Proposal to update signature text in Packaging and Config, remove from Widget Signature from Frederick Hirsch on 2009-04-27 (public-webapps@w3.org from April to June 2009)

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Mon, 27 Apr 2009 14:42:04 -0400
To: Web Applications Working Group WG <public-webapps@w3.org>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, Marcos Caceres <marcosscaceres@gmail.com>, Arthur Barstow <art.barstow@nokia.com>
Message-Id: <30F1F8BC-2313-47CD-81DF-AAEF1FE033D6@nokia.com>

I suggest the following

remove from widgets signature:
http://dev.w3.org/2006/waf/widgets-digsig/#use

"A user agent MUST prevent a widget from accessing the contents of a
digital signature document unless an access control mechanism
explicitly enables such access, e.g. via a an access control policy.
The definition of such a policy mechanism is out of scope of this
specification, but may be defined to allow access to all or parts of
the signature documents, or deny any such access."

change packaging and config,
http://dev.w3.org/2006/waf/widgets/#digital-signatures

replace 2nd paragraph which is currently

"Where a user agent that implements this specification interacts with
implementations of other specifications, this user agent must deny
other implementations access to digital signature documents unless an
access control mechanism is in place to enable access according to
policy. The definition of such a policy mechanism is out of scope of
this specification, but may be defined to allow access to all or parts
of the signature documents, or deny any such access. An exception is
if a user agent that implements this specification also implements the
optional [Widgts-DigSig] specification, in which case the user agent
must make signature documents available to the implementation of the
[Widgets-DigSig]specification."

with this

"A user agent MUST prevent a widget from accessing the contents of a
digital signature document unless an access control mechanism
explicitly enables such access, e.g. via a an access control policy.
The definition of such a policy mechanism is out of scope of this
specification, but may be defined to allow access to all or parts of
the signature documents, or deny any such access. An exception is if a
user agent that implements this specification also implements the
optional [Widgts-DigSig] specification, in which case the user agent
must make signature documents available to the implementation of the
[Widgets-DigSig] specification."


this is to adopt Art's simplified proposal

By the way I really think P&C should use  uppercase MUSTs etc.


regards, Frederick

Frederick Hirsch
Nokia

Received on Monday, 27 April 2009 18:42:57 UTC