ghopp
/
server_playground
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Another abandoned server code base... this is kind of an ancestor of taskrambler.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
165 Commits
1 Branch
0 Tags
51 MiB
 
 
 
 
 
 
Tree: 9e1e4f7891
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9e1e4f7891'
${ noResults }
server_playground/doc/www.w3.org/TR/2011/PR-widgets-digsig-20110811/index.html

539 lines
53 KiB
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html lang="en-US" xml:lang="en-US" xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html;charset=UTF-8" http-equiv="Content-Type" /><title>XML Digital Signatures for Widgets</title><style type="text/css">
dfn {
font-weight: bold;
}
.figure {
display: block;
counter-increment: fig-num;
text-align: center;
margin: 1em 0em 1em 0em;
}
.figcaption {
clear:both;
display:block;
}
.figcaption:before {
content: "Figure " counter(fig-num) ": ";
font-weight:bold;
}
</style><link href="http://www.w3.org/StyleSheets/TR/W3C-PR" rel="stylesheet" type="text/css" /></head><body>
<div>
<div class="head">
<a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72" /></a>
<h1 class="head">XML Digital Signatures for Widgets</h1>
<h2 class="no-num no-toc" id="w3c-proposed-recommendation-11-august-2011">W3C Proposed Recommendation 11 August 2011
<!--W3C Proposed Recommendation-->
</h2>
<dl><dt>This version:</dt>
<dd><a href="http://www.w3.org/TR/2011/PR-widgets-digsig-20110811/">http://www.w3.org/TR/2011/PR-widgets-digsig-20110811/</a></dd>
<dt>Latest version:</dt>
<dd><a href="http://www.w3.org/TR/widgets-digsig/">http://www.w3.org/TR/widgets-digsig/</a></dd>
<dt>Previous version:</dt>
<dd><a href="http://www.w3.org/TR/2011/WD-widgets-digsig-20110607/">http://www.w3.org/TR/2011/WD-widgets-digsig-20110607/</a></dd>
<dt>Editor's Draft:</dt>
<dd><a href="http://dev.w3.org/2006/waf/widgets-digsig/">http://dev.w3.org/2006/waf/widgets-digsig/</a></dd>
<dt>Differences document: </dt>
<dd><a href="http://www.w3.org/2007/10/htmldiff?doc1=http%3A%2F%2Fwww.w3.org%2FTR%2Fwidgets-digsig%2F&amp;doc2=http%3A%2F%2Fdev.w3.org%2F2006%2Fwaf%2Fwidgets-digsig%2F">W3C HTML Diff Service</a></dd>
<dt>Test Suite:</dt>
<dd><a href="http://dev.w3.org/2006/waf/widgets-digsig/test-suite/">http://dev.w3.org/2006/waf/widgets-digsig/test-suite/</a></dd>
<dt>Implementation Report: </dt>
<dd><a href="http://dev.w3.org/2006/waf/widgets-digsig/imp-report/">http://dev.w3.org/2006/waf/widgets-digsig/imp-report/</a></dd>
<dt>Editors:</dt>
<dd><a href="http://datadriven.com.au/">Marcos Cáceres</a>, W3C Invited Expert</dd>
<dd>Paddy Byers, Aplix Corporation</dd>
<dd><a href="http://stuartk.co.uk/">Stuart Knightley</a>, Opera Software ASA</dd>
<dd>Frederick Hirsch, Nokia</dd>
<dd>Mark Priestley, Vodafone</dd>
</dl><p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> © 2011 <a href="http://www.w3.org/"><abbr title="World Wide Web Consortium">W3C</abbr></a><sup>®</sup> (<a href="http://www.csail.mit.edu/"><abbr title="Massachusetts Institute of Technology">MIT</abbr></a>, <a href="http://www.ercim.eu/"><abbr title="European Research Consortium for Informatics and Mathematics">ERCIM</abbr></a>, <a href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. W3C <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply.</p>
</div>
<hr /><h2 class="no-num no-toc" id="abstract">Abstract</h2>
<p class="no-num no-toc">This document defines a profile of the <cite><a href="http://www.w3.org/TR/xmldsig-core1/">XML
Signature Syntax and Processing 1.1</a></cite> specification to allow a widget package to be digitally signed. Authors and distributors can digitally sign a widget as a mechanism to
ensure continuity of authorship and distributorship. A user agent, or other validation system, can use a digital signature to verify the
data integrity of the files within a widget package and to
confirm the signing key(s). </p>
<h2 class="no-num no-toc" id="sotd">Status of this Document </h2>
<p><em>This section describes the status of this document at the time of its
publication. Other documents may supersede this document. A list of current W3C
publications and the latest revision of this technical report can be found in the
<a href="http://www.w3.org/TR/">W3C technical reports index</a> at
http://www.w3.org/TR/.</em></p>
<p>Publication as a Proposed Recommendation does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress. </p>
<p>This is the 11 August 2011 Proposed Recommendation of this specification.  The
