W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

[widget-digsig] updated Widget Signature editors draft

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Wed, 22 Apr 2009 18:11:18 -0400
Message-Id: <9D790693-F2D0-4616-B038-A6891CF71FDB@nokia.com>
To: public-webapps WG <public-webapps@w3.org>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>
I have updated the widget signature editors draft


1. Removed section 9, "Draft update to XML Signature Properties" since  
XML Security WG  plans to publish latest revision of Signature  
Properties in conjunction with next Widget Signature publication.

2. Removed all mention of Created property, removed from example 1.4,  
mention in 1.5, remove section 5.6, mention in 7.2 and 7.3

3. removed sentence from abstract and introduction that received  
negative comment:
"Widget authors and distributors can digitally sign widgets as a trust  
and quality assurance mechanism"

4. Implemented Editorial requests from Mark that we all agreed,  
including refinements from timeless, and Marcos.

Note that I used "signature file" where talking about files  
specifically, and "widget signature" when talking about features of  
the XML signature itself, since otherwise it makes no sense.

Dropped MAY from definition, "which MAY logically contain" , as  
suggested by Marcos.
add ZIP reference to Stored usage.

5 Updated acknowledgements to thank XML Security WG and other reviewers.

6. Added proposed text  to 5.1 to resolve ISSUE-83

A user agent MUST prevent a widget from accessing the contents of
a digital signature document unless an access control mechanism
explicitly enables such access e.g. via a an access control policy.
The definition of such a policy mechanism is out of scope of
this specification, but may be defined to allow access to all or
parts of the signature documents, or deny any such access.

7. Fixed an internal link issue related to choice of "verification"  
versus "validation" of signatures.

We still have some issues to resolve with links into the requirements  
document, and thus possibly the requirements section in general.

regards, Frederick

Frederick Hirsch
Received on Wednesday, 22 April 2009 22:12:32 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:12:53 UTC