RE: use namespaces and elements/attributes, not <?access-control?> PI (VBWG official response to last call issue) from Brad Porter on 2005-03-16 (www-voice@w3.org from January to March 2005)

From: Brad Porter <brad@tellme.com>
Date: Tue, 15 Mar 2005 17:01:02 -0800
To: www-voice@w3.org, connolly@w3.org
Message-ID: <4237854E.2050508@tellme.com>
Hi Dan,

I have comments inline. 

I would like to propose a conference call (notes to be public) to 
discuss this as our previous discussion thread in email apparently was 
not sufficient.  I have a bridge available at 9am PT this Friday.  Will 
that time work for you?  If not, can you propose another time slot?


>On Thu, 2005-03-10 at 23:03 -0800, MattO wrote:
>> "Er... you moved something to an appendix? Can I have a look at a draft?"
>> 
>> Look for "Before exposing the data in an XML document" in section 5 [1].
>> Then follow the link to Appendix E which is informative as indicated in the
>> "Status of this Document" section.
>
>This text doesn't look informative to me:
>
>  Before exposing an XML document referenced by the <data> element
>  via the DOM to a voice application, the interpreter should
>  validate that the host requesting the document is allowed to
>  access the data.
>
>though I can't quite tell how the term "interpreter" relates
>to the term Conforming VoiceXML 2.1 Processor".
>
>But even if it's informative, it's still not something I think W3C
>should be advocating.
>  
>

Practically speaking, browsers do need to sandbox "file open" access to 
web resources.  Are you suggesting the W3C should not be advocating 
mechanisms for doing that?  Or just not advocating that it be done with 
a Processing Instruction?

>> "I can't tell from your response why a namespace-qualified element or
>> attribute won't work just as well if not better than a processing 
>> instruction, so no, I'm not satisfied by this response. Can you give me an
>> example of something bad that would happen if you used a namespace qualified
>> element or attribute?"
>> 
>> Please see [2].
>
>OK, I see
>
>[[
>4)  Encode access rights as a parent envelope around the enclosed XML
>data or root tag elements and have the browser enforce access to that
>XML content only to the allowed domains.
>
>Pros:
>      * Allows for extensibillity of security sandboxing primitives
>        through an XML namespace
>Cons:
>      * Probably best performed as its own specification
>      * Requires structural or attribute modification to existing XML
>      * Requires parsing and interpreting the XML content before
>        deciding whether to grant access to that content
>]]
>
>And that doesn't persuade me that an element or attribute is a bad thing
>at all. The fact that this is orthogonal to VoiceXML2.1 conformance
>(as implied by the fact that appendix E is informative) would be more
>clear by moving it to a separate document.
>  
>
If you're implying that mechanisms for allowing browsers to balance 
sandboxing requirements with XML data providers' desire to make certain 
content available should be standardized elsewhere within the W3C; I 
think we agree. 

This mechanism is in use today, has proved a very simple and successful, 
and balances the sandboxing requirements without requiring altering the 
data provider's existing XML structure or content.  We chose to document 
this informatively until such time as proper standards for safe 
sandboxing do exist. 

>And a PI has to be parsed, so that 3rd point applies to PIs as well.
>
>Regarding "structural or attribute modification," yes, that's what
>using an element or attribute means. I don't see that as an argument
>against.
>  
>
Those companies, individuals, or products providing data in an XML 
format view their XML format as a documented API (sometimes 
standardized).  The introduction of new elements or attributes in that 
document structure introduces risk that existing data consumers may fail 
(XML versioning still being problematic).  Introduction of a processing 
instruction has been an effective solution.

Further, this feature is an instruction to processors which need to 
enforce sandboxing, but is not itself content.

>I see the XML Schema WG mentioned in the related groups in your
>charter...
>
>  http://www.w3.org/2002/09/voice-charter.html#Coordination
>
>Have they reviewed the VoiceXML last call spec? Or has XML Core?
>If they've reviewed this use of PIs and OK'd it, perhaps I'll
>step aside.
>  
>
The specification was sent to all working groups for review.  I'm not 
sure if they have reviewed this specification; I do not recall seeing 
comments from XML Schema or Core.  Is there someone in particular in XML 
Schema or Core who we should solicit review from?

Look forward to our call!

Thanks,
Brad

>
>> [1]
>> http://www.w3.org/Voice/Group/2005/CR-voicexml21-20050308/CR-voicexml21-2005
>> 0308.html#sec-data 
>> [2]
>> http://lists.w3.org/Archives/Member/w3c-voice-wg/2004Oct/att-0073/00-part
>
>-- 
>Dan Connolly, W3C http://www.w3.org/People/Connolly/
>D3C2 887B 0F92 6005 C541  0875 0F91 96DE 6E52 C29E
>
Received on Wednesday, 16 March 2005 01:01:30 UTC