- From: Harry Halpin <hhalpin@ibiblio.org>
- Date: Thu, 08 Mar 2007 14:58:41 -0500
- To: Jeremy Carroll <jjc@hpl.hp.com>
- Cc: Dan Connolly <connolly@w3.org>, public-grddl-wg@w3.org
I think the test-document, once refactored, should include enough
information such that an implementer can figure out how to run the
test-suite. Ideally the implemeter should be aware of RDF but not
necessarily an RDF-expert, as I believe one of our goals to get critical
mass of deployment would be fulfilled by geting some of the
microformatish people to make their apps GRDDL aware.
The problem which people have, which I think is valid, is due to local
policy a GRDDL-aware agent may choose not to run *any* transforms.
That's an edge-case, but that edge-case does not violate the spec as
stands I believe. So, I think having some sentence about allowing the
local policy of a GRDDL-aware agent to be modified as either turn off
any policy configuation or at least allow it to run the test-cases is
important.
Otherwise we get stuck with the rather ridiculous possibility of a
GRDDL-aware agent that doesn't do anything.
Jeremy Carroll wrote:
>
>
>
> Dan Connolly wrote:
>> In recent minutes, I see...
>>
>> "*ACTION:* Chime adding sentence to Test Case Doc specifying that
>> local security policy must be set to none before running tests"
>>
>
> I think phrasing it as the tests assume that the security policy does
> not prevent any operations required during their execution would suffice.
>
>> I don't want to add any RFC2119 MUST style stuff about how to test a
>> GRDDL-aware agent.
>
> +1
>
>> In particular, I don't think we should advocate
>> making it *possible* to set the security policy of a GRDDL-aware
>> agent to "none".
>
> I certainly hope to provide this option. (Although not in the next
> release: which provides very few options)
> Many Jena users use Jena in constrained corporate environments. In
> such an environment, the firewall is the main security. Running the
> Jena GRDDL Reader within such an environment, and with no proxy set,
> may be adequately secure for many users. This may allow rather more
> adventurous use of GRDDL in which 'unsafe' operations are performed.
> Also, running a GRDDL aware agent with a set of hardcoded inputs may
> be safe, even with no security policy.
>
> e.g.
>
> GRDDL.setSecurityPolicy("none");
> GRDDL.read("http://www.myorg.example.com/");
>
> may well be known to be safe (assuming www.myorg.example.com has not
> been subverted).
>
>> Maybe having the "how to run tests" stuff in the same document
>> is too confusing.
>
> It may be possible to have declarative sentences rather than
> imperative sentences that amount to the same.
>
> Jeremy
>
>
>
>
--
-harry
Harry Halpin, University of Edinburgh
http://www.ibiblio.org/hhalpin 6B522426
Received on Thursday, 8 March 2007 19:58:48 UTC