On Wed, 28 May 2008 11:10:56 +0200, Thomas Roessler <tlr@w3.org> wrote: >> 2. Point to an XML file written in our custom XML format (described >> below). > > I'd drop that. While more complicated, it buys a number of freedoms: 1. In the case that any security-related settings for the widget changes, they can be reviewed automatically, or optionally manually by the user, and download of an updated resource can be prevented if the updated version is not acceptable. This is particularily important on slow connections, since some widgets run into the megabyte range 2. It is possible to sign the update XML document, and verify the file prior to downloading. An example here would be if a signed update document pointed to an alternate download mechanism, such as a torrent or other P2P technology, the document could itself be signed, and contain checksums for the actual file. -- Arve Bersvendsen Developer, Opera Software ASA, http://www.opera.com/Received on Wednesday, 28 May 2008 09:25:45 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 28 May 2008 09:25:46 GMT