Page Two: Government and finance industry urge caution on XML
But business standards are still evolving
The report notes the maturing technical base for XML but found a continuing state of flux for the business standards that agencies will need for their day-to-day operations. While the findings show how generic XML technical standards make possible data tagging and document production, they represent by themselves only a beginning. Standards addressing business issues are needed for
(1) identifying potential business partners for transactions, (2) exchanging precise technical information about the nature of proposed transactions so that the partners can agree to them, and (3) executing agreed-upon transactions in a formal, legally binding manner.
In addition to these business process standards, a second group of standards is needed to codify the precise types of data elements that are to be exchanged when a business transaction is conducted. This need is being answered by the development of data vocabularies (or languages) designed to meet the needs of specific businesses and professions. (GAO-02-327, page 35)
The report says no consensus has yet developed for the standards to address the first group of basic cross-industry business functions. It lists ebXML, RosettaNet, and the set of three more established Web services specifications –SOAP, WSDL, and UDDI –as XML business frameworks that are seeking support among end-users. These frameworks have overlapping functionality and are in various stages of development. The GAO's findings note that ebXML has the backing of standards organizations –UN/CEFACT and OASIS –but is still working on its semantic interoperability functions. RosettaNet is the most established framework, but it was designed for the IT and electronics industries and does not have the blessing of cross-industry standards bodies.
For specific industry vocabularies, GAO also found good concepts but incomplete execution. The report singles out three vocabularies as having potential for government-wide implementation: HR-XML in human resources, XBRL for business reporting, and Legal XML for creation of legal documents. GAO found these vocabularies to have useful functions and ambitious plans, but in each case they had completed only part of their agendas. Legal XML in fact has not yet completed any of its specifications.
Federal agencies need explicit strategy for XML implementation
The report looks into the process for managing XML in the federal government and came away with a mixed verdict. "The fact that the core XML standard is nonproprietary," says the report, "thus does not ensure that all applications built with it will also successfully interoperate" (GAO-02-327, page 45). With the ease of creating one's own XML data structures, according to the findings, agencies faced risks of ill-conceived and incompatible data definitions, vocabularies could easily proliferate, and individual operations could define their own proprietary extensions of accepted vocabularies. Federal agencies also need to keep a constant eye on security.
GAO says the federal government needs an explicit policy for its use of XML and a plan to carry out that policy but found neither. The two agencies responsible for IT policies and standards, Office of Management and Budget (OMB) and National Institute for Standards and Technology (NIST) have yet to define a government-wide strategy for the adoption of XML.
The investigators found that most of the government-wide activity in XML has been done by the XML Working Group, a committee formed by the federal interagency CIO Council. The working group, according to the report, has engaged mainly in education and outreach on XML, but it also has responsibility for identifying the relevant standards and best practices applicable to federal operations, as well as establishing partnerships with outside organizations and within federal communities of interest.
The report says the federal government needs to better organize and coordinate its participation in XML standards bodies. While representatives from several of the central technology agencies (OMB, NIST, General Services Administration, and the Defense Information Systems Agency) take part in XML standards bodies, no central focal point has been established to identify a cross-agency data format, nor is there a process for consolidated collaboration with standards organizations.
However, the government is not without models for coordinating their standards efforts. Agencies work through a Federal EDI Standards Management Coordinating Committee to speak with a single voice before EDI standards bodies, and GAO noted that a number of larger agencies are using EDI successfully as a result.
Registries are important to XML development The GAO notes the efforts by the XML Working Group to identify and register the various XML applications underway in federal agencies, but it is still a work in progress. The report says the working group registered some 24 such projects but they did not include prominent activities at Justice Department and SEC that GAO discussed as examples of XML implementation.
A registry can provide a resource for systems developers to find similar work in operation or development, to make use of existing schemas and data definitions, and thus save time and money for the agency and taxpayer, and improve the chances for interoperability. The report recommends taking a bottom-up approach where agencies could list their applications in a registry, rather than having a central authority try to dictate a solution. While the registry would contain items relevant to government systems, it should link to relevant commercial registries, to provide a fuller picture for systems developers.
The report recognized that the schemas and data elements in a registry will not always fit into clean categories and that overlaps when addressing the needs of various communities of interest are to be expected. Nonetheless, even with the potential for some overlaps, a registry can provide developers with a snapshot of similar XML work that can encourage interoperability and help build systems more efficiently.
The GAO says a registry of this kind can be effective, "only if government-wide policies are set, guidelines established, and a defined management and funding process put in place to operate the registry" (GAO-02-327, page 55). The investigators note the XML Working Group has established a committee to define policies and procedures for registries, and the working group's draft XML Developer's Guide proposes requirements that agency developers make appropriate use of the registry.
Dig Deeper on Topics Archive
The US Government Accountability Office (GAO) has called on the federal government to co-ordinate efforts across agencies to ensure uniform policies, standards...