[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: Here's why it's not always a good idea to embed validation

• From: Richard Salz <rsalz@u...>
• To: John Snelson <john.snelson@o...>
• Date: Tue, 6 Jan 2009 17:08:25 -0500

> Your presentation looks good, but I'm not sure it goes far enough. Was 
> there ever a good reason to embed validation information in an instance 
> document? Isn't that fundamentally backwards, like trusting a thief 
> because /he says/ he's not a thief?

Sometimes you might have reason to trust the sender. Or the implications 
of getting it wrong if you do trust him may not matter.  Or the cost of 
doing out of band configuration may exceed the costs of getting the trust 
wrong.  For example, if you are building generic XML stuff (like, say an 
appliance :).

We support schemaLocation.  But we also have a configuration operation 
that passes the URL's through a set of rewrite rules so that, e.g., you 
can rewrite remote schema to a local version that you trust.

        /r$

--
Visiting Member, IBM Academy
STSM, DataPower Chief Programmer
WebSphere DataPower SOA Appliances
http://www.ibm.com/software/integration/datapower/

• Follow-Ups:
  • Re: Here's why it's not always a good idea to embed validationinformation (e.g., schemaLocation) in instance documents
    • From: John Snelson <john.snelson@o...>

• References:
  • Re: Here's why it's not always a good idea to embed validationinformation (e.g., schemaLocation) in instance documents
    • From: John Snelson <john.snelson@o...>