Richard Salz wrote:
>> Your presentation looks good, but I'm not sure it goes far enough. Was 
>> there ever a good reason to embed validation information in an instance 
>> document? Isn't that fundamentally backwards, like trusting a thief 
>> because /he says/ he's not a thief?
> 
> Sometimes you might have reason to trust the sender. Or the implications 
> of getting it wrong if you do trust him may not matter.  Or the cost of 
> doing out of band configuration may exceed the costs of getting the trust 
> wrong.  For example, if you are building generic XML stuff (like, say an 
> appliance :).

I agree those are reasons - they just aren't good reasons :-).

> We support schemaLocation.  But we also have a configuration operation 
> that passes the URL's through a set of rewrite rules so that, e.g., you 
> can rewrite remote schema to a local version that you trust.

The default ought to be secure and fulfil most use cases. I don't 
understand why schemaLocation isn't at least turned off by default in 
more schema validators.

John

-- 
John Snelson, Oracle Corporation            http://snelson.org.uk/john
Berkeley DB XML:            http://oracle.com/database/berkeley-db/xml
XQilla:                                  http://xqilla.sourceforge.net