W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2009

Re: Reminder: January 31 comment deadline for LCWD of Widgets 1.0: Packaging & Configuration spec

From: Marcos Caceres <marcosc@opera.com>
Date: Tue, 24 Feb 2009 23:33:55 +0100
Message-ID: <b21a10670902241433g351327as6e198a2520856ece@mail.gmail.com>
To: Frederick Hirsch <frederick.hirsch@nokia.com>
Cc: "ext Priestley, Mark, VF-Group" <Mark.Priestley@vodafone.com>, "Barstow Art (Nokia-CIC/Boston)" <Art.Barstow@nokia.com>, public-webapps <public-webapps@w3.org>
Hi Frederick,

On Tue, Feb 24, 2009 at 11:19 PM, Frederick Hirsch
<frederick.hirsch@nokia.com> wrote:
> The Widget Signature spec is not an API definition so probably does not need
> to define how signature status information is returned.

You are right, so agreed.

> I also agree that it
> would be incorrect to define in the Widget Signature spec whether or not a
> widget is valid, that is out of scope.

Right again.

> The spec limits itself to signature
> validation.  However I would not want to be prescriptive in the
> specification to the level of status return codes.

Ok, makes sense.

> We may want to add a security considerations note along the lines of
> "As distributor signatures are not included in an overall widget signature,
> it is possible for signatures to be added or removed and hence a secure
> channel for widget delivery  might be preferable."

Ok, that is also an important security consideration. Should
definitely have that in the spec under security considerations or some
such section.

Marcos Caceres
Received on Tuesday, 24 February 2009 22:34:43 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 20 October 2015 13:55:24 UTC