Re: [widgets] Comments on Widget Signature update (was RE: Widget Signature update) from Marcos Caceres on 2009-03-17 (public-webapps@w3.org from January to March 2009)

From: Marcos Caceres <marcosc@opera.com>
Date: Tue, 17 Mar 2009 13:15:47 +0100
To: Frederick Hirsch <Frederick.Hirsch@nokia.com>
CC: Thomas Roessler <tlr@w3.org>, "ext Priestley, Mark, VF-Group" <Mark.Priestley@vodafone.com>, WebApps WG <public-webapps@w3.org>
Message-ID: <49BF9473.40301@opera.com>

Hi Frederick,

On 3/17/09 1:01 PM, Frederick Hirsch wrote:
> The latest draft includes the revised text from Thomas.
>
> Marcos, are you suggesting we add something more? It sounds like what
> you are saying here, is that it should be a valid widget file. Isn't
> that part of P&C checking? I'm not sure what it means to check that the
> paths are "as secure as possible."

You might want to check the following section of the P&C [1] and see if 
it is usable in dig sigs. Given that the paths in the <reference> 
elements MUST be zip-relative-paths, the rules for checking the validity 
of those paths may apply to the Widgets Dig Sig spec.

[1] http://dev.w3.org/2006/waf/widgets/#zip-relative-paths

Received on Tuesday, 17 March 2009 12:16:37 UTC