- From: Arthur Barstow <art.barstow@nokia.com>
- Date: Fri, 1 May 2009 10:48:03 -0400
- To: public-webapps <public-webapps@w3.org>, public-xmlsec@w3.org
On April 30 the WebApps WG published a LCWD of the Widgets 1.0 Digital Signatures spec: [[ <http://www.w3.org/TR/2009/WD-widgets-digsig-20090430/> Introduction This document defines a profile of the XML Signature Syntax and Processing 1.1 specification to allow a widget package to be digitally signed. Widget authors and distributors can digitally sign widgets as a mechanism to ensure continuity of authorship and distributorship. Prior to instantiation, a user agent can use the digital signature to verify the integrity of the widget package and to confirm the signing key(s). This document specifies conformance requirements on both widget packages and user agents. A widget package can be signed by the author of the widget producing an [XMLDSIG11] signature that cryptographically includes all of the file entries other than signature files. A widget package can also be signed by one or more distributors of the widget, producing [XMLDSIG11] signatures that each cryptographically includes all of the non-signature file entries as well as any author signature. ]] We explicitly seek comments from the XML Security WG; comments from other WGs as well as the TAG are welcome. The comment period ends 1 June 2009. All comments should be sent to public-webapps@w3.org [1]. -Regards, Art Barstow [1] <http://lists.w3.org/Archives/Public/public-webapps/>
Received on Friday, 1 May 2009 14:48:56 UTC