Updates to Widget Signature from Frederick Hirsch on 2009-04-28 (public-webapps@w3.org from April to June 2009)

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Tue, 28 Apr 2009 15:51:48 -0400
To: Web Applications Working Group WG <public-webapps@w3.org>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, "marcosc@opera.com Caceres" <marcosc@opera.com>, Thomas Roessler <tlr@w3.org>, Arthur Barstow <art.barstow@nokia.com>
Message-Id: <0998B11E-433E-4D89-820F-D66C3C14EE81@nokia.com>

I have updated Widgets Signature as follows:

1. Added MUSTs to require consistency of  file name and corresponding  
dsp:Role [1].

A file matching the author-sig-filename [ABNF] rule MUST contain a  
dsp:Role signature property having the URI for an Author role as  
defined in this specification or the signature MUST be flagged as  
being in error.

A file matching the dist-sig-filename [ABNF] rule MUST contain a  
dsp:Role signature property having the URI for a Distributor role as  
defined in this specification or the signature MUST be flagged as  
being in error.

2. Added general warning about optional algorithms to algorithms  
section [2]

Note that use of optional algorithms may result in signatures that are  
not interoperable with implementations that do not support these  
algorithms. Authors are cautioned to take this into consideration.

3. Added specific note for ECDSAwithSHA256

Although all implementations may not support this optional algorithm,  
implementation is encouraged since it may become mandatory in a  
subsequent release of this specification. This may also be necessary  
if any security issues are discovered with the currently required  
algorithm.

4. Removed paragraph on access control since we are moving it to  
Packaging and Config.

Removed from end of section "Use of XML Signature in Widgets" [3]   
Proposed  change to P & C still needs to be made [4].

5. Updated reference for Signature Properties  and Widget Requirements  
to anticipate publication as Working Draft  on 30 April [5]

6. Updated reference to P & C to refer to editors draft of today 28  
April - this date may require further update [5]

We are planning to publish this document this week, and draft needs to  
be complete tomorrow. So please let me know of any issues with these  
changes or any other corrections by tomorrow morning Eastern time.

Thank you

regards, Frederick

Frederick Hirsch
Nokia

[1] http://dev.w3.org/2006/waf/widgets-digsig/#naming-convention-for-an-author-signature

and

http://dev.w3.org/2006/waf/widgets-digsig/#naming-convention-for-a-distributor-sign

[2] http://dev.w3.org/2006/waf/widgets-digsig/#algorithms

[3] http://dev.w3.org/2006/waf/widgets-digsig/#use

[4] http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/0359.html

[5] http://dev.w3.org/2006/waf/widgets-digsig/#references

Received on Tuesday, 28 April 2009 19:53:03 UTC