OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] Relax NG, Thoughts, etc.

[ Lists Home | Date Index | Thread Index ]

> If one uses XML for serializing objects and nothing else, then things
> get easier. But developing real systems would get easier if there was a
> way of developing them so that validity (well-typedness) is checked
> statically.

Sure, as long as (a) everyone is using the same object system, and (b)
you're not worried about an adversary sending data that will cause your
object-creation code to create bad/dangerous/evil objects; and (c) you are
not worried about your objects leaking internal information, or (c') you
take steps to prevent this, such as by having internal and external/proxy

That's a pretty powerful set of concerns, I think, and I wouldn't
particularly call any of them easy.

If you treat XML as the data, and not as an objevct serialization format,
then (a) you get to use the new cool SOA buzzword; and (b) you tend to
build safer systems.


Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview      http://www.datapower.com/xmldev/xmlsecurity.html


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS