[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
XML is Mobile Code? [was: Defining an XML vocabulary: specify syntax, semantics, and BEHAVIOR?]
- From: "Costello, Roger L." <costello@mitre.org>
- To: <xml-dev@lists.xml.org>
- Date: Sat, 12 Apr 2008 07:15:54 -0400
Hi Folks,
It just occurred to me ...
We have determined that XML has two primary roles:
1. Encode behavior (instructions)
2. Encode data
[Len, what does it mean to "encode script nodes?"]
In its first role (encoding behavior), XML is mobile code. For
example, the XSLT vocabulary is an encoding of a certain behavior (i.e.
an encoding of a certain set of instructions), and when you transport
an XSLT document across the Internet, you are transporting code.
When you transport, say, JavaScript code across the Internet, you know
the extent of the security implications since JavaScript is a bounded
syntax with bounded capabilities (and a bounded set of security
problems).
But XML is unbounded, and the types of behavior that may be encoded in
XML is unbounded. Thus, there is no way, in general, to assess the
extent of the security implications for arbitrary XML documents.
Yikes!
I am surely missing something. Please tell me where my thinking errs.
/Roger
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
