Site Help
Topics
 Glossary
 Site Map
Many links on the Web Guide are available to EPA Intranet users only. If you are an outside contractor working for EPA, please contact your EPA representative for more information. If you are another federal agency or other party interested in EPA's web policies and procedures, please contact EPA through the "Contact Us" page on this site.
Questions?
Call the EPA Call Center
PDF Disclaimer
You will need Adobe Acrobat Reader to view PDF files. See EPA's PDF page for more information about getting and using the free Acrobat Reader.
EPA Web Technologies
ADP Coordinator
Q: How do I find out who my ADP coordinator is?
A: Call the EPA Call Center at 1-866-411-4EPA (4372) for assistance.
Q: I am an ADP coordinator and need guidance on how to create accounts
and add users.
A: The NCC Registration Guide for ADP Coordinators, ADP BackUps and Account Managers
provides both an overview and detailed instructions on
how to create new TSSMS accounts and manage User Accounts.
Animation
Q: I would like to have animation on my
site. Is that acceptable?
A: Animation can be utilized to increase audience engagement
to available information. However, overuse of or superfluous animation should
be avoided so as not to distract the viewer.
Q: Animation would definitely be a draw
for our audience. What sort of file format should I utilize?
A: The typical formats for which animation is written and
viewed are GIF89a, QuickTime, Java, JavaScript, Flash and VRML (3D graphics).
Each is inherently different and unique in terms of image delivery, quality,
and interactive options. GIF89a are appropriate for such applications as art
and logo animation. Java has been used predominantly for banner
animation.
Cascading Style Sheets
Q: What is a style sheet?
A: A style sheet is a list of rules that can assign various properties to HTML tags and elements. They specify how elements inside an HTML page should be interpreted by a web browser.
Frames
Q: What are frames? How do they work?
A: Frames are a specification format for displaying multiple, independent,
scrollable regions within a display window as seen from your Web browser.
Each frame can contain a separate document.Drawbacks include: printing a
framed page is not possible from your browser, HTML readers for the visually
impaired do not work well with framed pages, bookmarking and saving the HTML
page only records the original framed page, the "back" and
"forward" browser buttons will not remember any navigation that
was done within the frames, and the URL displayed in the browser does not
reflect individual pages shown within the frames. Refer to the
EPA Web Standards site for the most current information on this.
CGI
Q: Can I develop my own CGI's for use on my site? If
so, what language should I use?
A: NCC allows Common Gateway Interface (CGI) programs written in Java,
C, C++, and Perl. For more information on CGI's and the EPA servers, please
refer to CGI
Documentation.
For more information on Java, refer to the Java Security Best Practices.
ColdFusion
Q: What is ColdFusion?
A: ColdFusion is a Web rapid application development environment that
facilitates the dynamic serving of HTML pages from a content database.
ColdFusion applications can access databases and leverage the power of source
data and presentation templates to provide highly customizable HTML output
pages.
Q: What is the EPA's policy concerning
ColdFusion?
A: ColdFusion is approved for both intranet and public access
applications. All ColdFusion applications must be approved through the Application Deployment Process.
Information concerning the intranet and/or the public access servers and the
procedures for developing ColdFusion projects can be found at the ColdFusion Portal
Intranet Web
site.
Cookies
Q: Are "cookies" allowed?
A: Privacy concerns have led to the restriction of the use of "cookies"
on the EPA Web site. According to the Office of Management
and Budgets Memorandum 00-13 persistent cookies
"should not be used at Federal Web sites ..., unless, in addition to clear and
conspicuous notice, the following conditions are met: a compelling need to
gather the data on the site; appropriate and publicly disclosed privacy
safeguards for handling of information derived from "cookies"; and personal
approval by the head of the agency. In addition, it is federal policy that all
Federal Web sites and contractors when operating on behalf of agencies shall
comply with the standards set forth in the Children's Online Privacy Protection
Act of 1998 with respect to the collection of personal information online at
Web sites directed to children."
Per information posted to EPAWeb-Owners on September 12th,
2000 by Roger Baker, Chief Information Officer, U.S. Dept of Commerce: Session
cookies may be permitted as long as they retain information "only during the
session or for the purpose of completing a particular online transaction,
without any capacity to track users over time and across different Web
sites."
Agency Security Standards also prohibit the use of cookies as a means of
storing UserIDs and passwords as
- this mechanism depends on the physical security of the client to limit and control access. Physical security of clients is inconsistent within the Agency, given cubicle office environments, co-located organizational entities, and variable work schedules of employees.
- the stored variables do not support a fundamental security objective of uniquely identifying and authenticating users.
