Re: Proposal for ISSUE-83

Also works for me.
Marcos
On Thursday, April 23, 2009, Arthur Barstow <Art.Barstow@nokia.com> wrote:
> A shorter counter-proposal below ...
>
> On Apr 21, 2009, at 9:56 AM, ext Marcos Caceres wrote:
>
>
> On Tue, Apr 21, 2009 at 3:31 PM, Frederick Hirsch
> <frederick.hirsch@nokia.com> wrote:
>
> ISSUE-83 states:
> Instantiated widget should not be able to read digital signature
> http://www.w3.org/2008/webapps/track/issues/83
>
> The following is a proposal of text to add to P&C to address this issue,
> based on text from Marcos and adding the notion of allowing policy and
> access control mechanisms to be used:
>
> "Where a user agent that implements this specification interacts with
> implementations of other specifications, this user agent MUST deny other
> implementations access to digital signature documents unless an access
> control mechanism is in place to enable access according to policy. The
> definition of such a policy mechanism is out  of scope of this
> specification, but may be defined to  allow access to all or parts of the
> signature documents, or deny any such access. An exception is if a user
> agent that implements this specification also implements the OPTIONAL
> [Widgts-DigSig] specification, in which case the user agent MUST make
> signature documents available to the implementation of the [Widgets-DigSig]
> specification."
>
>
> Added under "Digital Signatures" section. If Mark is happy, then we
> should close this issue.
>
>
> Proposed text:
>
> [[
> A user agent MUST prevent a widget from accessing the contents of
> a digital signature document unless an access control mechanism
> explicitly enables such access e.g. via an access control policy.
> The definition of such a policy mechanism is out of scope of
> this specification, but may be defined to allow access to all or
> parts of the signature documents, or deny any such access.
> ]]
>
> -Regards, Art Barstow
>
>
>
>

-- 
Marcos Caceres
http://datadriven.com.au

Received on Thursday, 23 April 2009 06:47:51 UTC