W3C home > Mailing lists > Public > public-xml-processing-model-wg@w3.org > June 2007

Re: Revised parameters proposal

From: Norman Walsh <ndw@nwalsh.com>
Date: Thu, 07 Jun 2007 07:43:50 -0400
To: public-xml-processing-model-wg@w3.org
Message-ID: <87odjshtvt.fsf@nwalsh.com>
/ Alessandro Vernet <avernet@orbeon.com> was heard to say:
| On 6/6/07, Norman Walsh <ndw@nwalsh.com> wrote:
|> 4. One case that we expect to be common is that a pipeline has no
|>    explicit parameters but that user-specified top-level
|>    parameters should be passed to steps.
|
| I don't think it is a good idea for the pipeline engine to hand on by
| default parameters passed to the pipeline to components called in the
| pipeline. This may permit someone calling a pipeline to pass
| parameters that influence components called by the pipeline in a way
| that is not intended by the pipeline author, potentially posing a
| security risk.

The proposal I made allows the pipeline author control. If the author
writes:

  <p:step use-parameter-sets=""/>

then no parameters passed into the pipeline can have any effect on
the step. Conversely if he or she writes:

  <p:step use-parameter-sets="#top-level"/>

then any parameters passed can have an effect on the step.

Assuming we have agreement so far, we have to decide which of these
is represented by

  <p:step/>

Henry has expressed a strong preference for the former. Alessandro, I
think you've been consistently in favor of the latter.

Water pistols at 20 paces? :-)

                                        Be seeing you,
                                          norm

-- 
Norman Walsh <ndw@nwalsh.com> | I'm NOT in denial!
http://nwalsh.com/            | 

Received on Thursday, 7 June 2007 11:44:00 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:21:53 GMT