A new security concern: XML

A new security concern: XML

The security alarms that sounded last month involved even the Extensible Markup Language, a tool for tagging, searching and reusing document content.

This month the government's XML Working Group will take up security issues about digital signatures, encryption and key management in XML, as well as new XML developments such as the Security Assertion Markup Language.

The General Services Administration and the National Institute of Standards and Technology support the group's work.

Security is a barrier to XML adoption in the Defense Department, said Russell J. Richards, a Defense Information Systems Agency official who works on interoperability issues.

Speaking at a recent XML forum held by the American National Standards Institute in Washington, Richards said, 'We should actively promote standards' at the Defense Department.

'But the program managers and the engineers and the standards people are in conflict,' he said, because the Simple Object Access Protocol used for XML Web transfers could breach security by making remote-procedure calls to all types of clients across networks.

'We can't use XML Web Services unless we can be assured it meets our security needs,' he said.

The working group has procurements under way for four tasks approved by the CIO Council: an XML strategy for agencies, a registry pilot, a site upgrade for xml.gov and standards harmonization.

The main hurdle for agency use of XML is deciding exactly what terms to standardize, and they tend to be mission-specific.

Some House cleaning

The House of Representatives has drafted a set of 110 document type definitions that would make it possible to search and repurpose all types of congressional materials [GCN, Aug. 27, Page 7].

The Securities and Exchange Commission has a custom version of XML for its Electronic Data Gathering and Retrieval electronic filing system on the Web. EDGAR uses a minimal amount of XML content to limit the bandwidth requirements.

Perhaps the fastest-spreading XML application is for voice-activated telephone information retrieval via the VoiceXML protocol [GCN, July 23, Page 5]. Any XML file posted on a Web site, for example, can be requested by interactive voice response and read back over the phone by speech software.

The cities of Atlanta and Hampton, Va., are using VoiceXML for 511 dialing to hear traffic conditions. The Utah Transportation Department is setting up a 511 voice-response system for road conditions to assist visitors at the winter Olympics.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above