Re: [widgets] Editorial Comments on 18-Aug-2009 LCWD of A&E spec

On Sep 14, 2009, at 11:00 AM, ext Marcos Caceres wrote:

> On Mon, Sep 14, 2009 at 1:33 PM, Arthur Barstow  
> <> wrote:
>> On Sep 13, 2009, at 1:06 PM, ext Marcos Caceres wrote:
>>> It is optional for a user agent to support the widgets
>>> [Widgets-DigSig] specification.
>>> ]]
>> Why did you add the DigSig text above and new DigSig paragraph  
>> below the
>> Note (Section 4)? This spec should focus exclusively on the A&E UA.
> The reason is that currently, the following text does not have a home:
> [[A user agent must prevent a browsing context of a widget from
> accessing (e.g., via scripts, CSS, HTML, etc.) the contents of a
> digital signature document unless an access control mechanism
> explicitly enables such access, e.g. via an access control policy. The
> definition of such a policy mechanism is beyond the scope this
> specification, but can be defined by implementers to allow access to
> all or parts of the signature documents, or deny any such access. An
> exception is if a user agent that implements this specification also
> implements the optional [Widgets-DigSig] specification, in which case
> the user agent must make digital signature documents available only to
> the implementation of the [Widgets-DigSig] specification; a user agent
> must not make the digital signatures accessible to scripting or other
> content loading mechanisms, unless explicitly enabled by an access
> control mechanism.]]
> This spec seems like a good home for the text above (hence the
> optionality of widgets dig sig).

I kinda' understand the general concern, but I don't think the lack  
of a "home" for this spec is sufficient rationale to make the quoted  
text above normative in this spec.

We should try to keep these specs as independent as possible.

It also isn't clear how one would test the "unless" clause of the  
first statement for a black-box implementation of the A&E spec.

-Regards, Art Barstow

Received on Tuesday, 15 September 2009 15:15:27 UTC