Re: Reminder: RfC: LCWD of Digital Signatures for Widgets; deadline 6 May 2010

Marcos

Given the massive number of changes, it would help if you could please  
summarize:

1. which original normative statement no longer are applicable (ie  
despite rewording, which no longer need be met)

2. which new normative statements you have added

Thanks

regards, Frederick

Frederick Hirsch
Nokia



On Apr 29, 2010, at 12:17 PM, ext Marcos Caceres wrote:

> I have fund a number of issues with the dig sig spec:
>
> 1.  The conformance model is all screwy: it mixes conformance criteria
> for too many products (including ones on which were it makes no sense,
> like signature documents). The conformance criteria makes the spec
> really hard to write test for. Only two classes of products should be
> allowed to conform: signers and validators.
>
> 2. The spec requires zip-relative-paths to be URL encoded during
> signing. I think this is an oversight, specially because during
> signature validation it does not say that the paths be decoded. URL
> Encoded of paths should be removed from the spec, IMO. Zip-relative
> paths are supposed to be URI safe, hence should not require URL
> Encoding (and when they violate URI's path rule, they should be
> treated as invalid widgets anyway as per the P&C spec).
>
> 3. The document is full of editorial redundancies (about 100+). It is
> also badly structured, with behavioral conformance criteria mixed in
> with definitions and support requirements (making the spec really hard
> to follow).
>
> In the interest of saving time, I have created a new version of the
> spec that addresses all the issues above:
>
> http://dev.w3.org/2006/waf/widgets-digsig/
>
> To compare my draft with latest WG endorsed editorial draft:
>
> http://tinyurl.com/26bxclc
>
> In addition, the new draft has the advantage of being fully testable
> and written using the method defined in [1] (meaning we can plug in
> WebApps test suite creation infrastructure, which assures that all
> conformance requirements in the spec will get tested!).
>
> I encourage the working group to adopt my modified version once it has
> been reviewed. Aside from the URL Encoding thing, the modified version
> does not change the behavior existing implementations: it just makes
> it much more clear what each kind of product needs to do to conform.
>
> Kind regards,
> Marcos
>
> [1] http://www.w3.org/TR/test-methodology/
>
>
> On Thu, Apr 29, 2010 at 2:21 PM, Arthur Barstow  
> <art.barstow@nokia.com> wrote:
>>
>> Reminder: May 6 is the deadline for comments re the April 15 LCWD  
>> of the Digital Signatures for Widgets spec:
>>
>>  http://www.w3.org/TR/2010/WD-widgets-digsig-20100415/
>>
>> Please send comments to public-webapps@w3.org.
>>
>> Begin forwarded message:
>>
>>> From: "Barstow Art (Nokia-CIC/Boston)" <Art.Barstow@nokia.com>
>>> Date: April 16, 2010 5:25:27 PM EDT
>>> To: public-webapps <public-webapps@w3.org>, "public-xmlsec@w3.org"  
>>> <public-xmlsec@w3.org>
>>> Subject: Request for Comments: LCWD of Digital Signatures for  
>>> Widgets; deadline 6 May 2010
>>> Archived-At: <http://www.w3.org/mid/8679D7D8-A881-4FD2-B1A3-693507FB66FF@nokia.com 
>>> >
>>>
>>> On April 15 the WebApps WG published a new LCWD of the Digital
>>> Signatures for Widgets spec (formerly titled Widgets 1.0: Digital
>>> Signatures):
>>>
>>>  http://www.w3.org/TR/2010/WD-widgets-digsig-20100415/
>>>
>>> This spec was last published as a CR [CR]. The new LC includes a fix
>>> to a bug [Bug] that was identified during the implementation of the
>>> spec's June 2009 Candidate.
>>>
>>> The deadline for this LC's comments is 6 May 2010.
>>>
>>> We will explicitly ask the XML Security WG to review this LC and
>>> comments from others are welcome.
>>>
>>> -Art Barstow
>>>
>>> [Bug] http://lists.w3.org/Archives/Public/public-webapps/2010AprJun/
>>> 0054.html
>>> [CR] http://www.w3.org/TR/2009/CR-widgets-digsig-20090625/
>>>
>>>
>>>
>>
>>
>
>
>
> --
> Marcos Caceres
> http://datadriven.com.au
>

Received on Thursday, 29 April 2010 20:52:59 UTC