OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] Word 2003 schemas available

[ Lists Home | Date Index | Thread Index ]

I think what we're really talking about here is a binary representation 
of XML, and not a machine-code executable compilation of XML.  I'd like 
to assume that when you 'compile' and XML file, PIs are not going to 
become arbitrary executable code, they'll become a tokenized 
representation of the original PI, which is basically two strings, a 
target and data... nothing more, and no security issues other than 
those that a consuming piece of software might introduce on its own.

Tom Bradford - http://www.tbradford.org/
CTO - The dbXML Group - http://www.dbxml.com/
Project Labrador - http://www.dbxml.com/labrador/

On Nov 18, 2003, at 11:31 AM, Murali Mani wrote:

> On Tue, 18 Nov 2003, Michael Rys wrote:
>> [Michael Rys] You mean like the format used in the .doc files? :-)
>> Binary XML in my opinion flies in the face of loosely-coupled
>> interoperability. By adding a "standard" binary XML format (be it
>> based on ASN PER/BER or some other scheme) the interoperability gets
>> bifurcated and the advantage of a single, auditable, interoperable
>> format to be used in loosely-coupled environments disappears. In
>> closely-coupled systems, you can use something else than XML (or a
>> binary format). Since the coupling is closed, you do not need to
>> follow a standard (although there are some reasons why you still may
>> use XML).
> very true, if MS Office wants to define an interface for other
> applications, well and good. Why should we look into the inner 
> functioning
> of MS Office?? But as Len pointed out, there needs to be standard 
> binary
> format for other cases??
>> [Michael Rys] A processing instruction is just a special form of
>> Markup. The software needs to understand it to do anything with it. So
>> if the software understands a dangerous PI, then you may have a
>> security issue, if the software does not understand any PI, then you
>> should not.
> Regarding PIs, however, I am still not convinced totally. If I have a
> latex file and I compile it, all I can get is a dvi file. However, 
> there
> are chances of overlooked sideeffects when we have a s/w that 
> "compiles"
> an XML document..?? the s/w needs to know to handle the PI, but 
> still...
> Anyways, best, murali.
> -----------------------------------------------------------------
> The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
> initiative of OASIS <http://www.oasis-open.org>
> The list archives are at http://lists.xml.org/archives/xml-dev/
> To subscribe or unsubscribe from this list use the subscription
> manager: <http://lists.xml.org/ob/adm.pl>


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS