Hilarie Orman wrote,
I think there's a legitimate question here, about what
integrity guarantees can be expected. And I think it's
difficult, but may worthwhile, to draw up some guidelines.
Things such as
By default, content integrity is assured.
Sadly this clause is useless without a definition of content
integrity. And that's going to be hard to come up with unless we
have some idea of content equivalence, ie. given a tranformation,
f(), content integrity is assured iff,
r is-equivalent-to f(r)
But what's content equivalence? Clearly it's content type
dependent and application type dependent: a GIF might be
consisdered equivalent to a JPEG in some but not all
circumstances; an HTML document with inserted banner ads might be
considered equivalent to an HTML document without in some but not
all circumstances; an HTML document in French might be considered
equivalent to a document in English in some but not all
circumstances.
Given that these example transforms only scratch the surface, and
are already a bit of a computationally intractable miscellany
this might be a bit worse than 'difficult'.
Refusal to deliver content is not modification
Can you motivate that?
Publishers and users should have clear ways of
specifying acceptable policies for content
modification.
This depends on having a way of specifying transforms. But what's
a transform? This looks like being no easier to regiment than
content-equivalence.
Users should have clear ways opting out of content
modification services.
If you mean on an all or nothing basis, then this might be
feasible. But to be useful we probably need something more fine
grained.
The content should have an audit trail of modification
services applied end-to-end
Hmm ... but doesn't the audit-trail itself become part of the
content? Peeling off a modification audit-trail seems like a
clear cut case of an unacceptable, integrity-violating transform,
but I can conceive of cases where it might not be. Equally, I'm
unsure how a prohibition against such behaviour could be enforced
(or how such behaviour could be guaranteed to be visible to the
end recipient(s)) consistently with further transformations being
applied.
Content services should not move data between unrelated
transactions
For this constraint to be meaningful we'd need a definition of
'related transaction'. Again, this looks like being no easier to
specify that either content equivalence or transform.
Cheers,
Miles
--
Miles Sabin InterX
Internet Systems Architect 5/6 Glenthorne Mews
+44 (0)20 8817 4030 London, W6 0LJ, England
msabin(_at_)interx(_dot_)com http://www.interx.com/