- From: Marcos Caceres <marcosc@opera.com>
- Date: Tue, 21 Apr 2009 15:56:33 +0200
- To: Frederick Hirsch <frederick.hirsch@nokia.com>, Mark Priestley <Mark.Priestley@vodafone.com>
- Cc: public-webapps Group WG <public-webapps@w3.org>, Arthur Barstow <art.barstow@nokia.com>
On Tue, Apr 21, 2009 at 3:31 PM, Frederick Hirsch <frederick.hirsch@nokia.com> wrote: > ISSUE-83 states: > Instantiated widget should not be able to read digital signature > http://www.w3.org/2008/webapps/track/issues/83 > > The following is a proposal of text to add to P&C to address this issue, > based on text from Marcos and adding the notion of allowing policy and > access control mechanisms to be used: > > "Where a user agent that implements this specification interacts with > implementations of other specifications, this user agent MUST deny other > implementations access to digital signature documents unless an access > control mechanism is in place to enable access according to policy. The > definition of such a policy mechanism is out of scope of this > specification, but may be defined to allow access to all or parts of the > signature documents, or deny any such access. An exception is if a user > agent that implements this specification also implements the OPTIONAL > [Widgts-DigSig] specification, in which case the user agent MUST make > signature documents available to the implementation of the [Widgets-DigSig] > specification." Added under "Digital Signatures" section. If Mark is happy, then we should close this issue. Kind regards, Marcos -- Marcos Caceres http://datadriven.com.au
Received on Tuesday, 21 April 2009 13:57:37 UTC