Last Call period ended on 28 June 2011. Since two independent implementations already passed 100% of this specification's test suite after the end of the Last Call period, there was no Candidate Recommendation phase (see <a href="http://dev.w3.org/2006/waf/widgets-digsig/imp-report/">implementation report</a>). No
substantive changes were made as a result of the Last Call review (see <a href='htmldiff.html'>diff</a>).</p>
<p>The public is encouraged
to send comments to the WebApps Working Group's public mailing list <a href="mailto:public-webapps@w3.org">public-webapps@w3.org</a> (<a href="http://lists.w3.org/Archives/Public/public-webapps/">archive</a>) by the <strong>15 September 2011</strong>. See <a href="http://www.w3.org/Mail/">W3C mailing list and archive usage guidelines</a>. Advisory Committee Representatives should consult their <a href="http://www.w3.org/2002/09/wbs/33280/widgets-2001-part1/">questionnaires</a>. Please note that advance of this specification to Recommendation is blocked pending the outcome of the <a href="http://www.w3.org/2011/xmlsec-pag/Overview.html">XML Security PAG</a> for the <a href="http://www.w3.org/TR/xmldsig-core1/">XML Signature Syntax and Processing Version 1.1</a> specification (a normative dependency for this specification).</p>
<p>This document is produced by the <a href="http://www.w3.org/2008/webapps/">Web
Applications WG</a>, part of the <a href="http://www.w3.org/2006/rwc/Activity">Rich Web
Client Activity</a> in the W3C <a href="http://www.w3.org/Interaction/">Interaction
Domain</a>. It is expected that this document will progress along the W3C's
Recommendation track.</p>
<p>This document was produced by a group operating under the <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 February 2004 W3C Patent
Policy</a>. W3C maintains a <a href="http://www.w3.org/2004/01/pp-impl/42538/status" rel="disclosure">public list of any patent disclosures</a> made in connection with the
deliverables of the group; that page also includes instructions for disclosing a
patent. An individual who has actual knowledge of a patent which the individual
believes contains <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential
Claim(s)</a> must disclose the information in accordance with <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section 6 of the
W3C Patent Policy</a>.</p>
<h2 class="no-num no-toc" id="toc">Table of Contents</h2>
<!--begin-toc-->
<ol class="toc">
<li><a href="#introduction"><span class="secno">1 </span>Introduction</a>
<ol class="toc">
<li><a href="#requirements"><span class="secno">1.1 </span>Design goals and requirements</a></li></ol></li>
<li><a href="#conformance"><span class="secno">2 </span>Conformance</a></li>
<li><a href="#definitions"><span class="secno">3 </span>Definitions</a></li>
<li><a href="#versions-namespaces-and-identifiers"><span class="secno">4 </span>Versions, namespaces, and identifiers</a></li>
<li><a href="#algorithms"><span class="secno">5 </span>Algorithms, key lengths, and certificate formats</a>
<ol class="toc">
<li><a href="#x509note"><span class="secno">5.1 </span>Note about X.509 data</a></li></ol></li>
<li><a href="#author-signatures"><span class="secno">6 </span>Author signature</a>
<ol class="toc">
<li><a href="#naming-convention"><span class="secno">6.1 </span>Naming convention</a></li></ol></li>
<li><a href="#distributor-signatures"><span class="secno">7 </span>Distributor signatures</a>
<ol class="toc">
<li><a href="#naming-convention-0"><span class="secno">7.1 </span>Naming convention</a></li></ol></li>
<li><a href="#generating-a-digital-signature"><span class="secno">8 </span>Generating a digital signature </a>
<ol class="toc">
<li><a href="#example-of-a-generated-distributor-signature"><span class="secno">8.1 </span>Example of a generated distributor signature</a></li></ol></li>
<li><a href="#signature-verification"><span class="secno">9 </span>Validating digital signatures </a></li>
<li><a href="#locating-signature-files-in-a-widget-package"><span class="secno">10 </span>Locating signature files in a widget package </a></li>
<li><a href="#security-considerations"><span class="secno">11 </span>Security Considerations</a></li>
<li><a class="no-num" href="#acknowledgements">Acknowledgements</a></li>
<li><a class="no-num" href="#references">Normative References</a></li>
<li><a class="no-num" href="#references2">Informative References</a></li></ol>
<!--end-toc-->
<h2 id="introduction"><span class="secno">1 </span>Introduction</h2>
