Re: ISSUE-83 (digsig should not be read at runtime): Instantiated widget should not be able to read digital signature [Widgets]

On 4/9/09 3:56 PM, Arthur Barstow wrote:
> On Apr 9, 2009, at 9:52 AM, ext Marcos Caceres wrote:
>
>> On Thu, Apr 9, 2009 at 2:17 PM, Priestley, Mark, VF-Group
>> <Mark.Priestley@vodafone.com> wrote:
>>> Hi Art, All,
>>>
>>> If there is no use case for accessing this information (I was after why
>>> you would want to access this information because I think just saying it
>>> might be interesting to do so isn't justification enough), then I think
>>> my original proposal holds - make the signature files unavailable to the
>>> widget at runtime.
>>>
>>> For clarification I was not suggesting that an API should be added to
>>> the DigSig spec but rather that some of the information could be exposed
>>> via an API defined in the APIs and Events spec. But I don't think this
>>> is necessary or worth the additional specification effort.
>>
>>
>> FWIW, I agree with Mark.
>
> Please propose text that will address your concerns.

In the P&C spec, I would add something like:

"A user agent MUST make the digital signature available only to 
implementations of the [Widgets-DigSig] specification. A user agent MUST 
NOT allow read access to any digital signature in the widget package at 
runtime. In other words, a user agent MUST NOT allow a start file, or 
any other file or resource inside or outside the context of the widget 
(e.g., a script or stylesheet), or API, or feature, to read any digital 
signature file within the widget package. At runtime, a user agent MUST 
make it seem as if digital signatures do not exist in the widget package 
by, for example, excluding them from any file listings, and not allowing 
them to be accessed via a URI."

That's just some quick draft text, please feel free to change, add, or 
whatever.

Kind regards,
Marcos

Received on Thursday, 9 April 2009 17:45:39 UTC