W3C home > Mailing lists > Public > xmlschema-dev@w3.org > April 2009

RE: Conditional Levels of a Schema

From: Michael Kay <mike@saxonica.com>
Date: Wed, 8 Apr 2009 08:16:55 +0100
To: "'Arshad Noor'" <arshad.noor@strongauth.com>, "'Dieter Menne'" <dieter.menne@menne-biomed.de>
Cc: <xmlschema-dev@w3.org>
Message-ID: <489D2A1AAD0148CE9B16BD5193B65019@Sealion>
> I am going to attempt to answer your question by providing a 
> solution from a different perspective - the Security one - 
> only because the issue you've raised stems from a security
> requirement: preserving patient confidentiality based on 
> where the data exists/is used.

I'm no security expert but it seems very surprising to me that an argument
based on security should lead you to include data in a message that the
recipient doesn't want or need. I would have thought the "need to know"
principle was still relevant.

>That is the only downside: the data is always present.  But, in these days
of megabit speeds to mobile devices, and gigabit to desktop/laptops, I'm not
so sure its an issue for new applications).

Wrong, it's a big issue. In the system I mentioned with 400 messages, many
trivial messages were reaching Gb size because the schema insisted on
inclusion of data that the recipient of the message wasn't interested in.
Rather than designing messages to match what the process model said was
needed on a particular data flow, they were designing messages based on the
static data model, so for example a complete bank account object was being
sent when the recipient only wanted to know the current balance.

Michael Kay
http://www.saxonica.com/
Received on Wednesday, 8 April 2009 07:17:41 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 11 January 2011 00:15:11 GMT