W3C home > Mailing lists > Public > public-xml-processing-model-wg@w3.org > June 2007

Pipeline Parameters by Default

From: Alex Milowski <alex@milowski.org>
Date: Thu, 7 Jun 2007 10:00:15 -0700
Message-ID: <28d56ece0706071000m7c67be87x77a3cf6816173e60@mail.gmail.com>
To: public-xml-processing-model-wg <public-xml-processing-model-wg@w3.org>

We had a discussion today and a straw poll about parameters to the
pipeline and whether or not they are passed to steps by default.  I think
this is expected behavior in the case where a user takes an XSLT
transformation and then places it in a simple pipeline with some
set of pre-steps like XInclude.

I reject the argument against this because of security concern as:

  * parameters are no different than pipeline inputs or outputs in
     terms of security.  That is, if you are concerned about pipeline
     invocation from a security perspective, all inputs--xml or parameters--are
    equally troubling.

  * the pipeline author now has the control to exclude pipeline
    parameters from a step.  This means a pipeline author can write
    a "secure step" than can't be affected by pipeline parameters

 * true security relies upon securing the execution environment from
   doing harm to the local system (e.g. as a "jail" or "secure VM").  As such,
   parameters, inputs, and outputs have little to do with this.

-- 
--Alex Milowski
"The excellence of grammar as a guide is proportional to the paucity of the
inflexions, i.e. to the degree of analysis effected by the language
considered."

Bertrand Russell in a footnote of Principles of Mathematics
Received on Thursday, 7 June 2007 17:00:19 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:21:53 GMT