I have updated the widget signature editors draft
http://dev.w3.org/2006/waf/widgets-digsig/
1. Removed section 9, "Draft update to XML Signature Properties" since
XML Security WG plans to publish latest revision of Signature
Properties in conjunction with next Widget Signature publication.
2. Removed all mention of Created property, removed from example 1.4,
mention in 1.5, remove section 5.6, mention in 7.2 and 7.3
3. removed sentence from abstract and introduction that received
negative comment:
"Widget authors and distributors can digitally sign widgets as a trust
and quality assurance mechanism"
4. Implemented Editorial requests from Mark that we all agreed,
including refinements from timeless, and Marcos.
Note that I used "signature file" where talking about files
specifically, and "widget signature" when talking about features of
the XML signature itself, since otherwise it makes no sense.
Dropped MAY from definition, "which MAY logically contain" , as
suggested by Marcos.
add ZIP reference to Stored usage.
5 Updated acknowledgements to thank XML Security WG and other reviewers.
6. Added proposed text to 5.1 to resolve ISSUE-83
A user agent MUST prevent a widget from accessing the contents of
a digital signature document unless an access control mechanism
explicitly enables such access e.g. via a an access control policy.
The definition of such a policy mechanism is out of scope of
this specification, but may be defined to allow access to all or
parts of the signature documents, or deny any such access.
7. Fixed an internal link issue related to choice of "verification"
versus "validation" of signatures.
We still have some issues to resolve with links into the requirements
document, and thus possibly the requirements section in general.
regards, Frederick
Frederick Hirsch
Nokia
