XML Part 9

What is XIML and how is it used? 

The idea behind the conception of XIML(eXtensible Interface Markup Language) was to create a universal user interface for XML. XIML provides an easy way to build interactive, dynamic websites and focuses on allowing the developer to focus on creativity rather than complicated coding. The result of this need to create a universal UI resulted in the creation of the award winning XIML specification which is accredited with awards from various well know institutions such as ZDNET, and CEBIT.

XIML provides an organized collection of interface elements and although there is no limit on the number of components that can be created, five basic interface components are supported, namely, task, domain, user, dialog and presentation. XIML also supports “relations” were relationships between components can be established. This relationships allow XIML to support design, operation and evaluation functions for user interfaces. XIML does not however, specify the semantics for these relations and leaves this specification to the application. Of course Attributes are also supported as properties of their respective elements which will allow definition by creating a number of attribute-value pair for the element.

Although XIML is young and still needs widespread use and acceptance, it does seem to encompass a whole new way of doing web design and certainly makes interesting reading.

Here is an example from www.ximl.com :

<el eltype="elem_group"  x="0" y="0" x2="R" y2="B"                >

<!-- animation tweens that apply to all elements in this group -->

   <opanim>

                                <ea par="_alpha" fr="0" to="100" st="0" ln="1" />

                                <ea par="_alpha" fr="100" to="0" st="1" ln="1" />

                                <ea par="_alpha" fr="0" to="100" st="2" ln="1" />

                                <ea par="_alpha" fr="100"  to="0" st="3" ln="1" />

                                <ea par="_alpha" fr="0" to="100" st="4" ln="1" />

                                </opanim>

<!-- elements -->

                                <el eltype="rect" x="0" y="0" x2="R" y2="B"c="0xff0000" a="100" r="3" />

                                <el eltype="bord" x="0" y="0" x2="R" y2="B"c="0xff0000" a="100" r="3" t="1"/>

                                <el eltype="bord" x="1" y="1" x2="R-1" y2="B-1" c="0xffffff" a="100" r="3" t="1" />

<!-- end of elements -->

                </el>     

The example produces a red box and iterates through alpha levels to show the box fading out t white. It is interesting to not that with a few lines of code the result was achieved. 

What is XUL and how is it used?

XUL (pronounced zuul) or eXtensible User-interface Language is a development framework developed by Mozilla. XUL has no formal specification and brings together multiple existing Web standards and Web technologies, such as CSS, JavaScript, and DOM. XUL is relatively easy to learn especially for people with a background in Web programming and experience of web technologies. XUL is a intended for and use in the context of Mozilla applications.

XUL offers a feature rich interface and offers the standard components like buttons, labels and text boxes or widgets. The XUL document specifies the layout and behavior of these widgets and how they interact.

XBL - the eXtensible Bindings Language is used to define "bindings" for widgets, which also allows for event handlers, and adding new interface elements and properties.

XPCOM ( Cross Platform Component Object Model ) is a framework for developing cross-platform, modular software components in native languages, such as C or C++. XPCOM components can be used form within C, C++, JavaScript, Python, Java and Perl. XPConnect enables such XPCOM objects to be accessed from JavaScript.

“The semantic web is a failure.” 

The term “Semantic Web” was coined by Tim Berners Lee, acclaimed inventor of the World Wide Web and director of the World Wide Web Consortium. The basic idea behind the Semantic Web is to turn the web into a “Web of Data”. This implies that common standards are needed to make data shareable and reusable and this is the primary aim of promoting the Semantic Web. The W3C has designed a set of tools and standards aimed at creating the semantic web. These include two XML-based languages RDF and OWL that are designed to be flexible and powerful and aim to make the semantic web productive by making documents that are self-describing by using meta data (data about data).

As in other areas of ICT progress is fast and this tends to bring about a myriad of technologies emerging at the same time or one after the other in quick succession. This results in technologies being used widely which depend of proprietary structures and that do not interact. The Semantic Web aims to bring everything together under a common universal platform. The Semantic Web is based around trying to capture meaning inside web pages rather than looking at them as tags and code. This should ultimately result in better searches with context in mind. Human language is inherently ambiguous and humans tend to build a lot of their understanding of a piece of text on the context in which it is being published. This, of course, represents the problem that the Semantic Web was thought out to tackle. 

So far, with the current accepted technologies, perhaps the Semantic Web has not reached its aims. This is evident when searching on popular search engines. Users are often bombarded with hundreds of results that are totally out of context in terms of what the user was originally searching for. Language and cultural differences make these issues even more evident. Many words and phrases do not even exist in different languages and users will ultimately use specific keywords to search for content and then manually going through the results and filtering out those that are out of context. In this respect, the Semantic Web could be considered a failure.

