- From: Julian Reschke <julian.reschke@gmx.de>
- Date: 2003年10月16日 21:50:53 +0200
- To: "Stanley Guan" <stanley.guan@oracle.com>, "Julian Reschke" <julian.reschke@gmx.de>, <w3c-dist-auth@w3.org>
- Message-ID: <JIEGINCHMLABHJBIGKBCEEELINAA.julian.reschke@gmx.de>
> From: w3c-dist-auth-request@w3.org > [mailto:w3c-dist-auth-request@w3.org]On Behalf Of Stanley Guan > Sent: Thursday, October 16, 2003 6:47 PM > To: Julian Reschke; w3c-dist-auth@w3.org > Subject: Appropriate XML processing in extensibility consideration (Was > rfc2518bis DAV DTD) > > > > Julian, > > I am getting more clear on what the true issues are. Thanks! > > However, it seems to me that there are different options to resolve the > extensibility issue and WG seems to choose the following approach: > > 1. For client implementations, ignore XML elements they do not > understand. > > "Older clients will not break when they encounter extensions > because they will still have the data specified in the original > schema and will ignore elements they do not understand." Right. > 2. For server implementations, ignore any unknown XML > element and all its children encountered. > > "All DAV compliant resources MUST ignore any unknown > XML element and all its children encountered while processing > a DAV method that uses XML as its command language." > > As told by you, this rule will be extended to include any unknown > XML attribute. Right? Actually, that's not obvious. RFC2518 so far hasn't used attributes at all (except for some wording about xml:lang's role). But I'd assume that yes, extensibility applies to attributes as well. > To summarize what I understand so far: > > 1. WG is seeking a formal notation to describe the XML components > contained in any message body that need to be minimally understood > by all DAV-compliant (including DAV's extensions) implementations. > > Any bogus (or should be called "alien") XML elements (or attributes) > will be simply ignored without even raising a flag. So, to avoid > hackers using this feature to launch denial-of-access attacks is to limit > the size of XML data allowed in the request body. Right. Side note: it would be interesting to explore a mechanism for mandatory extensions (I think RFC2774 can help here). > Additionally, there is no need for any implementation to use any schema > to check whether received XML data is valid or not. What it needs > to do is just walking through the XML elements and check if it is what > the implementation can understand or not. If yes, take action; > otherwise, ignore it. Yes. However, "understanding" is a bit vague. For instance, PROPFIND uses: <!ELEMENT propfind (allprop | propname | prop) > So for instance servers SHOULD reject requests such as <propfind xmlns="DAV:"><prop>...</prop><prop>...</prop></propfind> > 2. The DAV response header (and new proposed DAV request > header is just informational and has no constraining power. I wouldn't call it "just informational", but it doesn't affect the validaty of a message body. Julian -- <green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760
Received on Thursday, 16 October 2003 15:51:24 UTC