Re: [widgets] dig sig and requirements ready for pub!
I assume this issue is closed with no need to add this text, given the subsequent thread. If this is incorrect please note that on the list. Thanks regards, Frederick Frederick Hirsch Nokia On May 5, 2009, at 6:33 AM, Barstow Art (Nokia-CIC/Boston) wrote: On May 4, 2009, at 10:13 AM, Hirsch Frederick (Nokia-CIC/Boston) wrote: We can add, A signer MUST place the dsp:Identifier signature property into the signature when generating the signature. if necessary. This seems like a reasonable way to address Kai's question. Kai - please let us know if Frederick's proposal is acceptable. -Regards, Art Barstow On May 1, 2009, at 6:49 AM, ext Kai Hendry wrote: http://dev.w3.org/2006/waf/widgets-digsig/#identifier-signature- property I'm not sure what signature management is exactly, though can someone please inform me what a UA is supposed to do with dsp:Identifier? I'm also keen on seeing a simple self sign sign/verify example using http://www.aleksey.com/xmlsec/ or some other opensource tool. Kind regards,
Re: [widgets] dig sig and requirements ready for pub!
On May 4, 2009, at 10:13 AM, Hirsch Frederick (Nokia-CIC/Boston) wrote: We can add, A signer MUST place the dsp:Identifier signature property into the signature when generating the signature. if necessary. This seems like a reasonable way to address Kai's question. Kai - please let us know if Frederick's proposal is acceptable. -Regards, Art Barstow On May 1, 2009, at 6:49 AM, ext Kai Hendry wrote: http://dev.w3.org/2006/waf/widgets-digsig/#identifier-signature- property I'm not sure what signature management is exactly, though can someone please inform me what a UA is supposed to do with dsp:Identifier? I'm also keen on seeing a simple self sign sign/verify example using http://www.aleksey.com/xmlsec/ or some other opensource tool. Kind regards,
Re: [widgets] dig sig and requirements ready for pub!
On Tue, May 5, 2009 at 12:33 PM, Arthur Barstow art.bars...@nokia.com wrote: On May 4, 2009, at 10:13 AM, Hirsch Frederick (Nokia-CIC/Boston) wrote: We can add, A signer MUST place the dsp:Identifier signature property into the signature when generating the signature. if necessary. This seems like a reasonable way to address Kai's question. that is already in the spec: Each widget signature MUST contain a dsp:Identifier signature properties element compliant with XML Signature Properties [XMLDSIG-Properties] and this specification. Kai - please let us know if Frederick's proposal is acceptable. -- Marcos Caceres http://datadriven.com.au
Re: [widgets] dig sig and requirements ready for pub!
On Mon, May 4, 2009 at 7:00 PM, Thomas Roessler t...@w3.org wrote: On 4 May 2009, at 18:42, Marcos Caceres wrote: On Mon, May 4, 2009 at 4:13 PM, Frederick Hirsch frederick.hir...@nokia.com wrote: The Identifier property is useful for audit and management in the backend. I believe this should remain in the specification and should remain a normative section, agreeing with Thomas note in the chat. It was added based on requirements from WG members. I understand the use case, but i still don't understand why we are mandating the use of the dsp:Identifier if it's not going to be used by the UA? If a signer wants to use dsp:Identifier for whatever reason, then are free to do so by using the Signature Properties spec. Putting something in the spec that does not do anything doesn't make sense to me. Some of these use cases may, in the future, affect distributor or user agent behavior. Some (like revocation) might get broken if the identifier isn't universally deployed. Again, what's the cost? I'm not debating is this is a good idea or not. Just trying to understand the use case. Thanks for the explanation, makes more sense to me now. As the cost is minimal, I don't have an issue. -- Marcos Caceres http://datadriven.com.au
Re: [widgets] dig sig and requirements ready for pub!
On Mon, May 4, 2009 at 7:08 PM, Frederick Hirsch frederick.hir...@nokia.com wrote: The spec is more than a UA spec, it also describes signature format which affects parties other than the UA (e.g. audit etc) Oh ok. Yes, this is true. -- Marcos Caceres http://datadriven.com.au
Re: [widgets] dig sig and requirements ready for pub!
On 5/5/09 1:38 PM, Frederick Hirsch wrote: I was aware of what you quoted Marcos, but it was implicit. If it is ok, then I'm not sure why we've been having this email thread... I guess so we are clear as to why we have something that does not do anything in the UA. We now have a clear rationale so I think everyone is satisfied. To that end, this was a worthwhile discussion. End of thread :) Kind regards, Marcos
Re: [widgets] dig sig and requirements ready for pub!
Kai - this is a good question. Frederick - we (MC, TLR and I) talked about this in IRC today. Please take a look and let us know your thoughts: http://krijnhoetmer.nl/irc-logs/webapps/20090504 -Regards, Art Barstow On May 1, 2009, at 6:49 AM, ext Kai Hendry wrote: http://dev.w3.org/2006/waf/widgets-digsig/#identifier-signature- property I'm not sure what signature management is exactly, though can someone please inform me what a UA is supposed to do with dsp:Identifier? I'm also keen on seeing a simple self sign sign/verify example using http://www.aleksey.com/xmlsec/ or some other opensource tool. Kind regards,
Re: [widgets] dig sig and requirements ready for pub!
On 1 May 2009, at 12:49, Kai Hendry wrote: http://dev.w3.org/2006/waf/widgets-digsig/#identifier-signature-property I'm not sure what signature management is exactly, though can someone please inform me what a UA is supposed to do with dsp:Identifier? The primary use case here is not the user agent, but the signer (and a potential application store): It gives them a standardized means to refer to a single signature, in their audit logs and whatever else might come up. There is no user agent behavior out of this one; however, like with the serial number that you have in X.509 certificates, it's going to be worthwhile having an identifier for the signature.
Re: [widgets] dig sig and requirements ready for pub!
On 4 May 2009, at 18:42, Marcos Caceres wrote: On Mon, May 4, 2009 at 4:13 PM, Frederick Hirsch frederick.hir...@nokia.com wrote: The Identifier property is useful for audit and management in the backend. I believe this should remain in the specification and should remain a normative section, agreeing with Thomas note in the chat. It was added based on requirements from WG members. I understand the use case, but i still don't understand why we are mandating the use of the dsp:Identifier if it's not going to be used by the UA? If a signer wants to use dsp:Identifier for whatever reason, then are free to do so by using the Signature Properties spec. Putting something in the spec that does not do anything doesn't make sense to me. Some of these use cases may, in the future, affect distributor or user agent behavior. Some (like revocation) might get broken if the identifier isn't universally deployed. Again, what's the cost?
[widgets] dig sig and requirements ready for pub!
Widgets dig sig and requirements are ready to be published. Widgets dig sig going to LC! Hoping for feedback (yes, that means you Mozilla guys:)) http://dev.w3.org/2006/waf/widgets-digsig/ http://dev.w3.org/2006/waf/widgets-reqs/ If all goes to plan, they will be published tomorrow. Kind regards, Marcos -- Marcos Caceres http://datadriven.com.au
