XML Community of Practice
Meeting Notes
January 19, 2005
Owen Ambur announced that Booz Allen Hamilton (BAH) will be developing the ET.gov site under contract to provide support services to the CIO Council’s (CIOC) Architecture and Infrastructure Committee (AIC), with Joe Chiusano as the project manager at BAH. Documentation concerning the ET.gov site/process is available at http://xml.gov/cop.asp#et
Based upon his January 10 teleconference with the OASIS Business Centric Methodology (BCM) Technical Committee (TC), Owen expressed his understanding that the TC plans to specify an XML schema for strategic plans as its first BCM template. Background on the proposed XSD is available at http://www.xml.gov/draft/AIIMProjectProposalXSDforStrategicPlans.htm
Owen also noted that the Core Data Types Focus Group (CDT-FG) at the Department of Homeland Security (DHS) plans to issue a request for information (RFI) on tools to assist with the harmonization and visualization of data elements.
Ken Sall briefed the group and demonstrated his proposal to use XML and XSLT for glossary entries and collections, including the use of client-side XSLT for different views of the entries as well as automated links to Google and WordNet definitions of the terms contained in the glossary. He indicated he has not yet decided what root element to use, and John Repici noted (via telecon) that a one-to-many relationship is needed to accommodate different definitions of the same terms by different communities of interest. Joe Chiusano asked if Ken had considered including elements of the Dublin Core and means to associate a term with a node in a classification scheme. John spoke briefly about his initiative to specify Glossary XML (GlossXML). Ken noted that he had harvested definitions from the XML acronym demystifier and suggested the CDT-FG may wish to reuse those definitions. He concluded with a set of suggested next steps, foremost of which is to identify a source of funding for the initiative. Judy Newton observed that the elements of Ken’s schema closely parallel the terminology section of ISO 11179.
Ken’s presentation is available at http://xml.gov/presentations.asp#20050119, together with a link to the site he has established to support the project, at http://kensall.com/gov/glossary/ John Repici’s site supporting GlossXML is at http://www.creativyst.com/Prod/Glossary/Doc/XMLOut.htm
Rex Brooks briefed the group on his plans to develop a prototype derived XML registry in a WSRP-compliant portal, using Plumtree’s Web crawler to index XSDs and DTDs found on FirstGov. He cited a number of relevant statutes but noted that OMB guidance does not specify the use of standard data elements, based upon voluntary consensus standards, and he expressed the hope the XML registry can help achieve the desired results of the legislation. He also noted his intention to apply Eliot Christian’s eGov work to specify a strawman .gov search standard. Finally, he indicated he will be looking for a sponsor for an ongoing, operational version of the registry. Rex’s presentation and a short paper outlining is plans are available, respectively, at http://xml.gov/presentations/starbourne/derivedregistry.htm and http://xml.gov/documents/completed/starbourne/derivedregistry.htm
Roy Morgan discussed the plans of the XML Registry Team to draft a set of use cases and indicated he would take it upon himself to draft one covering uses required by the Department of the Interior (DOI). Owen noted that DOI is developing information technology (IT) modernization blueprints in conjunction with its enterprise architecture (EA) efforts, but that it is far more difficult than it should be to discover and become familiar with XML data elements and schemas developed by others that may be applicable to DOI’s needs.
Joe Chiusano noted that version 3 of the ebXML registry specification is in review for committee draft approval within the next few weeks and that input is being accepted for version 4. Ken asked about the features list for version 3 and Joe indicated it could easily be translated into a set of use cases.
David Eng indicated that EPA’s content management system makes heavy use of XML. Owen noted that AIIM has approved the proposal made by Paul Fontaine of the Federal Aviation Administration (FAA) and Mike Connor of Adobe to specify an international standard for integrated enterprise content management (iECM) systems, and expressed his understanding the proposed standard will leverage the potentials of XML. http://xml.gov/documents/completed/aiim3/IECMproposal.pdf
Andrew Nash of Reactivity briefed the group on XML standards relevant to security and interoperable trust networks. He highlighted the distinction between user and system identification and security versus the layered IDs required for transaction-level security, including complexities associated with privacy requirements, for example. He noted that Security Assurance Markup Language (SAML) leverages XML over HTTP in what is commonly known as a REST interface, and he displayed a slide depicting specifications related to user federation versus Web Services. Joe Chiusano noted that some of those specifications are not “standards” in the sense of “voluntary consensus standards” defined in OMB Circular A-119. Andrew acknowledged that some of those specifications have merely been proposed by some of the larger vendors and do not carry the imprimatur of any voluntary consensus standards organization. He also noted that some of them are overlapping.
SAML provides for single sign-on, as well as an authorization service and an attribute service. The authorization service is the least used and the attribute service is closely linked to single sign-on with respect to requirements for providing role-based views and managing context. Andrew said the Liberty Alliance is not developing new specifications but merely proposing effective uses of existing specifications. He said the effort was formerly browser focused but is beginning to focus on Web Services. He noted that WS-Security is now a ratified OASIS standard but that there has been little progress in moving other “published” standards into standards organizations and some of them are nowhere near complete. Andrew noted that the names of some of the specifications are misleading but the technical experts were overruled by the marketing folks in some of the companies involved in developing them. Joe Chiusano observed that the vendor environment is becoming less contentious with respect to some of these specifications.
Andrew referenced XRML with respect to security tokens and indicated that Reactivity and others can run authentication services outside of applications. He also mentioned WS-Trust with respect to issuance, renewal, and validation of security tokens but indicated that no Security Token Service (STS) currently exists. Someone else also pointed out the problem that users don’t own their own IDs. Andrew indicated that Kerberos tickets probably will be handled by SAML within the next year or so. However, he cited the dilemma arising from the fact that security is commonly handled at the business logic layer and business managers do not trust software programmers to reliably implement security policies. Moreover, security is required at the transaction layer, not just at the software component layer. As components are pulled apart for reuse, security assurance becomes increasingly complex. Finally, Andrew noted that standards are lacking for the creation and maintenance of trust relationships, and that there is little appreciation of “system-ness” of Web Services.
Andrew’s presentation is available at http://xml.gov/presentations/reactivity/trust_files/frame.htm
The next meeting of the xmlCoP is scheduled for February 16, will be hosted by the Department of Justice, and focus on the topic of interoperable trust networks. http://xml.gov/agenda/20050216.htm
Among those in physical attendance were:
Owen Ambur, Co-Chair
Tim Bornholtz, Education
Joe Chiusano, Booz Allen
David Eng, EPA
Amin Hassam, i411
Holly Hyland, Education
Joab Jackson, Government Computer News
Roy Morgan, NIST
Tom Merkle, Capwin.org
KC Morris, NIST
Andrew Nash, Reactivity
Judith Newton, Ashton Computing
Marion Reinson, Starbourne Communications
Brian Roosevelt, Reactivity
Sol Safran, IRS
Ken Sall, Silosmashers
William Taylor, Starbourne Communications
Peter Walsh, Plumtree
John Weiland, Navy
Those who identified themselves as participating via teleconference were:
Mark Baker, Justsystem
Robert Benedict, NASA
Rex Brooks, Starbourne Communications
Frank Napoli, LMI
John Repici, Creativist.com
Syliva Webb, GEFEG US
Please convey any additions or corrections to Owen_Ambur@ios.doi.gov