Re: ISSUE-83 (digsig should not be read at runtime): Instantiated widget should not be able to read digital signature [Widgets] from Marcos Caceres on 2009-04-09 (public-webapps@w3.org from April to June 2009)

From: Marcos Caceres <marcosc@opera.com>
Date: Thu, 9 Apr 2009 15:52:06 +0200
To: "Priestley, Mark, VF-Group" <Mark.Priestley@vodafone.com>
Cc: Arthur Barstow <Art.Barstow@nokia.com>, "Hirsch Frederick (Nokia-CIC/Boston)" <Frederick.Hirsch@nokia.com>, Web Applications Working Group WG <public-webapps@w3.org>
Message-ID: <b21a10670904090652o40f3e7e7t237a201702aba669@mail.gmail.com>

On Thu, Apr 9, 2009 at 2:17 PM, Priestley, Mark, VF-Group
<Mark.Priestley@vodafone.com> wrote:
> Hi Art, All,
>
> If there is no use case for accessing this information (I was after why
> you would want to access this information because I think just saying it
> might be interesting to do so isn't justification enough), then I think
> my original proposal holds - make the signature files unavailable to the
> widget at runtime.
>
> For clarification I was not suggesting that an API should be added to
> the DigSig spec but rather that some of the information could be exposed
> via an API defined in the APIs and Events spec. But I don't think this
> is necessary or worth the additional specification effort.


FWIW, I agree with Mark.

Kind regards,
Marcos

>>-----Original Message-----
>>From: Arthur Barstow [mailto:Art.Barstow@nokia.com]
>>Sent: 07 April 2009 21:57
>>To: Priestley, Mark, VF-Group
>>Cc: Hirsch Frederick (Nokia-CIC/Boston); Web Applications
>>Working Group WG
>>Subject: Re: ISSUE-83 (digsig should not be read at runtime):
>>Instantiated widget should not be able to read digital
>>signature [Widgets]
>>
> - Show quoted text -
>>On Apr 2, 2009, at 6:01 PM, ext Priestley, Mark, VF-Group wrote:
>>
>>> Comments inline.
>>>
>>> FWIW my view is that if there is a valid use case for a widget being
>>> able to access information in a signature file, either it should
>>> access this information using an API or we should add further
>>> restrictions to the widget digital signature format and processing.
>>
>>Since Frederick's use cases [1] didn't convince you, what specific
>>change(s) do you think is needed in the Widgets DigSig spec?
>>
>>Defining an API in this spec doesn't seem like a good approach.
>>
>>-Regards, Art Barstow
>>
>>[1] <http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/
>>0017.html>
>>
>>
>>
>
>



-- 
Marcos Caceres
http://datadriven.com.au

Received on Thursday, 9 April 2009 13:53:01 UTC