Re: [BONDI Architecture & Security] [widgets] Author, was: RE: AW: Re: [BONDI Architecture & Security] [widgets] new digsig draft from Paddy Byers on 2009-03-26 (public-webapps@w3.org from January to March 2009)

From: Paddy Byers <paddy@aplix.co.jp>
Date: Thu, 26 Mar 2009 23:13:56 +0000
To: Marcin Hanclik <Marcin.Hanclik@access-company.com>
Cc: Thomas Roessler <tlr@w3.org>, "Hillebrand, Rainer" <Rainer.Hillebrand@t-mobile.net>, "marcosc@opera.com" <marcosc@opera.com>, "public-webapps@w3.org" <public-webapps@w3.org>, "otsi-arch-sec@omtplists.org" <otsi-arch-sec@omtplists.org>
Message-ID: <59db1b5a0903261613g2f185d16n5d1e030ba2e51b0b@mail.gmail.com>

Hi,

I have been trying to identify the term author in Widget specs.


I think we're in danger of getting into details that are irrelevant for the
P&C specification.

This spec should define what information is asserted by the presence of the
author and distributor signatures.

It is up to a consuming device, possibly defined by some other
specification, to determine what actions are taken based on that asserted
information.

In BONDI we do have roles for the author and distributor signatures, and an
implementation may perform specific actions based on the signatures that are
provided.

But, as Thomas says, the P&C spec should confine itself to defining how a
Widget Resource encodes the signature(s), and say something about what is
being asserted, and by who. The author is simply some entity that has signed
the Widget Resource, who is content to be identified as the creator or the
originator of the content.

Thanks - Paddy

Received on Thursday, 26 March 2009 23:15:57 UTC