XPS Five Points of Light – Part 2: Trustworthy

Trustworthy is an integral part of a successful electronic document format. So what do I mean by that? Trust XPS? Trust Microsoft (of course!)? Trust Me? Well, our goal is that end customers can implicitly trust XPS as an electronic document format as an integral part of their document workflow. Or..simply that an end-user can open up an XPS document and know they won’t get a virus or some other nasty thing created by someone with too much time on their hands. But, most of all, that the electronic document created by the author – arrives at its published destination faithfully representing the exact thing that author intended it to represent. OK, let’s try and be a little more organized about this. XPS as a trustworthy document format means:


It is a fixed-format document – period

XPS represents a fixed, paginated document. It does not reflow, contain interactive elements, nor will it try and sell you something while you read it– it is simple electronic paper that will faithfully represent the original content created by the author. The published rendition is designed to be accurate regardless of the target platform, viewer or device.


No code in the format

By eliminating interactivity, we also eliminated the need for code, macros and (non-image) binaries.) This is a good thing. You don’t need to create a ‘cleansed’ version of XPS to be sure that it is safe, can be archived and is ‘just’ electronic paper – we have designed XPS with that goal in mind from the beginning. This is what customers have been asking us for! It is electronic paper in its’ true form. I can send you an XPS file, you do not need to know who I am, you do not need to decide if you trust me, you can open it and feel safe.

At this point I think it is important to be clear about the above statement. Microsoft has a huge platform investment around Windows and is always innovating to improve the developer experiences around Windows. XPS is just one part of the Windows Presentation Foundation, our next-generation platform designed to provide a seamless experience between UI, media and documents. Using WPF, you can create documents that are re-flowable, interactive and include form fields, validation databinding—anything you need to create efficient and powerful user experiences. We believe the Windows platform and other investments across Office, Infopath, etc provide great end-to-end solutions for any end customer or developer who needs a document solution.


Safer Viewing

Workflows and custom applications may have a legitimate need to extend the XPS document—and they can. Content that follows the "markup compatibility" rules in the OPC spec will be ignored by Microsoft viewers. But after that processing things get stricter. The XPS Viewer validates all markup it attempts to load against the XPS XSD, and will quit immediately if it encounters unknown content.

The XPS Viewer also runs in a "partial trust" sandbox, with system permissions narrowly constrained to expected operations. Even if unknown markup passed XSD validation, it won’t be able to load code, write to disk, etc. These features are basically invisible to the user, but it does make viewing XPS documents safer.


Digital Signatures

To me, digital signatures is all about trust. Trusting that you know who created the document or whoever last altered it. Digital signatures need to become and effortless, natural part of any document workflow, today it is mysterious and seldom implemented. I believe that XPS will change that. At PDC we demonstrated a scanner that scanned a document, created it and signed it with a digital signature. If I was archiving thousands of scanned documents, I would want to have each one with a signature on it so that I know no bits were altered since the document was scanned. This is all about trusting the sources of the document. Digital Signatures are built into the format, easy to implement in a scanner, and we will have a great user experience built directly into the XPS viewer.

Constrained markup, XSD validation, partial-trust sandboxes, digital signatures—not very sexy stuff. But being trustworthy isn’t very sexy, at least not at first. XPS leaves the glamour to WPF, hoping to be loved just for being clean, safe, and easy to create. (Makes you just want to give a big hug, doesn’t it?)

Part 3 will be about High-fidelity Graphics.

- Andy

Comments

  • Anonymous
    December 06, 2005
    Awesome points Andy. I can't think of a better reason to use XPS within ECM than this.
  • Anonymous
    December 06, 2005
    "Content that follows the markup compatibility rules in the OPC spec will be ignored by Microsoft viewers."

    Are you saying that annotations (highlights, notes, redactions, etc.) are possible but will be invisible to standard XPS viewers?
  • Anonymous
    December 07, 2005
    Yes, correct anything outside the markup will not show up in the viewer. We do hope to make this better, but it won't happen in this release. I do need to write a blog about annotations in general pretty soon to give some clarity on what we will have and won't have when we release.
  • Anonymous
    December 07, 2005
    Does that mean a redacted XPS document will be displayed without the redaction in the standard viewer?
  • Anonymous
    June 13, 2006
    Is XPS viewer available for the open systems i.e. Linux, Unix??

    I am able to create XPS document using API'S SDK.
    But how do I create XPS document without using the available  API's.
  • Anonymous
    June 13, 2006
    Parag:

    We have a bunch of partners building embedded systems and solutions on linux/unix.  In fact I've seen several demos of viewers on linux from our partners.  Because the spec includes everything you need to propertly read/write/render XPS they can do this.  We do not have APIs for those platforms, so you definitely have to write all the code yourself.  On the viewer side, we hope that 3rd parties will make a linux/unix viewer available by the time we ship.  We don't have plans to build one ourselves, but we may change our minds once we ship if no one else builds one.

    - Andy
  • Anonymous
    June 13, 2006
    Hi Andy,

    Good to hear that the XPS Viewer will be available for the open systems as well. Thanks for the piece of information.

    Apart from that in case the user has a already created XPS document and want to modify it on Microsoft platform what are the options available.

    One way is he can modify the document using the API's provided by microsoft. What could be the other option to achieve this.

    Is there any editor available for modifying the XPS document like the one we have for Word document.


    Please let me know your comments on this.

    Regards,
    Parag Dave




  • Anonymous
    June 14, 2006
    Parag:

    Since XPS is a final-form fixed document, editing is not something we are enabling with end-user tools.  So, know editor like Word coming out.  A developer who knows xml could certainly do some minor editing without using the APIs.  That's really the only way.  I think some third parties will come out with enhanced viewers that enable more interactive touchup, watermarking and minor editing.

    - Andy
  • Anonymous
    June 21, 2006
    Thanks for the information Andy, one more query I have is:

    The XPS specification says Glyphs tag is used for displaying the text, and it has a attribute called Indices which holds a encoded string.

    Is this tag mandatory?

    Does this string directly maps to the text in the Glyphs tag ?

    If yes how is this string generated ?

    Is it UTF16 representation of the text?

    -Parag

  • Anonymous
    June 08, 2009
    PingBack from http://insomniacuresite.info/story.php?id=5411