Re: XML Schema validation and https redirects from Greg Hunt on 2022-08-19 (xmlschema-dev@w3.org from August 2022)

From: Greg Hunt <greg@firmansyah.com>
Date: Fri, 19 Aug 2022 17:34:55 +1000
To: xmlschema-dev@w3.org
Message-ID: <CAAS8PA+agNJa5bz=9rojwbavyWFBFS7Xx5kVmh_71pZW_AxSpw@mail.gmail.com>

From the comments in the W3C blog it sounds like Xerces in Java 11 does not
support this.  Are these "experiments" breaking production systems when
those systems use the default configuration of Xerces for validation?  What
actual problem does imposing redirects on accesses to static objects solve?
I am aware of the arguments for broad use of TLS, but are we genuinely
better off?  I'm waiting to hear from one major system what issues this
might cause them.

In the part of the world that I inhabit, with a mix of big old business
systems and very new stuff, XML is being progressively replaced by JSON,
with the remaining benefits of XML being validation and alignment with
historic designs.  Break the validation, even momentarily, and all you have
is a legacy technology that is harder to argue for.

I am with Michael on this, publishing stable URIs, (and I am inclined to
factor in the frankly rather vague statements about dereferencing URLs),
constituted a promise to not change things, a promise that you cannot evade
by saying people ought to be reading the W3C blog and updating their
software.  Who reads the W3C blog outside of mailing lists like this?

Greg

On Fri, 19 Aug 2022 at 16:52, Michael Kay <mike@saxonica.com> wrote:

>
> Some questions:
>
> (1) will you be updating all the "well known" W3C resources so their
> internal cross-references use HTTPS URIs? For example, xhtml11.dtd
> references
> http://www.w3.org/TR/xhtml-modularization/DTD/xhtml-inlstyle-1.mod
>
> (2) will you be updating TR documents so their external links (including
> links to resources such as schemas and DTDs) use HTTPS URIs?
>
> In both cases, if you do so, (a) you will need to be very careful not to
> update URIs used as long-term identifiers, for example namespace and
> collation URIs. (b) there could be problems caused by making in-situ
> changes to such resources, e.g. digital signature invalidation.
>
> (3) will the policy on allocating namespace URIs change?
>
>
> Personally I always thought the use of HTTP URIs as identifiers for
> namespaces was foolish, and I think this exercise will prove me right.
> "Stable URIs" was one of the fundamental guiding principles of the web, and
> it was always going to be difficult to achieve when URIs incorporated the
> name of a specific comms protocol.
>
> Michael Kay
> Saxonica
>
>
>

Received on Friday, 19 August 2022 07:59:32 UTC