Widget Signature Proposal: Add constraints on ds:Reference URIs from Frederick Hirsch on 2009-03-13 (public-webapps@w3.org from January to March 2009)

From: Frederick Hirsch <Frederick.Hirsch@nokia.com>
Date: Fri, 13 Mar 2009 10:29:31 -0400
To: "public-webapps@w3.org WG" <public-webapps@w3.org>
Cc: Frederick Hirsch <Frederick.Hirsch@nokia.com>, Thomas Roessler <tlr@w3.org>
Message-Id: <A78DF1A7-ED54-4ABD-BB89-BD73A28C1640@nokia.com>

The following is a proposal to add text to the Widget Signature draft  
[1] to address the concern expressed by Thomas Roessler [2] regarding  
the need to constrain allowed ds:Reference URIs.

(1) Add to end of section 5.1, Use of XML Signature in Widgets, the  
following new paragraph (items within <> are linked definitions, []  
are references):

Every ds:Reference used within a <widget signature> MUST have a URI  
attribute. Every ds:Reference to an item within the <widget signature>  
MUST use an IDREF value for the ds:Reference URI attribute, referring  
to a unique ID within the <widget signature> [XM-schema].  Every  
ds:Reference to a <widget file> MUST use a relative URI expressing the  
path from the  <root of the widget resource> to the referenced <widget  
file> [URI].

(2) Add reference

[XML-schema-datatypes]
XML Schema Part 2: Datatypes W3C Recommendation. P. Biron, A.  
Malhotra. May 2001.http://www.w3.org/TR/2001/REC-xmlschema-2-20010502/

regards, Frederick

Frederick Hirsch
Nokia

[1] http://dev.w3.org/2006/waf/widgets-digsig/

[2] http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0547.html

Received on Friday, 13 March 2009 14:30:29 UTC