- From: Jeremy Carroll <jjc@hpl.hp.com>
- Date: Fri, 23 Mar 2007 13:05:50 +0000
- To: GRDDL Working Group <public-grddl-wg@w3.org>
Here are my thoughts about security tests. a) have section of test document with them in b) have a test class test:SecurityTest c) do not provide instructions for running security tests d) have the following para in the section of the test document. [[ The following security tests are provided for implementers to adapt and use for their implementation. Security issues are usually system specific, and as is shown in test TODO, it may be possible for a malicious party to access XSLT version and vendor information concerning a specific GRDDL agent instance. These tests were developed during the development of the Jena GRDDL Reader which uses the Saxon8.8 XSLT processor. They hence illustrate how a malicious party may try to abuse features of such an implementation. We do not provide instructions as to how to test your system against these tests, since they are likely to be not directly applicable. Developers of GRDDL aware agents are encouraged to understand these tests, and consider how their own systems may have potential security weaknesses. ]] e) include the six Jena tests (which I can donate to W3C) Jeremy -- Hewlett-Packard Limited registered Office: Cain Road, Bracknell, Berks RG12 1HN Registered No: 690597 England
Received on Friday, 23 March 2007 13:06:08 UTC