- From: Norman Walsh <ndw@nwalsh.com>
- Date: Wed, 26 Sep 2007 22:22:16 -0400
- To: Deborah_Pickett@moldflow.com
- Cc: public-xml-processing-model-comments@w3.org
- Message-ID: <m2odfodezr.fsf@nwalsh.com>
/ Deborah_Pickett@moldflow.com was heard to say:
| The 20 September 2007 draft speaks only indirectly of security, so I am
| left to conclude that implementations which fail on certain steps for
| security reasons are not conformant.
The p:directory-list step explicitly allows an implementor to limit it
(possibly to an empty set):
It is a dynamic error (err:XC0012) if the contents of the directory
path are not available to the step due to access restrictions in
the environment in which the pipeline is run.
I thought we had a similar provision in p:http-request, but I can't
find it at the moment. That's a bug, I think.
| My suggestion is that XProc explicitly allows implementations to run with
| (implementation-specific) heightened security. Certain steps can throw a
| dynamic error if they would otherwise violate the security policy for the
| environment that the pipeline is running in. XProc need not define the
| security requirements, nor even what the
I think that's what we intended, though perhaps have not yet achieved.
Specific suggestions for steps that you think implementors might want
to limit would be welcome.
Be seeing you,
norm
--
Norman Walsh <ndw@nwalsh.com> | Patriotism is often an arbitrary
http://nwalsh.com/ | veneration of real estate above
| principles.--George Jean Nathan
Received on Thursday, 27 September 2007 02:22:29 UTC