> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, May 29, 2001 3:01 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: RE: javax.xml.transform: prohibiting Java extensions
>
>
>
> > So the very presence of a scheme name makes "xalan:..." absolute...
>
> I'm afraid not. The presence of a scheme name means you have to look at
> that scheme's syntax definition to determine whether the URI is
> relative of
> absolute. For example, "http:my/local.file" is a relative URI reference
> even though it specifies the http: scheme.
Nope. See RFC2396:
An absolute URI contains the name of the scheme being used (<scheme>)
followed by a colon (":") and then a string (the <scheme-specific-
part>) whose interpretation depends on the scheme.
and
Relative URI references are distinguished from absolute URI in that
they do not begin with a scheme name. Instead, the scheme is
inherited from the base URI, as described in Section 5.2.
> Since we're defining our own scheme, we can define whatever syntax makes
> the most sense for us. If we will ever want to specify Xalan extensions
Right. But the W3C statement about absolute URIs vs. relative URI references
applies to the syntax defined in RFC2396, not the schema-specific part you
are free to define for "xalan:".
> that may be addressed on another system, I would recommend we adopt the
> syntax currently used for the most common (http: and ftp:) network
> retrievals: "xalan://machine-name/directory-path/file". Among
> other things,
> that will make rewriting this as an http: or ftp: retrieval somewhat
> simpler.
>
> If you've got a security concern, I think the place to address it is via
> explicit access permissions rather than in the syntax. If you
> don't want to
> permit access to local files, take a page from Java and set up a profile
> which says so, then run in an environment where that profile has been
> loaded. Otherwise you risk blocking those use cases where someone _does_
> want to permit local access for performance's sake when running in an
> inherently secure environment.
