- From: Jeremy Carroll <jjc@hpl.hp.com>
- Date: Wed, 07 Mar 2007 15:48:55 +0000
- To: Chimezie Ogbuji <ogbujic@bio.ri.ccf.org>
- CC: Dan Connolly <connolly@w3.org>, GRDDL Working Group <public-grddl-wg@w3.org>
Chimezie Ogbuji wrote: > > On Wed, 7 Mar 2007, Dan Connolly wrote: >> The short description of this tests says "/An implementation only has >> to produce one of these three/." >> (1) that's not true, i.e. can't be justified from the spec. producing >> none is consistent with the spec. > > Hmm.. that's not my understanding and is the very reason why I was > concerned about this particular scenario in our last telecon: i.e., how > can a piece of software which doesn't produce any GRDDL results ( when > there should be at least one ) be considered a GRDDL-aware-agent by the > current definition? > > Barring an explicit choice to ignore a nominated transform due to " the > agent's capabilities, local security policies and possibly user/client > intervention." it would *not* be a GRDDL-aware agent. That's my > interpretation of section 7. One very simple security policy would be to only permit accesses to documents that are on the public web and not those potentially accessible because of privileges due to the IP address geing used by the software. While the test suite is on the public Web - from within HP I get privileged access to the http://www.w3.org/ in that some member only pages are readable (I think depending on using an HP IP address). Hence, a simplistic policy might include not permitting the reading of any W3C pages at all (from software running from within HP), in case they were member confidential, and the member confidential information could be transmitted to a public server. A GRDDL reader implementing such a policy, if it could read the test files in the first place, might produce empty results. [I would appreciate advice as to how to more appropriately address this issue. I am currently, nervously, permitting such reads] Jeremy
Received on Wednesday, 7 March 2007 15:50:34 UTC