Home > Articles > Web Services > XML

XML Reference Guide

  • Mar 14, 2003

📄 Contents

  1. XML Reference Guide
  2. Overview
  3. What Is XML?
  4. Informit Articles and Sample Chapters
  5. Books and e-Books
  6. Official Documentation
  7. Table of Contents
  8. The Document Object Model
  9. Informit Articles and Sample Chapters
  10. Books and e-Books
  11. Official Documentation
  12. DOM and Java
  13. Informit Articles and Sample Chapters
  14. Books and e-Books
  15. Implementations
  16. DOM and JavaScript
  17. Using a Repeater
  18. Repeaters and XML
  19. Repeater Resources
  20. DOM and .NET
  21. Informit Articles and Sample Chapters
  22. Books and e-Books
  23. Documentation and Downloads
  24. DOM and C++
  25. DOM and C++ Resources
  26. DOM and Perl
  27. DOM and Perl Resources
  28. DOM and PHP
  29. DOM and PHP Resources
  30. DOM Level 3
  31. DOM Level 3 Core
  32. DOM Level 3 Load and Save
  33. DOM Level 3 XPath
  34. DOM Level 3 Validation
  35. Informit Articles and Sample Chapters
  36. Books and e-Books
  37. Documentation and Implementations
  38. The Simple API for XML (SAX)
  39. Informit Articles and Sample Chapters
  40. Books and e-Books
  41. Official Documentation
  42. SAX and Java
  43. Informit Articles and Sample Chapters
  44. Books and e-Books
  45. SAX and .NET
  46. Informit Articles and Sample Chapters
  47. SAX and Perl
  48. SAX and Perl Resources
  49. SAX and PHP
  50. SAX and PHP Resources
  51. Validation
  52. Informit Articles and Sample Chapters
  53. Books and e-Books
  54. Official Documentation
  55. Document Type Definitions (DTDs)
  56. Informit Articles and Sample Chapters
  57. Books and e-Books
  58. Official Documentation
  59. XML Schemas
  60. Informit Articles and Sample Chapters
  61. Books and e-Books
  62. Official Documentation
  63. RELAX NG
  64. Informit Articles and Sample Chapters
  65. Books and e-Books
  66. Official Documentation
  67. Schematron
  68. Official Documentation and Implementations
  69. Validation in Applications
  70. Informit Articles and Sample Chapters
  71. Books and e-Books
  72. XSL Transformations (XSLT)
  73. Informit Articles and Sample Chapters
  74. Books and e-Books
  75. Official Documentation
  76. XSLT in Java
  77. Java in XSLT Resources
  78. XSLT and RSS in .NET
  79. XSLT and RSS in .NET Resources
  80. XSL-FO
  81. Informit Articles and Sample Chapters
  82. Books and e-Books
  83. Official Documentation
  84. XPath
  85. Informit Articles and Sample Chapters
  86. Books and e-Books
  87. Official Documentation
  88. XML Base
  89. Informit Articles and Sample Chapters
  90. Official Documentation
  91. XHTML
  92. Informit Articles and Sample Chapters
  93. Books and e-Books
  94. Official Documentation
  95. XHTML 2.0
  96. Documentation
  97. Cascading Style Sheets
  98. Informit Articles and Sample Chapters
  99. Books and e-Books
  100. Official Documentation
  101. XUL
  102. XUL References
  103. XML Events
  104. XML Events Resources
  105. XML Data Binding
  106. Informit Articles and Sample Chapters
  107. Books and e-Books
  108. Specifications
  109. Implementations
  110. XML and Databases
  111. Informit Articles and Sample Chapters
  112. Books and e-Books
  113. Online Resources
  114. Official Documentation
  115. SQL Server and FOR XML
  116. Informit Articles and Sample Chapters
  117. Books and e-Books
  118. Documentation and Implementations
  119. Service Oriented Architecture
  120. Web Services
  121. Informit Articles and Sample Chapters
  122. Books and e-Books
  123. Official Documentation
  124. Creating a Perl Web Service Client
  125. SOAP::Lite
  126. Amazon Web Services
  127. Creating the Movable Type Plug-in
  128. Perl, Amazon, and Movable Type Resources
  129. Apache Axis2
  130. REST
  131. REST Resources
  132. SOAP
  133. Informit Articles and Sample Chapters
  134. Books and e-Books
  135. Official Documentation
  136. SOAP and Java
  137. Informit Articles and Sample Chapters
  138. Books and e-Books
  139. Official Documentation
  140. WSDL
  141. Informit Articles and Sample Chapters
  142. Books and e-Books
  143. Official Documentation
  144. UDDI
  145. UDDI Resources
  146. XML-RPC
  147. XML-RPC in PHP
  148. Informit Articles and Sample Chapters
  149. Books and e-Books
  150. Official Documentation
  151. Ajax
  152. Asynchronous Javascript
  153. Client-side XSLT
  154. SAJAX and PHP
  155. Ajax Resources
  156. JSON
  157. Ruby on Rails
  158. Creating Objects
  159. Ruby Basics: Arrays and Other Sundry Bits
  160. Ruby Basics: Iterators and Persistence
  161. Starting on the Rails
  162. Rails and Databases
  163. Rails: Ajax and Partials
  164. Rails Resources
  165. Web Services Security
  166. Web Services Security Resources
  167. SAML
  168. Informit Articles and Sample Chapters
  169. Books and e-Books
  170. Specification and Implementation
  171. XML Digital Signatures
  172. XML Digital Signatures Resources
  173. XML Key Management Services
  174. Resources for XML Key Management Services
  175. Internationalization
  176. Resources
  177. Grid Computing
  178. Grid Resources
  179. Web Services Resource Framework
  180. Web Services Resource Framework Resources
  181. WS-Addressing
  182. WS-Addressing Resources
  183. WS-Notifications
  184. New Languages: XML in Use
  185. Informit Articles and Sample Chapters
  186. Books and e-Books
  187. Official Documentation
  188. Google Web Toolkit
  189. GWT Basic Interactivity
  190. Google Sitemaps
  191. Google Sitemaps Resources
  192. Accessibility
  193. Web Accessibility
  194. XML Accessibility
  195. Accessibility Resources
  196. The Semantic Web
  197. Defining a New Ontology
  198. OWL: Web Ontology Language
  199. Semantic Web Resources
  200. Google Base
  201. Microformats
  202. StructuredBlogging
  203. Live Clipboard
  204. WML
  205. XHTML-MP
  206. WML Resources
  207. Google Web Services
  208. Google Web Services API
  209. Google Web Services Resources
  210. The Yahoo! Web Services Interface
  211. Yahoo! Web Services and PHP
  212. Yahoo! Web Services Resources
  213. eBay REST API
  214. WordML
  215. WordML Part 2: Lists
  216. WordML Part 3: Tables
  217. WordML Resources
  218. DocBook
  219. Articles
  220. Books and e-Books
  221. Official Documentation and Implementations
  222. XML Query
  223. Informit Articles and Sample Chapters
  224. Books and e-Books
  225. Official Documentation
  226. XForms
  227. Informit Articles and Sample Chapters
  228. Books and e-Books
  229. Official Documentation
  230. Resource Description Framework (RDF)
  231. Informit Articles and Sample Chapters
  232. Books and e-Books
  233. Official Documentation
  234. Topic Maps
  235. Informit Articles and Sample Chapters
  236. Books and e-Books
  237. Official Documentation, Implementations, and Other Resources
  238. Rich Site Summary (RSS)
  239. Informit Articles and Sample Chapters
  240. Books and e-Books
  241. Official Documentation
  242. Simple Sharing Extensions (SSE)
  243. Atom
  244. Podcasting
  245. Podcasting Resources
  246. Scalable Vector Graphics (SVG)
  247. Informit Articles and Sample Chapters
  248. Books and e-Books
  249. Official Documentation
  250. OPML
  251. OPML Resources
  252. Summary
  253. Projects
  254. JavaScript TimeTracker: JSON and PHP
  255. The Javascript Timetracker
  256. Refactoring to Javascript Objects
  257. Creating the Yahoo! Widget
  258. Web Mashup
  259. Google Maps
  260. Indeed Mashup
  261. Mashup Part 3: Putting It All Together
  262. Additional Resources
  263. Frequently Asked Questions About XML
  264. What's XML, and why should I use it?
  265. What's a well-formed document?
  266. What's the difference between XML and HTML?
  267. What's the difference between HTML and XHTML?
  268. Can I use XML in a browser?
  269. Should I use elements or attributes for my document?
  270. What's a namespace?
  271. Where can I get an XML parser?
  272. What's the difference between a well-formed document and a valid document?
  273. What's a validating parser?
  274. Should I use DOM or SAX for my application?
  275. How can I stop a SAX parser before it has parsed the entire document?
  276. 2005 Predictions
  277. 2006 Predictions
  278. Nick's Book Picks

Everybody starts the discussion of "Single Sign-on" by talking about how many times a day you have to use a (potentially different) username and password in your daily computer dealings. They talk about how nice it would be if you only had to sign in once, and then everywhere you went sites would automatically open their virtual doors to you based on this magical authentication. And they talk about it as though it were something new.

