- From: Harry Halpin <hhalpin@ibiblio.org>
- Date: Thu, 08 Mar 2007 14:58:41 -0500
- To: Jeremy Carroll <jjc@hpl.hp.com>
- Cc: Dan Connolly <connolly@w3.org>, public-grddl-wg@w3.org
I think the test-document, once refactored, should include enough information such that an implementer can figure out how to run the test-suite. Ideally the implemeter should be aware of RDF but not necessarily an RDF-expert, as I believe one of our goals to get critical mass of deployment would be fulfilled by geting some of the microformatish people to make their apps GRDDL aware. The problem which people have, which I think is valid, is due to local policy a GRDDL-aware agent may choose not to run *any* transforms. That's an edge-case, but that edge-case does not violate the spec as stands I believe. So, I think having some sentence about allowing the local policy of a GRDDL-aware agent to be modified as either turn off any policy configuation or at least allow it to run the test-cases is important. Otherwise we get stuck with the rather ridiculous possibility of a GRDDL-aware agent that doesn't do anything. Jeremy Carroll wrote: > > > > Dan Connolly wrote: >> In recent minutes, I see... >> >> "*ACTION:* Chime adding sentence to Test Case Doc specifying that >> local security policy must be set to none before running tests" >> > > I think phrasing it as the tests assume that the security policy does > not prevent any operations required during their execution would suffice. > >> I don't want to add any RFC2119 MUST style stuff about how to test a >> GRDDL-aware agent. > > +1 > >> In particular, I don't think we should advocate >> making it *possible* to set the security policy of a GRDDL-aware >> agent to "none". > > I certainly hope to provide this option. (Although not in the next > release: which provides very few options) > Many Jena users use Jena in constrained corporate environments. In > such an environment, the firewall is the main security. Running the > Jena GRDDL Reader within such an environment, and with no proxy set, > may be adequately secure for many users. This may allow rather more > adventurous use of GRDDL in which 'unsafe' operations are performed. > Also, running a GRDDL aware agent with a set of hardcoded inputs may > be safe, even with no security policy. > > e.g. > > GRDDL.setSecurityPolicy("none"); > GRDDL.read("http://www.myorg.example.com/"); > > may well be known to be safe (assuming www.myorg.example.com has not > been subverted). > >> Maybe having the "how to run tests" stuff in the same document >> is too confusing. > > It may be possible to have declarative sentences rather than > imperative sentences that amount to the same. > > Jeremy > > > > -- -harry Harry Halpin, University of Edinburgh http://www.ibiblio.org/hhalpin 6B522426
Received on Thursday, 8 March 2007 19:58:48 UTC