Attached is comment I sent on Mark's notes:
---
Mark
yes I think this is appropriate. I would suggest that the processing
rules for signature verification be uniform, apart from the fact that
a distributor signature includes author signature Reference.
Then I would argue it is application dependent on what to do with
regards to failure, since this depends on the bigger widget picture
(eventually policy but for now out of scope of the widget signature
spec).
For simplicity we might remove the 07 from the URIs.
Thanks for writing this down.
By the way I expect XML Signature 1.1 and Properties to be published
as First Public Working Draft very soon, barring any last minute
difficulties.
regards, Frederick
Frederick Hirsch
Nokia
On Feb 17, 2009, at 6:01 AM, ext Priestley, Mark, VF-Group wrote:
Hi Frederick,
Just thought I'd try and help with the generation of a proposal on
the use of widget digital signature properties. Hopefully the below
is a useful summary of what I think the main requirements are.
It should be possible to create a signature - lets call it the
"author signature" - which is used solely for determining who the
author of a widget is, and as a result whether or not two widgets
came from the same author. The most reliable way of doing this would
be if two signatures were created using the same private key but
this need not be specified.
It should be possible to create a signature - lets call it the
"distributor signature" - that is used to determine that a
particular distributor has distributed this widget. Typically this
signature might be used to mean something by the consuming widget
user agent's security policy, such as allocate this widget to trust
domain X. Again I don't think the use of this signature needs to be
specified here.
The properties for each signature "type" are as follows.
Author signature
- Instances allowed: zero or one
- Located: at the root of the widget
- Name: Some reserved file name, eg "author-signature" .xml"
- Generated over: All widget resources excluding distributor
signatures
- Role property: eg http://www.w3.org/2009/07/widgets-digsig#role-author
Distributor signature
- Instances allowed: zero or more
- Located: at the root of the widget
- Name: "signature" *[0-9]".xml"
- Generated over: All widget resources excluding other distributor
signatures but including the author signature (if present)
- Role property: eg http://www.w3.org/2009/07/widgets-digsig#role-distributor
In addition to the above, the rules for generation and verification
of the reference elements would need to be updated to be dependent
on the role of the signature. I think that's the only significant
change needed to the current spec, along with changing of the usage
property to a role property. To make life easy for readers it may
also be desirable to define different types of signature
corresponding to the different roles.
Does the above all make sense given last weeks call? Please let me
know if not.
Regards,
Mark
Mark Priestley
Security Expert
Vodafone Group R&D
Mobile: +44 (0)7717512838
E-mail: mark.priest...@vodafone.com
www.betavine.net - Web
betavine.mobi - Mobile Web
Vodafone Group Services Limited
Registered Office: Vodafone House, The Connection, Newbury,
Berkshire RG14 2FN Registered in England No 3802001
