- From: Marcos Caceres <marcosc@opera.com>
- Date: Fri, 1 May 2009 17:20:39 +0200
- To: Frederick Hirsch <frederick.hirsch@nokia.com>
- Cc: Web Applications Working Group WG <public-webapps@w3.org>, Arthur Barstow <art.barstow@nokia.com>
On Tue, Apr 28, 2009 at 12:13 AM, Marcos Caceres <marcosc@opera.com> wrote: > I will make the changes below and change the style sheet to uppercase > rfc2119 terms. Ok, done. > On Monday, April 27, 2009, Frederick Hirsch <frederick.hirsch@nokia.com> wrote: >> I suggest the following >> >> remove from widgets signature: >> http://dev.w3.org/2006/waf/widgets-digsig/#use >> >> "A user agent MUST prevent a widget from accessing the contents of a >> digital signature document unless an access control mechanism >> explicitly enables such access, e.g. via a an access control policy. >> The definition of such a policy mechanism is out of scope of this >> specification, but may be defined to allow access to all or parts of >> the signature documents, or deny any such access." >> >> change packaging and config, >> http://dev.w3.org/2006/waf/widgets/#digital-signatures >> >> replace 2nd paragraph which is currently >> >> "Where a user agent that implements this specification interacts with >> implementations of other specifications, this user agent must deny >> other implementations access to digital signature documents unless an >> access control mechanism is in place to enable access according to >> policy. The definition of such a policy mechanism is out of scope of >> this specification, but may be defined to allow access to all or parts >> of the signature documents, or deny any such access. An exception is >> if a user agent that implements this specification also implements the >> optional [Widgts-DigSig] specification, in which case the user agent >> must make signature documents available to the implementation of the >> [Widgets-DigSig]specification." >> >> with this >> >> "A user agent MUST prevent a widget from accessing the contents of a >> digital signature document unless an access control mechanism >> explicitly enables such access, e.g. via a an access control policy. >> The definition of such a policy mechanism is out of scope of this >> specification, but may be defined to allow access to all or parts of >> the signature documents, or deny any such access. An exception is if a >> user agent that implements this specification also implements the >> optional [Widgts-DigSig] specification, in which case the user agent >> must make signature documents available to the implementation of the >> [Widgets-DigSig] specification." >> >> >> this is to adopt Art's simplified proposal >> >> By the way I really think P&C should use uppercase MUSTs etc. >> >> >> regards, Frederick >> >> Frederick Hirsch >> Nokia >> >> >> >> >> > > -- > Marcos Caceres > http://datadriven.com.au > -- Marcos Caceres http://datadriven.com.au
Received on Friday, 1 May 2009 15:21:37 UTC