FW: Versioning of XML Schema and namespaces from Biron,Paul V on 2005-05-04 (www-xml-schema-comments@w3.org from April to June 2005)

From: Biron,Paul V <Paul.V.Biron@kp.org>
Date: Wed, 4 May 2005 15:16:23 -0700
To: www-xml-schema-comments <www-xml-schema-comments@w3.org>
Message-Id: <8E9F0028F5955844899380433C60E39905F878F5@cscrdemsg001.crdc.kp.org>

Since I now see that John Hockaday also posted his original message here I might as well post my response here too.

pvb
> -----Original Message-----
> From: Biron,Paul V 
> Sent: Wednesday, May 04, 2005 3:15 PM
> To: 'Eliot Kimber'; John.Hockaday@ga.gov.au; xmlschema-dev@w3.org
> Subject: RE: Versioning of XML Schema and namespaces
> 
> 
> > -----Original Message-----
> > From: Eliot Kimber [mailto:ekimber@innodata-isogen.com]
> > Sent: Wednesday, May 04, 2005 8:10 AM
> > To: John.Hockaday@ga.gov.au; xmlschema-dev@w3.org
> > Cc: :;
> > Subject: Re: Versioning of XML Schema and namespaces
> > 
> > John.Hockaday@ga.gov.au wrote:
> > > I expect that document instances using W3C XML Schemas will use a
> > > "namespace" declaration to identify which XML Schema 
> should be used to 
> > > validate that document instance.  The problem that I see with the 
> > > namespace it that a URI is the unique identifier.  There 
> is no PUBLIC 
> > > identifier.  As we have all probably experienced with old 
> bookmarks, 
> > > the content at URLs change a lot. If an XML Schema's 
> version is not 
> > > part of the URI and a new version of that XML Schema is 
> made then it 
> > > is likely that this will *not* be reflected in the URI 
> and hence the 
> > > namespace.
> > 
> > Thus, I think the appropriate approach in your case is to 
> require the
> > use of schemaLocation= with absolute URIs that include version 
> > information--that gives you the same control you had before.
> 
> Remember, however, the xsi:schemaLocation [1] is just a 
> hint...schema processors are not required to honor it.  In a 
> similar vein, the presence of <!DOCTYPE> in an instance does 
> not mean that processors must perform DTD validation, 
> although most processors do so by default.
> 
> For what it's worth, the reason the XML Schema WG made 
> xsi:schemaLocation a hint was for security reasons.  
> Depending on circumstances, it can be very dangerous to trust 
> the sender/author to tell you what DTD/schema to use to 
> validate against.  After all, one of the main reasons to 
> perform validation is because you don't trust the 
> sender/author...so why would you trust them when they tell 
> you what DTD/schema to use?
> 
> pvb
> 
> [1] http://www.w3.org/TR/xmlschema-1/#xsi_schemaLocation
>

Received on Wednesday, 4 May 2005 22:25:33 UTC