RE: [widget-digsig] changed widget signature files processing rule in section 4

[Priestley, Mark, VF-Group]

Hi Frederick,
 
Small comment. I would change the sentence:
 
"Process the digital signatures in the signatures list in descending
order, with distributor signature
<http://dev.w3.org/2006/waf/widgets-digsig/#distributor-signature> s
first."
 
to
 
"Process the digital signatures in the signatures list in list order
starting with the first file-entry." or something similar
 
(They should already be in descending order, with distributor signatures
first, as list has been sorted in previous steps.)
 
Thanks,
 
Mark 
 
 


________________________________

        From: public-webapps-requ...@w3.org
[mailto:public-webapps-requ...@w3.org] On Behalf Of Frederick Hirsch
        Sent: 18 March 2009 21:07
        To: WebApps WG
        Cc: Frederick Hirsch
        Subject: [widget-digsig] changed widget signature files
processing rule in section 4
        
        
        I have updated the latest Widget Signature editors draft section
4 (locating and processing digital signatures) to no longer require the
first signature to be processed.  

        http://dev.w3.org/2006/waf/widgets-digsig/#locating-signatures

        The language is now (numbering ok in draft):

        

        1.      Process the digital signatures in the signatures list in
descending order, with distributor signature
<http://dev.w3.org/2006/waf/widgets-digsig/#distributor-signature> s
first.

                The decision of which (if any) distributor signature
<http://dev.w3.org/2006/waf/widgets-digsig/#distributor-signature> s are
to be validated and whether the author signature
<http://dev.w3.org/2006/waf/widgets-digsig/#author-signature>  is
validated is out of scope of this specification. This may be determined
by the Security Policy used by the user agent.

                The ordering by widget file name
<http://dev.w3.org/2006/waf/widgets-digsig/#widget-file-name>  can be
used to allow consistent processing and possible optimization.

        2.      Every signature that is validated MUST be validated
according to Signature Validation
<http://dev.w3.org/2006/waf/widgets-digsig/#signature-validation>
defined in this specification.

        Please indicate any comment or correction.

        The latest draft also changes all usage of "widget user agent"
to "user agent".

        regards, Frederick

        Frederick Hirsch
        Nokia


        On Mar 16, 2009, at 4:46 PM, ext Priestley, Mark, VF-Group
wrote:


                [mp] My view is that whether zero, one or more
signatures is processed
                is up to the widget user agents security policy
therefore we don't need
                to say anything about which signatures (if any) must be
processed. The
                purpose of sorting the distributor signatures into
ascending order is to
                allow some optimisation of signature processing under
certain
                conditions. Maybe good to further clarify - I can try
and come up with
                something if you'd like (and of course if you agree)?