- Agency network access and authentication must be managed within strict guidelines until data sensitivity decisions allow for appropriate compartmentalization of data access and storage, and commensurate security controls are implemented to protect data and limit access explicitly to authorized and authenticated users.
For more information on cookies, refer to Policies, Orders, and Memoranda.
Flash
Q: What is Flash?
A: Macromedia Flash is an application used to create multimedia projects including user interface designs, animations and dynamic applications for use across the web.
GIS
Q: Does the Agency support Web-based interactive
mapping and reporting?
A: The Agency provides several means for publishing geospatial information. Applications built on ESRI's
ArcIMS or ArcGIS Server
platform may be hosted in the NCC
. These technologies support complex Web-based geographic analyses and reports as well as advanced cartography. For more basic maps, the Agency also has enterprise license agreements with Microsoft and Google to utilize their Microsoft Virtual Earth and Google Maps Web APIs
. For assistance planning and creating your Web mapping application, please contact the OEI RTP GIS Team
.
HTML
Q: What HTML standard should my site follow?
A: Refer to the EPA Web Design
site for the most current information on this.
Q: What HTML editing tools does the EPA
recommend/require?
A:
There is no single required HTML editor. Any editor can be used provided that it produces pages that conform to both the HTML and the EPA standards recommended by the EPA Web Design site. This site provides both HTML and Dreamweaver (.dwt) templates for use by developers.
Q: What HTML validation products are
available/recommended?
A: There are many Web sites that will validate HTML against the W3C HTML
3.2 recommendation and other standards. It is recommended that these services
be utilized prior to posting HTML documents on EPA Web sites. The draft
Proposal for an EPA HTML Standard and a Recommended HTML Editor
recommends the W3C HTML Validation
Service for HTML document
validation.
For more guidance, refer to the EPA Web Design Site: http://www.epa.gov/epafiles/
Java
Q: What is Java?
A: Java is a development language that provides a potential solution to
the ever-present problems of software portability and integration. Java is
described as a perfect tool for building applications to be used in a
"heterogeneous, networked, distributed environment." Java applications can be
used both on and/or off the Web. However, the Web represents the extreme in
network computing and Java has been optimized to work on the Internet.
When consumers purchase software or download it from the
Internet, they have to know the operating system for which it is designed, the
model of computer, and whether it conflicts with any software currently on the
machine. Java remedies these potential incompatibilities by enabling developers
to create an "applet" that can run on any platform, even ones that have not
been built yet. Sun calls this "write once, run anywhere."
Q: What are the other advantages to Java?
A: It is distributed, portable, and interpreted; it is also relatively
secure and offers multi-threading.
Q: What are the disadvantages to Java?
A: Java is a complex language and requires programmers familiar with it. Also, while Java has enhanced security, programmers can code "insecurely" and create vulnerabilities in their code. For this reason, a code review is required of all Java code before it is moved into production. Finally, while Java is incredibly flexible and portable, it is not the only solution for all problems. Rather than develop an application top to bottom in Java, a developer might find that the ColdFusion, Lotus Domino, Oracle or Mapping products may meet his needs much more easily and more cost effectively.
Q: Does the Agency recommend the use of Java ?
A: Due to its functionality, portability and security model, the EPA
supports the use of Java. Individuals wishing to deploy Java Applications
should fill out an Application
Deployment Checklist (ADC).
Also be aware, that prior to deployment, all JAVA code must pass a security review. More information on this process is available at The Java Security Best Practices.
JavaScript
Q: What is JavaScript?
A: JavaScript was designed as an easy-to-use scripting language for Web designers to enhance their HTML pages. Developed by Netscape, JavaScript was meant to provide scripting features as part of Netscape's LiveWire Web application-development environment. JavaScript can be used in any 16-bit environment (Windows 3.1 or higher).
Since JavaScript is a scripting language, it is separate from
more traditional programming languages used on the Internet, such as Java and
C++, that require extensive programming experience. However, to move beyond the
"cool" page embellishments for which JavaScript is typically used, some
programming skills are required. JavaScript 's relatively simple syntax is
similar to C and, contrary to popular opinion, JavaScript is not a "lite"
version of Java.
Q: Why would I, as a developer, use JavaScript ?
A: Using JavaScript , developers can direct responses from a variety of
events, objects, and actions. JavaScript provides HTML creators with the
ability to change images and play different sounds in response to specified
events, such as a user's mouse click or screen exit and entry. JavaScript can
be used for activating buttons when a mouse passes over them or for performing
such tasks as client-side form validation.
