W3C home > Mailing lists > Public > w3c-sgml-wg@w3.org > December 1996

Policy in XML (concrete)

From: Terry Allen <tallen@fsc.fujitsu.com>
Date: Mon, 30 Dec 1996 11:33:25 -0800 (PST)
Message-Id: <199612301933.LAA25699@ishtar.fsc.fujitsu.com>
To: w3c-sgml-wg@www10.w3.org
Upon reflection and the return of electricity (it's good to have a battery-
powered TV if you want to watch yearend football in the North Bay), I think
the answer to my question, "Where in the XML architecture do I state
my use policy" is "nowhere."  My policy may apply to many data types,
and I don't want to have to find a specific way to state it wrt each
data type.

Instead, I may want to state it by implementation.  E.g., I may wish
to allow access to my stuff only through a copyright notice that
must appear first; I can do that by disallowing any access that does
not evidence previous receipt of the copyright notice.  At the same
time (or not) I might allow access to pieces of my stuff only through
ilinks of my own ("link to me only with mine I's") so as to control
what is being linked to.  And I might require the requestor to
include the URI of the link end from which the request emanates
(e.g., by requiring the HTTP Referer [sic] header, see HTTP 1.1
sect 14.37), perhaps even the entire chain of links, and perhaps
all the other link ends, too.  That information
would give me quite a bit to work if I want to check on the
conditions under which my stuff is being used.  I could, for
example, check, or spot-check, to see if the referring document
includes "<FRAME" and deny access if so.  I could refuse access
to URIs of certain patterns.  I could invoke PICS (which I'm
not fond of) to be sure that the referring document isn't
rated in a way I find unacceptable.

For those of you who think this approach could be spoofed so
easily as to be useless, I suggest that a modicum of legal backup
would solve the problem.  For example, I might ask my congressdrone
to support legislation making it illegal to lie in the Referer
field - and if you think that's unlikely, consider the case of
parents who wish to be sure that the picture of their daughter
on her home page isn't transcluded in the "Nymphets on the Web
Today" page (which page can't just be suppressed, because it's
a discussion of Nabokov's Lolita).   

In short, this is the inverse of link awareness.  My links don't
have to be aware of what is linking to them, but my server does.
I think this is something like what Eliot described in 
Message-Id: <>
of Sun, 22 Dec 1996 11:11:15 -0900, "Re: anchor awareness (was 
Re: Richer & richer semantics?)":        

>3. Should the *methods* associated with objects *always* be informed when
   they are addressed as an anchor?  This is a bit more subtle, because
   it can be difficult or impossible to do this in all environments (e.g.,
   when the anchors are addressed by a query against the entire Web).
   In other words, in the general case its useful or necessary to defer
   resolving some anchor addresses until the anchor is traversed to (or
   access to the anchor is otherwise requested).  This means that there
   will always be anchors that do not know they are anchors at the time
   link is created, only at the time an attempt is made to address the
In order to make what I suggest work, it may be necessary to refine
what the URI in Referer means.  But I don't now see any requirements
on XML or its linking mechanisms, although XML linking may require
the specification of new URL schemes in any event.

    Terry Allen    Fujitsu Software Corp.    tallen@fsc.fujitsu.com
"In going on with these experiments, how many pretty systems do we build,
 which we soon find outselves obliged to destroy?" - Benjamin Franklin
  A Davenport Group Sponsor:  http://www.ora.com/davenport/index.html
Received on Monday, 30 December 1996 14:34:56 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:25:06 UTC