Re: security. Is this implementable?

My read on this is that its slightly better then saying nothing.

This gives implementations a specific code to use if it cant do something 
for "security" reasons.
Saying much more would vastly complicate the spec (what IS a "security" 
reason" what IS "forbidden" etc).
I think its about right of a statement.
Conforming implementations could do nothing or do a lot ...





>
> 2.12
> It is a dynamic error (err:XD0021) for a pipeline to attempt to access
> a resource for which it has insufficient privileges or perform a step
> which is forbidden.
>
> No definition of privilege. No definition of 'forbidden'?
>
> Is this a spec weakness, or out of scope, in which case why is it here?
>
> Seems to impinge on the operating environment rather a lot?
>
>
> regards
>
>
> -- 
> Dave Pawson
> XSLT XSL-FO FAQ.
> Docbook FAQ.
> http://www.dpawson.co.uk
> 

Received on Monday, 15 December 2008 17:14:02 UTC