The whole reason for XML is to ensure compatibility during information exchanges across the Internet. In certain cases, existing technologies for this purpose are inadequate or incompatible with XML. In these cases, the W3C or another standards organization has moved in to provide a common approach. While the number of such standards may seem large, in relation to the number of different ways people have tried to use XML, such proliferation is actually somewhat rare. Here are some of the infrastructure standards that are most relevant to electronic commerce. -
SOAP. Using XML as the basis for distributed communication is a common application. Unfortunately, if different groups develop their own protocols for this purpose, the resulting systems could not exchange messages. SOAP provides a unified approach (discussed more fully in Chapter 4) because it forms the basis for most XML messaging systems. The W3C is the standards body responsible for SOAP, and it was a late-stage working draft at the time of this writing. An earlier version, however, was in wide commercial use. -
XHMTL. HTML is very close to XML, but HTML documents are not quite XML documents. This slight difference presents a problem because all of the emerging infrastructure for working with XML documents won't work with HTML documents. XHTML is a reformulation of HTML that takes care of these small incompatibilities. A forthcoming benefit of this approach is that XHTML is modular, making it better suited for different access devices and more extensible for customized applications. XHTML is a W3C Recommendation. -
XForms. Most interactive Web applications use HTML forms to gather data from users. Integrating this data into an XML format requires translating from the HTML form layout to an XML layout. XForms introduces an XML-based form layout that solves the issue. It ensures that the presented forms include a data model for the form data so that applications can treat each piece of a submission appropriately. This more abstract approach also facilitates the use of the samev form-processing code with data submitted from different types of devices. The W3C is the standards body responsible for XForms, and it was a late-stage working draft at the time of this writing -
XML Signatures. In cases where XML documents represent legal commitments, parties to the exchange need the ability to sign them cryptographically . While the technology and standards exist to achieve a basic form of cryptographic signatures on XML documents, they can result in incompatibilities and do not take advantage of XML document properties. XML Signatures provides both the standardization and the additional features necessary for more fluid XML-based electronic commerce. XML Signatures is a W3C Recommendation. -
XML Encryption. Certain XML documents may include sensitive information that the sender and receiver do not want revealed to third parties. As with XML Signatures, the technology and standards exist to perform encryption on XML documents. But the XML Encryption specification provides further standardization and features specific to the structure of XML documents. XML Encryption was a W3C Candidate Recommendation at the time of this writing. -
Security Assertion Markup Language (SAML). The Web facilitates one server handing off user requests to other resources. It is inconvenient when the user must prove his identity and access rights to every resource. SAML enables single sign on by providing a standard protocol that resources can use to verify the user's identity and access rights by querying the referring server. OASIS is the standards body responsible for SAML, and it was a last-call working draft at the time of this writing. -
Business Transaction Protocol (BTP). Many application and database systems rely on transaction semantics that require an entire group of actions to happen either all at once or not at all. To work effectively over the Internet, these systems need a standard means of enforcing these transaction semantics. BTP provides the necessary transaction model and protocol. OASIS is also the standards body responsible for BTP, and it was a late-stage working draft at the time of this writing. |