W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: Proposal for ISSUE-83

From: Marcos Caceres <marcosc@opera.com>
Date: Tue, 21 Apr 2009 15:56:33 +0200
Message-ID: <b21a10670904210656v55c24dfdjc6d1872566fbfef2@mail.gmail.com>
To: Frederick Hirsch <frederick.hirsch@nokia.com>, Mark Priestley <Mark.Priestley@vodafone.com>
Cc: public-webapps Group WG <public-webapps@w3.org>, Arthur Barstow <art.barstow@nokia.com>
On Tue, Apr 21, 2009 at 3:31 PM, Frederick Hirsch
<frederick.hirsch@nokia.com> wrote:
> ISSUE-83 states:
> Instantiated widget should not be able to read digital signature
> http://www.w3.org/2008/webapps/track/issues/83
>
> The following is a proposal of text to add to P&C to address this issue,
> based on text from Marcos and adding the notion of allowing policy and
> access control mechanisms to be used:
>
> "Where a user agent that implements this specification interacts with
> implementations of other specifications, this user agent MUST deny other
> implementations access to digital signature documents unless an access
> control mechanism is in place to enable access according to policy. The
> definition of such a policy mechanism is out  of scope of this
> specification, but may be defined to  allow access to all or parts of the
> signature documents, or deny any such access. An exception is if a user
> agent that implements this specification also implements the OPTIONAL
> [Widgts-DigSig] specification, in which case the user agent MUST make
> signature documents available to the implementation of the [Widgets-DigSig]
> specification."

Added under "Digital Signatures" section. If Mark is happy, then we
should close this issue.

Kind regards,
Marcos

-- 
Marcos Caceres
http://datadriven.com.au
Received on Tuesday, 21 April 2009 13:57:37 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:31 GMT