Re: Proposal for ISSUE-83 from Marcos Caceres on 2009-04-23 (public-webapps@w3.org from April to June 2009)

From: Marcos Caceres <marcosc@opera.com>
Date: Thu, 23 Apr 2009 09:45:13 +0200
To: Arthur Barstow <Art.Barstow@nokia.com>
Cc: Mark Priestley <Mark.Priestley@vodafone.com>, "Hirsch Frederick (Nokia-CIC/Boston)" <Frederick.Hirsch@nokia.com>, public-webapps <public-webapps@w3.org>
Message-ID: <b21a10670904230045r55134034xe57e5be1e595bde7@mail.gmail.com>

On Thu, Apr 23, 2009 at 12:04 AM, Arthur Barstow <Art.Barstow@nokia.com> wrote:
> A shorter counter-proposal below ...
>
> On Apr 21, 2009, at 9:56 AM, ext Marcos Caceres wrote:
>
>> On Tue, Apr 21, 2009 at 3:31 PM, Frederick Hirsch
>> <frederick.hirsch@nokia.com> wrote:
>>>
>>> ISSUE-83 states:
>>> Instantiated widget should not be able to read digital signature
>>> http://www.w3.org/2008/webapps/track/issues/83
>>>
>>> The following is a proposal of text to add to P&C to address this issue,
>>> based on text from Marcos and adding the notion of allowing policy and
>>> access control mechanisms to be used:
>>>
>>> "Where a user agent that implements this specification interacts with
>>> implementations of other specifications, this user agent MUST deny other
>>> implementations access to digital signature documents unless an access
>>> control mechanism is in place to enable access according to policy. The
>>> definition of such a policy mechanism is out  of scope of this
>>> specification, but may be defined to  allow access to all or parts of the
>>> signature documents, or deny any such access. An exception is if a user
>>> agent that implements this specification also implements the OPTIONAL
>>> [Widgts-DigSig] specification, in which case the user agent MUST make
>>> signature documents available to the implementation of the
>>> [Widgets-DigSig]
>>> specification."
>>
>> Added under "Digital Signatures" section. If Mark is happy, then we
>> should close this issue.
>
> Proposed text:
>
> [[
> A user agent MUST prevent a widget from accessing the contents of
> a digital signature document unless an access control mechanism
> explicitly enables such access e.g. via an access control policy.
> The definition of such a policy mechanism is out of scope of
> this specification, but may be defined to allow access to all or
> parts of the signature documents, or deny any such access.
> ]]
>


I've added the above text to the spec.

-- 
Marcos Caceres
http://datadriven.com.au

Received on Thursday, 23 April 2009 07:46:07 UTC