Human beings do not reason like machines and this makes the Semantic Web difficult to implement. For the Semantic Web to be successful, referenced would have to be included within each document to reference other documents in that context. This would be a time consuming and laborious process in itself and would only be feasible if the Semantic Web were to be widely accepted and implemented. 

The languages mentioned above RDF and OWL are examples of the efforts towards the Semantic Web. They are however, complex languages and it takes scientists time to learn them while non technical people usually find them impossible to learn.

What are the most important security issues associated with XML? 

In today's web-based environment, security concerns have changed. Physical security is no longer the only hurdle in ensuring data integrity as it was in the past. Unfortunately the Internet is inherently not secure and this is not being helped by the myriad of varying technologies that are in use concurrently by the enterprise. 

Fredrick Hirsch in his paper on XML security states that :

“Extensible standards are required that can adapt to changing requirements, that can incorporate new technologies while continuing to work with legacy technologies, and that can be deployed modularly as needed without requiring use of unnecessary portions. “

The most widely mentioned security issue with XML is when XML is used as a web service. Modern businesses are increasingly exposing their data through web services and this presents another door that has to be protected against malicious activity. When these web services are used internally only across the enterprise the threat is contained somewhat contrary to when they are exposed on the internet. Traditional firewall filtering solutions are not affective enough to tackle this issue. They tend to focus on keeping intruders out of the network leaving the door open for  fraudulent XML messages. 

Randy Heffner, an analyst at Forrester Research said :  (http://www.zdnet.com/news/extra-headaches-of-securing-xml/135151)

"XML attacks are more insidious, There are ways, not fully understood, to attack an XML endpoint via the structure and content of the XML itself, aside from slamming it with too many messages."

XML denial of service attacks are a potential danger. Hackers can perform a typical DOS attack by flooding the web server with bogus XML messages. Security gateway appliances, such as Sarvega XML Guardian Security Gateway, are designed to handle security tasks that are usually handled by other network infrastructure protection. They take care of the encryption of XML files and enforce security policies authorizing access and generate a log of network activities for auditing purposes, tracking potential hackers.

Eventually, it is expected that giants such as Cisco will integrate protection mechanisms in their network protection hardware specifically designed to handle XML security.

What is wrong with XML?

When starting to learn about XML the student finds it strange that no browsers can read XML as is and it has to be coupled with other technologies such as HTML to be of any use. Although this is not necessarily a disadvantage it does make the learning curve steeper for the newcomer and is probably the sole reason for the slow adoption of XML.  Unless other applications are used XML is of no use and cannot be displayed properly. To mitigate this presentation languages such as XSLT have been developed and these are already supported on all the major browsers.  

Another problem with XML is that it also uses some characters to denote elements and tags and alternative methods have to be employed to display these characters in the result. XML’s Unicode support can at times also become a liability.  When XML is tied closely to Unicode, the Unicode changes XML's attributes which might result in the document being rendered as something which is very different from the original.

As happens in HTML and CSS cross browser issues can also be considerable when using XSLT to display and style XML.  As XML lacks strict rules and standards, is fully extensible and very verbose because of the use of many tags, it can inherently be problematic in terms of the developer using unintelligible tag names that defeat the scope that XML was designed for.

The dependency on external DTDs and external entities can also be the source of another problem with XML. If the definition files are not available to the application at runtime and this can happen for a variety of reasons, the application will break down. This raises the question whether they should be used at all so the sake of reliability. A solution is to copy them locally. This will not only ensure their availability but also improve performance as the DTDs would be accessed locally saving a lot of network bandwidth. 

Performance can also be an issue with XML. No standards exist as yet to optimize speed and files tend to get very large and they consequently generate huge amounts of traffic over networks. Web services using XML tend to create even more network traffic. W3C and Sun Microsystems have attempted to convert XML into a binary format in an effort to boost performance but this in itself then creates compatibility issues which defeat the scope of XML. There seems to be no official agreement on how to fix the XML speed problem because critics are wary that any action will result in XML becoming proprietary which will endanger it. It is the verbosity of XML which is causing these performance issues, the fact that each piece of data is accompanied by the field name when the data is transferred.  Converting XML to binary may solve the problem but this solution may never be implemented in practice because of interoperability issues that will unavoidably arise from it. 

XML also has some security considerations.  XML can also suffer from attackers manipulating data attached to web requests and these include the URL, query string, headers, cookies, form fields, and hidden fields usually used to bypass the web site’s security mechanisms. This can result in “forced browsing”, “SQL injection”, “command insertion”, “cookie poisoning” and “hidden field” manipulation. Most of these issues can be mitigated by ensuring that input validation is not only made at the client side but must also be included at the server side.  Ideally data types should be validated at server side as well as filtering for allowed characters, defining string lengths, disallowing null values, numeric ranges and so on. XML does not support role-based security mechanisms. It cannot be set up to limit who can add, delete or change data which is in itself a major limitation. It cannot be set up to limit who can add, delete or change data. Databases in XML can set security permissions based on containers. The problem is that once a user has permission to access a container, he can view all information stored within it. Sub-containers are then created to mitigate this security flaw but this solution is time consuming in that it requires a considerable amount of work to implement.

