Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is Dedicated Hosting for Critical DTDs Necessary?

Posted by Cliff on from the might-the-W3C-be-interested dept.

pcause asks: "Recently there was a glitch, when someone at Netscape took down a page that had an important DTD (for RSS), used by many applications and services. This got me thinking that many or all of the important DTDs that software and commerce depend on are hosted at various commercial entities. Is this a sane way to build an XML based Internet infrastructure? Companies come and go all of the time; this means that the storage and availability of those DTDs is in constant jeopardy. It strikes me that we need an infrastructure akin to the root server structure to hold the key DTDs that are used throughout the industry. What organization would be the likely custodian of such data, and what would be the best way to insure such an infrastructure stays funded?"

3 of 140 comments (clear)

  1. using non-local cached copy considered harmful by tota · · Score: 4, Interesting

    Most tools provide a way to refer to a DTD on a public URL, yet use the local copy instead. (ie: taglib-location directive in java)

    Doing anything else strikes me as fundamentally dangerous and insecure: it makes a remote dns vulnerability into an easy application DoS (or worse).

    --
    TODO: 753) write sig.
  2. Call me crazy... by Nimey · · Score: 4, Interesting

    but just have your DTD as a W3C standard, distribute copies with your software, and don't bother a remote server until a new version of the DTD is released. Then distribute it with a new version of your software.

    Seriously, what the fuck were they thinking relying on a server to be always available?

    --
    Hail Eris, full of mischief...

    E pluribus sanguinem
  3. Supply local DTDs with your app by Dragonshed · · Score: 4, Interesting

    I recently (within the last year) deployed an application that end users use for downloading and viewing custom content, and are intended to install the app onto laptops, tablets, and other portable devices allowing them view said content both on and off-line.

    When prototyping our "offline mode", we ran into this exact same problem because the Xml APIs we used wanted to validate xml against online dtds. We ammended the validator's resolver to use locally embedded or cached dtds for all our doctypes, problem solved.

    In in my app it was an obvious problem to solve because offline usage was a big scenario, but I could imagine that being "out of scope" for a less-than-robust website.