Q: Is the EPA supporting server-side JavaScript ?
A: The Agency is not currently allowing server-side JavaScript due to
security problems with early implementations of the software. The Internet
Support Group is currently researching the use of servlets on the intranet to
perform some of the more common CGI-based tasks. Server-side includes are
currently not allowed for performance reasons.
LDAP
Q: Why do we need
LDAP (Light Directory Access Protocol)? Why don't we just use X.500?
A: LDAP does not require the upper layers OSI stack, it is a simpler
protocol to implement (especially in clients), and LDAP is under IETF change
control and so can more easily evolve to meet Internet requirements.
Q: What can I store in an LDAP directory?
A: The LDAP information model is based on the entry, which contains
information about some object (e.g., a person). Entries are composed of
attributes, which have a type and one or move values. Each attribute has a
syntax that determines what kind of values are allowed in the attribute and how
those values behave during directory operations. Examples of attribute syntaxes
are for IA5 (ASCII) strings, JPEG photographs, u-law encoded sounds, URLs and
PGP keys.
Q: What are some related protocols or alternatives to LDAP?
A: WHOIS++ is a simple text-based query protocol which can be used to
construct a distributed directory for white pages information.
Q: Can I remove multiple entries at once?
A: No, the Delete operation will only remove a single entry, and it
does not remove non-leaf entries which have subordinates.
Q: Does an LDAP-to-X.500 gateway exist?
A: LDAP is included in the Umich release.
Lotus Notes Domino
Q: Which Web-based database will best serve my purpose?
A: EPA Databases accessible via the Web should be stored in one of two
formats: Oracle or Lotus Notes Domino. Oracle is appropriate for tabular,
relational data, while Lotus Notes Domino is more appropriate for storing and
tracking documents. It is recommended that the Oracle Web server be used to
access Oracle databases (as opposed to Netscape Enterprise), and that the
Domino Web server be used to access Lotus Notes Domino data. Each of these
servers is tightly integrated with its respective data sources, and each
provides functional features that should be utilized. Implementing discussion
forums over the Web should be explored using the Domino Web server and Lotus
Notes Domino. Important things to keep in mind are: How should the content be
reviewed prior to its publishing? How should security be implemented to
hide/show data to specific user groups?
NSAPI
Q: Does the Agency allow access to the Web servers via Application Program Interfaces such
as the Netscape Server Application Program Interface (NSAPI)?
A: The Agency does not allow access to the Web servers via Application
Program Interfaces such as NSAPI on the primary public access Web server
instance, due to problems with stability and the potential for making all
public access services unavailable for the primary Web server instance.
: Initial testing using NSAPI on separate, non-primary, Web
server instances has been completed. Production applications that require NSAPI
will require separate instances running under different userids. These separate
instances are combined to run on a separate "virtual IP address" to allow
access via the standard HTTP socket 80.
Oracle
Q: Which Web-based database will best serve my purpose?
A: EPA Databases accessible via the Web should be stored in one of two
formats: Oracle or Lotus Notes. Oracle is appropriate for tabular, relational
data, while Lotus Notes is more appropriate for storing and tracking documents.
It is recommended that the Oracle Web server be used to access Oracle databases
(as opposed to Netscape Enterprise), and that the Domino Web server be used to
access Lotus Notes data. Each of these servers is tightly integrated with its
respective data sources, and each provides functional features that should be
utilized. Implementing discussion forums over the Web should be explored using
the Domino Web server and Lotus Notes. Important things to keep in mind are:
How should the content be reviewed prior to its publishing? How should security
be implemented to hide/show data to specific user groups?
PHP
Q: PHP is a popular scripting language. Why is it not in use at
the EPA?
A: PHP is not currently deployed in the EPA's central
hosting environment due to a number of security vulnerabilities. For more
information on these vulnerabilities, search "PHP" at the CERT Coordination Center.
Plug-ins
Q: Can my site utilize PowerPoint or Adobe plug-ins?
A: Development aimed toward client-side plug-ins, such as Microsoft
PowerPoint presentations and Adobe PDF documents, is acceptable on the Agency's
public access servers. Server-side plug-ins, like those that are NSAPI, can
still be detrimental to the primary public access Web server, so they should be
restricted to a separate instance and userid.
There are currently no plans to investigate new
Web-based functionality to provide animated graphics, streaming audio, or
video. There are existing shockwave and VRML applications on the public access
Web server; however, these technologies require no additional server
configuration changes.
Push Technology
Q: What is "push" technology?