XML also presents some problems with database conversions. Being based on the hierarchical model while most traditional database are relational will mean that data would need to be restructured before being converted. As a database system XML also lacks referential integrity which is a mechanism employed to ensure that the data retains its integrity during use, This means that errors in the data could remain undetected. 

”AJAX both a success and a failure?”  Discuss and provide examples of success and failure.

Ajax (Asynchronous JavaScript and XML) was aimed at making the web experience quicker and richer and more similar to using desktop applications to which users are more accustomed. The Ajax paradigm was designed to tackle the lag that is inherent to many web pages. This lag comes from the page having to be re-loaded every time a change is requested. In short, Ajax allows the user to have the page updated without it having to be refreshed every time.  In this respect, Ajax has been a success. It does enhance user experience by a great deal. Moreover, the fact that a page does not constantly have to be refreshed also implies that considerable bandwidth savings can be made. This is done by having the browser on the client side generate the HTML locally and thus display it very quickly without requiring no interaction with the source server.  Ajax also includes a wider variety of controls such as sliders, date pickers, windows, tabs and spinners which would be time consuming and complex to implement otherwise. 

Ajax is not really a new technology. It is a collection of existing technologies being used in a new way. These include HTML, CSS, DOM, XML, XSLT, XMLHttpRequest and Javascript. Being based on open standards, Ajax is supported by a variety of browsers and platforms resulting in accessibility and flexibility. Ajax does not require installation of a plugin or addon to function and it is supported by all the latest major browsers “out of the box”. Support for older browsers, however, is patchy at best. On the other hand, this use of a collection of technologies also makes up for a disadvantage because Ajax code can get very complex and is known to be difficult to debug.

Ajax separates data and formats and this is an important feature because it makes the development process easier. This is possibly the main reason for the popularity of Ajax. Content is placed within XML, and the structure and layout are separate. 

There are a number of disadvantages to Ajax and these must be overcome if the technique is to be a success. Primarily, the fact that Ajax applications will work only if there is an internet connection available is perhaps the first limitation. A notable issue is with the integration of browsers. Pages are dynamically created and will not register with the history engine of the browser. This presents a conundrum especially for inexperienced users. Pressing the "back" button will not work making them frustrated. The use of IFRAMEs is a possible solution. They are invisible so do not conflict with the enhanced user experience and will allow the “back” button to be used. 

The fact that search engines do not reliably index Ajax applications presents a considerable problem for SEO (Search Engine Optimization). This problem stems from search engines ignoring Javascript and since a lot of Ajax depends on it, the issue is notable. Ajax inherently uses a lot of inline javascript, even with hyperlinks which in turn will be invisible to search engines. There are solutions to go around this problem using more Javascript code but of course this will have an impact on development time and learning curves.

Another problem with Ajax is security. Many developers do not apply security filters on the data coming into the server. They erroneously assume that it's coming from their own website and so is safe. Unfortunately, this oversight opens the server to injection attacks and there are several ways to fake data, making detection very difficult. When this problem is coupled with the fact that everyone can view the Ajax code easily through their browsers it makes up for a considerable security threat.

Another minus for Ajax is its limited capabilities. Ajax does not support multimedia and real time graphics. Because of its dependence on client side technologies it does not support local data storage and hardware interaction such as with printers. 

Finally Ajax applications can suffer a lot if there are delays in getting data from the web server. This could result in confusion for the user because important parts of the user interface may take longer to load and become available.

What is the difference between a .doc file and a .docx file?  Why is this difference relevant to XML?

Prior to the MS Word 2007 version of the most popular word processor in the world it used the .doc file extension. From version 2007 onwards the .docx file extension started to be used. This new file format is named as such because it is based on the “Open XML document format” which of course implies that the document data is being stored as XML which is in fact the case. The XML content can be viewed by renaming a .docx file to a .zip file and then extracting the contents which produces a number of XML data files which contain the information to build the word document file. 

The docx document type usually always produces smaller files than its older .doc counterpart. This is because .docx uses ZIP compression on XML data. XML, being primarily text, is very compressible and thus smaller files are created. Using XML also has the advantage that document contents are easier to retrieve in case of corruption of the file.  

One issue with saving MS Word documents in the docx XML format is compatibility with older versions of this popular word processor. The user is however given an alternative to upgrading to the latest version and this is by installing free compatibility packs that are available from the Microsoft website.