RE: Access-Control: Proposed restructuring


> -----Original Message-----
> From: Ian Hickson [] 
> Sent: Wednesday, January 16, 2008 12:29 PM
> To: David Orchard
> Cc: WAF WG (public)
> Subject: Re: Access-Control: Proposed restructuring
> On Wed, 16 Jan 2008, David Orchard wrote:
> >
> > Stuart Williams and I made comments about restructing the Access 
> > Control spec, and we took an action item to craft up a proposal.  A 
> > rough first version is ready to look at, at 
> > 
> -20080116.
> > html
> >  
> > The highlights:
> > - Redid the protocol to be top-down rather than bottom-up
> > - Redid the algorithms to use pseudo code.
> > - Converted most of the EBNF to ABNF.
> Given that this is a purely editorial matter, I'd rather we 
> just left this exlusively up to the editor of the 
> specification, lest we fall into a "design-by-committee" 
> mindset where none of us take ultimate responsibility for the spec.

The style of the document is not editorial at all.  I think the WG has
the responsibility for it's output.

> Having said that, I have to say that I prefer Anne's version. 
> It seems much more down-to-earth from a readability 
> persperctive. With the above version, I get much more of a 
> feel of this being a theoretical document with too many 
> unclear abstractions. I think with a document detailing a 
> security model like this one, we need to stay as 
> down-to-earth as possible.
> Regarding changing english prose to pseudo-code, I fear that 
> that is a serious step backwards. Pseudo-code does not have a 
> normative definition and so it actually means that the above 
> proposal doesn't technically define what the algorithm is. 
> For example, the semantics of this line:
>    if( scheme(item) != null && (scheme(item) != scheme (origin))
> ...are unclear. Does it mean to check that "the scheme of 
> /item/ is neither null, nor the same as the scheme of 
> /origin/", or does it mean to check that "the scheme of 
> /item/ is not equal to the concatenation of the "null" string 
> and the result of stringifying the result of comparing the 
> scheme of /item/ to the scheme of /origin/"? Does 
> "case-insensitive-match" 
> mean two subtractions or is it one identifier? And so on. 
> While we could define the semantics of the pseudo-code 
> language, I think we are far better off, and far less likely 
> to introduce errors, if we just stick to English prose, and 
> avoid all indirection and abstraction. Again, this is a 
> security-related spec, it is absolutely imperative that it be 
> as clear and unambiguous as possible.

I see.  So when I missed a level of parenthesis
if( scheme(item) != null &&  ((scheme(item) != scheme (origin)))

That implies that english is better than pseudo-code?  I think that's
missing the forest for the trees.  I also don't know what "down to
earth" means.  

Further, the current English style has problems.  I find text like "If
the item list has no next list item go to the next step in the overall
set of steps. " to be very confusing.

However, you didn't comment on one significant portion of structured
english, in the Cross-Site Access Request section.  A snippet like "In
the entire set of rules, if any rule evaluates to "Deny", then the
result of the rule combination SHALL be "Deny". If any rule evaluates to
"Allow" and all other rules evaluate to "NotApplicable", then the result
of the rule combination SHALL be "Allow". In other words, "Deny" takes
precedence, regardless of the result of evaluating any of the other
rules in the combination. "

> I think Anne has done a great job of this so far, and I don't 
> think we should mess around with his work from an editorial 
> standpoint.

I agree that Anne has done a great job.  But I disagree that proposing
an alternative style should be considered messing with the editors work.


Received on Wednesday, 16 January 2008 20:53:49 UTC