A: Push technology means a system that automatically delivers
information to a user. Email is the most successful form of push technology,
although other forms exist, such as personalized Web pages, desktop tickers, or
PointCast, which displays a stream of information on the user's screen
saver.
Q: Has the Agency investigated any push technology products? Which ones?
A: Several groups under NCC have investigated push technology products
from a variety of vendors, including NetMind Enterprise Minder, InfoBeat
Express, DataChannel RIO, BackWeb Server, and Lotus
Domino. All of the products were quite expensive.
The core set of functionality required to deliver OTOP News
was developed in Lotus Domino by NCC. Clearly, Domino-based push technology would
be the least expensive alternative, since the Agency already has a site
license. New releases of Domino are expected to have even greater Web
functionality. The Internet Services Group will investigate whether Domino can
fulfill all of the Agency's push technology requirements.
ShockWave
Q: What is ShockWave?
A: Macromedia ShockWave is a popular Netscape plug-in that works with
Netscape (version 2.0 or higher) to add life and interactivity to an otherwise
static Web page or site. Through this plug-in, an Internet or Intranet user can
view and/or interact with high quality animation, video, and sound. Many
different types of ShockWave files exist, including sound files, animation, and
video, any of which can be made interactive. A user can download a ShockWave
plug-in for a specific type of file encountered, or the user can download
"ShockWave - The Works," which allows the user to view any type of ShockWave
file.
Q: What are the advantages to ShockWave?
A: Download and installation of viewer(s) is free, fast (takes less
than 60 seconds), and easy. It adds dynamics and interactivity to a static Web
site. It allows for educational videos, cartoons, and audible tutorials. New
pages can be viewed without the user having to wait for another URL to load.
ShockWave does not require high-level programming knowledge and makes it
possible to create vector-based, resolution-independent animations. Finally,
animations are more fluid and are usually smaller files than animated .gifs,
and animations may be made into interactive applets without Java.
Q: Are there any disadvantages to ShockWave? If so, what are the disadvantages?
A: Shockwave does have disadvantages. It may be cumbersome to maintain
separate pages/sites for viewers who do not want to install ShockWave and for
viewers who do wish to see the ShockWave enhanced pages. It might require
creating an alternative page with ShockWave ActiveX for Explorer or other
audio/ video/ animation/ interactive capabilities for those who visit a site
using Microsoft's Internet Explorer and wish to see the same enhancements.
The viewer must take an extra step to view your site (e.g., the
user must download something). There are possible security threats to certain
Web server information as well as to information on the user's folder where
ShockWave was installed. Finally, flashing or moving graphics can be
distracting/annoying to some users.
Q: What is the Agency's position on ShockWave?
A: ShockWave's main purpose is to add life to a static Web page. With
the advent and increasing popularity of "Web-TV", the use of ShockWave
technology may attract and interest a broader range of viewers who do not wish
to sit in front of a static Web page. It is recommended that the Agency not use
ShockWave just for aesthetic enhancements; it should be used only if it helps
in relaying an Agency, office, or program message to the public. Developers
should take advantage of its capability to educate as well as intrigue their
visitors. The audio/video capabilities could be extremely useful in educational
videos, children's games, and animated demonstrations of natural occurrences
such as the water cycle. In order to ensure that the Web team is communicating
what it wants to as many people as possible in its targeted audience, a Web
team may need to prepare for a bit more maintenance work. In addition, further
discussion of security threats must be undertaken; however, it appears at the
moment that there would be no threat to sensitive or vital systematic network
information. All of the tools needed to create and view ShockWave applications
are available in one place at http://www.macromedia.com.
Web Servers
Q: What Web Servers does the Agency support?
A: The Agency currently supports a heterogeneous environment of web and
application servers. If your application requires a specific web and/or
application server, contact your ADC coordinator. For questions in general,
contact Internet Support
XHTML
Q: What is XHTML?
A: XHTML is an XML document type developed by the World Wide Web Consortium as the successor to HTML. XHTML consists of the elements of HTML, restricted such that documents conform to the rules of XML. XHTML tags are assigned the same meaning by browsers as the corresponding HTML tags, hence XHTML documents, unlike ordinary XML documents, can be formatted for display without external formatting information.
XML
Q: What is XML?
A: XML is the Extensible Markup Language. It is writen in Standard Generalized Markup Language (SGML), the international standard metalanguage for text markup systems (ISO 8879). XML can be used to describe customized markups for any type of document because, unlike other SGML-derived markup languages, such as HTML, it is not comprised of a fixed vocabulary of document elements. XML itself is a meta-language used to develop markup languages that describe the content and structure, but not the presentation, of documents.