xml-dev - RE: [xml-dev] Word 2003 schemas available

RE: [xml-dev] Word 2003 schemas available

[ Lists Home | Date Index | Thread Index ]

To: "Murali Mani" <mani@CS.UCLA.EDU>,"Michael Kay" <michael.h.kay@ntlworld.com>
Subject: RE: [xml-dev] Word 2003 schemas available
From: "Michael Rys" <mrys@microsoft.com>
Date: Tue, 18 Nov 2003 10:12:47 -0800
Cc: <xml-dev@lists.xml.org>
Thread-index: AcOt6RDVMujIyfg0TCKEwhhM38k8WgAFaneg
Thread-topic: [xml-dev] Word 2003 schemas available

From: Murali Mani [mailto:mani@CS.UCLA.EDU]
Sent: Tuesday, November 18, 2003 7:30 AM

> On Tue, 18 Nov 2003, Michael Kay wrote:
> 
> > No, space has nothing to do with it. The benefit is that it becomes
a
> > feasible proposition to extract the information in the document in
ways
> > that don't depend on the availability of Microsoft software.
> 
> that sounds reasonable, however can we be sure Microsoft will not
define a
> custom binary format for storing XML documents from Office?
> 
[Michael Rys] You mean like the format used in the .doc files? :-)

Binary XML in my opinion flies in the face of loosely-coupled
interoperability. By adding a "standard" binary XML format (be it based
on ASN PER/BER or some other scheme) the interoperability gets
bifurcated and the advantage of a single, auditable, interoperable
format to be used in loosely-coupled environments disappears. In
closely-coupled systems, you can use something else than XML (or a
binary format). Since the coupling is closed, you do not need to follow
a standard (although there are some reasons why you still may use XML).

> > > also, I think lot of people are familar with security
> > > loopholes in XML using processing instructions etc... what
> > > kind of security loop holes need to be fixed??
> >
> > There are no security loopholes in XML, only in the software that
you
> > use to process it.
> 
> Is it not possible to specify some bad processing instructions? I
think an
> example of a bad processing instruction (that I am thinking of) and
why it
> is not a problem will help..??

[Michael Rys] A processing instruction is just a special form of Markup.
The software needs to understand it to do anything with it. So if the
software understands a dangerous PI, then you may have a security issue,
if the software does not understand any PI, then you should not.

> best, murali.
> 
> 
> -----------------------------------------------------------------
> The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
> initiative of OASIS <http://www.oasis-open.org>
> 
> The list archives are at http://lists.xml.org/archives/xml-dev/
> 
> To subscribe or unsubscribe from this list use the subscription
> manager: <http://lists.xml.org/ob/adm.pl>
>

Follow-Ups:
- Microsoft FUD on binary XML...
  - From: "Bob Wyman" <bob@wyman.us>
- RE: [xml-dev] Word 2003 schemas available
  - From: Murali Mani <mani@CS.UCLA.EDU>

Prev by Date: Re: [xml-dev] Re: XML and a text editor, barefoot in the winter, uphill both ways [...]
Next by Date: Re: [xml-dev] Word 2003 schemas available
Previous by thread: RE: [xml-dev] Word 2003 schemas available
Next by thread: RE: [xml-dev] Word 2003 schemas available
Index(es):
- Date
- Thread