177
edits
Apps/Security/Distribution: Difference between revisions
→W3C XML Digital Signatures for Widgets
| Line 35: | Line 35: | ||
The only problem with the W3C XML Widget Digital Signature Standard is that, compared to the infrastructure behind GNU/Linux Distributions, which have been deploying Chained-Signing for some considerable time and have a decades-long complete architecture, the W3C's standard was only ratified in late 2011 and has very few actual implementations. Here is one implementation: | The only problem with the W3C XML Widget Digital Signature Standard is that, compared to the infrastructure behind GNU/Linux Distributions, which have been deploying Chained-Signing for some considerable time and have a decades-long complete architecture, the W3C's standard was only ratified in late 2011 and has very few actual implementations. Here is one implementation: | ||
* http://docs.oracle.com/javase/6/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html | * [http://docs.oracle.com/javase/6/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html Java javax.xml.crypto.dsig package]: this appears to solely implement the Cryptographic portions of the API: it does ''not'' implement a complete store, nor any infrastructure for validating the packages, nor any infrastructure for downloading or distribution of packages. | ||
=== Trusted store with permissions delegation === | === Trusted store with permissions delegation === | ||