Re: Proposal for ISSUE-83

A shorter counter-proposal below ...

On Apr 21, 2009, at 9:56 AM, ext Marcos Caceres wrote:

> On Tue, Apr 21, 2009 at 3:31 PM, Frederick Hirsch
> <frederick.hirsch@nokia.com> wrote:
>> ISSUE-83 states:
>> Instantiated widget should not be able to read digital signature
>> http://www.w3.org/2008/webapps/track/issues/83
>>
>> The following is a proposal of text to add to P&C to address this  
>> issue,
>> based on text from Marcos and adding the notion of allowing policy  
>> and
>> access control mechanisms to be used:
>>
>> "Where a user agent that implements this specification interacts with
>> implementations of other specifications, this user agent MUST deny  
>> other
>> implementations access to digital signature documents unless an  
>> access
>> control mechanism is in place to enable access according to  
>> policy. The
>> definition of such a policy mechanism is out  of scope of this
>> specification, but may be defined to  allow access to all or parts  
>> of the
>> signature documents, or deny any such access. An exception is if a  
>> user
>> agent that implements this specification also implements the OPTIONAL
>> [Widgts-DigSig] specification, in which case the user agent MUST make
>> signature documents available to the implementation of the  
>> [Widgets-DigSig]
>> specification."
>
> Added under "Digital Signatures" section. If Mark is happy, then we
> should close this issue.

Proposed text:

[[
A user agent MUST prevent a widget from accessing the contents of
a digital signature document unless an access control mechanism
explicitly enables such access e.g. via an access control policy.
The definition of such a policy mechanism is out of scope of
this specification, but may be defined to allow access to all or
parts of the signature documents, or deny any such access.
]]

-Regards, Art Barstow

Received on Wednesday, 22 April 2009 22:06:05 UTC