OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

entity-resolution message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Entity resolution & Web services

Hi.  At the recent CSW XML Summer School, Lauren posed the question of  
whether there was an entity resolution angle for Web services, one that  
would make a stronger business case for companies to use XML catalogues.

I wasn't able to think of such an angle per se, but it did occur to me  
that there is an interesting security angle we may have missed.  Some  
people, for better or for worse, would like to be able to follow the W3C  
guideline that you should version Schemas in preference to namespaces.   
The problem is that there is no real way to identify a Schema version in  
an instance document.  The best you can do is to use a 'schemaLocation'  
hint, but that is a security issue, because someone could send you an XML  
instance with a Schema location pointing to a wrong Schema, or even a  
Schema 'bomb'.  On the other hand, if they sent you an instance whose  
Schema location is a well known URL that you trust, that would be OK.  So  
for this use case, you would want to be able to have a default rule along  
the lines of "if none of my specific rules matched the schema location,  
then set it to empty/null or throw an exception or something like that".   
I can't think of a way to do that now, but does anyone else think it might  
be a useful enhancement to have?  Just a thought.

Cheers, Tony.
-- 
Anthony B. Coates
London Market Systems Limited
33 Throgmorton Street, London, EC2N 2BR, UK
http://www.londonmarketsystems.com/
mailto:abcoates@londonmarketsystems.com
Mobile/Cell: +44 (79) 0543 9026
[MDDL Editor (Market Data Definition Language), http://www.mddl.org/]
[FpML Arch WG Member (Financial Products Markup Language),  
http://www.fpml.org/]
-----------------------------------------------------------------------
This Email may contain confidential information and/or copyright material  
and is intended for the use of the addressee only.  Any unauthorised use  
may be unlawful. If you receive this Email by mistake please advise the  
sender immediately by using the reply  facility in your e-mail software.   
Email is not a secure method of communication and London Market Systems  
Limited cannot accept responsibility for the accuracy or completeness of  
this message or any attachment(s). Please examine this email for virus  
infection, for which London Market Systems Limited accepts no  
responsibility. If verification of this email is sought then please  
request a hard copy. Unless otherwise stated any views or opinions  
presented are solely those of the author and do not represent those of  
London Market Systems Limited.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]