what PCI DSS calls the "cardholder data environment", and will be subject to the specific security controls specified in PCI DSS. If you are considered a covered entity under HIPAA, and health information on patients, employees, or customers is stored in files in SharePoint, then your sites will be subject to the HIPAA Security Rule and HITECH provisions. If your sites have files in them containing the personally identifiable information for customers, then you are almost certainly subject to the provisions of state data breach laws, and subject to GLBA security control requirements if you are a financial firm.

Many common SharePoint use cases can put your site squarely into one of these regulatory compliance buckets. Examples include using SharePoint as a public facing website and capturing orders via credit cards, and using the platform to scan in and store financial customer applications. Even simpler scenarios also come to mind, such as extracting customer files from your financial systems, and storing them on SharePoint for collaboration between members of your marketing department.

For most of these regulations, if you determine that the information in your SharePoint infrastructure puts you "in scope", then you’ll have to understand and implement the security controls specified. The consequences of failing to comply can be significant. A very recent example from the healthcare world is Blue Cross, Blue Shield of Tennessee, who experienced direct costs of $15.5M due to the theft of a number of (unencrypted) disks. The HIPAA enforcement authority, DHHS, has just fined the insurer an additional $1.5M. As a result of this security breach, the insurer is now implementing encryption as a default security control for data at rest throughout their IT infrastructure.

A final thought on what the future is likely to hold. Sadly, because none of us really like being told what to do, we’re likely to see more compliance requirements impacting SharePoint. The legislative winds are blowing on Capitol Hill, and in light of the massive number of well documented (and successful) attacks targeting critical infrastructure in the US (search the web for the term “Advanced Persistent Threat”), the odds are good that we’ll see sweeping new legislation affecting all industries involved in supplying or supporting critical infrastructure. The draft bills being discussed give the Department of Homeland Security the responsibility to create and enforce adherence to standards for IT security in industries that are deemed critical infrastructure.

Our next few articles in this series will focus on what you need to do to bring your SharePoint sites into compliance with the big compliance regulations that have significant IT security control impacts: HIPAA/HITECH, PCI DSS, GLBA, and state data breach laws. (Note: if you have other examples of compliance regulations that are impacting your SharePoint sites, we’d love to hear about them! We’re working with customers on compliance projects involving ITAR, SOX, and 21 CFR 11, so we expect there’s at least some intersection here as well. Start a discussion by commenting below, or drop me a note.)