First, given the number of changes/issues, I think we need to do
another revision and review of the spec.
OK, here is a list of problems with the current document object
spec draft:
1. Create-Document and Send-Data are not well thought out.
Assuming that the current Validate-Job operation is
insufficient to validate the document format and job
template attributes for a document file, Create-Job
adds a serious Denial-of-Service vulnerability - just
do a bunch of Create-Job calls to use up all of the
server's resources.
My recommendation is to map PSI's Create-Document operation
to Validate-Job with the additional job/document template
attributes in the spec, and to map Send-Data to
Send-Document.
2. All MUSTs for the document-format-details collection
attributes should be CMUSTs.
3. document-format-details opens up a big can of security
worms, and has very limited usefulness. Like print-by-
reference, "packaged" files sometimes need authentication
(passwords). They also can (and often do) contain embedded
paths which are a serious security risk as well as an
interop nightmare. If the purpose is for supporting web
page printing, XHTML-Print is probably the way to go...
Also, it is not clear how a client is supposed to determine
whether the server supports this attribute; the absense of
document-format-details-supported may not be sufficient
since some implementations (e.g. CUPS) may choose not to
send collection attributes that are not requested to
avoid compatibility problems with clients that do not
support collections...
--
______________________________________________________________________
Michael Sweet, Easy Software Products mike at easysw.com
Printing Software for UNIX http://www.easysw.com