W3C home > Mailing lists > Public > xproc-dev@w3.org > December 2008

Re: security. Is this implementable?

From: David A. Lee <dlee@calldei.com>
Date: Mon, 15 Dec 2008 12:13:12 -0500
Message-ID: <0C72F16133FE4DCF8D8A3328CBCA5F8E@calldei.com>
To: "Dave Pawson" <dave.pawson@gmail.com>, "XProc Dev" <xproc-dev@w3.org>

My read on this is that its slightly better then saying nothing.

This gives implementations a specific code to use if it cant do something 
for "security" reasons.
Saying much more would vastly complicate the spec (what IS a "security" 
reason" what IS "forbidden" etc).
I think its about right of a statement.
Conforming implementations could do nothing or do a lot ...

> 2.12
> It is a dynamic error (err:XD0021) for a pipeline to attempt to access
> a resource for which it has insufficient privileges or perform a step
> which is forbidden.
> No definition of privilege. No definition of 'forbidden'?
> Is this a spec weakness, or out of scope, in which case why is it here?
> Seems to impinge on the operating environment rather a lot?
> regards
> -- 
> Dave Pawson
> Docbook FAQ.
> http://www.dpawson.co.uk
Received on Monday, 15 December 2008 17:14:02 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:03:04 UTC