- From: Norman Walsh <ndw@nwalsh.com>
- Date: Thu, 07 Jun 2007 07:43:50 -0400
- To: public-xml-processing-model-wg@w3.org
- Message-ID: <87odjshtvt.fsf@nwalsh.com>
/ Alessandro Vernet <avernet@orbeon.com> was heard to say:
| On 6/6/07, Norman Walsh <ndw@nwalsh.com> wrote:
|> 4. One case that we expect to be common is that a pipeline has no
|> explicit parameters but that user-specified top-level
|> parameters should be passed to steps.
|
| I don't think it is a good idea for the pipeline engine to hand on by
| default parameters passed to the pipeline to components called in the
| pipeline. This may permit someone calling a pipeline to pass
| parameters that influence components called by the pipeline in a way
| that is not intended by the pipeline author, potentially posing a
| security risk.
The proposal I made allows the pipeline author control. If the author
writes:
<p:step use-parameter-sets=""/>
then no parameters passed into the pipeline can have any effect on
the step. Conversely if he or she writes:
<p:step use-parameter-sets="#top-level"/>
then any parameters passed can have an effect on the step.
Assuming we have agreement so far, we have to decide which of these
is represented by
<p:step/>
Henry has expressed a strong preference for the former. Alessandro, I
think you've been consistently in favor of the latter.
Water pistols at 20 paces? :-)
Be seeing you,
norm
--
Norman Walsh <ndw@nwalsh.com> | I'm NOT in denial!
http://nwalsh.com/ |
Received on Thursday, 7 June 2007 11:44:00 UTC