Page 49 - GAO-02-327 Electronic Government: Challenges to Effective Adoption of the Extensible Markup Language
P. 49
Chapter 3: The Federal Government Faces
Challenges in Realizing XML’s Full Potential
extremely difficult to get consensus on the definitions of data elements.
For example, tags such as <PO_Number>, <PurchaseOrderNumber>,
<PO_No>, and <purchase_order_number> could all be used by different
applications to indicate a purchase order number. On the other hand, the
different tag names could mean that different definitions of “Purchase
Order Number” have been used. An XML processor cannot independently
determine whether these tags all refer to the same thing. As a result, the
processor must be given explicit instructions regarding what tags are
equivalent or how to translate one set of tags to the format used by
another system.
If diverging data structures and vocabularies proliferate among different
organizations and user communities, XML’s overarching promise of broad
data interoperability could become more difficult to achieve. The use of
incompatible data structures would require developers to devote
resources to an expensive and error-prone process of defining and
implementing translation schemes to exchange information among the
incompatible systems.
The processing extensibility of XML can also have a downside, because it
allows developers to add proprietary extensions to their specific
implementations, which could defeat XML’s goal of broad interoperability.
It is easy to add elements to an XML document that place unique
processing requirements and restrictions on the document, thus
preventing other systems from being able to interpret it. An operating
system vendor, for example, could add software “hooks” to XML
documents that could be correctly processed only by machines running
that vendor’s particular operating system. The fact that the core XML
standard is nonproprietary thus does not ensure that all applications built
with it will also successfully interoperate.
Another important challenge in implementing XML is maintaining
adequate security. XML’s ability to facilitate the direct transfer of data
between systems that automatically interpret and process that data has the
potential to increase security risks. When XML is used, the direct transfer
of data may bypass important security checks, such as those built into
intermediate data processing software (virus checkers, for example). For
instance, when a site’s virus checker examines incoming messages for
malicious code, it will not be able to check tagged data embedded in XML
documents, unless these data are in American Standard Code for
Information Interchange (ASCII) format. The application that then tries to
interpret the unchecked XML tags and act on the information could be
tricked into processing malicious code, such as a virus. Because XML is
Page 45 GAO-02-327 Electronic Government
