xml-dev - Re: [xml-dev] Rethinking namespaces, attribute remapping (was Re:[xml-de

Re: [xml-dev] Rethinking namespaces, attribute remapping (was Re:[xml-de

[ Lists Home | Date Index | Thread Index ]

To: Joe English <jenglish@flightlab.com>
Subject: Re: [xml-dev] Rethinking namespaces, attribute remapping (was Re:[xml-dev] TAG on HLink)
From: Uche Ogbuji <uche.ogbuji@fourthought.com>
Date: Fri, 27 Sep 2002 13:26:40 -0600
Cc: xml-dev@lists.xml.org
In-reply-to: Message from Joe English <jenglish@flightlab.com> of "Fri, 27 Sep 2002 09:14:36 PDT." <200209271614.g8RGEa314585@dragon.flightlab.com>
Sender: uche.ogbuji@fourthought.com

> 
> Dare Obasanjo wrote:
> 
> > SECURITY/PRIVACY:
> > HLink requires you to fetch a mapping file from a specified remote location w
> > hile XLink does not. Any web page that can make your browser make HTTP reques
> > ts other than the ones directly specified by the user are potential security
> > and privacy issues. For instance, I can imagine WebBugs going upscale and dre
> > ssing themselves up to look legit by using HLink.
> 
> Hm.  I didn't think HLink was intended to work that way.
> 
> I thought the intent was something like: someone developing
> a new XML vocabulary wants to include HLink semantics,
> so includes an HLink mapping along with the rest of
> the vocabulary specification (schema, documentation, etc.)
> Application developers who want to use the new vocabulary
> consult the HLink mapping when building their own application.
> Something like how WSDL works -- web service clients don't
> download WSDL at runtime, the _developer_ does when _building_
> the client.
> 
> Of course with this approach generic web browsers can't
> automatically discover the HLink links in arbitrary XML files,
> but it's not clear that this is even a requirement.
> We don't expect browsers to automatically figure out how
> to process *any* random XML documents they happen to download,
> only the ones that use a supported vocabulary.

I really don't understand any of this.  I'll just latch on to the one concrete 
thing that struck me.

If HLink is like WSDL, then Dare is right about the security issues.  These 
same security issues obtain with WSDL.  Tainting a WSDL can cause subtle 
application failures (for instance, messing with the data type definitions in 
the <types> section).  This is a security issue.

If HLink is not like WSDL, i.e. apps do not use it to affect processing during 
instance processing, then it seems entirely useless to me.  Why not just spell 
out the meaning of attributes right in the XHTML spec?

In either case, I don't remotely see how HLink is a potential replacement for 
namespaces.


-- 
Uche Ogbuji                                    Fourthought, Inc.
http://uche.ogbuji.net    http://4Suite.org    http://fourthought.com
Apache 2.0 API - http://www-106.ibm.com/developerworks/linux/library/l-apache/
Python&XML column: Tour of Python/XML - http://www.xml.com/pub/a/2002/09/18/py.
html
Python/Web Services column: xmlrpclib - http://www-106.ibm.com/developerworks/w
ebservices/library/ws-pyth10.html

Follow-Ups:
- Re: [xml-dev] Rethinking namespaces, attribute remapping (was Re:[xml-dev] TAG on HLink)
  - From: Joe English <jenglish@flightlab.com>

References:
- Re: [xml-dev] Rethinking namespaces, attribute remapping (was Re:[xml-dev] TAG on HLink)
  - From: Joe English <jenglish@flightlab.com>

Prev by Date: RE: [xml-dev] Rethinking namespaces, attribute remapping (was Re:[xml-dev] TAG on HLink)
Next by Date: Re: RE: [xml-dev] Rethinking namespaces,attribute remapping (was Re:[xml-dev] TAG on HLink)
Previous by thread: RE: [xml-dev] Rethinking namespaces, attribute remapping(wasRe:[xml-dev] TAG on HLink)
Next by thread: Re: [xml-dev] Rethinking namespaces, attribute remapping (was Re:[xml-dev] TAG on HLink)
Index(es):
- Date
- Thread