W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2008

[widgets] finding multiple signatures

From: Marcos Caceres <marcosscaceres@gmail.com>
Date: Fri, 10 Oct 2008 15:06:57 +0100
Message-ID: <b21a10670810100706r37f1e673i8fec830d2420b3df@mail.gmail.com>
To: public-webapps <public-webapps@w3.org>
Cc: "Priestley, Mark, VF-Group" <Mark.Priestley@vodafone.com>

To allow multiple signatures in a package, I propose we use the
following regex pattern in the packaging spec: signature[0-9]*.xml

That is, the following are all matched:
* sigNATure0.xml
* signature1.xml
* signatuRE11223121.xml

The following are not matched:
 * signature1a.xml
 * signature1a2.xml

There are a number of outstanding issues, however:

   1. Should signature1.xml be processed before signature.xml? or the
other way around? does order matter at all?
   2. Do signatures need to be named sequentially (e.i.,
signature.xml, must be followed by signature0.xml, signature1.xml,
etc.) ? or is it ok to have a package with two signatures like
sigNATURE0001.xml and sigNaTure12323232.xml?

In the spec, I assume that if one signature fails, and there are other
signatures available, then the UA simply moves onto verifying the next
signature. Also, in regards to 1., unless I hear otherwise, I will
assume it does not matter. And in regards to 2. I will also assume
that it does not matter (anything goes as long as it matches the regex
pattern, and it's a valid xml-sig file, of course).

Kind regards,
Marcos Caceres
Received on Friday, 10 October 2008 14:12:56 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:12 UTC