- From: Biron,Paul V <Paul.V.Biron@kp.org>
- Date: Wed, 4 May 2005 15:16:23 -0700
- To: www-xml-schema-comments <www-xml-schema-comments@w3.org>
Since I now see that John Hockaday also posted his original message here I might as well post my response here too. pvb > -----Original Message----- > From: Biron,Paul V > Sent: Wednesday, May 04, 2005 3:15 PM > To: 'Eliot Kimber'; John.Hockaday@ga.gov.au; xmlschema-dev@w3.org > Subject: RE: Versioning of XML Schema and namespaces > > > > -----Original Message----- > > From: Eliot Kimber [mailto:ekimber@innodata-isogen.com] > > Sent: Wednesday, May 04, 2005 8:10 AM > > To: John.Hockaday@ga.gov.au; xmlschema-dev@w3.org > > Cc: :; > > Subject: Re: Versioning of XML Schema and namespaces > > > > John.Hockaday@ga.gov.au wrote: > > > I expect that document instances using W3C XML Schemas will use a > > > "namespace" declaration to identify which XML Schema > should be used to > > > validate that document instance. The problem that I see with the > > > namespace it that a URI is the unique identifier. There > is no PUBLIC > > > identifier. As we have all probably experienced with old > bookmarks, > > > the content at URLs change a lot. If an XML Schema's > version is not > > > part of the URI and a new version of that XML Schema is > made then it > > > is likely that this will *not* be reflected in the URI > and hence the > > > namespace. > > > > Thus, I think the appropriate approach in your case is to > require the > > use of schemaLocation= with absolute URIs that include version > > information--that gives you the same control you had before. > > Remember, however, the xsi:schemaLocation [1] is just a > hint...schema processors are not required to honor it. In a > similar vein, the presence of <!DOCTYPE> in an instance does > not mean that processors must perform DTD validation, > although most processors do so by default. > > For what it's worth, the reason the XML Schema WG made > xsi:schemaLocation a hint was for security reasons. > Depending on circumstances, it can be very dangerous to trust > the sender/author to tell you what DTD/schema to use to > validate against. After all, one of the main reasons to > perform validation is because you don't trust the > sender/author...so why would you trust them when they tell > you what DTD/schema to use? > > pvb > > [1] http://www.w3.org/TR/xmlschema-1/#xsi_schemaLocation >
Received on Wednesday, 4 May 2005 22:25:33 UTC