A shorter counter-proposal below ...
On Apr 21, 2009, at 9:56 AM, ext Marcos Caceres wrote:
On Tue, Apr 21, 2009 at 3:31 PM, Frederick Hirsch
<[email protected]> wrote:
ISSUE-83 states:
Instantiated widget should not be able to read digital signature
http://www.w3.org/2008/webapps/track/issues/83
The following is a proposal of text to add to P&C to address this
issue,
based on text from Marcos and adding the notion of allowing policy
and
access control mechanisms to be used:
"Where a user agent that implements this specification interacts with
implementations of other specifications, this user agent MUST deny
other
implementations access to digital signature documents unless an
access
control mechanism is in place to enable access according to
policy. The
definition of such a policy mechanism is out of scope of this
specification, but may be defined to allow access to all or parts
of the
signature documents, or deny any such access. An exception is if a
user
agent that implements this specification also implements the OPTIONAL
[Widgts-DigSig] specification, in which case the user agent MUST make
signature documents available to the implementation of the
[Widgets-DigSig]
specification."
Added under "Digital Signatures" section. If Mark is happy, then we
should close this issue.
Proposed text:
[[
A user agent MUST prevent a widget from accessing the contents of
a digital signature document unless an access control mechanism
explicitly enables such access e.g. via an access control policy.
The definition of such a policy mechanism is out of scope of
this specification, but may be defined to allow access to all or
parts of the signature documents, or deny any such access.
]]
-Regards, Art Barstow
