- From: Marcos Caceres <marcosscaceres@gmail.com>
- Date: Fri, 10 Oct 2008 15:06:57 +0100
- To: public-webapps <public-webapps@w3.org>
- Cc: "Priestley, Mark, VF-Group" <Mark.Priestley@vodafone.com>
To allow multiple signatures in a package, I propose we use the following regex pattern in the packaging spec: signature[0-9]*.xml That is, the following are all matched: * SIGNATURE.xml * sigNATure0.xml * signature1.xml * signatuRE11223121.xml The following are not matched: * signature1a.xml * signature1a2.xml There are a number of outstanding issues, however: 1. Should signature1.xml be processed before signature.xml? or the other way around? does order matter at all? 2. Do signatures need to be named sequentially (e.i., signature.xml, must be followed by signature0.xml, signature1.xml, etc.) ? or is it ok to have a package with two signatures like sigNATURE0001.xml and sigNaTure12323232.xml? In the spec, I assume that if one signature fails, and there are other signatures available, then the UA simply moves onto verifying the next signature. Also, in regards to 1., unless I hear otherwise, I will assume it does not matter. And in regards to 2. I will also assume that it does not matter (anything goes as long as it matches the regex pattern, and it's a valid xml-sig file, of course). Kind regards, Marcos -- Marcos Caceres http://datadriven.com.au
Received on Friday, 10 October 2008 14:12:56 UTC