W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2009

Re: [widgets] P&C, assertion in wrong spec

From: Robin Berjon <robin@berjon.com>
Date: Fri, 28 Aug 2009 11:23:46 +0200
Cc: public-webapps <public-webapps@w3.org>
Message-Id: <9EE9614E-0874-40A9-98C2-066BE33B3D2E@berjon.com>
To: Marcos Caceres <marcosc@opera.com>
On Aug 27, 2009, at 14:33 , Marcos Caceres wrote:
> For the purpose of testing, I think the following assertion is in  
> the wrong spec (P&C):
>
> [[
> A user agent must prevent a browsing context of a widget from  
> accessing (e.g., via scripts, CSS, HTML, etc.) the contents of a  
> digital signature document unless an access control mechanism  
> explicitly enables such access, e.g. via an access control policy.  
> The definition of such a policy mechanism is beyond the scope this  
> specification, but can be defined by implementers to allow access to  
> all or parts of the signature documents, or deny any such access. An  
> exception is if a user agent that implements this specification also  
> implements the optional [Widgets-DigSig] specification, in which  
> case the user agent must make digital signature documents available  
> only to the implementation of the [Widgets-DigSig] specification; a  
> user agent must not make the digital signatures accessible to  
> scripting or other content loading mechanisms, unless explicitly  
> enabled by an access control mechanism.
> ]]
>
> It think we should move it out of P&C into the API spec or some  
> other spec.

Why?

-- 
Robin Berjon - http://berjon.com/
Received on Friday, 28 August 2009 09:24:21 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:33 GMT