Consider adding @timeout to control potentially long-running steps

[Conal-Tuohy]

Steps like p:http-request, p:xslt, and p:xquery can take a long time to run, and might usefully have an option to put some constraint on that time. e.g. by setting a timeout in milliseconds.

<p:http-request timeout="1000"/>

If the step failed to terminate in time, it would generate a dynamic error.

It's common for HTTP Client APIs to offer an explicit timeout, and XProc implementations could easily delegate a timeout to their underlying HTTP API. For instance: https://hc.apache.org/httpclient-3.x/apidocs/org/apache/commons/httpclient/params/HttpConnectionParams.html#setConnectionTimeout%28int%29

The runtime of a p:xslt, p:xquery, or p:exec step is also potentially unbounded. Especially in the framework of a multi-user application it could be useful to be able to kill off a pathological stylesheet or query which has been running too long.

[ndw]

This seems like an interesting idea. It's not specific to p:xslt, but applies equally to all steps.

We'd like to get implementor experience about what kinds of security annotations would be most useful/interoperable.