W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2009

[widgets] P&C, assertion in wrong spec

From: Marcos Caceres <marcosc@opera.com>
Date: Thu, 27 Aug 2009 14:33:53 +0200
Message-ID: <4A967D31.1000703@opera.com>
To: public-webapps <public-webapps@w3.org>
For the purpose of testing, I think the following assertion is in the 
wrong spec (P&C):

A user agent must prevent a browsing context of a widget from accessing 
(e.g., via scripts, CSS, HTML, etc.) the contents of a digital signature 
document unless an access control mechanism explicitly enables such 
access, e.g. via an access control policy. The definition of such a 
policy mechanism is beyond the scope this specification, but can be 
defined by implementers to allow access to all or parts of the signature 
documents, or deny any such access. An exception is if a user agent that 
implements this specification also implements the optional 
[Widgets-DigSig] specification, in which case the user agent must make 
digital signature documents available only to the implementation of the 
[Widgets-DigSig] specification; a user agent must not make the digital 
signatures accessible to scripting or other content loading mechanisms, 
unless explicitly enabled by an access control mechanism.

It think we should move it out of P&C into the API spec or some other spec.

Kind regards,
Received on Thursday, 27 August 2009 12:34:34 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:18 UTC