W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Proposal for ISSUE-83

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Tue, 21 Apr 2009 09:31:41 -0400
Message-Id: <49DB6E6A-F1A2-4044-976A-16EDF0513571@nokia.com>
To: public-webapps Group WG <public-webapps@w3.org>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, ext Marcos Caceres <marcosc@opera.com>, Arthur Barstow <art.barstow@nokia.com>
ISSUE-83 states:
Instantiated widget should not be able to read digital signature
http://www.w3.org/2008/webapps/track/issues/83

The following is a proposal of text to add to P&C to address this  
issue, based on text from Marcos and adding the notion of allowing  
policy and access control mechanisms to be used:

"Where a user agent that implements this specification interacts with  
implementations of other specifications, this user agent MUST deny  
other implementations access to digital signature documents unless an  
access control mechanism is in place to enable access according to  
policy. The definition of such a policy mechanism is out  of scope of  
this specification, but may be defined to  allow access to all or  
parts of the signature documents, or deny any such access. An  
exception is if a user agent that implements this specification also  
implements the OPTIONAL [Widgts-DigSig] specification, in which case  
the user agent MUST make signature documents available to the  
implementation of the [Widgets-DigSig] specification."

This message should complete ACTION-329 which should be closed.

regards, Frederick

Frederick Hirsch
Nokia
Received on Tuesday, 21 April 2009 13:32:47 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:31 GMT