[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Entity resolution & Web services
Hi. At the recent CSW XML Summer School, Lauren posed the question of whether there was an entity resolution angle for Web services, one that would make a stronger business case for companies to use XML catalogues. I wasn't able to think of such an angle per se, but it did occur to me that there is an interesting security angle we may have missed. Some people, for better or for worse, would like to be able to follow the W3C guideline that you should version Schemas in preference to namespaces. The problem is that there is no real way to identify a Schema version in an instance document. The best you can do is to use a 'schemaLocation' hint, but that is a security issue, because someone could send you an XML instance with a Schema location pointing to a wrong Schema, or even a Schema 'bomb'. On the other hand, if they sent you an instance whose Schema location is a well known URL that you trust, that would be OK. So for this use case, you would want to be able to have a default rule along the lines of "if none of my specific rules matched the schema location, then set it to empty/null or throw an exception or something like that". I can't think of a way to do that now, but does anyone else think it might be a useful enhancement to have? Just a thought. Cheers, Tony. -- Anthony B. Coates London Market Systems Limited 33 Throgmorton Street, London, EC2N 2BR, UK http://www.londonmarketsystems.com/ mailto:email@example.com Mobile/Cell: +44 (79) 0543 9026 [MDDL Editor (Market Data Definition Language), http://www.mddl.org/] [FpML Arch WG Member (Financial Products Markup Language), http://www.fpml.org/] ----------------------------------------------------------------------- This Email may contain confidential information and/or copyright material and is intended for the use of the addressee only. Any unauthorised use may be unlawful. If you receive this Email by mistake please advise the sender immediately by using the reply facility in your e-mail software. Email is not a secure method of communication and London Market Systems Limited cannot accept responsibility for the accuracy or completeness of this message or any attachment(s). Please examine this email for virus infection, for which London Market Systems Limited accepts no responsibility. If verification of this email is sought then please request a hard copy. Unless otherwise stated any views or opinions presented are solely those of the author and do not represent those of London Market Systems Limited.