Security concerns for N3 + built-ins? from Patrick Hochstenbach on 2022-04-11 (public-n3-dev@w3.org from April 2022)

From: Patrick Hochstenbach <Patrick.Hochstenbach@UGent.be>
Date: Mon, 11 Apr 2022 07:09:44 +0000
To: "public-n3-dev@w3.org" <public-n3-dev@w3.org>
Message-ID: <DB6PR0902MB1861B24CF61948862D0D7A38EEEA9@DB6PR0902MB1861.eurprd09.prod.outlook.>

Hello all,

I could need some help to get more insights in the Notation3 specs + built-ins regarding allowing arbitrary programming capabilities and possible side-effects that Notation3 implementations should allow for when implementing the specs.

Are N3 implementations that follow the specs isolated systems, or do they need they talk to the external world (e.g., accessing external resources)?

I am wondering about this because N3 is quite attractive to be executed near protected resources (e.g., in a the security context of a Solid pod). If I would allow executing arbitrary third party authored Notation3 documents, would there be a risk of information leaking into to the world (Notation3 accessing more information than that I intend to)?

It is not clear for me what side-effects are (including dereferencing URI-s) that must be supported by implementations.

BR
Patrick

Received on Monday, 11 April 2022 07:13:50 UTC