W3C home > Mailing lists > Public > www-xml-linking-comments@w3.org > January to March 2006

Re: XLink 1.1: Security Considerations

From: Grosso, Paul <pgrosso@ptc.com>
Date: Wed, 25 Jan 2006 12:54:04 -0500
Message-ID: <CF83BAA719FD2C439D25CBB1C9D1D30202178374@HQ-MAIL4.ptcnet.ptc.com>
To: <www-xml-linking-comments@w3.org>, "Bjoern Hoehrmann" <derhoermi@gmx.net>

>* Norman Walsh wrote:
>>/ Bjoern Hoehrmann <derhoermi@gmx.net> was heard to say:
>>| No, RFC 1738 is obviously very outdated, I would instead expect that
the
>>| security considerations of RFC 3987 apply, a clear description on
which
>>| considerations are out of scope, which are in scope, implications of
>>| user agents implementing e.g. XLink and XHTML where the same link
might
>>| go to multiple destinations, probably that UTR #36 applies, that
XLink
>>| in XML documents is subject to the security considerations of XML
and
>>| XML media types where applicable, and so on, depending on what is
con-
>>| sidered in scope and out of scope. It might of course be possible
that
>>| some of the items above are considered out of scope, but certainly
not
>>| all of them.
>>
>>While the WG recognizes that adding more detailed information about
>>security considerations would be valuable, it does not consider such
>>additions to be within the narrow scope of its charter for XLink 1.1.
>>Consequently, the WG does not expect to make any changes with respect
>>to security considerations for XLink 1.1.
>
>I understood the reply to mean that the Working Group feels unable to
>work on this due to possible concerns with respect to the Patent Policy
>or related policies. Looking at other responses from the Working Group
>it rather seems you are saying that because the charter does not
require
>making such a change, you don't bother. I don't mind if the Working
>Group rejects proposals for new features or substantial changes in the
>technical direction with a pointer to the charter, but I don't see how
>this might be considered an adequate response in this case, in fact, I
>don't see where the Working Group might have attempted to satisfy the
>reviewer here as required by the W3C Process.


The XML Core WG has confirmed its consensus not to add a
discusion of security considerations to XLink 1.1.

Does this adequately address your comment, or do you wish for
the XML Core WG to record your feelings on this matter as an 
official objection when we request CR?

Paul Grosso
for the XML Core WG
Received on Wednesday, 25 January 2006 17:54:09 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:39:46 GMT