W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2009

[widget-digsig] changed widget signature files processing rule in section 4

From: Frederick Hirsch <Frederick.Hirsch@nokia.com>
Date: Wed, 18 Mar 2009 17:06:35 -0400
Message-Id: <1055722F-C87F-4ADC-81F9-C47A298EDE0E@nokia.com>
To: WebApps WG <public-webapps@w3.org>
Cc: Frederick Hirsch <Frederick.Hirsch@nokia.com>
I have updated the latest Widget Signature editors draft section 4  
(locating and processing digital signatures) to no longer require the  
first signature to be processed.

http://dev.w3.org/2006/waf/widgets-digsig/#locating-signatures

The language is now (numbering ok in draft):

Process the digital signatures in the signatures list in descending  
order, with distributor signatures first.

The decision of which (if any) distributor signatures are to be  
validated and whether the author signature is validated is out of  
scope of this specification. This may be determined by the Security  
Policy used by the user agent.

The ordering by widget file name can be used to allow consistent  
processing and possible optimization.

Every signature that is validated MUST be validated according to  
Signature Validation defined in this specification.
Please indicate any comment or correction.

The latest draft also changes all usage of "widget user agent" to  
"user agent".

regards, Frederick

Frederick Hirsch
Nokia


On Mar 16, 2009, at 4:46 PM, ext Priestley, Mark, VF-Group wrote:

> [mp] My view is that whether zero, one or more signatures is processed
> is up to the widget user agents security policy therefore we don't  
> need
> to say anything about which signatures (if any) must be processed. The
> purpose of sorting the distributor signatures into ascending order  
> is to
> allow some optimisation of signature processing under certain
> conditions. Maybe good to further clarify - I can try and come up with
> something if you'd like (and of course if you agree)?
Received on Wednesday, 18 March 2009 21:07:22 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:30 GMT