widget signature proposal - Identifier and Created Signature property

I propose we add the following to the Widgets Signature 1.1. This is    
in response to Thomas Roessler review comments, see http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0547.html

Proposal - Add the following to the latest editor's draft http://dev.w3.org/2006/waf/widgets-digsig/

(1) In Section 5.1, Use of XML Signature in Widgets

Add to bullet list:

+ Each Signature MUST contain  a dsp:Identifier signature properties  
element compliant with XML Signature Properties [XMLSec-Properties]  
and this specification.

+ Each Signature MUST contain  a dsp:Created signature properties  
element compliant with XML Signature Properties [XMLSec-Properties]  
and this specification.

(2) Add new section 5.5 and 5.6:

5.5 Identifier Signature Property

The dsp:Identifier signature property is intended to be used to  
uniquely identify the signature to enable signature management. It  
MUST be unique for a given signer.

5.6 Created Signature Property

The dsp:Created signature property provides the time of signature   
creation and is intended to be used to provide additional information  
associated with signatures. It is a wall clock timestamp as noted in  
XML Signature Properties.

To give just one example of use, assume a distributor's signing  
process is found to be broken, but it's not practical to exchange the  
signature key. Being able to weed out all signatures made before a  
particular date might turn out really important in this context.

(2) Update 7.2 Signature Generation to add the following at the end:

The current wall time MUST be placed in the dsp:Created signature   
property upon signature generation. The granularity of this time need   
not be finer than to the minute. The time SHOULD reflect the time that  
signature generation completes.

A unique identifier string for the signature MUST be placed in the   
dsp:Identifier signature property by the signer. This MUST be a  
unique  signing string for all signatures created by the signer.

(3) Update 7.3 Signature Validation to add after the second sentence a  
new paragraph:

The Created Signature Property value MUST represent a timestamp  
earlier than the current time, to the nearest minute, according to  
wall clock time.  There MUST NOT be more than one such value in the  

In addition to these changes in Widget Signature, the latest Editors
Draft of XML Signature Properties reflects the addition on the new  
Identifier [1] and Created [2] Signature properties.

Please review and indicate any suggestions for  those as well.


regards, Frederick

Frederick Hirsch

[1] http://www.w3.org/2008/xmlsec/Drafts/xmldsig-properties/Overview.html#identifier-property

[2] http://www.w3.org/2008/xmlsec/Drafts/xmldsig-properties/Overview.html#created-property

Received on Tuesday, 10 March 2009 16:20:50 UTC