Re: Resolution for Issue 446

First, I apologize for missing the call where this was discussed.  I have 
some doubts about the overall direction chosen, but I will happily defer 
to the will of the group in an area where anything we do involves 
compromises.  So, I accept the overall direction of outlawing xop:Include 
in the input.

That said, I don't think the proposed text is acceptable for at least two 
reasons, and so with regret I must indicate that for now the overall issue 
resolution is not acceptable to me.  The two reasons are:

1)  I think the use of the word "Note" in the phrase "Note that the data model used as input to XOP processing MUST
NOT contain any element nodes" is unfortunate, as it unnecessarily suggests informal advice.  I think 
we should avoid using "Note" and capitalized "MUST"/"MUST NOT" in the same 
sentence."  Suggested resplution:  delete the word "Note".

2) As I read the attached, it puts changes in XOP but not in the 
SOAP-specific portions of the spec.  I think that is unacceptable, 
especially since in this particular way we are proposing a (marginally) 
non-conforming SOAP binding, and one that has at least some security or 
integrity exposures if not implemented carefully.  In other words, if 
either your API or some inbound message at an intermediary allows a 
xop:include element to creep in and you fail to detect it, you can send 
erroneous data downstream.  Furthermore, nothing in the SOAP Rec licenses 
a binding that is incapable of transmitting more or less arbitrary 
elements within SOAP bodies or header element children.  I propose the 
following additional text to be included (with suitable editorial cleanup) 
into the HTTP binding:  "Implementations of this binding MUST enforce the 
restriction [link to XOP spec] that XOP not be used with data models that 
contain element nodes of name xop:include.  In any case where a SOAP 
envelope containing such a node is to be sent the binding MUST do one of 
the following:  a) fall back to use of the application/soap+xml media type 
or (b) reflect a binding-dependent SOAP fault.   Note that such envelopes 
could in principle arise either from data created locally at the sending 
node, or in data relayed at an intermediary, and bindings are responsible 
for checking all such input as necessary to ensure that the rule just 
stated is enforced. 

The first of these is an editorial matter that I am sure we can handle 
easily.  I propose that, if the chair is willing, we discuss the second on 
the call today.  Again, my apologies for being on the road at the Schema 
WG meeting during last week's call.

--------------------------------------
Noah Mendelsohn 
IBM Corporation
One Rogers Street
Cambridge, MA 02142
1-617-693-4036
--------------------------------------








"Martin Gudgin" <mgudgin@microsoft.com>
Sent by: xmlp-comments-request@w3.org
01/26/2004 06:30 AM

 
        To:     <xmlp-comments@w3.org>
        cc:     <noah_mendelsohn@us.ibm.com>
        Subject:        Resolution for Issue 446



Noah,

You raised issue 446[1] regarding whether MIFFY/XOP can serialize a data
model that already contains xop:Include elements. The XMLP WG adopted
the following text into Section 3 of the XOP document:

                 Note that the data model used as input to XOP processing 
MUST
NOT contain any element nodes with a dm:node-name
{http://www.w3.org/2003/06/soap/features/binary-inclusion;Include};
data models containing such elements cannot              be serialized 
using XOP.

I trust the resolves the issue to your satisfaction.

Regards

Martin Gudgin
For the W3C XMLP WG

[1] http://www.w3.org/2000/xp/Group/xmlp-issues.html#x446

Received on Wednesday, 28 January 2004 11:33:14 UTC