On Behalf Of Paddy Byers
[pa...@aplix.co.jp]
Sent: Friday, March 27, 2009 12:13 AM
To: Marcin Hanclik
Cc: Thomas Roessler; Hillebrand, Rainer; marc...@opera.com;
public-webapps@w3.org; otsi-arch-...@omtplists.org
Subject: Re: [BONDI Architecture & Security] [widgets] Author, was: RE: AW:
Hi,
I have been trying to identify the term author in Widget specs.
I think we're in danger of getting into details that are irrelevant for the
P&C specification.
This spec should define what information is asserted by the presence of the
author and distributor signatures.
It is up to a consum
rg;
otsi-arch-...@omtplists.org
Subject: RE: AW: Re: [BONDI Architecture & Security] [widgets] new digsig draft
Hi Thomas,
Nice suggestion, but I am not sure whether it will survive in the real world
and be abandoned or replaced by other interpretations.
[I personally associate the author with the widget
r [...@w3.org]
Sent: Thursday, March 26, 2009 10:38 PM
To: Hillebrand, Rainer
Cc: marc...@opera.com; pa...@aplix.co.jp; public-webapps@w3.org;
otsi-arch-...@omtplists.org
Subject: Re: AW: Re: [BONDI Architecture & Security] [widgets] new digsig draft
Suggestion:
> The author signature
Suggestion:
The author signature asserts that the signing party is an author of
the widget, and binds the author's identity to the widget package.
Regards,
--
Thomas Roessler, W3C
On 26 Mar 2009, at 17:20, Hillebrand, Rainer wrote:
Dear Marcos,
We cannot technically guarantee that
essler [...@w3.org]
Sent: Thursday, March 26, 2009 7:05 PM
To: Hillebrand, Rainer
Cc: frederick.hir...@nokia.com; mark.priest...@vodafone.com; marc...@opera.com
; pa...@aplix.co.jp; public-webapps@w3.org; otsi-arch-...@omtplists.org
Subject: Re: AW: Re: [BONDI Architecture & Security] [widgets] new
d
AW: Re: [BONDI Architecture & Security] [widgets] new digsig draft
What the author certificate lets you verify is whether a single party
is taking responsibility for two widgets.
There is indeed no *proof* of authorship here, but a statement that
the signer is willing to assume the blame for
I think the draft provides enough assurance for the intended level of
use. If you want higher levels of assurance more will be required, but
I don't believe we have a requirement here for that.
regards, Frederick
Frederick Hirsch
Nokia
On Mar 26, 2009, at 12:20 PM, ext Hillebrand, Rainer
(removing cross-posting since it doesn't work for mail from everyone)
I'd like to point out that section 5.2 says what an author signature
*can* do. I'm strongly against muddying this to account for various
edge cases - I agree with Thomas that the meaning is clear.
However I understand the
What the author certificate lets you verify is whether a single party
is taking responsibility for two widgets.
There is indeed no *proof* of authorship here, but a statement that
the signer is willing to assume the blame for being the widget's
author. Which is all we need, no?
--
Thomas
10 matches
Mail list logo