> So the very presence of a scheme name makes "xalan:..." absolute...
I'm afraid not. The presence of a scheme name means you have to look at
that scheme's syntax definition to determine whether the URI is relative of
absolute. For example, "http:my/local.file" is a relative URI reference
even though it specifies the http: scheme.
Since we're defining our own scheme, we can define whatever syntax makes
the most sense for us. If we will ever want to specify Xalan extensions
that may be addressed on another system, I would recommend we adopt the
syntax currently used for the most common (http: and ftp:) network
retrievals: "xalan://machine-name/directory-path/file". Among other things,
that will make rewriting this as an http: or ftp: retrieval somewhat
simpler.
If you've got a security concern, I think the place to address it is via
explicit access permissions rather than in the syntax. If you don't want to
permit access to local files, take a page from Java and set up a profile
which says so, then run in an environment where that profile has been
loaded. Otherwise you risk blocking those use cases where someone _does_
want to permit local access for performance's sake when running in an
inherently secure environment.
