Re: AW: Re: [BONDI Architecture & Security] [widgets] new digsig draft from Thomas Roessler on 2009-03-26 (public-webapps@w3.org from January to March 2009)

From: Thomas Roessler <tlr@w3.org>
Date: Thu, 26 Mar 2009 22:38:06 +0100
To: "Hillebrand, Rainer" <Rainer.Hillebrand@t-mobile.net>
Cc: <marcosc@opera.com>, <paddy@aplix.co.jp>, <public-webapps@w3.org>, <otsi-arch-sec@omtplists.org>
Message-Id: <FADA8FF4-7BE8-4D53-A975-5493D060CEF9@w3.org>

Suggestion:

> The author signature asserts that the signing party is an author of  
> the widget, and binds the author's identity to the widget package.

Regards,
--
Thomas Roessler, W3C  <tlr@w3.org>







On 26 Mar 2009, at 17:20, Hillebrand, Rainer wrote:

> Dear Marcos,
>
> We cannot technically guarantee that the author signature really  
> comes from the widget's author. It is like having an envelop with an  
> unsigned letter. The envelop and the letter can come from different  
> sources even if the envelop has a signature.
>
> Best Regards,
>
> Rainer
> ---------------------------------------
> Sent from my mobile device
>
>
> ----- Originalnachricht -----
> Von: Marcos Caceres <marcosc@opera.com>
> An: Paddy Byers <paddy@aplix.co.jp>
> Cc: Hillebrand, Rainer; WebApps WG <public-webapps@w3.org>; otsi-arch-sec@omtplists.org 
>  <otsi-arch-sec@omtplists.org>
> Gesendet: Thu Mar 26 17:12:20 2009
> Betreff: Re: [BONDI Architecture & Security] [widgets] new digsig  
> draft
>
> On Thu, Mar 26, 2009 at 4:29 PM, Paddy Byers <paddy@aplix.co.jp>  
> wrote:
>> Hi,
>>
>>> Agreed. Can we say "were signed with the same certificate" instead?
>>
>> I understood that Webapps had agreed to add a signature profile that
>> designates a particular signature as the author signature - and  
>> where this
>> is present it is possible to come up with appropriate precise  
>> wording as to
>> whether or not two packages originate from the same author.
>
> Well, that's basically what we have, but Rainer seems to imply that it
> is impossible to do this. I think we get as close as we technically
> can to achieving that goal. However, if that current solution is
> inadequate, then please send us suggestions.
>
> -- 
> Marcos Caceres
> http://datadriven.com.au
>
>
> T-Mobile International AG
> Aufsichtsrat/ Supervisory Board: René Obermann (Vorsitzender/  
> Chairman)
> Vorstand/ Board of Management: Hamid Akhavan (Vorsitzender/  
> Chairman), Michael Günther, Lothar A. Harings, Katharina Hollender
> Handelsregister/Commercial Register Entry: Amtsgericht Bonn, HRB 12276
> Steuer-Nr./Tax No.: 205 / 5777/ 0518
> USt.-ID./VAT Reg.No.: DE189669124
> Sitz der Gesellschaft/ Corporate Headquarters: Bonn
>

Received on Thursday, 26 March 2009 21:38:17 UTC