W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

RE: ISSUE-83 (digsig should not be read at runtime): Instantiated widget should not be able to read digital signature [Widgets]

From: Priestley, Mark, VF-Group <Mark.Priestley@vodafone.com>
Date: Thu, 9 Apr 2009 14:17:17 +0200
Message-ID: <0BE18111593D8A419BE79891F6C4690902C956F0@EITO-MBX01.internal.vodafone.com>
To: "Arthur Barstow" <Art.Barstow@nokia.com>
Cc: "Hirsch Frederick (Nokia-CIC/Boston)" <Frederick.Hirsch@nokia.com>, "Web Applications Working Group WG" <public-webapps@w3.org>
Hi Art, All,

If there is no use case for accessing this information (I was after why
you would want to access this information because I think just saying it
might be interesting to do so isn't justification enough), then I think
my original proposal holds - make the signature files unavailable to the
widget at runtime. 

For clarification I was not suggesting that an API should be added to
the DigSig spec but rather that some of the information could be exposed
via an API defined in the APIs and Events spec. But I don't think this
is necessary or worth the additional specification effort.

Thanks,

Mark


>-----Original Message-----
>From: Arthur Barstow [mailto:Art.Barstow@nokia.com] 
>Sent: 07 April 2009 21:57
>To: Priestley, Mark, VF-Group
>Cc: Hirsch Frederick (Nokia-CIC/Boston); Web Applications 
>Working Group WG
>Subject: Re: ISSUE-83 (digsig should not be read at runtime): 
>Instantiated widget should not be able to read digital 
>signature [Widgets]
>
>On Apr 2, 2009, at 6:01 PM, ext Priestley, Mark, VF-Group wrote:
>
>> Comments inline.
>>
>> FWIW my view is that if there is a valid use case for a widget being 
>> able to access information in a signature file, either it should 
>> access this information using an API or we should add further 
>> restrictions to the widget digital signature format and processing.
>
>Since Frederick's use cases [1] didn't convince you, what specific
>change(s) do you think is needed in the Widgets DigSig spec?
>
>Defining an API in this spec doesn't seem like a good approach.
>
>-Regards, Art Barstow
>
>[1] <http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/
>0017.html>
>
>
>
Received on Thursday, 9 April 2009 12:18:02 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:31 GMT