OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] Re: Where does the "nothing left but toolkits" mythcome fr

[ Lists Home | Date Index | Thread Index ]

> You place considerably more faith in the W3C process than I do.

Perhaps.  I think the spotlight on this particular aspect of this 
particular effort will prevent anything bad from happening.  I am 
certainly expect to often be surprised when some WG goes off on their 
own. :)  Even widespread knowledge isn't enough to avoid breakage -- who 
  knew xml:id break c14n, for example?

> 2. XML 1.1 

 From what I can see, there seems to be emerging consensus that this 
will be acknowledged as a mistake, if market down-take doesn't leave it 
stillborn.  I don't expect perfection; admitting mistakes is good.

> 3. SOAP, specifically the restrictions on the document type declaration 
> and processing instructions

I can't speak to PI's, although they have obvious security implications.
Since DTD's can't describe a subset of a document, aren't namespace 
aware, and also have security issues ("hey, server, go fetch this 
external entity....  just trust me, it's safe"), they shouldn't appear 
in SOAP messages.


Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS