OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

oic message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: Mark-up on Interop Profile

cc'ing list on offline conversation on Interop Profile doc.
I have attached my mark-up of the document, previously shared with Bart.
A.

On 10/6/2009 2:23 PM, Hanssens Bart wrote: 
Regarding passwords:

"1 character password seem really strange.  One would think the
lower end would be at least 4 maybe 6 characters."

You're absolutely right on the Producer part, so that's why I only
mentioned *Consumer*. After all, one might receive a password
protected document created with an "insecure" implementation.
(IIRC, Koffice 2.x allows for 1-character passwords, for instance)
but that document would not necessarily be a conforming interoperable doc.
So there would be nothing wrong with building a secure *Producer*
imposing a lower limit of, say, 8 characters and a dictionary check
on top of it...
agreed

"Requiring weak encryption as a conformance requirement is not
correct"

That's not *requiring*, but *allowing* to consume weakly protected
documents. Remember, a plain text XML file is conforming as well :-)
This would require that implementer implement 'weak encryption'.  The problem is with the appearance of security without actual security.
This is in effect requiring the support of weak encryption for conformance.  I do think that is wrong.

I understand the idea of read liberally and write conservatively, but there is something strange about how that works in this document.
  • The document doesn't decipher between accepting non-ODF11i-Doc liberally, and conformantly writing ODF11i-Doc
  • I think you need a construct in the conformance clauses that is something like; "When converting a non-conforming document into ODF11i-Doc ..."    This is one place where that might be useful.  
  • Similarly with the metadata clauses - there needs to be a consistent mechanism to process non-conforming documents (multiple instances of the same tag).  This is not, it would seem, directly a requirement of being a consumer of ODF11i-Doc, as ODF11i-Doc includes the requirement of only one instance of each tag.
I don't think these requirements are unreasonable - but I do believe that they need to be formulated differently.  We need to separate requirements for consuming ODF11i-Doc, with requirements for translating non-ODF11i-Doc into ODF11i-Doc.

A.



--
Oracle
Andrew Rist | Interoperability Analyst
Phone: +1 6505069847 | Mobile: +1 6505759637
Oracle Corporate Architecture
500 Oracle Parkway | Redwood Shores, CA 94065
Green Oracle Oracle is committed to developing practices and products that help protect the environment

ODF11_Interop_Profile-wd04_AR.odt

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]