W3C home > Mailing lists > Public > public-xml-processing-model-wg@w3.org > June 2007

Re: Pipeline Parameters by Default

From: Innovimax SARL <innovimax@gmail.com>
Date: Fri, 8 Jun 2007 11:26:04 +0200
Message-ID: <546c6c1c0706080226i1340332dj16142efad80178da@mail.gmail.com>
To: "Alex Milowski" <alex@milowski.org>
Cc: public-xml-processing-model-wg <public-xml-processing-model-wg@w3.org>

As a fail fast advocate, I prefer strongly the position that keep
NOTHING be passed by default

As a user, when I would call for an external pipeline, I would just
include it, then run it

Then there would be some errors telling me that some required
parameters by an XSLT stylesheet are not available

Then I will decide to ALLOW them all or to select some to make them available

As a more bigger timeframe, it will enforce pipeline providers to make
sure they use only the parameters they want and no more to prevent
unexpected side effects

I prefer to burden to be shared between users and pipeline providers


At the opposite, your proposal says

" Let's do the magic, but the fall for the user would be bigger when
he/she will take hours to find nasty side effects"

I don't think it's the paradigm I vote for

Mohamed

On 6/7/07, Alex Milowski <alex@milowski.org> wrote:
>
> We had a discussion today and a straw poll about parameters to the
> pipeline and whether or not they are passed to steps by default.  I think
> this is expected behavior in the case where a user takes an XSLT
> transformation and then places it in a simple pipeline with some
> set of pre-steps like XInclude.
>
> I reject the argument against this because of security concern as:
>
>   * parameters are no different than pipeline inputs or outputs in
>      terms of security.  That is, if you are concerned about pipeline
>      invocation from a security perspective, all inputs--xml or parameters--are
>     equally troubling.
>
>   * the pipeline author now has the control to exclude pipeline
>     parameters from a step.  This means a pipeline author can write
>     a "secure step" than can't be affected by pipeline parameters
>
>  * true security relies upon securing the execution environment from
>    doing harm to the local system (e.g. as a "jail" or "secure VM").  As such,
>    parameters, inputs, and outputs have little to do with this.
>
> --
> --Alex Milowski
> "The excellence of grammar as a guide is proportional to the paucity of the
> inflexions, i.e. to the degree of analysis effected by the language
> considered."
>
> Bertrand Russell in a footnote of Principles of Mathematics
>
>


-- 
Innovimax SARL
Consulting, Training & XML Development
9, impasse des Orteaux
75020 Paris
Tel : +33 8 72 475787
Fax : +33 1 4356 1746
http://www.innovimax.fr
RCS Paris 488.018.631
SARL au capital de 10.000 
Received on Friday, 8 June 2007 09:26:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:21:53 GMT