Can I distribute s/mime certificates to MDM managed users via Mavericks Server?

Similar Messages

• How can i get newly added contacts for a Mailbox User in Exchange Server 2013

  Hi all,
  I need to synchronize contacts in Exchange Server and Sugar CRM Application, for that
  i need to get newly added contacts for a User in Exchange Server 2013 by using EWS Managed API.
  I know how get the list of all contacts for a particular user , but in the list how i can find
  new contacts ?

  Hi Dora,
  that's the fun thing:
  You add your own property (and it'll be invisible to outlook users, not to worry).
  Extended Properties allow you to define custom property on Exchange Items. And it has a
  method for setting those too.
  Here's a short post doing a very simple intro on using Extended Properties.
  Glen's Exchange Blog is a generally useful resource when working with EWS, I'm confident you'll be able to find lots of tips there as well.
  Cheers,
  Fred
  There's no place like 127.0.0.1

• Safari can't establish secure connection in parental controls managed user account

  Hi,
  Safari can't establish any secure connection in parental controls managed user account. Normal web sites open OK, but secure connections, like Gmail which requires https doesn't work. This is what I get instead:
  Safari can’t open the page “https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false& continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694 le36z&scc=1&ltmpl=default&ltmplcache=2&from=login” because Safari can’t establish a secure connection to the server “www.google.com”.
  Any ideas how to overcome this?

  Do you have anti virus software installed, or Peer Guardian?
  "https note: For websites that use SSL encryption (the URL will usually begin with https), the Internet content filter is unable to examine the encrypted content of the page. For this reason, encrypted websites must be explicitly allowed using the Always Allow list. Encrypted websites that are not on the Always Allow list will be blocked by the automatic Internet content filter."
  From here:  
  Mac OS X v10.5, 10.6: About the Parental Controls Internet content filter

• How can local user send message to other user via OSX server in mac maverick

  I just install OS X server in mac mavericks and enable services such as message, DNS, VPN, etc. I also create local users and local network users. I add some local users from OSX server to Message app in order to message to server, but I cannot send any message to those user, even Bonjour is available but I cannot use it to send message in local network.
  I already followed all Server Help in Messages like in this image:
  I try to access to my local OS X server via IP address by using other PC, Mac and iPhone and I can get this interface:
  I already try in iPhone to send message to local user in OS X server after accessing to OS X server via IP Address, but I don't know how local user can get that message and I see nothing in message_archives of message data of server. Therefore, how each user in OSX server can message to each other across OSX server ? Does Admin have to write some codes or make configuration for providing message services to those users ?
  Message was edited by: chhanmalin

  Client users need to use XMPP client app to log in to server with account name like in server , then user can send message to other users in server. Client users can use iphone, pc, or mac.

• Can non Managed users be iCal server users?

  Currently we've had moderate to good success with our test runs or iCal server. One item I'm not in love with however, is that inorder for someone to have an iCal user account and set up iCal on their machine, I first have to enable and set up Open directory. The down side to this is that it then makes them a "Managed User" meaning that there password and login is defined by the server.
  We'd like to be able to add people into the mix, without having them be a managed user, and especially without forcing their computer login password and iCal and or server password to be the same.
  Thanks in advance for any tips on this,
  Greg Montgomery

  So having the machine bound to the server isn't such a problem, although if it can be done for some users sans that I'd be interested in learning how.
  The bigger problem is that the users are forced to change their passwords/logins on their machine to match the password on the server.
  For the most part that is OK, but we have a few users who have their own laptops, and don't like having us control their login.
  Greg

• How can I use Windows IAS to validate WLC management users?