<p> A <a href="#widget-package">widget package</a> can be digitally signed by an <a href="#author">author</a> to produce a <a href="#signature-file">signature file</a> that cryptographically covers all of the files of a widget package that are not <a href="#signature-file" title="signature file">signature files</a> (e.g., HTML files, CSS files, and JavaScript files). In this specification, this kind of signature is referred to as an <a href="#author-signature">author signature</a>. </p>
<p>A user agent or other entity can use an <a href="#author-signature">author signature</a> to determine:</p>
<ul><li> which entity alleges to have authored the widget, </li>
<li>that the integrity of the
widget is as the <a href="#author">author</a> intended,</li>
<li>and whether a set of
widgets came from the same <a href="#author">author</a>.</li>
</ul><p>A <a href="#widget-package">widget package</a> can also be
signed by one or more <a href="#distributor" title="distributor">distributors</a> to produce a <a href="#signature-file">signature file</a> that cryptographically includes all non-signature files as well as any <a href="#author-signature">author
signature</a> (if one was included). In this specification, this kind of signature is referred to as a <a href="#distributor-signature">distributor signature</a>. To be clear,<a href="#distributor-signature" title="distributor signature">distributor signatures</a> countersign <a href="#author-signature" title="author signature">author signatures</a>, but do not countersign other <a href="#distributor-signature" title="distributor signature">distributor signatures</a>. Because of this, an author signature needs to be included in a <a href="#widget-package">widget package</a> before a <a href="#distributor-signature" title="distributor signature">distributor signature</a> or the <a href="#algorithm-to-validate-digital-signatures" title="algorithm to validate digital signatures">validation process</a> defined in this specification will fail. </p>
<p>A user agent or other entity can use a <a href="#distributor-signature" title="distributor signature">distributor signature</a> to determine:</p>
<ul><li> that a particular
distributor has distributed a widget package, </li>
<li> that the integrity of the <a href="#widget-package">widget package</a> is as the distributor intended,</li>
<li>and whether a set of
widgets came from the same <a href="#distributor">distributor</a>. </li>
</ul><p>The complete signing model is illustrated in <a href="#figure1">Figure 1</a>. </p>
<div class="figure" id="figure1"> <img alt="signature chain" height="291" src="images/digsigchain.png" width="692" /><div class="figcaption">This figure shows which files are signed by each kind of signature, indicated by the dashed lines and arrows. <a href="#author-signature" title="author signature">Author signatures</a> sign all the non-signature files of the <a href="#widget-package">widget package</a> (e.g., images, sounds, HTML files, and CSS files). The <a href="#distributor-signature" title="distributor signature">distributor signatures</a> sign the <a href="#author-signature">author signature</a> and all other non-signature files in the package (but not other <a href="#distributor-signature" title="distributor signature">distributor signatures</a>). The model allows <a href="#distributor-signature" title="distributor signature">distributor signatures</a> to be removed without affecting the integrity of the <a href="#widget-package">widget package</a> as the author intended it. This also facilitates redistribution of <a href="#widget-package" title="widget package">widget packages</a> by either complete removal of all <a href="#signature-file" title="signature file">signature files</a> or substitutions of signatures. </div>
</div>
<h3 id="requirements"><span class="secno">1.1 </span>Design goals and requirements</h3>
<p>This document addresses the
following requirements from the <a href="#widgets-requirements">[Widgets
Requirements]</a> document: </p>
<ul><li>
<p><a href="http://www.w3.org/TR/widgets-reqs/#digital-signatures">Digital Signatures</a>: this specification relies on <a href="#xmldsig11">[XMLDSIG11]</a> and <a href="#rfc5280">[RFC5280]</a> to address
this requirement.</p>
</li>
<li>
<p><a href="http://www.w3.org/TR/widgets-reqs/#support-for-multiple-signature-algorithm">Multiple Signatures and Certificate Chains</a>: this
specification relies on <a href="#xmldsig11">[XMLDSIG11]</a> and <a href="#rfc5280">[RFC5280]</a> to address this requirement. </p>
</li>
<li>
<p><a href="http://www.w3.org/TR/widgets-reqs/#signature-document-format">Signature Document Format</a>: see <a href="#signature-file">signature file</a>. </p>
