Suggested changes to widgets signature Abstract:
Change
"Prior to instantiation, a widget user agent can use the digital
signature to verify the authenticity and data integrity of the files
in a widget resource. In the rare case where a widget damages the end-
user's device, the digital signature may provide a user with legal
recourse to prove that a widget resource was signed by a particular
author or publisher."
to
"Prior to instantiation, a widget user agent can use the digital
signature to verify the integrity of the widget resource, and validate
the source of the resource, such as the author or publisher. This
document summarizes how XML Signature and X.509 Certificate
technologies may be used for integrity and source authentication of a
widget resource, and notes compliance requirements on both widget
resources and widget user agents."
I would argue that legal issues related to a widget damaging a device
are not central to this specification and need not be mentioned in the
abstract, but that the purpose of the document should be. (Moreover a
signature would only service as one aspect of a dispute resolution
process).
regards, Frederick
Frederick Hirsch
Nokia
