- From: Marcos Caceres <marcosc@opera.com>
- Date: Thu, 27 Aug 2009 14:33:53 +0200
- To: public-webapps <public-webapps@w3.org>
For the purpose of testing, I think the following assertion is in the wrong spec (P&C): [[ A user agent must prevent a browsing context of a widget from accessing (e.g., via scripts, CSS, HTML, etc.) the contents of a digital signature document unless an access control mechanism explicitly enables such access, e.g. via an access control policy. The definition of such a policy mechanism is beyond the scope this specification, but can be defined by implementers to allow access to all or parts of the signature documents, or deny any such access. An exception is if a user agent that implements this specification also implements the optional [Widgets-DigSig] specification, in which case the user agent must make digital signature documents available only to the implementation of the [Widgets-DigSig] specification; a user agent must not make the digital signatures accessible to scripting or other content loading mechanisms, unless explicitly enabled by an access control mechanism. ]] It think we should move it out of P&C into the API spec or some other spec. Kind regards, Marcos
Received on Thursday, 27 August 2009 12:34:34 UTC