W3C home > Mailing lists > Public > xproc-dev@w3.org > February 2009

[closed] Re: security. Is this implementable?

From: Norman Walsh <ndw@nwalsh.com>
Date: Thu, 05 Feb 2009 07:43:48 -0500
To: XProc Dev <xproc-dev@w3.org>
Message-ID: <m2r62dcauz.fsf_-_@nwalsh.com>
"Dave Pawson" <dave.pawson@gmail.com> writes:

> 2008/12/15 David A. Lee <dlee@calldei.com>:
>> My read on this is that its slightly better then saying nothing.
>> This gives implementations a specific code to use if it cant do something
>> for "security" reasons.
>> Saying much more would vastly complicate the spec
> +1
> Perhaps saying just what you've said would be better,
> i.e.  " it is implementation dependent, and if
> an implementation can't execute a step for security
> reasons, use this error code"
> I.e. just enough. I think the CR at the moment
> says too much!

I added:

<impl>Which steps are forbidden, what privileges are needed to access
resources, and under what circumstances these security constraints apply
is <glossterm>implementation-dependent</glossterm>.</impl>

Please let us know if that's not satisfactory.

                                        Be seeing you,

Norman Walsh <ndw@nwalsh.com> | Man's sensitivity to little things and
http://nwalsh.com/            | insensitivity to the greatest are the
                              | signs of a strange disorder.-- Pascal

Received on Thursday, 5 February 2009 12:44:29 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:03:04 UTC