- From: Jeremy Carroll <jjc@hpl.hp.com>
- Date: Thu, 08 Mar 2007 14:33:47 +0000
- To: Dan Connolly <connolly@w3.org>
- CC: public-grddl-wg@w3.org
Dan Connolly wrote:
> In recent minutes, I see...
>
> "*ACTION:* Chime adding sentence to Test Case Doc specifying that local
> security policy must be set to none before running tests"
>
I think phrasing it as the tests assume that the security policy does
not prevent any operations required during their execution would suffice.
> I don't want to add any RFC2119 MUST style stuff about how to test a
> GRDDL-aware agent.
+1
> In particular, I don't think we should advocate
> making it *possible* to set the security policy of a GRDDL-aware
> agent to "none".
I certainly hope to provide this option. (Although not in the next
release: which provides very few options)
Many Jena users use Jena in constrained corporate environments. In such
an environment, the firewall is the main security. Running the Jena
GRDDL Reader within such an environment, and with no proxy set, may be
adequately secure for many users. This may allow rather more adventurous
use of GRDDL in which 'unsafe' operations are performed.
Also, running a GRDDL aware agent with a set of hardcoded inputs may be
safe, even with no security policy.
e.g.
GRDDL.setSecurityPolicy("none");
GRDDL.read("http://www.myorg.example.com/");
may well be known to be safe (assuming www.myorg.example.com has not
been subverted).
> Maybe having the "how to run tests" stuff in the same document
> is too confusing.
It may be possible to have declarative sentences rather than imperative
sentences that amount to the same.
Jeremy
Received on Thursday, 8 March 2007 14:34:06 UTC