Government and Finance Industry Urge Caution on XML

April 24, 2002

Alan Kotok

On 5 April 2002, the XML world received a double-dose of sobering news, as reports from both the U.S. General Accounting Office and NACHA, an electronic payments organization, urged their constituents to move cautiously on any commitment to XML. Both reports cite XML's bright promise but express concerns about its stability. Nonetheless, recent events suggest the industry has begun to get the message and started addressing these concerns.

The General Accounting Office (GAO) is the U.S. government's auditor and watchdog body. NACHA, which used to be known as the National Automated Clearing House Association, develops standards and best practices in electronic payments and claims to represent some 12,000 financial institutions through its regional affiliates.

GAO report linked to pending legislation

GAO issued its report, Electronic Government: Challenges to Effective Adaption of the Extensible Markup Language, in response to a request from Senator Lieberman of Connecticut, the chair of the Senate's Committee on Government Affairs, which has jurisdiction over government-wide IT issues. He is also the author of the E-Government Act of 2001 that the committee reported to the full Senate for action in March 2002.

The bill covers many aspects of the government's IT organization and operations but includes areas in which XML can play a vital role. Section 103 of the bill creates a federal Chief Information Officer (CIO), which would have responsibility for establishing and promoting IT "Standards and guidelines for interconnectivity and interoperability" as well as "Standards and guidelines for categorizing and electronically labeling Federal Government electronic information, to enhance electronic search capabilities."

These functions have high priority in the bill. Section 215 sets a deadline of 18 months after enactment of the bill (and a public comment period) for the Federal CIO to "issue a circular or promulgate proposed and final regulations requiring the interoperability standards of cataloging and indexing standards used by agencies."

Against this backdrop, the GAO investigated the status of XML to see if XML standards were ready for government-wide use and to discuss challenges federal agencies could face in adopting XML technology to promote information sharing and interoperability. The GAO and the e-government legislation define interoperability as "the ability of two or more systems or components to exchange information and to use the information that has been exchanged."

XML is sound technology

The GAO's report says XML can bring significant benefits to the way government handles information. If implemented broadly and consistently

XML offers the promise of making it significantly easier for organizations and individuals to (1) identify, integrate, and process information that may initially be widely dispersed among systems and organizations, and (2) conduct transactions based on exchanging and processing such information—a key element for federal agencies positioning themselves to provide electronic government services to citizens and businesses. (GAO-02-327, page 12)

GAO also notes that XML has at least the potential for overcoming some of the problems encountered with EDI for business data exchange, due largely to EDI's high cost of implementation.

The GAO discusses the advantages of standard data structures and tagging, a key objective of the legislation. The report noted standards can encourage data sharing and aggregation of the various platforms and computing environments found across the different agencies. As the report notes, "standard tags would make it easy to connect to each agency and exchange relevant information, because each exchange would use the same format to transfer the data and annotate (tag) what it means." (GAO-02-327, page 14).

The GAO outlines the core set of XML standards from the W3C including XML 1.0, XSLT and XSLFO, XML Schema, and XML Namespaces. It also lists a few of the supplementary standards: DOM, XLink, and XPath. The report discusses XML's extensibility which has resulted in important industry vocabularies and business frameworks. And the report discusses several federal applications of XML, including Department of Defense, Environment Protection Agency, Securities and Exchange Commission (the EDGAR system that predates the development of XML), Department of Justice, and Amtrak.

But business standards are still evolving

The report notes the maturing technical base for XML but found a continuing state of flux for the business standards that agencies will need for their day-to-day operations. While the findings show how generic XML technical standards make possible data tagging and document production, they represent by themselves only a beginning. Standards addressing business issues are needed for

(1) identifying potential business partners for transactions, (2) exchanging precise technical information about the nature of proposed transactions so that the partners can agree to them, and (3) executing agreed-upon transactions in a formal, legally binding manner.

