W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2009

Re: [BONDI Architecture & Security] [widgets] Author, was: RE: AW: Re: [BONDI Architecture & Security] [widgets] new digsig draft

From: Paddy Byers <paddy@aplix.co.jp>
Date: Thu, 26 Mar 2009 23:13:56 +0000
Message-ID: <59db1b5a0903261613g2f185d16n5d1e030ba2e51b0b@mail.gmail.com>
To: Marcin Hanclik <Marcin.Hanclik@access-company.com>
Cc: Thomas Roessler <tlr@w3.org>, "Hillebrand, Rainer" <Rainer.Hillebrand@t-mobile.net>, "marcosc@opera.com" <marcosc@opera.com>, "public-webapps@w3.org" <public-webapps@w3.org>, "otsi-arch-sec@omtplists.org" <otsi-arch-sec@omtplists.org>
Hi,

I have been trying to identify the term author in Widget specs.


I think we're in danger of getting into details that are irrelevant for the
P&C specification.

This spec should define what information is asserted by the presence of the
author and distributor signatures.

It is up to a consuming device, possibly defined by some other
specification, to determine what actions are taken based on that asserted
information.

In BONDI we do have roles for the author and distributor signatures, and an
implementation may perform specific actions based on the signatures that are
provided.

But, as Thomas says, the P&C spec should confine itself to defining how a
Widget Resource encodes the signature(s), and say something about what is
being asserted, and by who. The author is simply some entity that has signed
the Widget Resource, who is content to be identified as the creator or the
originator of the content.

Thanks - Paddy
Received on Thursday, 26 March 2009 23:15:57 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:30 GMT