W3C home > Mailing lists > Public > www-ws-arch@w3.org > August 2002

Stateless comms in the WSA

From: Mark Baker <distobj@acm.org>
Date: Tue, 6 Aug 2002 15:08:42 -0400
To: "Champion, Mike" <Mike.Champion@SoftwareAG-USA.com>
Cc: www-ws-arch@w3.org
Message-ID: <20020806150842.M30575@www.markbaker.ca>

On Tue, Aug 06, 2002 at 01:44:51PM -0400, Champion, Mike wrote:
> This is a very useful thread.  Picking up on Hal's point, I'd like to see
> specific suggestions for what the WSA document should say about this issue.
> - What section should it be in?  Some sort of "General principles of using
> XML in web services payloads maybe?"  Then we can talk about SOAP's
> philosophy about DTDs and PIs, this general point about potential security
> threats from the actions that schema processors could perform?  We might
> also mention in this section that it is not possible to use W3C DTDs or
> Schemas to fully validate an XML message against the SOAP 1.1 or 1.2 specs
> because there is no way to disallow processing instructions, Doctype
> references or DTD internal subsets via any current schema language.
> - What is the implication for the architecture itself?  I'm not sure ...does
> anyone think that this needs to be in the domain of any future working
> group?  

Oh yes, most definitely.  Stateless communication is a key architectural
constraint of the Web, and I've also heard many Web services people talk
about its value too.

> - What's the implication for Best Practice?  My personal, humble opinion is
> something like "One MAY use W3C XML Schemas for validating the payload   of
> a web services message, but one SHOULD NOT rely on anything in the PSVI that
> is not in the raw InfoSet representation."  

I'd say "MUST NOT", since to do so creates interoperability problems
(or if we're giving direction to spec authors, 'SHOULD use "MUST
NOT"' 8-).  Also, we should try to generalize it and use the PSVI,
external entities, etc.  as examples.  There are other ways of doing the
wrong thing here, and they're not all obvious.

Mark Baker, CTO, Idokorro Mobile (formerly Planetfred)
Ottawa, Ontario, CANADA.               distobj@acm.org
http://www.markbaker.ca        http://www.idokorro.com
Received on Tuesday, 6 August 2002 15:58:49 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:40:58 UTC