  I am having a problem using my Windows IAS radius server to validate management users for my 2112 Wireless Lan Controller.
  I have defined the radius server and it works ok with the policy for validating wireless clients but not for WLC management users.
  The Remote access policy seems to be set up correctly as the event viewer on the server shows:-
  Event Type: Information
  Event Source: IAS
  Event Category: None
  Event ID: 1
  Date:  09/02/2011
  Time:  11:06:06
  User:  N/A
  Computer: UK01DC07
  Description:
  User xxxxxx was granted access.
  Fully-Qualified-User-Name = TRAVEL.OAG.com/Dunstable Admins/xxxxxx
  NAS-IP-Address = 10.10.45.210
  NAS-Identifier = UK03NM01
  Client-Friendly-Name = UK03NM01
  Client-IP-Address = 10.10.45.210
  Calling-Station-Identifier = <not present>
  NAS-Port-Type = <not present>
  NAS-Port = <not present>
  Proxy-Policy-Name = Use Windows authentication for all users
  Authentication-Provider = Windows
  Authentication-Server = <undetermined>
  Policy-Name = UK03NM01 - login
  Authentication-Type = PAP
  EAP-Type = <undetermined>
  But, the WLC log shows:
  *Feb 09 11:06:06.612: %EMWEB-1-LOGIN_FAILED: ews_auth.c:2104 Login failed. User:xxxxxx. Service-Type is not present or it doesn't allow READ/WRITE permission..
  The WLC just returns the login screen
  Any thoughts?
  Thanks in advance
  Richard

  Event viewer shows :
  Event Type: Information
  Event Source: IAS
  Event Category: None
  Event ID: 1
  Date:  10/02/2011
  Time:  08:49:39
  User:  N/A
  Computer: UK01DC07
  Description:
  User xxxxxxxx was granted access.
  Fully-Qualified-User-Name = TRAVEL.OAG.com/Dunstable Admins/xxxxxxxx
  NAS-IP-Address = 10.10.45.210
  NAS-Identifier = UK03NM01
  Client-Friendly-Name = UK03NM01
  Client-IP-Address = 10.10.45.210
  Calling-Station-Identifier =
  NAS-Port-Type =
  NAS-Port =
  Proxy-Policy-Name = Use Windows authentication for all users
  Authentication-Provider = Windows
  Authentication-Server =
  Policy-Name = UK03NM01 - login
  Authentication-Type = PAP
  EAP-Type =
  For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
  Data:
  0000: 00 00 00 00               ....   
  and IAS log shows:
  "UK01DC07","IAS",02/10/2011,08:49:39,1,"xxxxxxxx","TRAVEL.OAG.com/Dunstable Admins/xxxxxxxx",,,,,"UK03NM01","10.10.45.210",,0,"10.10.45.210","UK03NM01",,,,,,7,1,"UK03NM01 - login",0,"311 1 10.10.45.254 12/04/2010 23:56:59 1987",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
  "UK01DC07","IAS",02/10/2011,08:49:39,2,,"TRAVEL.OAG.com/Dunstable Admins/xxxxxxxx",,,,,,,,0,"10.10.45.210","UK03NM01",,,,,,2,1,"UK03NM01 - login",0,"311 1 10.10.45.254 12/04/2010 23:56:59 1987",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
  It appears to me that IAS checks and passes the username/password as being valid but this response is ignored by the WLC
  Richard

• How can I create a custom environment for the guest user in Mavericks?

  Hello Mavericks insiders
  I need to setup several new MacBooks running Mavericks for school use. We want to use guest because everything is reset at each login. However, I first need to permanently customise the environment for the guest user:
  - doing program first runs
  - adjusting printer settings
  - dock settings
  - wallpper
  I think I have to copy certain library files in the Terminal. Which files exactly? From where to where? What is the correct Terminal syntax to do so?
  Many thanks in advance!
  Morgy

  Hello,
  I am not sure how I wound-up in the server forum. I am using the desktop version of OS X 10.7.4.
  Thanks

• Can I distribute CA Keys using ARD?

  Hi. I'm setting up a FileMaker Pro Server Adv. on 10.6.2 Server with Instant Web Publishing. I got my Windows friend, who admins the CA in our office, to make me a SSL certificate for my IWP site. Everything is good. For Mac users, they will get flagged on this site from their browsers since the SSL certificate is not "trusted." But I have the public key from the CA (x.p7b file) or whatever you call it to install into their Keychains to establish a trust.
  Can I distribute this key to all my Mac users using ARD?
  Thanks.

