Re: [xml-dev] Application of Postel's Law to XML (as Re: Trust andcontro

[Rick Jelliffe <rjelliffe@allette.com.au>]

Postel's Robustness Principle is not the only way to build successful systems. Sometimes other considerations trump robustness: for example, security.  And I don't think that content negotiation ties in neatly with the Robustness principle: exchange capabilities and figure out what you both know seems to be an alternative approach. And XML drew a line in the sand at container syntax and encoding, but loosened up on strong document type.

But I see three very  different interpretations of the Robustness Principle being used:

 * One mob uses it to mean that you should not fail on bad or unexpected data: don't pass it, just log it. For example, RFC 112

 Software should be written to deal with every conceivable error, no matter how unlikely

* Another mob use it means that you limit yourself to send a small subset of a standard based on popularity of implementation, but discipline yourself to implementing the full standard when reading.   This is also in RFC 112.

 * But another mob use it to mean you don't make any errors when you send, but you try to cope with as many errors as you can when receiving. (I think this was Aaron Schwarz's position --see Postel's Law has no exceptions--, and my old comments that HTML was as much an error-recovery strategy as as a syntax --therefore XML-style WF was inappropriate to replace HTML for casual use-- falls somewhere there too.)

The systems that would be generated by each interpretation will have very different properties: you could implement the third kind yet ignore the second kind, for example.  I think it would be a shame if the third interpretation excluded the first two in our considerations. And it is possible that all the virtues of one might not even apply to the others.  RFC 1122 says of the first kind:

In general, it is best to assume that the network is filled with malevolent entities ... This assumption will lead to suitable protective design

Saying that the robustness principle mandates a "severely prescriptive design" seems hard to reconcile with the third interpretation: it seems its exact opposite!

There is a good blog entry at
http://www.win-vector.com/blog/2010/02/postels-law-not-sure-who-to-be-angry-with/

The well-made point in that blog, to me, is when
 "the producers of the data have no way of telling they are not being “conservative in what they do” because the “generous in what they accept” libraries they use to debug don’t tell them they are emitting bad data"

This fits in with the second conception of robustness rather than the first, however. 

Cheers
Rick Jelliffe

On Tue, Feb 5, 2013 at 3:57 AM, Costello, Roger L. <costello@mitre.org> wrote:

Hi Folks,

Postel's Law says:

    Be conservative in what you do,
    be liberal in what you accept from
    others.

The intent of Postel's Law was to maximize interoperability between network service implementations, particularly in the face of ambiguous or incomplete specifications [1].

I want to fully understand what it means to apply Postel's Law to XML.

In particular, I want to compile a list of:

- Ways to be conservative in what you do.
- Ways to be liberal in what you accept from others.

Below I have made a start at such a list. Would you add to the list please?

In the following list I provide 3 things:

a. A specification that is ambiguous or incomplete, thus requiring senders and receivers to make a judgment call: how should I interpret the specification -- liberally or conservatively?

b. A way for senders to be conservative in their interpretation of the specification.

c. A way for recipients to be liberal in their interpretation of the specification.

----------
Way #1
----------
a. An ambiguous or incomplete specification:

      The data that is exchanged between
      sender and receiver must be formatted
      using markup.

b. A way for senders to be conservative:

       Send out only well-formed markup documents.

c. A way for recipients to be liberal:

      Accept and process markup documents, even if
      they are not well-formed.

----------
Way #2
----------
a. An ambiguous or incomplete specification:

      The data that is exchanged between
      sender and receiver must be well-formed
      XML.

b. A way for senders to be conservative:

       Send out only well-formed, schema-valid XML documents.

c. A way for recipients to be liberal:

      Accept and process well-formed XML documents,
      even if they are not schema-valid.

----------
Way #3
----------
a. An ambiguous or incomplete specification:

      The value of the <country> element
      must be the name of a country.

b. A way for senders to be conservative:

       Send out only ISO-standard, 2-letter country
       codes, e.g., US, CA, GB, DE.

c. A way for recipients to be liberal:

      Accept and process any string, e.g., US,
      United States, U.S.A.

What other ways can specifications be ambiguous or incomplete, senders conservative, and recipients liberal?

/Roger

[1] http://queue.acm.org/detail.cfm?id=1999945

_______________________________________________________________________

XML-DEV is a publicly archived, unmoderated list hosted by OASIS
to support XML implementation and development. To minimize
spam in the archives, you must subscribe before posting.

[Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/
Or unsubscribe: xml-dev-unsubscribe@lists.xml.org
subscribe: xml-dev-subscribe@lists.xml.org
List archive: http://lists.xml.org/archives/xml-dev/
List Guidelines: http://www.oasis-open.org/maillists/guidelines.php