RE: Versioning of XML Schema and namespaces from Biron,Paul V on 2005-05-05 (xmlschema-dev@w3.org from May 2005)

From: Biron,Paul V <Paul.V.Biron@kp.org>
Date: Thu, 5 May 2005 10:10:51 -0700
To: "'Dan Vint'" <dvint@dvint.com>, "'Eliot Kimber'" <ekimber@innodata-isogen.com>, John.Hockaday@ga.gov.au, xmlschema-dev@w3.org
Message-Id: <8E9F0028F5955844899380433C60E39905F87901@cscrdemsg001.crdc.kp.org>

> -----Original Message-----
> From: Dan Vint [mailto:dvint@dvint.com] 
> Sent: Thursday, May 05, 2005 8:23 AM
> To: Biron,Paul V; 'Eliot Kimber'; John.Hockaday@ga.gov.au; 
> xmlschema-dev@w3.org
> Subject: RE: Versioning of XML Schema and namespaces
> 
> At 03:15 PM 5/4/2005, Biron,Paul V wrote:
> >For what it's worth, the reason the XML Schema WG made 
> >xsi:schemaLocation a hint was for security reasons.  Depending on 
> >circumstances, it can be very dangerous to trust the
> >sender/author to tell you what DTD/schema to use to
> >validate against.  After all, one of the main reasons 
> >to perform validation is because you don't trust the
> >sender/author...so why would you trust them when they
> >tell you what DTD/schema to use?
> 
> So why don't catalogs handle this problem? Catalog allows me 
> to say file x that you reference should be file b on my
> system - not the one you reference.

I never said that catalogs couldn't handle this problem...sorry if it sounded like I was saying that.  I was just making the simple point that if you don't trust the sender to put a valid integer in some attribute or to order elements a certain way why are you so willing to trust that they will put the "right" public ID in the document?

pvb

Received on Thursday, 5 May 2005 17:22:26 UTC