In addition to these business process standards, a second group of standards is needed to codify the precise types of data elements that are to be exchanged when a business transaction is conducted. This need is being answered by the development of data vocabularies (or languages) designed to meet the needs of specific businesses and professions. (GAO-02-327, page 35)

The report says no consensus has yet developed for the standards to address the first group of basic cross-industry business functions. It lists ebXML, RosettaNet, and the set of three more established Web services specifications – SOAP, WSDL, and UDDI – as XML business frameworks that are seeking support among end-users. These frameworks have overlapping functionality and are in various stages of development. The GAO's findings note that ebXML has the backing of standards organizations – UN/CEFACT and OASIS – but is still working on its semantic interoperability functions. RosettaNet is the most established framework, but it was designed for the IT and electronics industries and does not have the blessing of cross-industry standards bodies.

For specific industry vocabularies, GAO also found good concepts but incomplete execution. The report singles out three vocabularies as having potential for government-wide implementation: HR-XML in human resources, XBRL for business reporting, and Legal XML for creation of legal documents. GAO found these vocabularies to have useful functions and ambitious plans, but in each case they had completed only part of their agendas. Legal XML in fact has not yet completed any of its specifications.

Federal agencies need explicit strategy for XML implementation

The report looks into the process for managing XML in the federal government and came away with a mixed verdict. "The fact that the core XML standard is nonproprietary," says the report, "thus does not ensure that all applications built with it will also successfully interoperate" (GAO-02-327, page 45). With the ease of creating one's own XML data structures, according to the findings, agencies faced risks of ill-conceived and incompatible data definitions, vocabularies could easily proliferate, and individual operations could define their own proprietary extensions of accepted vocabularies. Federal agencies also need to keep a constant eye on security.

GAO says the federal government needs an explicit policy for its use of XML and a plan to carry out that policy but found neither. The two agencies responsible for IT policies and standards, Office of Management and Budget (OMB) and National Institute for Standards and Technology (NIST) have yet to define a government-wide strategy for the adoption of XML.

The investigators found that most of the government-wide activity in XML has been done by the XML Working Group, a committee formed by the federal interagency CIO Council. The working group, according to the report, has engaged mainly in education and outreach on XML, but it also has responsibility for identifying the relevant standards and best practices applicable to federal operations, as well as establishing partnerships with outside organizations and within federal communities of interest.

The report says the federal government needs to better organize and coordinate its participation in XML standards bodies. While representatives from several of the central technology agencies (OMB, NIST, General Services Administration, and the Defense Information Systems Agency) take part in XML standards bodies, no central focal point has been established to identify a cross-agency data format, nor is there a process for consolidated collaboration with standards organizations.

However, the government is not without models for coordinating their standards efforts. Agencies work through a Federal EDI Standards Management Coordinating Committee to speak with a single voice before EDI standards bodies, and GAO noted that a number of larger agencies are using EDI successfully as a result.

Registries are important to XML development

The GAO notes the efforts by the XML Working Group to identify and register the various XML applications underway in federal agencies, but it is still a work in progress. The report says the working group registered some 24 such projects but they did not include prominent activities at Justice Department and SEC that GAO discussed as examples of XML implementation.

A registry can provide a resource for systems developers to find similar work in operation or development, to make use of existing schemas and data definitions, and thus save time and money for the agency and taxpayer, and improve the chances for interoperability. The report recommends taking a bottom-up approach where agencies could list their applications in a registry, rather than having a central authority try to dictate a solution. While the registry would contain items relevant to government systems, it should link to relevant commercial registries, to provide a fuller picture for systems developers.

The report recognized that the schemas and data elements in a registry will not always fit into clean categories and that overlaps when addressing the needs of various communities of interest are to be expected. Nonetheless, even with the potential for some overlaps, a registry can provide developers with a snapshot of similar XML work that can encourage interoperability and help build systems more efficiently.

