A new security concern: XML

A new security concern: XML

The security alarms that sounded last month involved even the Extensible Markup Language, a tool for tagging, searching and reusing document content.

This month the government's XML Working Group will take up security issues about digital signatures, encryption and key management in XML, as well as new XML developments such as the Security Assertion Markup Language.

The General Services Administration and the National Institute of Standards and Technology support the group's work.

Security is a barrier to XML adoption in the Defense Department, said Russell J. Richards, a Defense Information Systems Agency official who works on interoperability issues.

Speaking at a recent XML forum held by the American National Standards Institute in Washington, Richards said, 'We should actively promote standards' at the Defense Department.

'But the program managers and the engineers and the standards people are in conflict,' he said, because the Simple Object Access Protocol used for XML Web transfers could breach security by making remote-procedure calls to all types of clients across networks.

'We can't use XML Web Services unless we can be assured it meets our security needs,' he said.

The working group has procurements under way for four tasks approved by the CIO Council: an XML strategy for agencies, a registry pilot, a site upgrade for xml.gov and standards harmonization.

The main hurdle for agency use of XML is deciding exactly what terms to standardize, and they tend to be mission-specific.

Some House cleaning

The House of Representatives has drafted a set of 110 document type definitions that would make it possible to search and repurpose all types of congressional materials [GCN, Aug. 27, Page 7].

The Securities and Exchange Commission has a custom version of XML for its Electronic Data Gathering and Retrieval electronic filing system on the Web. EDGAR uses a minimal amount of XML content to limit the bandwidth requirements.

Perhaps the fastest-spreading XML application is for voice-activated telephone information retrieval via the VoiceXML protocol [GCN, July 23, Page 5]. Any XML file posted on a Web site, for example, can be requested by interactive voice response and read back over the phone by speech software.

The cities of Atlanta and Hampton, Va., are using VoiceXML for 511 dialing to hear traffic conditions. The Utah Transportation Department is setting up a 511 voice-response system for road conditions to assist visitors at the winter Olympics.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected