Bibliographic Information

• Introduction. "The Enterprise Technical Reference Model (ETRM) provides an architectural framework used to identify the standards, specifications and technologies1 that support the Commonwealth's computing environment. The ETRM uses the concepts of Domains, Disciplines, Technology Areas and Technology Specifications to define the enterprise architecture."

• Access and Delivery Domain. "The Access and Delivery Domain addresses how information, transactions and services are delivered to and accessed by the Commonwealth's constituents and business partners. The manner in which government information, transactions and services are delivered constitutes the public face of the Commonwealth. Accuracy, timeliness and efficiency are as important as consistent look and feel, ease of navigation and accessibility. The majority of government information, services and transactions can be accessed through web technologies using a variety of access mechanisms such as web browsers, Personal Digital Assistants (PDAs), cell phones, and interactive voice response systems. Information, services and transactions are available to government's constituents and business partners at the time and location most convenient to them..."

• Information Domain. "A process-independent, enterprise view of government information enables data sharing where appropriate within the bounds of security and privacy considerations. Service oriented architectures promote information and service reuse through open standards. nitiatives such as Homeland Security rely upon all parties adhering to Community of Interest XML specifications, defined by open standards bodies comprised of representatives from Government, Business and Technology Communities. Open formats for data files ensure that government records remain independent of underlying systems and applications thereby preserving their accessibility over very long periods of time..."

• Application Domain. "The Application Domain defines how service oriented applications are designed and developed. The Application Domain identifies open standards to facilitate rapid service oriented development, integration and implementation of new applications and business processes. In addition to having well-defined SOA governance processes that identify and maintain high-quality service components, it is essential to have a standards-based service oriented development model (SODA), and development methodology that enables reuse of these components..."

• Integration Domain. "The Integration Domain addresses how information, transactions, security, systems management and Business Services are integrated across intra-enterprise entities, e.g. agencies, as well as extra-enterprise entities, e.g. business partners. The vision is to create an enterprise messaging environment based on open standards that facilitates trusted and timely communications between Business Services. This environment is a fundamental building block of the Commonwealth's SOA..."

• Security Domain. "The Security Domain addresses the approach, methodology and technology components necessary to provide the appropriate level of protection for the information assets of the Commonwealth, its constituents and business partners. Security is a crosscutting component of the architecture that impacts every other Domain. Although security requirements exist across all computing models, e.g. client/server and Web Services, the application of these security requirements on Web Services is different. For example, since SOAP messages can move across multiple legs of a communication link, a transport-centric authentication technique (such as SSL) is insufficient to assure data integrity and confidentially across the multiple "hops". The security context is lost as SOAP messages are routed between end-points..."

Summary of Technology Specifications

The Introduction to ETRM version 3.0 provides a tabular "Summary of Domains, Disciplines, and Technology Areas" and "Summary of Technology Specifications", adapted here:

• The Access and Delivery Domain has disciplines Access Channels, Delivery Channels, and Content Transport, covering these Technology Areas: Web Browsers, Personal Digital Assistant (PDA), Wireless, Interactive Voice Response (IVR), Enterprise Portal, Executive Office Sub Portals & Agency Websites, Formats, Protocols.

  • Web Browsers: Must support 128 bit encryption and X.509 v.3 digital certificates
  • Enterprise Portal: [no spec listed]
  • Executive Office Sub Portals & Agency Websites
    • Java Specification Request (JSR) 168 for J2EE based applications
    • C# Portlets for .Net based applications
    • Web Services for Remote Portal (WSRP) v 1.0 for web services
  • Formats
    • Hypertext Markup Language (HTML) v. 4.01
    • Extensible Markup Language (XML) v. 1.0 (Third Edition) or v 1.1 when necessary
  • Protocols
    • Hypertext Transfer Protocol (HTTP)/1.1
    • Secure Hypertext Transfer Protocol (HTTPS) - SSL, minimum 128 bit key length
    • Simple Object Transfer Protocol (SOAP) v. 1.2

• The Information Domain has disciplines Data Interoperability, Data Management, Data Formats, and Records Management, covering these Technology Areas: XML Specifications, Community of Interest XML, Metadata, Document Formats, Records Formats, Records Metadata, Archiving.

  • XML Specifications
    • Extensible Markup Language (XML) v. 1.0
    • XML Schema Part 1: Structures and XML Schema Part 2: Datatypes
    • Extensible Stylesheet Language (XSL) v. 1.0
    • XML Query Language (XQUERY) 1.0
  • Community of Interest XML: Global Justice XML Data Model (Global JXDM) v. 3.0.2
  • Metadata: Web Service Description Language (WSDL) v. 1.1
  • Open Formats
    • Rich Text Format v. 1.7 (.rtf)
    • Plain Text Format (.txt)
    • Hypertext Document Format (.htm)
    • Portable Document Format (.pdf) - Reference version 1.5
    • Open Document Format for Office Applications (OpenDocument)
    • MS Office XML Document Formats

• The Application Domain has a Design and Development discipline with Development Model Development Methodology as a Technology Area.

  • Development Model: Interoperability Basic Profile (WS-I Basic Profile) v. 1.0
  • Development Methodology: Unified Process (UP)

• The Integration Domain has disciplines Registry Services and Enterprise Service Bus, covering these Technology Areas: Web Service Registry, Messaging Services, Transformation Services, Orchestration Services, Choreography Services.

  • Web Service Registry: Universal Description, Discovery and Integration (UDDI) v. 2.0
  • Messaging Services
    • Java Messaging Service (JMS) v. 1.1
    • Simple Object Access Protocol (SOAP) v 1.1

• The Security Domain has disciplines Identity Management and Web Service Security, covering these Technology Areas: Identity Repository, Identity Assertion, Authentication, Encryption, Message Header.

  • Identity Repository: Lightweight Directroy Access Protocol (LDAP) v. 3.0
  • Identity Assertion: Security Assertion Markup Language (SAML) v. 1.1
  • Web Service Authentication: XML Signature
  • Encryption: XML Encryption
  • Web Service Message Header: WS-Security v. 1.0

About Open Formats

A document Informal comments on Open Formats was released on January 15, 2005 by Eric Kriss (Secretary, Administration and Finance, Commonwealth of Massachusetts) as an edited and condensed transcription from the Massachusetts Software Council Annual Meeting. Excerpts:

Exactly a year ago (January 13, 2004) the Commonwealth of Massachusetts launched a new Open Standards policy regarding the planning, development, and implementation of IT systems. These initial 2004 Open Standards began a continuous evolutionary process to better define and understand the issues, not only for those of us in state government, but for the wider vendor community and citizens as well.

We are now ready to extend the concept of Open Standards to the next stage in an informal announcement today. As always, we look forward to your feedback; one of the best assets that we have is the collective brainpower of the software industry in Massachusetts.

We will extend the definition of Open Standards to include what we will be calling Open Formats. Open Standards, as you know, are specifications for systems developed by an open community and affirmed by a standards body. An example is XML, a method of exchanging data.

Open Formats are specifications for data file formats based on an underlying open standard, developed by an open community, and affirmed by a standards body; or de facto format standards controlled by other entities that are fully documented and available for public use under perpetual, royalty-free, and nondiscriminatory terms. An example is TXT text and PDF document files..."

We will increasingly rely on the promulgation of Open Standards for file formats by national and international standards bodies. The Oasis OpenOffice XML format technical community would be one example of that. As we look to the future, we will require full support of Open Formats, as well as already released Open Standards.

We published our initial Open Standards policy, as I indicated, one year ago. The latest version (although we're going to revise the language we use to describe formats) designates TXT, RTF, HTM, PDF and XML - to the extent XML is used to specify a format — as Open Formats.

We have been in a conversation with Microsoft for several months with regard to the patent that they have on, and the license surrounding their use of, XML to define the schema of DOC files in Microsoft Office 2003.

They have made representations to us recently they are planning to modify that license, and we believe, if they do so in the way that we understand that they have spoken about (we will leave it obviously to them to describe exactly what they are going to do), it is our expectation that the next iteration of the Open Format standard will include some Microsoft proprietary formats. These formats, like DOC files, will be deemed to be Open Formats because they will no longer have restrictions on their use..."

Note on the Microsoft Office 2003 XML Reference Schema Patent License

In connection with the "conversation" between Microsoft and the Commonwealth of Massachusetts, a document of December 3, 2003 (updated January 27, 2005 or later) was issued to "expand upon the rights that Microsoft grants to certain Microsoft Office 2003 XML schemas. As described in this document, the technical specifications for the schemas include rights under copyright to make reproductions and to display and distribute those reproductions, subject to certain terms and conditions. The purpose of this document is to provide a patent license to individuals and organizations interested in implementing software programs that can read and write files that conform to such specifications..."

The Microsoft "Patent License" for use of Office schemas has not been accepted as satisfactory by all parties, even if it eventually proves to satisfy the requirements of the Commonwealth of Massachusetts. To some, the exceptions to the "royalty-free license ... to make, use, sell, offer to sell, import, and otherwise distribute Licensed Implementations solely for the purpose of reading and writing files that comply with the Microsoft specifications for the Office Schemas" are problematic, as are the terms of use.

The situation is not helped by the additional clarification which indicates that public records as qualifying "government documents" may be read by end users without violating the Microsoft patent license: "By way of clarification of the foregoing, given the unique role of government institutions, end users will not violate this license by merely reading government documents that constitute files that comply with the Microsoft specifications for the Office Schemas, or by using (solely for the purpose of reading such files) any software that enables them to do so. The term 'government documents' includes public records." Hmmm... what about non-government institutions that play no such "unique role," and what about "merely reading" other kinds of documents other than "government documents"?

Principal References

• Enterprise Technical Reference Model Version 3.0. Draft for Public Review.
• Introduction
• Access and Delivery Domain
• Information Domain
• Application Domain
• Integration Domain
• Security Domain
• Informal comments on Open Formats
• Comments: send feedback on the review draft to Standards@state.ma.us by April 1, 2005.
• Information Technology Division (ITD)
• NASCIO National Association of State Chief Information Officers (NASCIO) "represents state chief information officers and information resource executives and managers from the 50 states, six U. S. territories, and the District of Columbia. State members are senior officials from any of the three branches of state government who have executive-level and statewide responsibility for information resource management."
• [Microsoft] Office 2003 XML Reference Schema Patent License
• "Patents and Open Standards" - Main reference page.
• "Open Standards" - Main reference page.