The GAO says a registry of this kind can be effective, "only if government-wide policies are set, guidelines established, and a defined management and funding process put in place to operate the registry" (GAO-02-327, page 55). The investigators note the XML Working Group has established a committee to define policies and procedures for registries, and the working group's draft XML Developer's Guide proposes requirements that agency developers make appropriate use of the registry.

GAO recommendations

While the GAO may have views about the state of XML standards, it is hardly in a position to influence their development one way or the other. However, the report recommends a series of actions to develop an overall strategy and better focus the development of XML in the government. The strategy, according to GAO, needs to address the following.

  1. Developing a process for identifying, coordinating, and presenting consolidated government-specific needs before XML standards bodies. The report say the process could be patterned after the process used for EDI in the government, or extend the current EDI process to include XML.
  2. Transitioning the pilot registry under the XML Working Group into an operational resource for federal agencies, and setting policies to support the registry and encourage effective participation by agencies
  3. Ensuring that agencies' business needs for XML are part of the agencies' overall IT enterprise architectures and corresponding budget requests, and that agencies indicate their use of XML standards in the standards sections of that documentation.

NACHA council investigates XML for electronic payments

While GAO is a public sector agency, NACHA is a not-for-profit trade association that develops operating rules and business practices for the nationwide network of automated clearing houses (ACHs) and for other areas of electronic payments. Bank clearing houses were established first to process checks and other paper financial instruments from originating to receiving institutions.

The automated clearing house, as the name implies, automates the clearing process. In the ACH network, individuals, companies, or financial institutions send transaction data to an originating depository financial institution or ODFI, licensed to interact with an ACH. On the receiving end, a receiving depository financial institution or RDFI, also chartered to work with ACHs, receives the payment data and forwards the data to the receiving bank, company, or individual. Originating banks or individuals cannot initiate ACH transactions without authorization from the receiver.

Payment instructions and remittance data are sent through the ACH network in batch/store-and-forward mode and in high volumes. According to NACHA, in 2001 the ACH network handled some 8 billion transactions worth more than $22 trillion. NACHA expects the volume of electronic payments to reach 15 billion by 2006.

NACHA's Internet Council final draft report on XML addresses the question, should the ACH enable the exchange of XML remittance data? Payment instructions cannot travel through the network without accountability; they need associated remittance data describing each transaction to account for each payment. NACHA's rules require the remittance data to go in addenda records that adhere to the ANSI Accredited Standards Committee (ASC) X12 standard for EDI, or some other NACHA-endorsed format. In some cases the remittance data and payment instructions travel together through the network, in other cases the network carries only the payment instructions, while remittance data travel through a separate route.

Calling in the SWOT Team

To answer the question of whether XML messages should carry the exchange of remittance data, NACHA's Internet Council used an analytical technique listing the strengths, weaknesses, opportunities, and threats, abbreviated SWOT. With this technique, the Council summarized the current business-to-business technologies, based largely on EDI as follows:

Strengths – Businesses prefer to send the remittance data and payment instructions together, which the ACH network is well-prepared to handle. The volume of EDI data through the network has increased significantly in recent years, and the growing volume of electronic payments for businesses offers important revenue opportunities for service providers.

Weaknesses – While electronic payment volumes for businesses have increased, the penetration of electronic payments remains low compared to paper checks. The report cites a Gartner Inc. study (Avivah Litan. "The Unmet Demands of B2B E-Payments." 23 August 2000. ) that finds only 14% of corporate payments are made electronically. The Council attributes this lower level of activity to the high costs of EDI. The high EDI costs also reduce the profit potential to service providers.

Opportunities – The use of Internet-based EDI, often using Web interfaces, can reduce the costs of electronic payments to smaller businesses and provide at least the potential of expanding the market for electronic payment services.

The Council did not find any threats to the current system.

Using this same analytical technique on the projected use of XML for remittance data (the information now sent with EDI), the Internet Council makes the following evaluation:

Strengths – The network could technically support the use of XML for remittance data, when sent through the network along with the payment instructions. Also, service providers could offer a range of payment or remittance services using XML to generate revenue.