  Hello Naga,
  Please check the sap help on 'Creating Foreign Keys'
  http://help.sap.com/saphelp_nw04/helpdata/en/cf/21ea77446011d189700000e8322d00/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/cf/21eb95446011d189700000e8322d00/content.htm
  I think that the forum - ABAP Development » ABAP Dictionary could help
  you more on the posted question.
  Thank you & best regards, Natalia Khlopina

• Adding an S/MIME certificate to an existing contact in Outlook 2013

  In previous versions of Outlook (e.g. 2010) when you received an S/MIME signed certificate from an external party you could right click on their name in the message and select "Add to Outlook Contacts". This would then store the cert in a contact
  for future use. If a contact already existed then it would prompt you to
  update the contact with the additional information including the certificate.
  In Outlook 2013 this process appears to be broken (for
  existing contacts at least).
  When right-clicking on their name in a signed message you don't get the "Add to Outlook Contacts" option. You only get "Edit Contact" which brings up the new "Contact Card" dialog which has no information about certificates.
  If you make a change there and save then the certificate is not stored in the contact.
  You can confirm this by right-clicking the sender in the signed email and selecting "Open Outlook Properties" (do not select "Open Contact Card"). In this view click the "Certificates" button in the header and you will see that
  there are no certificates associated with the contact.
  You can, I guess, export the certificate to disk and then import it into the contact via the Outlook Properties dialog but this is tedious.
  Any ideas how to work around this and update an existing contact with an S/MIME certificate?
  Any ideas why the certificate information is not accessible in the new Contact Card dialog? Seems unfortunate for those of us using S/MIME.

  Hi Barry,
  As per the following article, http://office.microsoft.com/en-us/outlook-help/get-a-digital-id-HA102748952.aspx and specifically the following section:
  Add a recipient's digital ID to your Contacts, the ability to see the Certificates depends on the view in which you are opening the Contact card.
  In the People or Business Card view we cannot see the Certificates button.
  In the Card, Phone or the List view we can see the Certificates tab where the Certificates can be seen.
  So to work around this behavior, for new contacts you should Add to Outlook Contacts and then go into the People Pane and Check the Certificates tab to get the cert details.
  If you already have the contact added then it becomes a little tricky.
  In that case the Certificate is not updated on the "old contact". In such cases I would delete the existing contact and from the latest e-mail that I received, I would Add to Outlook Contacts and that should then get you the new Cert that you received.
  If you still cannot access the Certificate information, I would call in and work with someone from the Outlook team to assist you further with this request.
  Hope this helps!
  Kartik Kashinath MSFT

• Attn: Sun. Can we distribute the JRE with a program we write?

  I'm trying to find out whether it's legal to distribute the JRE with a program I write. If you look at the license agreement when you download the JRE, first it has the regular license agreement, which says that you can't. But then it has the "supplemental" license agreement (and it says that this "modifies" the regular license agreement). In section 2 of the supplemental license agreement, it quite clearly states that you can as long as you don't modify it and you include some little messages in your documentation.
  So I'm hoping to get an answer from someone who actually works for Sun. It seems pretty clear to me that we ARE allowed to distribute the JRE with a program, but people keep sending me emails when I tell them about it - saying things like "You can't program in Java because you can't distribute it."
  What I want to do is have an installation program that installs my game and then installs Java (with Sun's JRE installer - this is included ONLY so that it can run my game, as stated in the supplemental license agreement). I should also mention that I do actually intend to SELL this program, so if that's a problem, please say so. Anyways, could someone from Sun tell me whether this is allowed or not? I don't want to break the law.
  - Steve Fletcher

