RE: Versioning of XML Schema and namespaces from Dan Vint on 2005-05-05 (xmlschema-dev@w3.org from May 2005)

From: Dan Vint <dvint@dvint.com>
Date: Thu, 05 May 2005 08:23:02 -0700
To: "Biron,Paul V" <Paul.V.Biron@kp.org>, "'Eliot Kimber'" <ekimber@innodata-isogen.com>,John.Hockaday@ga.gov.au, xmlschema-dev@w3.org
Message-Id: <6.1.0.6.2.20050505081347.03749910@mail.dvint.com>

At 03:15 PM 5/4/2005, Biron,Paul V wrote:
>For what it's worth, the reason the XML Schema WG made xsi:schemaLocation 
>a hint was for security reasons.  Depending on circumstances, it can be 
>very dangerous to trust the sender/author to tell you what DTD/schema to 
>use to validate against.  After all, one of the main reasons to perform 
>validation is because you don't trust the sender/author...so why would you 
>trust them when they tell you what DTD/schema to use?

So why don't catalogs handle this problem? Catalog allows me to say file x 
that you reference should be file b on my system - not the one you reference.

I agree with the original poster that I too miss the use of the PublicID 
and having a required identifier in the data stream. We are overloading the 
use of namespaces to provide this functionality. What happened to the idea 
of expressing the contract between trading partners? I want to know which 
version of a standard you are using have that handled in a standard way. 
The version attribute doesn't cut it and saying all these other values are 
hints only. They should be required hints in my mind along with some sort 
of standardized ID mechanism.

The other "excuse" I have heard is that people want to run different schema 
(RelaxNG, schematron, etc) against a datastream, so they don't want a hard 
coded schema in the data stream. Ok that is fine, if I have an ID that says 
this is the v2.3.4 Acme standard, I could then trigger any sort of standard 
validation process associated with that identification. To me that is what 
the PublicID provided (or was used for). I could run the W3C schema I could 
run any other set of validations and the thing that holds them together is 
the ID that identifies the standard I'm using.

Right now the only thing supported by tools that I can use is to version a 
namespace and a catalog entry to trigger my processing.

..dan
---------------------------------------------------------------------------
Danny Vint

Specializing in Panoramic Images of California and the West
http://www.dvint.com

voice: 510-522-4703

Received on Thursday, 5 May 2005 15:23:02 UTC