RE: Security Question from Hal Lockhart on 2002-08-06 (www-ws-arch@w3.org from August 2002)

From: Hal Lockhart <hal.lockhart@entegrity.com>
Date: Tue, 6 Aug 2002 13:18:36 -0400
To: "'Mark Baker'" <distobj@acm.org>, "Cutler, Roger (RogerCutler)" <RogerCutler@ChevronTexaco.com>
Cc: www-ws-arch@w3.org
Message-ID: <899128A30EEDD1118FC900A0C9C74A34010341C3@bigbird.gradient.com>

As I stated in a previous email, I agree with the general notion of avoiding
ambiguity, however I think Mark's idea of not depending on anything external
is unrealistic. Every business transaction depends on shared understandings
about the goods or services involved, the terms and conditions of sale and a
host of other things not explicitly spelled out in the network messages. Of
course, many of these are defined by centuries of commercial practice as
well as laws and regulations. However, others may vary depending on the
legal system, industry and over time.

I believe the most practical approach, which is currently happening, is for
industry consortia to establish standards for the syntax and semantics of
common transactions in their industry. By making use of these standards, it
should be possible to avoid a semantic misunderstanding (deliberate or not).
A party who claims to have reason to use semantics which are contrary to the
established standards for the relevant industry will face a very difficult
burden of proof.

Hal

> -----Original Message-----
> From: Mark Baker [mailto:distobj@acm.org]
> Sent: Tuesday, August 06, 2002 10:04 AM
> To: Cutler, Roger (RogerCutler)
> Cc: www-ws-arch@w3.org
> Subject: Re: Security Question
> 
> 
> 
> On Mon, Aug 05, 2002 at 12:17:18PM -0700, Cutler, Roger 
> (RogerCutler) wrote:
> > I think my example was not a good one.  Basically, I am 
> concerned that
> > schema validation may add to the data in an XML document 
> and thus that there
> > are two linked "things" -- so how is that linkage made reliable?
> 
> IMO, making the meaning of a message depend on something external to a
> message is a bad idea for lots of reasons.
> 
> FWIW, I contributed this to the ietf-xml-use work;
> 
> 4.13 External References
> 
>    When using XML in the context of a stateless protocol, be it the
>    protocol itself (e.g., SOAP), or simply as content 
> transferred by an
>    existing protocol (e.g., XML/HTTP), care must be taken to not make
>    the meaning of a message depend on information outside the message
>    itself.  XML provides external entities (see Section 
> 4.12), which are
>    an easy way to make the meaning of a message depend on something
>    external.  Using schema languages that can change the Infoset, like
>    XML Schema, is another way.
> 
> See;
> 
> http://www.imc.org/ietf-xml-use/draft-hollenbeck-ietf-xml-guid
elines-05.txt

So my answer would be; don't do that. 8-)

MB
-- 
Mark Baker, CTO, Idokorro Mobile (formerly Planetfred)
Ottawa, Ontario, CANADA.               distobj@acm.org
http://www.markbaker.ca        http://www.idokorro.com

Received on Tuesday, 6 August 2002 13:20:01 UTC