I have an additional suggested revision to the Widgets 1.0
Requirements, dated 28 January [1]:
(1) R44. Signature Document Format
http://dev.w3.org/2006/waf/widgets-reqs/#r44.-signature-document-format
I suggest some changes to clarify to capture the intent that Mark
noted [2].
(1a) Replace "used independently" with "conveyed independently"
(1b) Add after:
"A conforming specification SHOULD provide guidelines for how any
digital signature can be used separately from a widget resource."
the following
"An example of such use is to perform certificate chain validation and
other checks related to the signature key information, without
necessarily validating the referenced widget content at that time.
Risks associated with separating time of verification and validation
steps may need consideration."
regards, Frederick
Frederick Hirsch
Nokia
[1] http://dev.w3.org/2006/waf/widgets-reqs/
[2] http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0056.html