  The JRE includes a readme file that explicitly states that distribution is permissible, given certain conditions. In particular, look at the 1st paragraph below:
  Reproduced here:
  README
  Java(TM) 2 Runtime Environment, Standard Edition
  Version 1.4.1
  The Java(TM) 2 Runtime Environment is intended for software developers
  and vendors to redistribute with their applications.
  The Java 2 Runtime Environment contains the Java virtual machine,
  runtime class libraries, and Java application launcher that are
  necessary to run programs written in the Java programming language.
  It is not a development environment and does not contain development
  tools such as compilers or debuggers. For development tools, see the
  Java 2 SDK, Standard Edition.
  =======================================================================
  Deploying Applications with the Java 2 Runtime Environment
  =======================================================================
  When you deploy an application written in the Java programming
  language, your software bundle will probably consist of the following
  parts:
  Your own class, resource, and data files.
  A runtime environment.
  An installation procedure or program.
  You already have the first part, of course. The remainder of this
  document covers the other two parts. See also the Notes for Developers
  page on the Java Software website:
  http://java.sun.com/j2se/1.4.1/runtime.html
  Runtime Environment
  To run your application, a user needs the Java 2 Runtime Environment,
  which is freely available from Sun for application developers to
  redistribute.
  The final step in the deployment process occurs when the software is
  installed on individual user system. Installation consists of copying
  software onto the user's system, then configuring the user's system
  to support that software. You should ensure that your installation
  procedure does not overwrite existing JRE installations, as they may
  be required by other applications.
  =======================================================================
  Redistribution of the Java 2 Runtime Environment
  =======================================================================
  The term "vendors" used here refers to licensees, developers, and
  independent software vendors (ISVs) who license and distribute the
  Java 2 Runtime Environment with their programs.
  Vendors must follow the terms of the Java 2 Runtime Environment Binary
  Code License agreement.
  Required vs. Optional Files
  The files that make up the Java 2 Runtime Environment are divided into
  two categories: required and optional. Optional files may be excluded
  from redistributions of the Java 2 Runtime Environment at the
  licensee's discretion.
  The following section contains a list of the files and directories that
  may optionally be omitted from redistributions with the Java 2 Runtime
  Environment. All files not in these lists of optional files must be
  included in redistributions of the runtime environment.
  Optional Files and Directories
  The following files may be optionally excluded from redistributions:
  lib/charsets.jar
  Character conversion classes
  jre/lib/ext/
  sunjce_provider.jar - the SunJCE provider for Java
  Cryptography APIs
  localedata.jar - contains many of the resources
  needed for non US English locales
  ldapsec.jar - contains security features supported
  by the LDAP service provider
  dnsns.jar - for the InetAddress wrapper of JNDI DNS provider
  bin/rmid
  Java RMI Activation System Daemon
  bin/rmiregistry
  Java Remote Object Registry
  bin/tnameserv
  Java IDL Name Server
  bin/keytool
  Key and Certificate Management Tool
  bin/kinit and jre/bin/kinit
  Used to obtain and cache Kerberos ticket-granting tickets
  bin/klist and jre/bin/klist
  Kerberos display entries in credentials cache and keytab
  bin/ktab and jre/bin/ktab
  Kerberos key table manager
  bin/policytool
  Policy File Creation and Management Tool
  bin/orbd
  Object Request Broker Daemon
  bin/servertool
  Java IDL Server Tool
  In addition, the Java Web Start product may be excluded from
  redistributions. Depending on the platform, the Java Web Start
  product is contained in a file named as follows. The actual
  product version number would replace the <version number> notation.
  javaws-<version number>-solaris-sparc-i.zip
  javaws-<version number>-solaris-i586-i.zip
  javaws-<version number>-linux-i586-i.zip
  javaws-<version number>-windows-i586-i.exe
  Redistribution of Java 2 SDK Files
  The limited set of files from the SDK listed below may be included in
  vendor redistributions of the Java 2 Runtime Environment. All paths
  are relative to the top-level directory of the SDK.
  - jre/lib/cmm/PYCC.pf
  Color profile. This file is required only if one wishes to
  convert between the PYCC color space and another color space.
  - All .ttf font files in the jre/lib/fonts directory. Note that the
  LucidaSansRegular.ttf font is already contained in the Java 2
  Runtime Environment, so there is no need to bring that file over
  from the SDK.
  - jre/lib/audio/soundbank.gm
  This MIDI soundbank is present in the Java 2 SDK, but it has
  been removed from the Java 2 Runtime Environment in order to
  reduce the size of the Runtime Environment's download bundle.
  However, a soundbank file is necessary for MIDI playback, and
  therefore the SDK's soundbank.gm file may be included in
  redistributions of the Runtime Environment at the vendor's
  discretion. Several versions of enhanced MIDI soundbanks are
  available from the Java Sound web site:
  http://java.sun.com/products/java-media/sound/
  These alternative soundbanks may be included in redistributions
  of the Java 2 Runtime Environment.
  - The javac bytecode compiler, consisting of the following files:
  bin/javac [Solaris(TM) Operating Environment
                               and Linux]
  bin/sparcv9/javac [Solaris Operating Environment
                               (SPARC(TM) Platform Edition)]
  bin/javac.exe [Microsoft Windows]
  lib/tools.jar [All platforms]
  - jre\bin\server\
  On Microsoft Windows platforms, the Java 2 SDK includes both
  the Java HotSpot Server VM and Java HotSpot Client VM. However,
  the Java 2 Runtime Environment for Microsoft Windows platforms
  includes only the Java HotSpot Client VM. Those wishing to use
  the Java HotSpot Server VM with the Java 2 Runtime Environment
  may copy the SDK's jre\bin\server folder to a bin\server
  directory in the Java Runtime Environment. Software vendors may
  redistribute the Java HotSpot Server VM with their
  redistributions of the Java Runtime Environment.
  Unlimited Strength Java Cryptography Extension
  Due to import control restrictions for some countries, the Java
  Cryptography Extension (JCE) policy files shipped with the Java 2 SDK,
  Standard Edition and the Java 2 Runtime Environment allow strong but
  limited cryptography to be used. These files are located at:
  <java-home>/lib/security/local_policy.jar
  <java-home>lib/security/US_export_policy.jar
  where <java-home> is the jre directory of the Java 2 SDK or the
  top-level directory of the Java 2 Runtime Environment.
  An unlimited strength version of these files indicating no restrictions
  on cryptographic strengths is available on the Java 2 SDK web site for
  those living in eligible countries. Those living in eligible countries
  may download the unlimited strength version and replace the strong
  cryptography jar files with the unlimited strength files.
  Endorsed Standards Override Mechanism
  An endorsed standard is a Java API defined through a standards
  process other than the Java Community Process(SM) (JCP(SM)). Because
  endorsed standards are defined outside the JCP, it is anticipated that
  such standards will be revised between releases of the Java 2
  Platform. In order to take advantage of new revisions to endorsed
  standards, developers and software vendors may use the Endorsed
  Standards Override Mechanism to provide newer versions of an endorsed
  standard than those included in the Java 2 Platform as released by Sun
  Microsystems.
  For more information on the Endorsed Standards Override Mechanism,
  including the list of platform packages that it may be used to
  override, see
  http://java.sun.com/j2se/1.4.1/docs/guide/standards/
  Classes in the packages listed on that web page may be replaced only
  by classes implementing a more recent version of the API as defined
  by the appropriate standards body.
  In addition to the packages listed in the document at the above
  URL, which are part of the Java 2 Platform, Standard Edition
  (J2SE(TM)) specification, redistributors of Sun's J2SE
  Reference Implementation are allowed to override classes whose
  sole purpose is to implement the functionality provided by
  public APIs defined in these Endorsed Standards packages.
  Redistributors may also override classes in the org.w3c.dom.*
  packages, or other classes whose sole purpose is to implement
  these APIs.
  Copyright 2003 Sun Microsystems, Inc., 4150 Network Circle,
  Santa Clara, California 95054, U.S.A. All rights reserved

