LCWD of Widgets 1.0: Digital Signatures published 30-Apr-2009

On April 30 the WebApps WG published a LCWD of the Widgets 1.0  
Digital Signatures spec:

[[
<http://www.w3.org/TR/2009/WD-widgets-digsig-20090430/>

Introduction

This document defines a profile of the XML Signature Syntax and  
Processing 1.1 specification to allow a widget package to be  
digitally signed. Widget authors and distributors can digitally sign  
widgets as a mechanism to ensure continuity of authorship and  
distributorship. Prior to instantiation, a user agent can use the  
digital signature to verify the integrity of the widget package and  
to confirm the signing key(s). This document specifies conformance  
requirements on both widget packages and user agents.

A widget package can be signed by the author of the widget producing  
an [XMLDSIG11] signature that cryptographically includes all of the  
file entries other than signature files. A widget package can also be  
signed by one or more distributors of the widget, producing  
[XMLDSIG11] signatures that each cryptographically includes all of  
the non-signature file entries as well as any author signature.
]]

We explicitly seek comments from the XML Security WG; comments from  
other WGs as well as the TAG are welcome.

The comment period ends 1 June 2009.

All comments should be sent to public-webapps@w3.org [1].

-Regards, Art Barstow

[1] <http://lists.w3.org/Archives/Public/public-webapps/>

Received on Friday, 1 May 2009 14:48:56 UTC