[widgets] Digital Signature Roles - summary of proposal

Hi All,
 
Below is a copy of the proposal that I sent to Frederick and Marcos
following last week's WebApp call to capture the agreements that were
reached in regards to defining different signature roles. 
 
I'm reposting to the public list to provide background to the updates to
that Widgets 1.0: Digital Signature that Frederick plans to provide
before the Paris face-to-face meeting.   
 
---------------------------------
 
It should be possible to create a signature - lets call it the "author
signature" - which is used solely for determining who the author of a
widget is, and as a result whether or not two widgets came from the same
author. The most reliable way of doing this would be if two signatures
were created using the same private key but this need not be specified.
 
It should be possible to create a signature - lets call it the
"distributor signature" - that is used to determine that a particular
distributor has distributed this widget. Typically this signature might
be used to mean something by the consuming widget user agent's security
policy, such as allocate this widget to trust domain X. Again I don't
think the use of this signature needs to be specified here.
 
The properties for each signature "type" are as follows.
 
Author signature
 
- Instances allowed: zero or one
- Located: at the root of the widget 
- Name: Some reserved file name, eg "author-signature" .xml"
- Generated over: All widget resources excluding distributor signatures
- Role property:  eg http://www.w3.org/2009/widgets-digsig#role-author
 
Distributor signature
 
- Instances allowed: zero or more 
- Located: at the root of the widget 
- Name: "signature" *[0-9]".xml"
- Generated over: All widget resources excluding other distributor
signatures but including the author signature (if present)
- Role property: eg
http://www.w3.org/2009/widgets-digsig#role-distributor

In addition to the above, the rules for generation and verification of
the reference elements would need to be updated to be dependent on the
role of the signature. I think that's the only significant change needed
to the current spec, along with changing of the usage property to a role
property. To make life easy for readers it may also be desirable to
define different types of signature corresponding to the different
roles.  

---------------------------------
 
Comments welcome.
 
Thanks,
 
Mark 
 
 
Mark Priestley 

Security Expert
Vodafone Group R&D
 
Mobile: +44 (0)7717512838
E-mail: mark.priestley@vodafone.com <mailto:mark.priestley@vodafone.com>

 
www.betavine.net <http://www.betavine.net/>   - Web
betavine.mobi  - Mobile Web   
 
Vodafone Group Services Limited 
Registered Office: Vodafone House, The Connection, Newbury, Berkshire
RG14 2FN Registered in England No 3802001

 

Received on Thursday, 19 February 2009 14:45:39 UTC