W3C home > Mailing lists > Public > xproc-dev@w3.org > February 2009

[closed] Re: security. Is this implementable?

From: Norman Walsh <ndw@nwalsh.com>
Date: Thu, 05 Feb 2009 07:43:48 -0500
To: XProc Dev <xproc-dev@w3.org>
Message-ID: <m2r62dcauz.fsf_-_@nwalsh.com>
"Dave Pawson" <dave.pawson@gmail.com> writes:

> 2008/12/15 David A. Lee <dlee@calldei.com>:
>> My read on this is that its slightly better then saying nothing.
>>
>> This gives implementations a specific code to use if it cant do something
>> for "security" reasons.
>> Saying much more would vastly complicate the spec
>
> +1
> Perhaps saying just what you've said would be better,
>
> i.e.  " it is implementation dependent, and if
> an implementation can't execute a step for security
> reasons, use this error code"
>
> I.e. just enough. I think the CR at the moment
> says too much!

I added:

<impl>Which steps are forbidden, what privileges are needed to access
resources, and under what circumstances these security constraints apply
is <glossterm>implementation-dependent</glossterm>.</impl>

Please let us know if that's not satisfactory.

                                        Be seeing you,
                                          norm

-- 
Norman Walsh <ndw@nwalsh.com> | Man's sensitivity to little things and
http://nwalsh.com/            | insensitivity to the greatest are the
                              | signs of a strange disorder.-- Pascal

Received on Thursday, 5 February 2009 12:44:29 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 5 February 2009 12:44:30 GMT