- From: <noah_mendelsohn@us.ibm.com>
- Date: Thu, 15 Jan 2004 18:56:51 -0500
- To: xmlp-comments@w3.org
Forwarded to xmlp comments at the request of our chair. -------------------------------------- Noah Mendelsohn IBM Corporation One Rogers Street Cambridge, MA 02142 1-617-693-4036 -------------------------------------- ----- Forwarded by Noah Mendelsohn/Cambridge/IBM on 01/15/2004 06:56 PM ----- Noah Mendelsohn To: xml-dist-app@w3.org 01/15/2004 06:23 cc: PM Subject: New MTOM & XOP Issue: what if the input contains a xop:include? (for those who have not been following discussion closely, XOP is the new name for Miffy) In reviewing the MTOM and XOP/Miffy drafts at [1,2] I notice that we have not covered the case where the dm to be transmitted itself contains a xop:include element. I think our options are: a) Disallow. In this case, I think we must state in both MTOM and XOP specs that SOAP Envelope or XML Document Data Models to be optimized MUST NOT contain element nodes with the name xop:include. In the case of the binding, I think we must indicate that this is a (minor) deviation from the general rules for SOAP, which in general do not disallow such content in a SOAP message. I think we must indicate that a binding-specific fault is to be reflected if an attempt is made to transmit an envelop containing such an element, and that conforming bindings MUST check for this condition. b) Invent a quoting convention. So: <xop:include> means do the include. <xop:quote><xop:include/></xop:quote> means the include was in the original XML, and messily enough <xop:quote><xop:quote/></xop:quote> means the inner quote was in the original Ugly, and potentially slow, but robust. Note that this means checking and being willing to rewrite all of the XML, including (potentially) headers relayed intact through an intermediary. c) Do nothing and let the system break if a malicious or clueless user puts a xop:include into their data. This is not completely far fetched. Imagine a bug reporting system in which you wanted to carry a bug report on a xop implementation, or sending around a fragment of xhtml describing xop. It's not likely, but it could happen inadvertently, and I can certainly imagine things malicious users would do to trick implementations that weren't sufficiently defensive in their coding style. I think all the options are to some degree ugly, but I find (c) to be unacceptable on security and robustness grounds. Unless someone can think of an option I've missed, I think we need to choose some variant of (a) or (b). In any case, I recommend we open an issue and put a place holder ednote in both documents until resolved. -------------------------------------- Noah Mendelsohn IBM Corporation One Rogers Street Cambridge, MA 02142 1-617-693-4036 --------------------------------------
Received on Thursday, 15 January 2004 18:58:08 UTC