RE: Security Question from Ugo Corda on 2002-08-06 (www-ws-arch@w3.org from August 2002)

From: Ugo Corda <UCorda@SeeBeyond.com>
Date: Tue, 6 Aug 2002 10:46:47 -0700
To: "'Mark Baker'" <distobj@acm.org>, "Cutler, Roger (RogerCutler)" <RogerCutler@ChevronTexaco.com>
Cc: www-ws-arch@w3.org
Message-ID: <C513FB68F8200244B570543EF3FC653708AE35EB@MAIL1.stc.com>

It's interesting to see what SOAP 1.2 says in this area. Section 1.2
addresses the relationship with XML Schema, and explicitly says that
evaluation of the Post Schema Validation Infoset is not required for filling
out default and fixed values. BUT that only applies to items belonging to
the SOAP 1.2 namespace, so that PSVI could be required for items belonging
to other application specific namespaces included in the SOAP envelope.

By the way, the latest decision of the WS-I Basic Profile in this area is to
require PSVI evaluation on the receiving side. (But it is still rather
controversial within the working group).

Ugo

-----Original Message-----
From: Mark Baker [mailto:distobj@acm.org]
Sent: Tuesday, August 06, 2002 7:04 AM
To: Cutler, Roger (RogerCutler)
Cc: www-ws-arch@w3.org
Subject: Re: Security Question

On Mon, Aug 05, 2002 at 12:17:18PM -0700, Cutler, Roger (RogerCutler) wrote:
> I think my example was not a good one.  Basically, I am concerned that
> schema validation may add to the data in an XML document and thus that
there
> are two linked "things" -- so how is that linkage made reliable?

IMO, making the meaning of a message depend on something external to a
message is a bad idea for lots of reasons.

FWIW, I contributed this to the ietf-xml-use work;

4.13 External References

   When using XML in the context of a stateless protocol, be it the
   protocol itself (e.g., SOAP), or simply as content transferred by an
   existing protocol (e.g., XML/HTTP), care must be taken to not make
   the meaning of a message depend on information outside the message
   itself.  XML provides external entities (see Section 4.12), which are
   an easy way to make the meaning of a message depend on something
   external.  Using schema languages that can change the Infoset, like
   XML Schema, is another way.

See;

http://www.imc.org/ietf-xml-use/draft-hollenbeck-ietf-xml-guidelines-05.txt

So my answer would be; don't do that. 8-)

MB
-- 
Mark Baker, CTO, Idokorro Mobile (formerly Planetfred)
Ottawa, Ontario, CANADA.               distobj@acm.org
http://www.markbaker.ca        http://www.idokorro.com

Received on Tuesday, 6 August 2002 13:47:22 UTC