- From: Robin Berjon <robin@berjon.com>
- Date: Fri, 28 Aug 2009 11:23:46 +0200
- To: Marcos Caceres <marcosc@opera.com>
- Cc: public-webapps <public-webapps@w3.org>
On Aug 27, 2009, at 14:33 , Marcos Caceres wrote: > For the purpose of testing, I think the following assertion is in > the wrong spec (P&C): > > [[ > A user agent must prevent a browsing context of a widget from > accessing (e.g., via scripts, CSS, HTML, etc.) the contents of a > digital signature document unless an access control mechanism > explicitly enables such access, e.g. via an access control policy. > The definition of such a policy mechanism is beyond the scope this > specification, but can be defined by implementers to allow access to > all or parts of the signature documents, or deny any such access. An > exception is if a user agent that implements this specification also > implements the optional [Widgets-DigSig] specification, in which > case the user agent must make digital signature documents available > only to the implementation of the [Widgets-DigSig] specification; a > user agent must not make the digital signatures accessible to > scripting or other content loading mechanisms, unless explicitly > enabled by an access control mechanism. > ]] > > It think we should move it out of P&C into the API spec or some > other spec. Why? -- Robin Berjon - http://berjon.com/
Received on Friday, 28 August 2009 09:24:21 UTC