RE: Security Question from Ugo Corda on 2002年08月06日 (www-ws-arch@w3.org from August 2002)

From: Ugo Corda <UCorda@SeeBeyond.com>
Date: Tue, 6 Aug 2002 10:46:47 -0700
To: "'Mark Baker'" <distobj@acm.org>, "Cutler, Roger (RogerCutler)" <RogerCutler@ChevronTexaco.com>
Cc: www-ws-arch@w3.org
Message-ID: <C513FB68F8200244B570543EF3FC653708AE35EB@MAIL1.stc.com>

It's interesting to see what SOAP 1.2 says in this area. Section 1.2
addresses the relationship with XML Schema, and explicitly says that
evaluation of the Post Schema Validation Infoset is not required for filling
out default and fixed values. BUT that only applies to items belonging to
the SOAP 1.2 namespace, so that PSVI could be required for items belonging
to other application specific namespaces included in the SOAP envelope.
By the way, the latest decision of the WS-I Basic Profile in this area is to
require PSVI evaluation on the receiving side. (But it is still rather
controversial within the working group).
Ugo
-----Original Message-----
From: Mark Baker [mailto:distobj@acm.org]
Sent: Tuesday, August 06, 2002 7:04 AM
To: Cutler, Roger (RogerCutler)
Cc: www-ws-arch@w3.org
Subject: Re: Security Question
On Mon, Aug 05, 2002 at 12:17:18PM -0700, Cutler, Roger (RogerCutler) wrote:
> I think my example was not a good one. Basically, I am concerned that
> schema validation may add to the data in an XML document and thus that
there
> are two linked "things" -- so how is that linkage made reliable?
IMO, making the meaning of a message depend on something external to a
message is a bad idea for lots of reasons.
FWIW, I contributed this to the ietf-xml-use work;
4.13 External References
 When using XML in the context of a stateless protocol, be it the
 protocol itself (e.g., SOAP), or simply as content transferred by an
 existing protocol (e.g., XML/HTTP), care must be taken to not make
 the meaning of a message depend on information outside the message
 itself. XML provides external entities (see Section 4.12), which are
 an easy way to make the meaning of a message depend on something
 external. Using schema languages that can change the Infoset, like
 XML Schema, is another way.
See;
http://www.imc.org/ietf-xml-use/draft-hollenbeck-ietf-xml-guidelines-05.txt
So my answer would be; don't do that. 8-)
MB
-- 
Mark Baker, CTO, Idokorro Mobile (formerly Planetfred)
Ottawa, Ontario, CANADA. distobj@acm.org
http://www.markbaker.ca http://www.idokorro.com

Received on Tuesday, 6 August 2002 13:47:22 UTC