[
Lists Home |
Date Index |
Thread Index
]
> You place considerably more faith in the W3C process than I do.
Perhaps. I think the spotlight on this particular aspect of this
particular effort will prevent anything bad from happening. I am
certainly expect to often be surprised when some WG goes off on their
own. :) Even widespread knowledge isn't enough to avoid breakage -- who
knew xml:id break c14n, for example?
> 2. XML 1.1
From what I can see, there seems to be emerging consensus that this
will be acknowledged as a mistake, if market down-take doesn't leave it
stillborn. I don't expect perfection; admitting mistakes is good.
> 3. SOAP, specifically the restrictions on the document type declaration
> and processing instructions
I can't speak to PI's, although they have obvious security implications.
Since DTD's can't describe a subset of a document, aren't namespace
aware, and also have security issues ("hey, server, go fetch this
external entity.... just trust me, it's safe"), they shouldn't appear
in SOAP messages.
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
|
