OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] Rethinking namespaces, attribute remapping (was Re:[xml-de

[ Lists Home | Date Index | Thread Index ]

> Dare Obasanjo wrote:
> > HLink requires you to fetch a mapping file from a specified remote location w
> > hile XLink does not. Any web page that can make your browser make HTTP reques
> > ts other than the ones directly specified by the user are potential security
> > and privacy issues. For instance, I can imagine WebBugs going upscale and dre
> > ssing themselves up to look legit by using HLink.
> Hm.  I didn't think HLink was intended to work that way.
> I thought the intent was something like: someone developing
> a new XML vocabulary wants to include HLink semantics,
> so includes an HLink mapping along with the rest of
> the vocabulary specification (schema, documentation, etc.)
> Application developers who want to use the new vocabulary
> consult the HLink mapping when building their own application.
> Something like how WSDL works -- web service clients don't
> download WSDL at runtime, the _developer_ does when _building_
> the client.
> Of course with this approach generic web browsers can't
> automatically discover the HLink links in arbitrary XML files,
> but it's not clear that this is even a requirement.
> We don't expect browsers to automatically figure out how
> to process *any* random XML documents they happen to download,
> only the ones that use a supported vocabulary.

I really don't understand any of this.  I'll just latch on to the one concrete 
thing that struck me.

If HLink is like WSDL, then Dare is right about the security issues.  These 
same security issues obtain with WSDL.  Tainting a WSDL can cause subtle 
application failures (for instance, messing with the data type definitions in 
the <types> section).  This is a security issue.

If HLink is not like WSDL, i.e. apps do not use it to affect processing during 
instance processing, then it seems entirely useless to me.  Why not just spell 
out the meaning of attributes right in the XHTML spec?

In either case, I don't remotely see how HLink is a potential replacement for 

Uche Ogbuji                                    Fourthought, Inc.
http://uche.ogbuji.net    http://4Suite.org    http://fourthought.com
Apache 2.0 API - http://www-106.ibm.com/developerworks/linux/library/l-apache/
Python&XML column: Tour of Python/XML - http://www.xml.com/pub/a/2002/09/18/py.
Python/Web Services column: xmlrpclib - http://www-106.ibm.com/developerworks/w


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS