- From: Priestley, Mark, VF-Group <Mark.Priestley@vodafone.com>
- Date: Thu, 9 Apr 2009 14:17:17 +0200
- To: "Arthur Barstow" <Art.Barstow@nokia.com>
- Cc: "Hirsch Frederick (Nokia-CIC/Boston)" <Frederick.Hirsch@nokia.com>, "Web Applications Working Group WG" <public-webapps@w3.org>
Hi Art, All, If there is no use case for accessing this information (I was after why you would want to access this information because I think just saying it might be interesting to do so isn't justification enough), then I think my original proposal holds - make the signature files unavailable to the widget at runtime. For clarification I was not suggesting that an API should be added to the DigSig spec but rather that some of the information could be exposed via an API defined in the APIs and Events spec. But I don't think this is necessary or worth the additional specification effort. Thanks, Mark >-----Original Message----- >From: Arthur Barstow [mailto:Art.Barstow@nokia.com] >Sent: 07 April 2009 21:57 >To: Priestley, Mark, VF-Group >Cc: Hirsch Frederick (Nokia-CIC/Boston); Web Applications >Working Group WG >Subject: Re: ISSUE-83 (digsig should not be read at runtime): >Instantiated widget should not be able to read digital >signature [Widgets] > >On Apr 2, 2009, at 6:01 PM, ext Priestley, Mark, VF-Group wrote: > >> Comments inline. >> >> FWIW my view is that if there is a valid use case for a widget being >> able to access information in a signature file, either it should >> access this information using an API or we should add further >> restrictions to the widget digital signature format and processing. > >Since Frederick's use cases [1] didn't convince you, what specific >change(s) do you think is needed in the Widgets DigSig spec? > >Defining an API in this spec doesn't seem like a good approach. > >-Regards, Art Barstow > >[1] <http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/ >0017.html> > > >
Received on Thursday, 9 April 2009 12:18:02 UTC