• Free S/MIME certificate to digitally sign .pdf with Acrobat Reader

  Good morning,
  does anyone have idea where to obtain free S/MIME certificate for personal use and TRUSTED by Adobe Reader to digitally sign documents with own digital signature ? (Comodo S/MIME certificates released by GlobalTrust https://www.globaltrust.it/modulo_reg_smime.asp are free but aren't trusted automatically by Adobe)

  Thanks Ben,
  Unfortunately, that video is for acrobat X or above and I cant find the "save as reader extended" option in Acrobat Pro 9.
  Can this be done from this version?
  Thanks again
  Matt

• Why are security headers not visible when viewing "sent" mail for mail sent with S/MIME certificates?

  I am using an S/MIME certificate to sign my emails using Mail on Mountain Lion 10.8.2.  I have a trusted S/MIME certificate for each of my email accounts.  The certs and private keys are properly installed in the keychain.  I am able to successfully send signed (and optionality encrypted) email and the recipients are all all receiving the emails showing a trusted signed email without having to acknowledge or trust the signature.  So technically the certificates are working.  Obviously the encryption option is only offered when I also have the recipients certficate in my keychain.
  What I am noticing is that when I look in my sent items - (regardless of which email I used as the "sender") - I don't see any indication in the mail headers that the mail was sent with a signed certificate - even though I know the recipient is seeing that the mail is signed with a cert.  I have no way of telling whether I sent the mail as "signed" or "unsiged".  The default is to use the certificate for all outbound emails - unless I specifically uncheck the secure signing option before sending.  In mail that I recieve - sent from others with certs or sent from one of my email accounts to the other - I see the the certificate indication in the email header.
  On rare occasion - I do see the certificate when viewing sent mail - but only for  random sent mails - and so far I believe I have only seen the certificate show up in mail that is sent from my iCloud account.  I can send subsequent mail from iCloud - and still not see the certificate in the sent items.
  Why am I not seeing the Security Header showing the certificate when viewing mail that I have sent in my sent items folder?  Is there some setting that I am not seeing that controls this - or is this a bug in Mac Mail?  Also why does the security header show up for just a handful of sent emails - when hundreds of signed emails have been successfully sent.
  Any help would be appreciated.  The behavior is the same on my other Macs - at least the ones on which the certificates are also installed.
  Also - I don't have my certs installed on my iPhone yet - so I can't tell on the iPhone if the certs are showing up in the sent folder - but I can see the certs on mail that I send to myself from the Mac but receive on the iPhone.
  ~Scott

