[closed] Re: security. Is this implementable?

"Dave Pawson" <dave.pawson@gmail.com> writes:

> 2008/12/15 David A. Lee <dlee@calldei.com>:
>> My read on this is that its slightly better then saying nothing.
>>
>> This gives implementations a specific code to use if it cant do something
>> for "security" reasons.
>> Saying much more would vastly complicate the spec
>
> +1
> Perhaps saying just what you've said would be better,
>
> i.e.  " it is implementation dependent, and if
> an implementation can't execute a step for security
> reasons, use this error code"
>
> I.e. just enough. I think the CR at the moment
> says too much!

I added:

<impl>Which steps are forbidden, what privileges are needed to access
resources, and under what circumstances these security constraints apply
is <glossterm>implementation-dependent</glossterm>.</impl>

Please let us know if that's not satisfactory.

                                        Be seeing you,
                                          norm

-- 
Norman Walsh <ndw@nwalsh.com> | Man's sensitivity to little things and
http://nwalsh.com/            | insensitivity to the greatest are the
                              | signs of a strange disorder.-- Pascal

Received on Thursday, 5 February 2009 12:44:29 UTC