ISSUE-19: Widgets digital Signatures spec does not meet required use cases and requirements

Widgets digital Signatures spec does not meet required use cases and requirements

State:
CLOSED
Product:
HISTORICAL: Widgets [Bugs and Issues are tracked via Bugzilla https://www.w3.org/Bugs/Public/describecomponents.cgi?product=WebAppsWG]
Raised by:
Marcos Caceres
Opened on:
2008-06-27
Description:
R11. Digital Signature
A conforming specification must specify a means to digitally sign resources in a widget resource and a processing model for verifying the authenticity and the data integrity of the widget resource. The digital signature scheme must be compatible with existing Public Key Infrastructures (PKI), particularly X.509 digital certificates. In addition, the recommended digital signature format should support certificate chaining and the ability for a package to be signed by multiple authorities (i.e., multiple signatures).

The current Widgets 1.0: Digital Signature spec does not meet these requirements [1].

We currently only solve the problem for one signer signing the widget.

We need to find solutions for:

1. Signing the package and allowing certificate chaining:
signature.xml = A signs B signs...N signs widget files

2. Allowing multiple parties to sign the certificate in a separate file:
SignatureB signs signatureA signs widget files

3. Allowing parallel signatures to sign the contents of a package:
SignatureA signs widget files
SignatureB signs widget files

We are still exploring if there are any use cases for a mixed-mode, e.g.:
SignatureA signs widget files
SignatureB signs widget files
SignatureC signs SignatureA

[1] http://dev.w3.org/2006/waf/widgets-digsig/
Related Actions Items:
No related actions
Related emails:
  1. Re: [widgets] Agenda for 5 March 2009 Voice Conference (from marcosc@opera.com on 2009-03-06)
  2. Re: ISSUE-19: Widgets digital Signatures spec does not meet required use cases and requirements [Widgets] (from art.barstow@nokia.com on 2009-03-05)
  3. Re: [widgets] Minutes from 5 March 2009 Voice Conference (from frederick.hirsch@nokia.com on 2009-03-05)
  4. [widgets] Minutes from 5 March 2009 Voice Conference (from art.barstow@nokia.com on 2009-03-05)
  5. RE: [widgets] Agenda for 5 March 2009 Voice Conference (from BS3131@att.com on 2009-03-05)
  6. [widgets] Agenda for 5 March 2009 Voice Conference (from art.barstow@nokia.com on 2009-03-04)
  7. [widgets] Minutes from 25 September 2008 Voice Conference (from art.barstow@nokia.com on 2008-09-25)
  8. [widgets] Agenda for 25 September 2008 Voice Conference (from art.barstow@nokia.com on 2008-09-24)
  9. ISSUE-19: Widgets digital Signatures spec does not meet required use cases and requirements [Widgets] (from sysbot+tracker@w3.org on 2008-06-27)

Related notes:

Closed. See: http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0649.html

Arthur Barstow, 5 Mar 2009, 17:22:05

Display change log ATOM feed

Chair, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 19.html,v 1.1 2016/01/25 10:26:19 carine Exp $