  I stopped using the S/MIME certs and stopped signing my emails.  Too many recipients were receiving them as "attachements" especially if the recipients email account was on an Exchange server.  My certs have since expired and I have not done anything to further analyze the situation.  My original post was over a year ago and I have long since been on Mavericks.
  To: iddontknowwhoiamsowhat ... I am not totally following your response.  You say you are seeing the exact same issue - yet you are also saying you can look at the sent mails from os x and ios - does this mean that you see the security badges on the sent emails in both os x and ios?  I assume you are on Mavericks?

• How to list S/MIME certificates of mail recipients in iOS5

  Hi!
  Maybe someone can answer my question: Can all (at least S/MIME) certificates be displayed that are stored on the phone?
  S/MIME seems to work fine. However I'd like to be able to look at the certs that are currently available (as I can with MMC and the cert snap-in in Windows ;-) or keychain in Lion). So I'd expect some listing and an option for a detailed view (as it is available for my own certificates).
  Why? Well, apart having an overview of whom I might send encrypted mails to (before having this checked by the mail app), I am interested in the certificates. There are a couple of certs that only work via email-address-verfication, others require a strict proof of identity......
  TIA
  mrks

  @duggabe, Not actually. That would just sort "threads/conversations" by date. The From column would continue to show the first sender for each thread/conversation.

• How can i refresh an SSL certificate for a specific page?

  i am trying to access my electronic training jacket on Navy Knowledge Online to check the status of my security clearance. the ETJ page requires an SSL certificate. when i initially loaded the page the message window popped up prompting me to add the security exception and get the certificate. i got the certificate and continued to load the page but it came up with HTTP error 403.7 saying that i didn't have the certificate i needed. for some reason NKO isn't recognizing the certificate i got so i need to clear that certificate and get a new one that hopefully the server will recognize. how can i do this?

  You can try to remove that certificate here:
  Edit > Preferences > Advanced > Encryption: Certificates > View Certificates

• How can i reference a MIME object within a correspondence format through...

  how can i reference a MIME object within a correspondence format through TX oofo or se71?
  Hi, I need to put a MIME object within a correspondence's format that i've already done through Tx oofo. My problem is, that i don't know exactly how can i make the reference of that MIME object in the format? and What structure type do i have to use in order to make appear the MIME object in my correspondence's format? Does anybody can help me with this?   
  Regards    Hector

  Frank,
  I tried to find some examples/samples on how to create CollectionModel for a table component but not successful.
  Can you clarify the following ?
  1. "CollectionModel" is referenced only by af:table attributes "value", "selectedRowKeys" and "selectionListener".
  The rest of af:table attributes such as "rows", "fetchSize" used to reference the iterator binding in the binding container via the EL expression "#{bindings.VOIteratorBinding.xxx} .
  What should I replace that EL expression with?
  2. I heck out the bean method to create the CollectionModel as following, is it close to what you mean?
  public void initBusinessDataDashboardView() {
  OperationBinding operation = BeanUtils.getOperationBinding("getPanelBusinessData");
  Map params = operation.getParamsMap();
  Key panelKey = getPanelInfoView().getKey();
  params.put("panelKey", panelKey);
  params.put("maximizedView", false);
  panelView = (ViewObject)operation.execute();
  // Heck code to create CollectionModel
  RowSet rowSet = panelView.getRowSet();
  ArrayList rowList = new ArrayList();
  while (rowSet.hasNext()) {
  rowList.add(rowSet.next());
  model = new ChildPropertyTreeModel(rowList, null);
  // To be used to set up af:table value, selectRowKeys, selectionListener via EL expr #{backingBeanScope.MyBean.model.xxx}
  public CollectionModel getModel() {
  return model;
  Am I on the right track?
  Edited by: Pricilla on May 4, 2010 2:20 PM