Meeting minutes
<AndyS> open item 1
Scribe?
<TallTed> s/char: AndyS//
<gtw> do we need to open item 2 after closing 1?
Continue discussion: subqueries -- LATERAL-like and parameterization-like behaviours
AndyS: about parameterization, there are some advantages and disadv.
… we need understand them for the road ahead
… in particular the security impact
<TallTed> s|s/char: AndyS//||
james: What are the security risks you have in mind?
AndyS: you outlined the main one, which is whether the query is expressed as intended
… you can get denial of service attacks
… the discussion/assumption on SPARQL-DEV are more about reuse of variables
james: My perspective, I would estimate that half of the queries against our endpoints are views.
… These views have a name, known to the service, become the third name in the URL.
… People who design the queries use ?v variables for matching and $v variables as parameters.
… The service doesn't enforce any constraints on that.
AndyS: Is there some documentation for it?
james: Need to look for it.
… So, no problem with it for us.
… Certainly not on the private / payed endpoints, but also not seen on the public endpoints.
AndyS: Any thoughts on the LATERAL-like option?
james: Those distinctions are a bit confusing for me.
… We support deep bindings, which is a bit like a cross over of the two options.
AndyS: Jena renames apart of hidden variables.
… The execution then is projection sensitive.
james: If they are renamed, they are not usable as user parameters
AndyS: Another possible expectation is that the values given for the parameters also come out.
james: We provide additional BINDs for this.
Tpt: Yes, I have parameterization, which uses the same as EXIST.
… We may have a propagation mechanism for EXISTS and LATERAL.
… which would be a syntactic replacement, everywhere.
… We may have a new syntax for this, such that the processor fails with an error if not all parameters are substituted.
AndyS: So, you have an early fail.
Tpt: Yes, like in SQL.
Strawpoll
james: General question: in what form are we going to communicate our conclusions to the WG?
AndyS: write up in a PR
james: So, we need to get to a point where we have consensus on a PR.
AndyS: Yes, but that PR may also include issue notes.
… where these notes may discuss the pros and cons of different options.
… and this may even go into CR
… to provoke reactions
… Another constraint is that we are short on time.
… because we need to bring the other docs to CR
TallTed: most important part is that we are not making decisions here
… we are doing research and get back to the WG with our findings
AndyS: I can take another stab at the PR.
… to distribute the bits and pieces into the relevant pars of the spec
… needs to be coordinated with olaf's work
olaf: I will be on vacation the next two weeks.
AndyS: We may as well cancel for the next few weeks.
… I will let pfps know what happened / what the idea is