[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
Re: [xml-dev] The <any/> element: bane of security or savior of versioning?
- From: noah_mendelsohn@us.ibm.com
- To: "Stephen Green" <stephengreenubl@gmail.com>
- Date: Fri, 19 Oct 2007 16:06:31 -0400
Stephen Green writes:
> Interestingly, in UBL the 'any' is inside an optional construct
> so parties concerned it might pose some problems for software
> weaknesses or security can just impose a subsetting profile
> which eliminates its use from their transactions.
I haven't looked at the UBL language lately, and don't remember the
details, but during our discussions of XSD 1.1 I suggested a design goal
which I think got some serious attention: whatever constructs we provide
for versioning should scale to the case where there are many revisions.
Question: if the content within that optional construct is later revised,
does that second revision get wrapped in yet another such construct? If
there are 50 revisions, can you wind up with 49 nested "extension"
elements, and the requirement to know how deep down each such extension
goes?
This is not a critique of UBL. My impression is that it has been designed
with great care and insight. I have seen other more naive proposals for
"extension" elements. They tend to have the advantage that you know where
the extension content is, and the disadvantages that a) they are somewhat
clumsy in the instance (would you want to wrap your HTML <img> tags in
<extension> elements? and b) as noted above, it's not always clear how to
scale them to multiple revisions. Overall, I tend to prefer various
flavors of open content.
Noah
--------------------------------------
Noah Mendelsohn
IBM Corporation
One Rogers Street
Cambridge, MA 02142
1-617-693-4036
--------------------------------------
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
