- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Mon, 27 Apr 2009 14:42:04 -0400
- To: Web Applications Working Group WG <public-webapps@w3.org>
- Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, Marcos Caceres <marcosscaceres@gmail.com>, Arthur Barstow <art.barstow@nokia.com>
I suggest the following remove from widgets signature: http://dev.w3.org/2006/waf/widgets-digsig/#use "A user agent MUST prevent a widget from accessing the contents of a digital signature document unless an access control mechanism explicitly enables such access, e.g. via a an access control policy. The definition of such a policy mechanism is out of scope of this specification, but may be defined to allow access to all or parts of the signature documents, or deny any such access." change packaging and config, http://dev.w3.org/2006/waf/widgets/#digital-signatures replace 2nd paragraph which is currently "Where a user agent that implements this specification interacts with implementations of other specifications, this user agent must deny other implementations access to digital signature documents unless an access control mechanism is in place to enable access according to policy. The definition of such a policy mechanism is out of scope of this specification, but may be defined to allow access to all or parts of the signature documents, or deny any such access. An exception is if a user agent that implements this specification also implements the optional [Widgts-DigSig] specification, in which case the user agent must make signature documents available to the implementation of the [Widgets-DigSig]specification." with this "A user agent MUST prevent a widget from accessing the contents of a digital signature document unless an access control mechanism explicitly enables such access, e.g. via a an access control policy. The definition of such a policy mechanism is out of scope of this specification, but may be defined to allow access to all or parts of the signature documents, or deny any such access. An exception is if a user agent that implements this specification also implements the optional [Widgts-DigSig] specification, in which case the user agent must make signature documents available to the implementation of the [Widgets-DigSig] specification." this is to adopt Art's simplified proposal By the way I really think P&C should use uppercase MUSTs etc. regards, Frederick Frederick Hirsch Nokia
Received on Monday, 27 April 2009 18:42:57 UTC