Weaknesses – While XML may have potential, its current level of use for remittances is low and the demand from end-users is negligible. XML file sizes tend to be larger than those for EDI (often much larger), which can affect storage needs and network throughput. Most companies, particularly smaller businesses, do not have integrated systems that would make full use of XML, and the need to support both EDI and XML would drive up costs during the migration period. Finally, no national XML standards exist for payments and remittances.

Opportunities – Implementations of XML payments and remittances may cost less than comparable implementations for EDI, and XML vendors are developing a range of solutions, some low in cost. These factors could encourage smaller enterprises to use e-business, thus expanding the market for electronic payment and remittance services. As more and more larger companies commit to the use of XML, it will encourage their supply chain partners to follow suit, and encourage a shift to electronic payments as well.

Threats – The Council questioned the potential of XML-enabled exchange services to compete with the ACH network ("intervene in the current ACH processing and revenue models"). The report also questioned if the XML option alone would be sufficient reason for check writers to begin using electronic payments.

When the Council tried to apply the SWOT technique to the future of Internet-based business-to-business payments and remittances, it found it did not have enough information to do a thorough analysis, but it lists a few issues that need to be addressed to conduct this analysis: (1) requirements and operational models for Internet-based business-to-business payments and remittances, (2) the future model's impact on the current ACH revenue model, and new revenue opportunities created for financial institutions, and (3) projected usage and anticipated costs for supporting the future model.

Triggering a re-evaluation

Because of the mixed verdict on XML and the sizable blanks remaining on the future of business payments over the Internet, NACHA's Internet Council says it could not provide a definitive answer to the question of whether XML should enable the transfer of remittance data over the ACH network and recommends tabling the issue for the time being. However, the report lists several indicators of change in the marketplace, what it called triggers, that could change the environment for XML:

  1. Competition – other networks begin using XML for remittance data
  2. Customer requests – large-volume financial service providers request XML capabilities
  3. Government or regulatory demands – legal requirements to implement XML for remittance data
  4. Legal/risk assessments – if current participants in ACH networks face some risk or liability for not providing XML
  5. Related developments in the industry – if the financial services industry settles on a particular XML standard for payments

The Council says it remains interested in XML, and a change in any of these conditions could reopen the question.

Sending a message of stability

While the two reports look at different industries and each takes a different focus, they both came to similar conclusions about the state of standards, namely that a single set of business standards needs to emerge to provide businesses with a sense of stability that will encourage investment in the technology.

While this conclusion may be accurate in some respects, it does not tell the whole story. The XML standards bodies have recognized for some time the need for stability and interoperability in the business standards as evidenced in initiatives such as:

  1. Meetings directly addressing interoperability and convergence, hosted by several groups including OMG and OASIS, as well as ASC X12. Each of these meetings generated follow-up actions, including work on registries initiated by OASIS and formation of an outreach and convergence work group by ASC X12.
  2. Formation of the Web Services Interoperability Organization to develop profiles and eventually compliance tools

Inside the government, the XML Working Group released in January 2002 its draft XML guidelines, which came after the GAO completed its investigation, but before the publication of the report. The GAO report notes the guidelines were a work in progress at the time, but the guidelines emphasize the need for a government-wide registry to help encourage reuse of existing XML resources, a point also emphasized by GAO.

EDI plays a role in both reports, although in different ways. The GAO suggests that federal agencies coordinate their standards requirements in much the same way as done now with EDI, even recommending that the current process for EDI be extended to include XML. For electronic payments, EDI is the dominant exchange technology, and its use is growing. For XML to be considered as a complement or alternative to EDI, it needs to meet the same levels of performance, service, and security being provided by EDI to meet the high volumes of sensitive data being exchanged.

In some respects, these reports are looking at the world of business XML through rear view mirrors. But it will still take more effort on the part of the XML practitioners themselves to bring the kind of stability to XML that these high-performance end-users are seeking.