Valid RDF and security

Paul Prescod paul at prescod.net
Mon Feb 15 19:43:43 GMT 1999 

Perhaps this will help:
http://www.lists.ic.ac.uk/hypermail/xml-dev/9902/0371.html

Robb Shecter wrote:
> 
> Hi,
> 
> A week or so ago, someone asked how a piece of RDF can be validated,
> analogous to the way that a piece of XML can be validated with a DTD.  I
> don't think anybody answered this, or I missed the answer. (?)  I'm new
> to RDF, and don't know the answer, because as I understand it,
> validating RDF would mean making sure that the document properly follows
> (say) Dublin Core, and DC is defined as a schema, not as a DTD. (?)

Well, there is an initial Dublin Core schema, but I don't know if there is
any standard one:

http://www.w3.org/TR/WD-rdf-schema/#dublincore

> Idea 1:  Have webadmins write Java adapter classes that my framework
> would dynamically load via http.  This sounds cool, is possible
> (servlets do this), but has a security risk:  These webadmins at
> external sites are untrusted.  If I load and link their code on the fly,
> it could be programmed to do any number of destructive things on my
> server.

Declarative specifications are almost always better for this and many
other reasons. 

> Idea 3: Well, after reading about RDF, it seems like I'm reinventing the
> wheel a bit.  RDF is designed to do just what I was thinking about in
> 2.  But, how do I validate it?  And in my application, I really need the
> validation, because the validation enforces program functioning and
> security.

Define your document type with a DTD. Make the DTD such that every
document that conforms to it automatically conforms to RDF. Then you're
home free. If you don't need the degrees of syntactic freedom offered by
an RDF schema, then just use a DTD.

-- 
 Paul Prescod  - ISOGEN Consulting Engineer speaking for only himself
 http://itrc.uwaterloo.ca/~papresco

If you spend any time administering Windows NT, you're far too familiar 
with the Blue Screen of Death (BSOD) which displays the cause of the 
crash and gives some information about the state of the system when 
it crashed.  -- "Microsoft Developer Network Magazine"

xml-dev: A list for W3C XML Developers. To post, mailto:xml-dev at ic.ac.uk
Archived as: http://www.lists.ic.ac.uk/hypermail/xml-dev/ and on CD-ROM/ISBN 981-02-3594-1
To (un)subscribe, mailto:majordomo at ic.ac.uk the following message;
(un)subscribe xml-dev
To subscribe to the digests, mailto:majordomo at ic.ac.uk the following message;
subscribe xml-dev-digest
List coordinator, Henry Rzepa (mailto:rzepa at ic.ac.uk)

More information about the Xml-dev mailing list