W3C home > Mailing lists > Public > www-xml-linking-comments@w3.org > July to September 2005

Re: XLink 1.1: Security Considerations

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Tue, 26 Jul 2005 23:15:16 +0200
To: Norman Walsh <Norman.Walsh@Sun.COM>
Cc: www-xml-linking-comments@w3.org
Message-ID: <4300a670.55698078@smtp.bjoern.hoehrmann.de>

* Norman Walsh wrote:
>/ Bjoern Hoehrmann <derhoermi@gmx.net> was heard to say:
>|   http://www.w3.org/TR/2005/WD-xlink11-20050707/ lacks a section on
>| security considerations. Please include a proper discussion about
>| security and privacy issues in the document, including which issues
>| are considered out of scope of the draft and why. RFC 3552 provides
>| useful guidelines for this, specifically, the document should conform
>| to the requirements in section 5 of that document.
>
>It's not clear what issues you are concerned about. Would something
>along the lines of the notes in the HTML Recommendation satisfy you?
>
>  Processing XLink elements may cause URIs to be dereferenced
>  automatically or in response to user input. In this case, the
>  security issues of [RFC1738], section 6, should be considered.

No, RFC 1738 is obviously very outdated, I would instead expect that the
security considerations of RFC 3987 apply, a clear description on which
considerations are out of scope, which are in scope, implications of
user agents implementing e.g. XLink and XHTML where the same link might
go to multiple destinations, probably that UTR #36 applies, that XLink
in XML documents is subject to the security considerations of XML and
XML media types where applicable, and so on, depending on what is con-
sidered in scope and out of scope. It might of course be possible that
some of the items above are considered out of scope, but certainly not
all of them.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Weinh. Str. 22 · Telefon: +49(0)621/4309674 · http://www.bjoernsworld.de
68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Tuesday, 26 July 2005 21:15:31 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:39:45 GMT