Re: Using different widget signature roles

Attached is comment I sent on Mark's notes:

yes I think this is appropriate. I would suggest that the processing  
rules for signature verification be uniform, apart from the fact that  
a distributor signature includes author signature Reference.

Then I would argue it is application dependent on what to do with  
regards to failure, since this depends on the bigger widget picture  
(eventually policy but for  now out of scope of the widget signature  

For simplicity we might remove the 07 from the URIs.

Thanks for writing this down.

By the way I expect XML Signature 1.1 and Properties to be published  
as First Public Working Draft very soon, barring any last minute  

regards, Frederick

Frederick Hirsch

On Feb 17, 2009, at 6:01 AM, ext Priestley, Mark, VF-Group wrote:

> Hi Frederick,
> Just thought I'd try and help with the generation of a proposal on  
> the use of widget digital signature properties. Hopefully the below  
> is a useful summary of what I think the main requirements are.
> It should be possible to create a signature - lets call it the  
> "author signature" - which is used solely for determining who the  
> author of a widget is, and as a result whether or not two widgets  
> came from the same author. The most reliable way of doing this would  
> be if two signatures were created using the same private key but  
> this need not be specified.
> It should be possible to create a signature - lets call it the  
> "distributor signature" - that is used to determine that a  
> particular distributor has distributed this widget. Typically this  
> signature might be used to mean something by the consuming widget  
> user agent's security policy, such as allocate this widget to trust  
> domain X. Again I don't think the use of this signature needs to be  
> specified here.
> The properties for each signature "type" are as follows.
> Author signature
> - Instances allowed: zero or one
> - Located: at the root of the widget
> - Name: Some reserved file name, eg "author-signature" .xml"
> - Generated over: All widget resources excluding distributor  
> signatures
> - Role property:  eg
> Distributor signature
> - Instances allowed: zero or more
> - Located: at the root of the widget
> - Name: "signature" *[0-9]".xml"
> - Generated over: All widget resources excluding other distributor  
> signatures but including the author signature (if present)
> - Role property: eg
> In addition to the above, the rules for generation and verification  
> of the reference elements would need to be updated to be dependent  
> on the role of the signature. I think that's the only significant  
> change needed to the current spec, along with changing of the usage  
> property to a role property. To make life easy for readers it may  
> also be desirable to define different types of signature  
> corresponding to the different roles.
> Does the above all make sense given last weeks call? Please let me  
> know if not.
> Regards,
> Mark
> Mark Priestley
> Security Expert
> Vodafone Group R&D
> Mobile: +44 (0)7717512838
> E-mail:
>  - Web
>  - Mobile Web
> Vodafone Group Services Limited
> Registered Office: Vodafone House, The Connection, Newbury,  
> Berkshire RG14 2FN Registered in England No 3802001

Received on Thursday, 19 February 2009 15:23:50 UTC