Lists Home |
Date Index |
> You place considerably more faith in the W3C process than I do.
Perhaps. I think the spotlight on this particular aspect of this
particular effort will prevent anything bad from happening. I am
certainly expect to often be surprised when some WG goes off on their
own. :) Even widespread knowledge isn't enough to avoid breakage -- who
knew xml:id break c14n, for example?
> 2. XML 1.1
From what I can see, there seems to be emerging consensus that this
will be acknowledged as a mistake, if market down-take doesn't leave it
stillborn. I don't expect perfection; admitting mistakes is good.
> 3. SOAP, specifically the restrictions on the document type declaration
> and processing instructions
I can't speak to PI's, although they have obvious security implications.
Since DTD's can't describe a subset of a document, aren't namespace
aware, and also have security issues ("hey, server, go fetch this
external entity.... just trust me, it's safe"), they shouldn't appear
in SOAP messages.
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html