What the author certificate lets you verify is whether a single party
is taking responsibility for two widgets.
There is indeed no *proof* of authorship here, but a statement that
the signer is willing to assume the blame for being the widget's
author. Which is all we need, no?
--
Thomas
(removing cross-posting since it doesn't work for mail from everyone)
I'd like to point out that section 5.2 says what an author signature
*can* do. I'm strongly against muddying this to account for various
edge cases - I agree with Thomas that the meaning is clear.
However I understand
I think the draft provides enough assurance for the intended level of
use. If you want higher levels of assurance more will be required, but
I don't believe we have a requirement here for that.
regards, Frederick
Frederick Hirsch
Nokia
On Mar 26, 2009, at 12:20 PM, ext Hillebrand, Rainer
, March 26, 2009 7:05 PM
To: Hillebrand, Rainer
Cc: frederick.hir...@nokia.com; mark.priest...@vodafone.com; marc...@opera.com
; pa...@aplix.co.jp; public-webapps@w3.org; otsi-arch-...@omtplists.org
Subject: Re: AW: Re: [BONDI Architecture Security] [widgets] new
digsig draft
What the author
, March 26, 2009 10:38 PM
To: Hillebrand, Rainer
Cc: marc...@opera.com; pa...@aplix.co.jp; public-webapps@w3.org;
otsi-arch-...@omtplists.org
Subject: Re: AW: Re: [BONDI Architecture Security] [widgets] new digsig draft
Suggestion:
The author signature asserts that the signing party is an author
Hi,
I have been trying to identify the term author in Widget specs.
I think we're in danger of getting into details that are irrelevant for the
PC specification.
This spec should define what information is asserted by the presence of the
author and distributor signatures.
It is up to a
