OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 

 
   Schema problems

[ Lists Home | Date Index | Thread Index ]
  • From: David Megginson <david@megginson.com>
  • To: "XMLDev list" <xml-dev@ic.ac.uk>
  • Date: Wed, 1 Sep 1999 12:42:27 -0400 (EDT)
Oren Ben-Kiki writes:

 > > By allowing documents without explicit DOCTYPE declarations, XML (and,
 > > eventually, WebSGML) acknowledged that document instances can exist
 > > independently of schemas, and thus, that there can potentially be
 > > *many* schemas applied to any existing document.
 > 
 > Doesn't this contradict (a)? That is, must all these schemas agree
 > on the default values? Or is it intentional that you can replace
 > the default values as well?

That's a very messy question.  Personally, I'd be happy to accept a
schema spec that *didn't* specify default values.  I don't think that
most client-side XML is going to use schemas, whatever standard
emerges, because schemas introduce non-constant-time problems and
(with default values) security issues into the equation.

Non-constant-time
-----------------

A schema is a separate resource that may reference other schemas
recursively, so I cannot safely predict how much parser (and, more
seriously, how much network activity) will be required to process a
document.

Security
--------

If schemas contain default values, those default values might
compromise the security of my document (say, by providing a default
value of 'public' for an 'access' variable that was unspecified in the 
original document).  Again, since schemas can reference other schemas, 
they're only as secure as the entire tree -- for example, if the
schema refers to another at the w3.org Web site, and someone cracks
w3.org, they've effectively cracked my schema (and my document) as
well.


All the best,


David

-- 
David Megginson                 david@megginson.com
           http://www.megginson.com/

xml-dev: A list for W3C XML Developers. To post, mailto:xml-dev@ic.ac.uk
Archived as: http://www.lists.ic.ac.uk/hypermail/xml-dev/ and on CD-ROM/ISBN 981-02-3594-1
To (un)subscribe, mailto:majordomo@ic.ac.uk the following message;
(un)subscribe xml-dev
To subscribe to the digests, mailto:majordomo@ic.ac.uk the following message;
subscribe xml-dev-digest
List coordinator, Henry Rzepa (mailto:rzepa@ic.ac.uk)

 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS