xml-dev - Re: [xml-dev] Relax NG, Thoughts, etc.

Re: [xml-dev] Relax NG, Thoughts, etc.

[ Lists Home | Date Index | Thread Index ]

To: Rich Salz <rsalz@datapower.com>
Subject: Re: [xml-dev] Relax NG, Thoughts, etc.
From: Burak Emir <Burak.Emir@epfl.ch>
Date: Sat, 04 Dec 2004 15:57:22 +0100
Cc: "xml-dev@lists.xml.org" <xml-dev@lists.xml.org>
In-reply-to: <Pine.LNX.4.44L0.0412040930010.1213-100000@smtp.datapower.com>
Organization: EPFL
References: <Pine.LNX.4.44L0.0412040930010.1213-100000@smtp.datapower.com>
User-agent: Mozilla Thunderbird 0.8 (X11/20040913)

Rich Salz wrote:

>>If one uses XML for serializing objects and nothing else, then things
>>get easier. But developing real systems would get easier if there was a
>>way of developing them so that validity (well-typedness) is checked
>>statically.
>>    
>>
>
>Sure, as long as (a) everyone is using the same object system, and (b)
>you're not worried about an adversary sending data that will cause your
>object-creation code to create bad/dangerous/evil objects; and (c) you are
>not worried about your objects leaking internal information, or (c') you
>take steps to prevent this, such as by having internal and external/proxy
>objects.
>
>That's a pretty powerful set of concerns, I think, and I wouldn't
>particularly call any of them easy.
>
>  
>
Just to be clear, I am not in favour of the "xml is just serialized 
objects" view. That is basically what is underlying something like C-omega.

Still, I'd say (a) is not so much of a concern, because partners might 
use some agreed on XSD with different object systems (or not objects at 
all).

If Relax NG provided something like substitution groups or type 
extension, then the "xml is objects" people could use Relax NG schemata, 
but then Relax NG would have some of the problems XSD has (see my 
"closed-world" post).

>If you treat XML as the data, and not as an objevct serialization format,
>then (a) you get to use the new cool SOA buzzword; and (b) you tend to
>build safer systems.
>  
>
Yes. There's still adversaries that want to buffer-overflow parsers, but 
at least there is no need to deal with the object-markup mismatch. But 
my feeling is that people will use the buzzword for everything, and 
there will be a stronger drift towards data binding.

Also for treating XML as pure data, one would appreciate more support by 
the compiler.

The primary problem with objects and schemata is that objects do not 
have ordered successors that can be specified by regular expressions. 
Maybe by making objects a bit more like markup, that mismatch is diminished?

cheers,
Burak

http://lamp.epfl.ch/~buraq

References:
- Re: [xml-dev] Relax NG, Thoughts, etc.
  - From: Rich Salz <rsalz@datapower.com>

Prev by Date: Re: [xml-dev] Relax NG, Thoughts, etc.
Next by Date: Data streams
Previous by thread: Re: [xml-dev] Relax NG, Thoughts, etc.
Next by thread: XML Pipeline
Index(es):
- Date
- Thread