Schemas considered dangerous (was Re: Another look at namespaces)

David Megginson david at megginson.com
Fri Sep 17 15:44:25 BST 1999


Tim Berners-Lee writes:

 > Perhaps perception of it is clouded bythe fact that XML 1.0 doesn't
 > mention namespaces at all, and XML NS does not mention schemas at
 > all.  In other words, the specs -- having to only refer backwards
 > in time -- have not been good at pointing to how the future
 > architecure will fit together.

There's also the critically-important point that most programming
languages (such as C++ and Java) do the equivalent of schema
processing at compile time (where it's secure and not time-critical),
while XML processors will have to do it at run time.  That means that
there are a few potentially-nasty problems:

1. The burdon of determining inheritance and class relationships falls 
   on the processor, which has to repeat it for each cycle.

2. Processing time is not predictable, since schemas can reference
   other schemas to an unknown depth.

3. Processing is not secure, since schemas will likely be able to
   refer to schemas at other sites.

For example of the third problem (which is the most serious), let's
imagine that I have the following document:

  <memo xmlns="http://www.megginson.com/ns/memo/">
   <recipient>Tim Berners-Lee</recipient>
   <sender>David Megginson</sender>
   <p>We'll have the new product ready next month: please remember
      that this is confidential.</p>
  </memo>

Now, my 'memo' schema says that it is derived from a 'memo' schema
hosted at the W3C site:

  http://www.megginson.com/ns/memo/ 
    is a kind of 
  http://www.w3.org/schemas/memo#

Assume that the schema at the W3C site has the schema equivalent of
the following DTD construction:

  <!ATTLIST memo
    security-level (public|confidential) "confidential">

That means that, by default, my memo is confidential.  Now, what if
someone cracks the W3C's Web site (not mine), and changes this to the
equivalent of

  <!ATTLIST memo
    security-level (public|confidential) "public">

I write my memo, send it to my document system, and it automatically
displays it on my public Web site.  Ouch!


All the best,


David

-- 
David Megginson                 david at megginson.com
           http://www.megginson.com/

xml-dev: A list for W3C XML Developers. To post, mailto:xml-dev at ic.ac.uk
Archived as: http://www.lists.ic.ac.uk/hypermail/xml-dev/ and on CD-ROM/ISBN 981-02-3594-1
To (un)subscribe, mailto:majordomo at ic.ac.uk the following message;
(un)subscribe xml-dev
To subscribe to the digests, mailto:majordomo at ic.ac.uk the following message;
subscribe xml-dev-digest
List coordinator, Henry Rzepa (mailto:rzepa at ic.ac.uk)





More information about the Xml-dev mailing list