Contrary to claims by the US Department of Defense that Office Open XML might lead to increased security concerns, vendor lock-in and backwards compatibility issues, Microsoft claims that OOXML resolves exactly these issues.

The Department of Defense, which is a member of the International Committee for Information Technology Standards (INCITS), in August voted against OOXML becoming a standard document format.

Firstly, it said that allowing binary information in the standard might lead to security concerns. Secondly, the referencing of "unexplained backward compatibility modes" might pose a problem for third party implementers. And finally, it saw the use of proprietary file formats within the open standard as a potential cause for intellectual property ownership concerns.

However, in a video interview this week, Redmond-based group project manager of Microsoft Office, Gray Knowlton, told ZDNet Australia that OOXML would provide higher levels of security.

"One of the benefits we have with the Office Open XML formats is that we know when we read and write and document because we have an XML based representation of what's in that content -- we know what should and should not be there," he said.

Knowlton said another weapon against attackers is Microsoft's Office Isolated Conversion Environment, which "forces a binary document format to be converted to Open XML when it's opened, so that before it gets to a user's machine it will be an XML-based format that we can read and parse and understand."

OOXML, which was approved as a standard by Ecma International in December 2006, is an XML specification for documents such as spreadsheets, presentation and word-processing documents and is designed to replace previous binary file formats.

According to Joe Sweeney, a consultant with IBRS research, although XML can be described this way there are concerns regarding its security.

XML or Extensible Markup Language is a way of categorising information in an open way and can be used to identify a piece of data, explained Sweeney. The benefit from a developer's perspective, he said, is it allows the creation of a data structure that can be used in multiple applications and multiple systems.

However, Sweeney believes the DoD is concerned about the potential risks that could arise when binary files are embedded within an XML file.

"Although XML is currently a 'text-only' format, there is no reason why you can not encode binary data as a stream of text. This is exactly how many XML-enabled applications treat image data (jpg, png, etc).

"The issue is, what safeguards will you put in place to ensure that incoming binary data is not passed to an existing application for execution," asked Sweeney.

To run an executable file encoded within XML would require a client-side program that would open the XML file, locate the appropriate binary data and then run it.

"It is absolutely possible to build a application to do that," said Sweeney.

According to Sweeney, anytime you have a theoretical breach, someone will show how it can be made real, meaning that the problem is not XML per se but rather the coding that sits on the client side.

The greatest fear by some opponents of OOXML is that Microsoft could one day clamp down on users and demand payment for access to their information.

Michael Warrilow, a consultant with Hydrasight Research, told ZDNet Australia, that even if Microsoft's intentions with OOXML are "pure", the issues raised by the DoD in its rejection of it are very well grounded.

"Microsoft generally has a poor track record in conforming to 'open' standards, although they are slowly coming around in recent years," he said.

There are numerous examples where Microsoft has derailed previous standards efforts, such as its support of the WS-Management SOAP protocol rather than Web services standard, WSDM, he said.

"Historically, Microsoft has been far more comfortable when it is able to control the market via its own initiatives being positioned as the 'de facto' standard," he said.

While Microsoft has achieved this status amongst consumers and small business users, who "just want the thing to work", he said Microsoft is trying hard to gain acceptance by government and large corporations.