Re: (formal) comment on security considerations from Danny Ayers on 2007-02-13 (public-grddl-comments@w3.org from January to March 2007)

From: Danny Ayers <danny.ayers@gmail.com>
Date: Wed, 14 Feb 2007 00:15:14 +0100
To: "Dan Connolly" <connolly@w3.org>
Cc: "Harry Halpin" <hhalpin@ibiblio.org>, "Jeremy Carroll" <jjc@hpl.hp.com>, public-grddl-comments@w3.org, jena-devel <jena-devel@lists.sourceforge.net>
Message-ID: <1f2ed5cd0702131515u732ec170sdaca4ba63d722200@mail.gmail.com>

On 13/02/07, Dan Connolly <connolly@w3.org> wrote:
>
> On Tue, 2007-02-13 at 15:55 -0500, Harry Halpin wrote:
> > Jeremy,
> >
> >     The final decision in DanC's hands, but we already decided as a WG
> > not to use conformance labels.
>
> Er... my suggestion is to put it back in the WG's hands, but I suppose
> it's good to know if Jeremy is OK with not adding a conformance
> label...
>
> >  However, we do want implementers to be
> > aware of security issues. So, if that text was added to section 7 as
> > informative text and we substituted the words "GRDDL-aware agent" for
> > "GRDDL-aware processor", would you feel like your comment has been
> > addressed?

If Jeremy is comfortable with that, it seems a reasonable way forward.
Otherwise there may be a relatively low-cost alternative.

Sorry if I've misremembered, but wasn't the main reason for avoiding
conformance labels simply that it's too early in terms of practice to
be sure where the MUSTs and SHOULDs might be appropriate?

If that was the case, what about applying rfc2119 terms in the
security section, leaving everywhere else as-is?

Aside from inserting normative terms in the security section, the only
other requirement we'd need to cover would be a definition for a
"GRDDL-aware agent", which could perhaps just be something like "a
software system which implements the mechanisms described in this
document".

Jeremy has made a strong case that there are significant security
issues, mostly based on known characteristics of XSLT (and running
code in general, heh).  I can't see how additional normative text
localised the security section would /weaken/ any of the other
content, the biggest potential problem being the time it might take to
make changes on which everyone agrees.

Having said all that, the suggested text did seem to go deep into the
details of the issues, speaking personally I'm not sure how much
granularity is needed, and given the possibility of issues as yet
unidentified maybe some kind of blanket informative warning might be
more desirable.

Bleah, I'm happy to go along with whatever will aid consensus ;-)

Cheers,
Danny.

-- 

http://dannyayers.com

Received on Tuesday, 13 February 2007 23:15:22 UTC