Re: [oiic-formation-discuss] Caution and Disclaimer on Interoperability

[robert_weir@us.ibm.com]

jose lorenzo <hozelda@yahoo.com> wrote on 06/13/2008
06:20:47 PM:


> 
> I think this is a pretty important message just illustrated. I doubt
> most laypeople, when they talk about ODF compliance, realize this
> scenario is possible and actually quite possibly likely to happen
at
> some point in the future.
> 
> I think this is a pretty important message.
> 

Indeed.  It can even be done with plain ASCII
text.  It can be done with a PNG file even.  When done intentionally
to hide a message they call it "steganography".  But the
same techniques can be used to encode extensions, scripts, whatever.  I
call them "embedded formats", the formats within the format.


There are good embedded formats.  For example,
an ODF 1.2 spreadsheet formula is just a string, from an XML perspective.
 But within that string is encoded an expression in a complex expression
language.  But since the syntax and semantics of that expression language
are defined in ODF 1.2, this is not a problem. 

But embedded formats, especially private ones, can
certainly be abused.

Is there anything that can be done about this, from
a standards perspective?  Saying "No undisclosed embedded formats
allowed" is not really a testable provision.

A while back I said that conformity was the relationship
of an implementation to a standard, and interoperability was the relationship
of two implementations of the same standard with each other.  There
are some things that you will never find just testing an application and
a test suite.  The world is complex and strange enough that some sort
of "plugfest" event to bring itogether the vendors to test real
round-trip scenarios with real-world complex documents is needed.