RE: [DR008] - passing arbitrary content from Dick Brooks on 2000-12-09 (xml-dist-app@w3.org from December 2000)

From: Dick Brooks <dick@8760.com>
Date: Sat, 9 Dec 2000 14:21:59 -0600
To: "Henrik Frystyk Nielsen" <frystyk@microsoft.com>, "David E. Cleary" <davec@progress.com>, <xml-dist-app@w3.org>
Message-ID: <NDBBIOBLMLCDOHCHIKMGKEJGEKAA.dick@8760.com>

Henrik,

At one point "Jean-Jacques Moreau" <moreau@crf.canon.fr> suggested
the following verbiage for DR008:

[
  "the XML Protocol Working Group recognizes that some
   applications of the XML Protocol will require the exchange of
   arbitrary
   non-XML or binary data such as JPEG and PNG. To facilitate such
   implementations, the XML Protocol Working Group may illustrate how
   such
   exchanges may be accomplished in a non-normative section of the XML
   Protocol specification.  These illustrations will [attempt to]
   leverage the
   work already done in this area by the ebXML and RosettaNet groups."
] ref: http://lists.w3.org/Archives/Public/xml-dist-app/2000Dec/0030.html

You responded by indicating there are existing options for dealing
with binary content, stating:

[   It is important to point out that there are already ways for dealing
    with so-called binary data without XP having to invent anything:

  * Data can be carried as hex encoded data within the envelope
  * Data can be referenced using a URI from within the envelope
] ref: http://lists.w3.org/Archives/Public/xml-dist-app/2000Dec/0031.html

The URI in "option 2" **could** contain an absolute reference (URL)
to a remote location (meaning the binary data is not contained in the same
MIME envelope
containing the XP document). This would require an XP processor to issue a
separate
"GET" method to retrieve the binary data.

I posted a message listing some issues/concerns with your suggestions, ref:
http://lists.w3.org/Archives/Public/xml-dist-app/2000Dec/0046.html

[
   Accessing binary data thru a URI (pass be reference semantics) requires
   binary data to be accessible
   from the Internet (in e-commerce scenarios), for example on a web (or
FTP)
   server. This opens the door to
   security issues, especially access control issues. For example, suppose
the
   binary
   data is a medical X-ray. It's very likely this data would be protected by
   access
   control (username/password or similar).
]

I'm not concerned with Uri's that reference MIME body parts occurring within
the same
message as an XP PDU, as is done by ebXML's manifest solution or the SOAP
with
attachments spec. If "remote" access of binary data is "in XP's scope" then
more details are needed
for dealing with security issues (e.g. access control), error
handling/reporting) and more.

Dick Brooks
Group 8760
110 12th Street North
Birmingham, AL 35203
dick@8760.com
205-250-8053
Fax: 205-250-8057
http://www.8760.com/

InsideAgent - Empowering e-commerce solutions

Received on Saturday, 9 December 2000 15:25:51 UTC