W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2009

Re: Reminder: January 31 comment deadline for LCWD of Widgets 1.0: Packaging & Configuration spec

From: Marcos Caceres <marcosc@opera.com>
Date: Tue, 24 Feb 2009 23:33:55 +0100
Message-ID: <b21a10670902241433g351327as6e198a2520856ece@mail.gmail.com>
To: Frederick Hirsch <frederick.hirsch@nokia.com>
Cc: "ext Priestley, Mark, VF-Group" <Mark.Priestley@vodafone.com>, "Barstow Art (Nokia-CIC/Boston)" <Art.Barstow@nokia.com>, public-webapps <public-webapps@w3.org>
Hi Frederick,

On Tue, Feb 24, 2009 at 11:19 PM, Frederick Hirsch
<frederick.hirsch@nokia.com> wrote:
> The Widget Signature spec is not an API definition so probably does not need
> to define how signature status information is returned.

You are right, so agreed.

> I also agree that it
> would be incorrect to define in the Widget Signature spec whether or not a
> widget is valid, that is out of scope.

Right again.

> The spec limits itself to signature
> validation.  However I would not want to be prescriptive in the
> specification to the level of status return codes.

Ok, makes sense.

> We may want to add a security considerations note along the lines of
>
> "As distributor signatures are not included in an overall widget signature,
> it is possible for signatures to be added or removed and hence a secure
> channel for widget delivery  might be preferable."

Ok, that is also an important security consideration. Should
definitely have that in the spec under security considerations or some
such section.



-- 
Marcos Caceres
http://datadriven.com.au
Received on Tuesday, 24 February 2009 22:34:43 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:30 GMT