- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Tue, 21 Apr 2009 09:31:41 -0400
- To: public-webapps Group WG <public-webapps@w3.org>
- Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, ext Marcos Caceres <marcosc@opera.com>, Arthur Barstow <art.barstow@nokia.com>
ISSUE-83 states: Instantiated widget should not be able to read digital signature http://www.w3.org/2008/webapps/track/issues/83 The following is a proposal of text to add to P&C to address this issue, based on text from Marcos and adding the notion of allowing policy and access control mechanisms to be used: "Where a user agent that implements this specification interacts with implementations of other specifications, this user agent MUST deny other implementations access to digital signature documents unless an access control mechanism is in place to enable access according to policy. The definition of such a policy mechanism is out of scope of this specification, but may be defined to allow access to all or parts of the signature documents, or deny any such access. An exception is if a user agent that implements this specification also implements the OPTIONAL [Widgts-DigSig] specification, in which case the user agent MUST make signature documents available to the implementation of the [Widgets-DigSig] specification." This message should complete ACTION-329 which should be closed. regards, Frederick Frederick Hirsch Nokia
Received on Tuesday, 21 April 2009 13:32:47 UTC