[
Lists Home |
Date Index |
Thread Index
]
- From: David Megginson <david@megginson.com>
- To: "XML-DEV" <xml-dev@ic.ac.uk>
- Date: Fri, 17 Sep 1999 05:45:07 -0400 (EDT)
Tim Berners-Lee writes:
> Perhaps perception of it is clouded bythe fact that XML 1.0 doesn't
> mention namespaces at all, and XML NS does not mention schemas at
> all. In other words, the specs -- having to only refer backwards
> in time -- have not been good at pointing to how the future
> architecure will fit together.
There's also the critically-important point that most programming
languages (such as C++ and Java) do the equivalent of schema
processing at compile time (where it's secure and not time-critical),
while XML processors will have to do it at run time. That means that
there are a few potentially-nasty problems:
1. The burdon of determining inheritance and class relationships falls
on the processor, which has to repeat it for each cycle.
2. Processing time is not predictable, since schemas can reference
other schemas to an unknown depth.
3. Processing is not secure, since schemas will likely be able to
refer to schemas at other sites.
For example of the third problem (which is the most serious), let's
imagine that I have the following document:
<memo xmlns="http://www.megginson.com/ns/memo/">
<recipient>Tim Berners-Lee</recipient>
<sender>David Megginson</sender>
<p>We'll have the new product ready next month: please remember
that this is confidential.</p>
</memo>
Now, my 'memo' schema says that it is derived from a 'memo' schema
hosted at the W3C site:
http://www.megginson.com/ns/memo/
is a kind of
http://www.w3.org/schemas/memo#
Assume that the schema at the W3C site has the schema equivalent of
the following DTD construction:
<!ATTLIST memo
security-level (public|confidential) "confidential">
That means that, by default, my memo is confidential. Now, what if
someone cracks the W3C's Web site (not mine), and changes this to the
equivalent of
<!ATTLIST memo
security-level (public|confidential) "public">
I write my memo, send it to my document system, and it automatically
displays it on my public Web site. Ouch!
All the best,
David
--
David Megginson david@megginson.com
http://www.megginson.com/
xml-dev: A list for W3C XML Developers. To post, mailto:xml-dev@ic.ac.uk
Archived as: http://www.lists.ic.ac.uk/hypermail/xml-dev/ and on CD-ROM/ISBN 981-02-3594-1
To (un)subscribe, mailto:majordomo@ic.ac.uk the following message;
(un)subscribe xml-dev
To subscribe to the digests, mailto:majordomo@ic.ac.uk the following message;
subscribe xml-dev-digest
List coordinator, Henry Rzepa (mailto:rzepa@ic.ac.uk)
|
