Re: sanity check from James Fuller on 2012-10-02 (public-microxml@w3.org from October 2012)

From: James Fuller <jim@webcomposite.com>
Date: Tue, 2 Oct 2012 11:37:23 +0200
To: James Clark <jjc@jclark.com>
Cc: "public-microxml@w3.org" <public-microxml@w3.org>
Message-ID: <CAEaz5mvB2_QRAKxBsZHiwst9_-2uGSVc=8w22qjLvtBAzzibww@mail.gmail.com>

On Tue, Oct 2, 2012 at 9:21 AM, James Clark <jjc@jclark.com> wrote:
> On Oct 2, 2012, at 1:19 PM, James Fuller <jim@webcomposite.com> wrote:
>
>> * in '5 Security Considerations' we assume that XML Canonization is a
>> security issue only, we may want to separate this out, pointing out
>> the various links to http://www.w3.org/TR/xml-c14n11/ . Worried that
>> this important information is being buried here.
>
> The spec currently links to the IETF version of the C14N spec; this
> should probably be changed to point to the W3C version.
>
> I don't see how describing a security issue in the Security
> Considerations section is burying it.

I use xml canonisation all the time for precise diff calcs that have
nothing to do with security (for example genetic algorithm fitness,
which must characterise precisely differences between 2 files) … I
even suspect that xml canonisation is used more outside of security
(as there is woeful little done with xml enc/sig) then within it … but
'horses for courses' I am equally fine where it is.

>> * I think the '1. Introduction' is far too verbose and could do with
>> stating very clearly the differences in non normative terms with XML
>> 1.0 right up front or perhaps just a link to B.1 Syntax is all that is
>> needed.
>
> There are 3 "motivational" paragraphs that could be cut, but I think
> they provide useful context for somebody coming to the spec without
> any XML background. What harm do they do?
>
> I don't mind linking to B.1 in the intro, but I don't want to repeat
> B.1 nor move it into the body of the spec: the spec should not be
> targeted at XML experts.

to echo John's comment … we need the first paragraphs to 'speak' to
those who have not drunk the XML Koolaid but really we have 3
audiences to speak too;

  I) no knowledge of XML

  II) tried xml and found it too difficult (had a sip of the XML Kool
aid, spit it out)

  III) xml hard core (drinking XML Kool Aid)

we should say to I) what you can use microxml for

we should say to II) why microxml is easier to use then xml 1.0

we should say to III) that they should recc using microxml to their
non xml hard core friends with no fear about incompat with XML

J

Received on Tuesday, 2 October 2012 09:37:50 UTC