On 2015-05-08 14:32, Frederick Hirsch wrote:
no objection, the referenced document is a Recommendation, isn't it?
http://www.w3.org/TR/widgets-digsig/
This seems to be a rather theoretical discussion:
https://developer.mozilla.org/en-US/Add-ons/SDK/High-Level_APIs/widget
Anders
regards, Frederick
Frederick Hirsch
Chair XML Security WG
fjhirsch.com
@fjhirsch
On May 8, 2015, at 7:14 AM, Arthur Barstow <art.bars...@gmail.com> wrote:
[ + Marcos and Frederick ]
Hi Andrew,
The group stopped working on XML Digital Signature for Widgets several years
ago and there is no plan to resume work (except to process errata as required).
Marcos, Frederick - this spec's namespace document includes the following
statement:
[[
<http://www.w3.org/ns/widgets-digsig/>
Implementers should be aware that this document is not stable.
]]
Any objections from you or anyone else to remove this statement?
-Thanks, ArtB
On 5/7/15 5:55 AM, Andrew Twigger wrote:
ATSC and CEA are developing standards that include the ability to download
digital signed applications. Their current specifications reference the W3C
Recommendation for XML Digital Signature for Widgets (18 April 2013). However,
the associated Widgets Digital Signature Namespace
(http://www.w3.org/ns/widgets-digsig/) contains a statement that “Implementers
should be aware that this document is not stable.” which has raised questions
as to the stability and suitability of referencing Widget DigSig. The
alternative would be to reference XAdES with the C and T forms to allow for the
inclusion of timestamp and certificate revocation information which are not
included in Widget DigSig.
I would be pleased to receive any information regarding the stability of Widget
DigSig and whether referencing XAdES would provide a better alternative.
Thank-you,
Andrew Twigger
