Re: Stability of Widget DigSig

On 2015-05-08 14:32, Frederick Hirsch wrote:
> no objection, the referenced document is a Recommendation, isn't it?
>
> http://www.w3.org/TR/widgets-digsig/

This seems to be a rather theoretical discussion:

https://developer.mozilla.org/en-US/Add-ons/SDK/High-Level_APIs/widget

Anders

>
> regards, Frederick
>
> Frederick Hirsch
>
> Chair XML Security WG
>
> fjhirsch.com
> @fjhirsch
>
>> On May 8, 2015, at 7:14 AM, Arthur Barstow <art.barstow@gmail.com> wrote:
>>
>> [ + Marcos and Frederick ]
>>
>> Hi Andrew,
>>
>> The group stopped working on XML Digital Signature for Widgets several years ago and there is no plan to resume work (except to process errata as required).
>>
>> Marcos, Frederick - this spec's namespace document includes the following statement:
>>
>> [[
>> <http://www.w3.org/ns/widgets-digsig/>
>>
>> Implementers should be aware that this document is not stable.
>> ]]
>>
>> Any objections from you or anyone else to remove this statement?
>>
>> -Thanks, ArtB
>>
>> On 5/7/15 5:55 AM, Andrew Twigger wrote:
>>>
>>> ATSC and CEA are developing standards that include the ability to download digital signed applications. Their current specifications reference the W3C Recommendation for XML Digital Signature for Widgets (18 April 2013).  However, the associated Widgets Digital Signature Namespace (http://www.w3.org/ns/widgets-digsig/) contains a statement that “Implementers should be aware that this document is not stable.” which has raised questions as to the stability and suitability of referencing Widget DigSig.  The alternative would be to reference XAdES with the C and T forms to allow for the inclusion of timestamp and certificate revocation information which are not included in Widget DigSig.
>>>
>>> I would be pleased to receive any information regarding the stability of Widget DigSig and whether referencing XAdES would provide a better alternative.
>>>
>>> Thank-you,
>>>
>>> Andrew Twigger
>>>
>>
>
>

Received on Friday, 8 May 2015 12:47:50 UTC