- From: <noah_mendelsohn@us.ibm.com>
- Date: Mon, 5 Aug 2002 09:30:36 -0400
- To: ht@cogsci.ed.ac.uk (Henry S. Thompson)
- Cc: Cliff Schmidt <cschmidt@microsoft.com>, Dare Obasanjo <dareo@microsoft.com>, "'Jeni Tennison'" <jeni@jenitennison.com>, Xan Gregg <xan@tibco.com>, xmlschema-dev@w3.org
Henry Thompson writes: >> As previously noted, I believe we can easily >> implement this at 'compile time' via coontent >> model FSM subsumption checking. Have we proven that this is possible in all cases without combinatorial blow-up of the FSMs for maxOccurs = notSmallInteger? I don't think it's generally acceptable, from a security and denial of service point of view, to have rules which have as their only practical embodiment such characteristics (of course, there is still the option to make compile time checking optional, and to allow successive validations against derived and parent types at run time -- that's not entirely pleasing from a performance point of view either, but maybe it's an out.) In other words, if there isn't a really good way to do the subsumption at compile time, then I think we'd have to allow implementations to consider the derivation as valid until an instance arrives that actually exposes the error. I don't think that's entirely desireable either. Bottom line: if the subsumption has no major drawbacks, and covers our actual grammars ({min,max}occurs, etc.), then I think I'm for it in a future release. Otherwise, I think we need to proceed carefully. It would be a shame to replace one impractical approach with another. Thanks! P.S. Sorry I missed the F2F...Protocols was meeting at the same time. ------------------------------------------------------------------ Noah Mendelsohn Voice: 1-617-693-4036 IBM Corporation Fax: 1-617-693-8676 One Rogers Street Cambridge, MA 02142 ------------------------------------------------------------------
Received on Monday, 5 August 2002 09:33:36 UTC