Schema problems

David Megginson david at megginson.com
Wed Sep 1 18:40:50 BST 1999 

Oren Ben-Kiki writes:

 > > By allowing documents without explicit DOCTYPE declarations, XML (and,
 > > eventually, WebSGML) acknowledged that document instances can exist
 > > independently of schemas, and thus, that there can potentially be
 > > *many* schemas applied to any existing document.
 > 
 > Doesn't this contradict (a)? That is, must all these schemas agree
 > on the default values? Or is it intentional that you can replace
 > the default values as well?

That's a very messy question.  Personally, I'd be happy to accept a
schema spec that *didn't* specify default values.  I don't think that
most client-side XML is going to use schemas, whatever standard
emerges, because schemas introduce non-constant-time problems and
(with default values) security issues into the equation.

Non-constant-time
-----------------

A schema is a separate resource that may reference other schemas
recursively, so I cannot safely predict how much parser (and, more
seriously, how much network activity) will be required to process a
document.

Security
--------

If schemas contain default values, those default values might
compromise the security of my document (say, by providing a default
value of 'public' for an 'access' variable that was unspecified in the 
original document).  Again, since schemas can reference other schemas, 
they're only as secure as the entire tree -- for example, if the
schema refers to another at the w3.org Web site, and someone cracks
w3.org, they've effectively cracked my schema (and my document) as
well.


All the best,


David

-- 
David Megginson                 david at megginson.com
           http://www.megginson.com/

xml-dev: A list for W3C XML Developers. To post, mailto:xml-dev at ic.ac.uk
Archived as: http://www.lists.ic.ac.uk/hypermail/xml-dev/ and on CD-ROM/ISBN 981-02-3594-1
To (un)subscribe, mailto:majordomo at ic.ac.uk the following message;
(un)subscribe xml-dev
To subscribe to the digests, mailto:majordomo at ic.ac.uk the following message;
subscribe xml-dev-digest
List coordinator, Henry Rzepa (mailto:rzepa at ic.ac.uk)

More information about the Xml-dev mailing list