- From: Nokia-CIC/Boston <Frederick.Hirsch@nokia.com>
- Date: Tue, 10 Mar 2009 12:20:03 -0400
- To: WebApps WG <public-webapps@w3.org>
- Cc: "Hirsch Frederick (Nokia-CIC/Boston)" <Frederick.Hirsch@nokia.com>
I propose we add the following to the Widgets Signature 1.1. This is in response to Thomas Roessler review comments, see http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0547.html Proposal - Add the following to the latest editor's draft http://dev.w3.org/2006/waf/widgets-digsig/ (1) In Section 5.1, Use of XML Signature in Widgets Add to bullet list: + Each Signature MUST contain a dsp:Identifier signature properties element compliant with XML Signature Properties [XMLSec-Properties] and this specification. + Each Signature MUST contain a dsp:Created signature properties element compliant with XML Signature Properties [XMLSec-Properties] and this specification. (2) Add new section 5.5 and 5.6: 5.5 Identifier Signature Property The dsp:Identifier signature property is intended to be used to uniquely identify the signature to enable signature management. It MUST be unique for a given signer. 5.6 Created Signature Property The dsp:Created signature property provides the time of signature creation and is intended to be used to provide additional information associated with signatures. It is a wall clock timestamp as noted in XML Signature Properties. To give just one example of use, assume a distributor's signing process is found to be broken, but it's not practical to exchange the signature key. Being able to weed out all signatures made before a particular date might turn out really important in this context. (2) Update 7.2 Signature Generation to add the following at the end: The current wall time MUST be placed in the dsp:Created signature property upon signature generation. The granularity of this time need not be finer than to the minute. The time SHOULD reflect the time that signature generation completes. A unique identifier string for the signature MUST be placed in the dsp:Identifier signature property by the signer. This MUST be a unique signing string for all signatures created by the signer. (3) Update 7.3 Signature Validation to add after the second sentence a new paragraph: The Created Signature Property value MUST represent a timestamp earlier than the current time, to the nearest minute, according to wall clock time. There MUST NOT be more than one such value in the signature. --- In addition to these changes in Widget Signature, the latest Editors Draft of XML Signature Properties reflects the addition on the new Identifier [1] and Created [2] Signature properties. Please review and indicate any suggestions for those as well. Thanks regards, Frederick Frederick Hirsch Nokia [1] http://www.w3.org/2008/xmlsec/Drafts/xmldsig-properties/Overview.html#identifier-property [2] http://www.w3.org/2008/xmlsec/Drafts/xmldsig-properties/Overview.html#created-property
Received on Tuesday, 10 March 2009 16:20:50 UTC