177
edits
Apps/Security/Distribution: Difference between revisions
→W3C XML Digital Signatures for Widgets
| Line 30: | Line 30: | ||
* [[http://www.w3.org/TR/widgets-digsig/#author-signature Authors digitally-sign]] the package | * [[http://www.w3.org/TR/widgets-digsig/#author-signature Authors digitally-sign]] the package | ||
* [[http://www.w3.org/TR/widgets-digsig/#distributor-signature Distributors digitally-sign]] the package ''and'' the author's signature. | * [[http://www.w3.org/TR/widgets-digsig/#distributor-signature Distributors digitally-sign]] the package ''and'' the author's signature. | ||
"Stores" correspond to the W3C's definition of "Distributors"; authors correspond to the B2G concept of "app developer". | |||
The only problem with the W3C XML Widget Digital Signature Standard is that, compared to the infrastructure behind GNU/Linux Distributions, which have been deploying Chained-Signing for some considerable time and have a decades-long complete architecture, the W3C's standard was only ratified in late 2011 and has very few actual implementations. Here is one implementation: | |||
* http://docs.oracle.com/javase/6/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html | |||
=== Trusted store with permissions delegation === | === Trusted store with permissions delegation === | ||