+1, I think the current Widget Signature draft reflects this point of
view with the focus on author and distributor signatures and no usage
or concern with updates specific to Widget Signature. That said, we
may wish to review the update mechanism from a security point of view,
but I don't
2009/2/12 Priestley, Mark, VF-Group mark.priest...@vodafone.com:
[mp] As a general comment, I think this is a pretty difficult problem to
address in a secure manner. IMO the most reliable way of authorising an
update would be through the use of an update signature however, HTTPS
provides
Dear Marcos,
From my point of view the current model as described by you is ok. The author
of the update description document and the author of the widget resource that
shall be updated are able to control the security level shall be reached. This
is not mandated by the widget specifications
-
From: public-webapps-requ...@w3.org
[mailto:public-webapps-requ...@w3.org] On Behalf Of Marcos Caceres
Sent: Dienstag, 27. Januar 2009 11:56
To: Priestley, Mark, VF-Group; public-webapps@w3.org
Subject: Re: [widgets] Comment on Widgets 1.0: Digital
Signatures - the Usage property
Hi Mark
-webapps-requ...@w3.org] On
Behalf Of Marcos Caceres
Sent: Dienstag, 27. Januar 2009 11:56
To: Priestley, Mark, VF-Group; public-webapps@w3.org
Subject: Re: [widgets] Comment on Widgets 1.0: Digital Signatures - the Usage
property
Hi Mark,
Some minor comments below. Bar a few clarifications, I mostly
Hi Mark,
Some minor comments below. Bar a few clarifications, I mostly agree with
your proposal.
On 1/26/09 1:35 PM, Priestley, Mark, VF-Group
mark.priest...@vodafone.com wrote:
Hi All,
The following email aims to clarify an idea that was discussed on a
couple of WebApps calls, most