RE: [widgets] Comments on the 22-Dec-2008 LCWD of the Widgets 1.0: P&C spec

> 3. Signature handling should be specified in [Widgets-DigSig], thus, 
> replace all of Step 5 in section 8.2 with the following:
>
> [[
> The algorithm that describes how to process the list of signatures 
> created in step 4 is defined in [Widgets-DigSig].
> ]]
>
> And add the processing model currently defined in Step 5 to 
> [Widgets-DigSig].

I need to discuss this change with the editor's of the Widget Dig Sig
spec before doing that. I'll get back to you shortly about that.

[mp] I know that this is part of a broader discussion on the digital
signature spec, but for what its worth I think the packaging and
configuration spec should cover how to handle multiple signatures while
simply referencing the digital signatures spec for the processing of the
actual signature document. Putting the handling of multiple signatures
this into the digital signatures spec would IMHO bloat it in an
undesirable way. It is possible that the best place for some of this may
be in the mythical [Widget Security] spec.  

Thanks,

Mark


 

>-----Original Message-----
>From: public-webapps-request@w3.org 
>[mailto:public-webapps-request@w3.org] On Behalf Of Marcos Caceres
>Sent: 31 January 2009 13:32
>To: Arthur Barstow
>Cc: public-webapps
>Subject: Re: [widgets] Comments on the 22-Dec-2008 LCWD of the 
>Widgets 1.0: P&C spec
>
>
>Hi Art,
>On Sat, Jan 31, 2009 at 12:48 PM, Arthur Barstow 
><art.barstow@nokia.com> wrote:
>>
>> I propose the following changes to the 22 December 2008 P&C LCWD [1]:
>>
>> 1. As currently written, the spec implies a Widget User Agent must 
>> support [Widgets-DigSig]. I think that requirement is too strong and 
>> must be relaxed. To address this, change the first paragraph 
>in Section 3.0 to:
>>
>> [[
>> A widget user agent is a user agent that implements this 
>> specification. A widget user agent should implement other 
>> specifications in the Widgets 1.0 family of specifications such as 
>> [Widgets-APIs], [Widgets-DigSig], and [Widgets-Updates] 
>specifications.
>> ]]
>
>Ok, fair enough. However, I think the words "such as" does not 
>make the assertion sound particularly definitive. I think it 
>MUST that widget engines support the APIs and a SHOULD that 
>they support updates and sigs.
>
>New text:
>"A widget user agent is a user agent that attempts to 
>implement this specification. A widget user agent MUST also 
>support the [Widgets-APIs]. A widget user agent SHOULD support 
>the [Widgets-DigSig] specification and the [Widgets-Updates] 
>specification."
>
>As you did, I removed reference to the fictional [Widget 
>Security] specification :)
>
>> 2. Change the first paragraph of Step 4 in section 8.2 to:
>>
>> [[
>> If a widget user agent does not support [Widgets-DigSig], go to Step 
>> 6; otherwise, the algorithm to locate digital signatures for the 
>> widget is as
>> follows:
>> ]]
>
>Done.
>
>> 3. Signature handling should be specified in [Widgets-DigSig], thus, 
>> replace all of Step 5 in section 8.2 with the following:
>>
>> [[
>> The algorithm that describes how to process the list of signatures 
>> created in step 4 is defined in [Widgets-DigSig].
>> ]]
>>
>> And add the processing model currently defined in Step 5 to 
>> [Widgets-DigSig].
>
>I need to discuss this change with the editor's of the Widget 
>Dig Sig spec before doing that. I'll get back to you shortly 
>about that.
>
>Kind regards,
>Marcos
>--
>Marcos Caceres
>http://datadriven.com.au
>
>

Received on Friday, 6 February 2009 15:03:24 UTC