It's not new. You use a version of this "single sign on" virtually every day in your offline life. Every time you get stopped for speeding or write a check or sign up for a library card and someone asks to see your drivers license or state ID, you're using a version of "single sign on".

It works like this: the clerk at the grocery store or the librarian or the traffic cop are not verifying that you are who you say you are, or that you were born on a certain day, or that you live in a certain place. They're all relying on the fact that the state (or non-US equivalent, if applicable) did all of that verification, asking for a birth certificate, and so on, when you applied for the drivers license. They take your ID to be an assertion that you are who you say you are.

Theoretically, that's how it works online, as well. Ideally, you would be able to sign in to your computer once, and from then on wherever you went, be it your company's intranet or your bank account, the site would know who you were and you wouldn't have to sign in again. That's the theory, anyway.

Making that happen is a little bit more complicated. One way is for everybody to simply use a single sign-on "provider" such as Microsoft's Passport service, but that's not necessarily attractive to companies because Microsoft then owns all of their customer data. Another way is by using "federated" identities.

And that's where SAML comes in.

Security Assertion Markup Language, or SAML, is a way for sites to "vouch for" users. In other words, if I sign in to my company's intranet and then try to go to, say, a partner company's site, my company's intranet can vouch for me, telling the partner site who I am so that it doesn't have to ask for another username and password. SAML describes an XML vocabulary for doing that.

For example, check out this sample file from Authenticating Web Services with SAML:

<saml:Assertion 
    MajorVersion="1" MinorVersion="0"
    AssertionID="192.168.19.12.109856"
    Issuer="Issuingauthority.com"
    IssueInstant="2002-06-21T12:02:02Z">
    <saml:Conditions
       NotBefore="2002-06-21T12:02:02Z"
       NotAfter=""2002-06-21T12:12:02Z" />

    <saml:AuthenticationStatement
         AuthenticationMethod="Password"
         AuthenticationInstant="2002-06-21T12:12:02Z">
        <saml:Subject>
            <saml:NameIdentifier 
                     SecurityDomain="relyingdomain.com" 
                     Name="bridget" />
        <saml:Subject>
        <saml:Attribute>
              <saml:AttributeDesignator AttributeName="Department"
                       AttributeNamespace="http://www.informit.com"/>

              <saml:AttributeValue>Editor</saml:AttributeValue>
        </saml:Attribute>
    </saml:AuthenticationStatement>
    <saml:AuthorizationDecisionStatement
           Decision="Permit" 
           Resouce="http://www.informit.com/articles/edit.cgi">
        <saml:Actions Namespace="http://www.informit.com">

               <saml:Action>Execute</saml:Action>
        </saml:Actions>
        <saml:Subject>
             <saml:NameIdentifier 
                 SecurityDomain="relyingdomain.com" 
                 Name="bridget" />
        </saml:Subject>

    <saml:AuthoricationDecisionStatement>
</saml:Assertion>

This SAML statement actually serves several purposes. I've lumped them all together for the sake of brevity, but in reality a message doesn't have to do this much work.

First, note that we have an Assertion of some kind. That Assertion is identifiable, and comes from a particular place. Based on the Conditions, we see that it's only valid during a particular period of time. In this case, we start by noting that a user that can be identified as bridget authenticated with the server using a Password at a particular instant. Based on that, the server asserts that this person is not only bridget, but that bridget has been assigned the attribute of Editor in the http://www.informit.com namespace. Note that the server could have simply replied that this is bridget, or that this person was an Editor and not supplied the information as to how it knew.

Next we have the AuthorizationDecisionStatement, which states that this person, bridget, is allowed to Execute the http://www.informit.com/articles/edit.cgi resource. (Kind of like the blue background on your drivers license that says you can buy a beer.)

All of these messages are carried via SOAP, so they are perfectly suited to Web Services, but remember that they're not foolproof. First of all, you need to make sure that you really trust the party who's making these decisions. (Before you sell them the beer, are they offering you a state-issued ID, or a library card?) Second, you need to make sure that these messages are really coming from the party who's making these decisions. (Is that state-issued ID a fake?) Third, you need to remember that this is simply a means for communicating centralized identification information. You still need to formulate your own security policies.

But at least, with SAML, you have a base to work from.

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020