For people interested the security/robustness aspects of validation, 
here are two relevant articles

 http://www.kuro5hin.org/?op=displaystory;sid=2002/6/13/114234/914

http://www.acm.org/technews/articles/2002-4/0614f.html#item6

Does anyone know of any list of the most likely/damaging
security problems for XML, and what kinds of validation
would be appropriate to minimise risks?

Also, if a schema language were to specify fallback 
values which would be used when a value was not
valid, would that promote robustness/security
and lessen the need for non-XML properties
(in particular the property related to signalling
validity) in a PSVI? 

For example, if a datatyping spec said (in no particular
schema language)
 <element name="x"> 
    <datatype name="value"  min="1" fallback="#CRAP" /> 
  </element> 
the schema processing an instance would replace
  <x> 0</x>
or
  <x> 00000000000000000....times 800 to cause buffer problems</x>
with
  <x> #CRAP</x>

Cheers
Rick Jelliffe


-----------------------------------------------------------------
The xml-dev list is sponsored by XML.org <http://www.xml.org> , an
initiative of OASIS <http://www.oasis-open.org> 

The list archives are at http://lists.xml.org/archives/xml-dev/

To subscribe or unsubscribe from this list use the subscription
manager: <http://lists.xml.org/ob/adm.pl>