Can you go over the XML-related enhancements in Release 2?
We've had what we would call native XML support since Release 2 of Oracle 9i. In Oracle 9i you could take an XML schema -- let's say you might have a purchase order that you were receiving hundreds or hundreds of thousands of transactions -- and you could define the schema for that purchase order as an XML document. From that point on, you could start loading those purchase orders into your database. You could load them manually, you could get them in through FTP, or you could use WebDAV (World Wide Web Distributed Authoring and Versioning) as an API [application programming interface] because all of the APIs are supported there. As the orders came in, we'd validate them against the schema, then basically decompose them and we'd store them without the tags in the database. So, you've got a very efficient way to store XML documents.
The way that we allowed you to actually search for those in Oracle9i was based on Oracle extensions to the SQL language called SQLX (SQL/XML). SQLX was sort of the preeminent standard for doing that at that stage. In the meantime, another standard has evolved in the industry, which is XML Query, or XQuery.
What we're doing in Oracle Database 10g Release 2 is we're taking those native XML capabilities that we've supported now for close to four to five years, and we're adding the XML Query language to that. We have full support of the XQuery syntax. It's a different syntax than SQL. It means that people that actually want to develop applications using the XML storage can do that knowing that they're protected by the standard. Does that mean Oracle went with the wrong standard in the beginning?
[SQLX] wasn't actually our standard. There were two horses that were racing, and we went with one, and the other one has become the eminent one. We're adding support for that. We're not actually giving up support for SQLX, we're just providing support for both APIs. Who is driving the XQuery standard?
That's a World Wide Web Consortium standard. [As far as vendors driving the standard] it's a cooperative effort between all of us. Oracle has been very active in that space, and we're one of the leading advocates of that standard. Moving onto security features, can you explain the concept of "transparent" column level encryption and decryption?
Since Oracle 8i, you could encrypt column level data in the database. So, if you had Social Security numbers or passwords, they could be encrypted. The only problem associated with that is that in order to decrypt them, you had to code your application to use a specific API. That's very good if you're building an application from scratch. But it's more challenging if you've got an existing application that you want to add that encryption to, or particularly, if you've taken an application from a package vendor, or an ISV [independent software vendor], that hasn't added that support.
We now make the encryption and decryption transparent in Oracle Database 10g Release 2. Underneath the applications you can alter the column in the table. Completely transparent from the application, as the data is inserted or updated, it's automatically encrypted. And, as you select the data out through the application, it's automatically decrypted.
All of the key management is automated by the database as well. So, it's transparently doing the data encryption, which means that more companies, as they need to protect their data, can retrofit this new capability into their existing applications much more easily. Or, as they take a packaged application off the shelf, they can actually spin up the level of encryption that's supported without having to go back to the application vendor and say, "You need to change your application and send us a new one." What's the driving factor behind adding these capabilities?
We think this is going to be very significant. We're seeing lots of problems reported along these lines at the moment. There's probably a lot of encryption legislation that's going to come out of Capitol Hill over the next 12 to 24 months. We see this as becoming a key business requirement. What is Oracle Secure Backup?
This is a standalone product that is actually coming out with this release. In the first release of the database, we pretty much automated what we call disc-to-disc backup. A lot of people back up their production databases to another set of discs. So, we brought out that automation in 10g Release 1, but at some stage you probably still need to go off the tape, for archival purposes.
In 10g Release 2 we now complete the disc-to-tape backup. We have a fully built-in tape management environment. Not only can you back up our database, but you can back up anything with this, including operating systems files, applications servers, even third-party databases.
By default [Oracle Secure Backup] is going to actually allow you to encrypt these backups as well. So not only can you secure the data within the database, but as you back up that database and anything associated with the database, you can actually encrypt that data out to the tapes. How much does Oracle Secure Backup cost?
Pricing and packaging haven't been discussed at this stage. [But] the value proposition, in terms of our customers, is because it is integrated with their existing management of the databases and their backup cycle.
SearchSAP.com news editor Rob Westervelt and SearchOracle.com news writer Jack Loftus contributed to this report
Read more about the soon to-be-released Oracle Database 10g Release 2 all this week on SearchOracle.com.