Re: [widgets] Editorial Comments on 18-Aug-2009 LCWD of A&E spec

On Mon, Sep 14, 2009 at 1:33 PM, Arthur Barstow <> wrote:
> On Sep 13, 2009, at 1:06 PM, ext Marcos Caceres wrote:
>> On Fri, Sep 11, 2009 at 9:30 PM, Arthur Barstow <>
>> wrote:
>>>>> 10. Section 2: Initialization: I don't understand this sentence, which
>>>>> when
>>>>> shortened is effectively "The first run through X, prior to runtime.".
>>>> How about:
>>>> "When a user agent first runs a widget package through the Steps for
>>>> Processing a Widget Package, as specified in the [Widgets-Packaging]
>>>> specification, prior to runtime."
>>>> That boils down to:
>>>> When a user agent first runs a widget package through X, prior to
>>>> runtime.
>>> I still can't parse/grok it but it's probably just me and I'll bug you
>>> about
>>> it in IRC (someday) :-).
>>> Perhaps part of the confusion is that "user agent" in the context of this
>>> defintion is presumably a P&C user agent yet that qualification isn't
>>> made
>>> and the only reference to that definition is in Section 6.1 and in that
>>> context the UA is the A&E UA.
>> Yeah, you nailed it (well, section 4.1 Support of Other Specifications
>> [1] kinda defined it). Reworked the definition of a UA to:
>> [[
>> A user agent is a software implementation that supports:
>>  * The widget interface.
>>  * The [Widgets-Packaging] specification.
>>  * The [Widgets-URI] specification.
>>  * Storage areas.
> 1. In the updated definition of Initialization, make the "user agent" a link
> to the definition of "user agent" in Section 4.


>> It is optional for a user agent to support the widgets
>> [Widgets-DigSig] specification.
>> ]]
> Why did you add the DigSig text above and new DigSig paragraph below the
> Note (Section 4)? This spec should focus exclusively on the A&E UA.

The reason is that currently, the following text does not have a home:

[[A user agent must prevent a browsing context of a widget from
accessing (e.g., via scripts, CSS, HTML, etc.) the contents of a
digital signature document unless an access control mechanism
explicitly enables such access, e.g. via an access control policy. The
definition of such a policy mechanism is beyond the scope this
specification, but can be defined by implementers to allow access to
all or parts of the signature documents, or deny any such access. An
exception is if a user agent that implements this specification also
implements the optional [Widgets-DigSig] specification, in which case
the user agent must make digital signature documents available only to
the implementation of the [Widgets-DigSig] specification; a user agent
must not make the digital signatures accessible to scripting or other
content loading mechanisms, unless explicitly enabled by an access
control mechanism.]]

This spec seems like a good home for the text above (hence the
optionality of widgets dig sig).

Marcos Caceres

Received on Monday, 14 September 2009 15:01:01 UTC