</li>
<li>
<p><a href="http://www.w3.org/TR/widgets-reqs/#support-for-multiple-message-digest-algo">Support for Multiple Message Digest Algorithms</a>: this
specification supports SHA-256, the <code>reference</code> element, and <code>ds:SignedInfo</code> element. </p>
</li>
<li>
<p><a href="http://www.w3.org/TR/widgets-reqs/#support-for-multiple-signature-algorithm"> Support for Multiple Signature Algorithms</a>: this specification relies on the signature algorithms defined in <a href="#xmldsig11">[XMLDSIG11]</a>.</p>
</li>
<li>
<p><a href="http://www.w3.org/TR/widgets-reqs/#key-lengths"> Key Lengths</a>: see the <a href="#recommended-key-lengths">recommended key lengths</a>.</p>
</li>
<li>
<p><a href="http://www.w3.org/TR/widgets-reqs/#key-usage-extension">Key Usage Extension</a>: part of X.509v3.</p>
</li>
<li>
<p><a href="http://www.w3.org/TR/widgets-reqs/#inclusion-of-revocation-information">Inclusion of Revocation Information</a>: this specification
relies on <a href="#xmldsig11">[XMLDSIG11]</a> and <a href="#rfc5280">[RFC5280]</a> to address this
requirement. </p>
</li>
</ul><h2 id="conformance"><span class="secno">2 </span>Conformance</h2>
<p>The key words <em class="ct">MUST</em>, <em class="ct">MUST
NOT</em>, <em class="ct">REQUIRED</em>, <em class="ct">SHOULD</em>, <em class="ct">SHOULD NOT</em>, <em class="ct">RECOMMENDED</em>, <em class="ct">MAY</em> and <em class="ct">OPTIONAL</em> in this
specification are to be interpreted as described in <a href="#rfc2119">[RFC2119]</a>. </p>
<p> As well as sections marked as <em>non-normative</em>, the examples and notes,
and security considerations in this specification are non-normative.
Everything else in this specification is normative. </p>
<p>There are two classes of product that can claim conformance to this specification, a <a href="#signer">signer</a> and a <a href="#validator">validator</a>: </p>
<ul><li>
<p>A <dfn id="signer">signer</dfn> is a user agent that implements <a href="#xmldsig11">[XMLDSIG11]</a> and digitally signs a <a href="#widget-package">widget package</a> in a manner that conforms to the requirements of this specification and in a manner that conforms to the applicable generation requirements of <a href="#signature-properties">[Signature Properties]</a>. </p>
</li>
<li>
<p>A <dfn id="validator">validator</dfn> is a user agent that implements <a href="#xmldsig11">[XMLDSIG11]</a> and validates the <a href="#signature-file" title="signature file">signature files</a> of a <a href="#widget-package">widget package</a> in a manner that conforms to the requirements of this specification and in a manner that conforms to the applicable validation requirements of <a href="#signature-properties">[Signature Properties]</a>. </p>
</li>
</ul><p class="note">Note: User agents that implement this specification are encouraged to allow
end-users to install digital certificates. This allows the verification of
digital signatures within the widget package for when custom root certificates are not shipped with a runtime (e.g., for beta testing purposes).</p>
<h2 id="definitions"><span class="secno">3 </span>Definitions</h2>
<p>As the following terms are used throughout this specification, they are gathered here for the reader's convenience. The following list of terms is not exhaustive; other terms are defined throughout this specification. </p>
<p>A <dfn id="file">file </dfn> is the uncompressed representation of a physical file contained in a <a href="#widget-package">widget package</a> (e.g., <code>config.xml</code>).</p>
<p>A <dfn id="file-name">file name</dfn> is the name of a <a href="#file">file</a> contained in
a <a href="#widget-package">widget package</a> (excluding path information). </p>
<p>The <dfn id="root-of-the-widget-package">root of the widget package</dfn> is the top-most file-path
level of the <a href="#widget-package">widget package</a>, as defined in the <a href="#widgets-packaging">[Widgets Packaging]</a> specification.</p>
<p>A <dfn id="signature-file">signature file</dfn> is a <a href="http://www.w3.org/TR/xmldsig-core1/#def-SignatureDetached">detached</a> <a href="#xmldsig11">[XMLDSIG11]</a> document, likely encoded in <a href="#utf-8">[UTF-8]</a>. </p>
<p>A <dfn id="widget-package">widget package</dfn> is a <a href="#zip">[ZIP]</a> archive that conforms to the <a href="#widgets-packaging">[Widgets Packaging]</a> specification.</p>
<p>A <dfn id="zip-relative-path">zip relative path</dfn> is a string that conforms to the <a href="#abnf">[ABNF]</a> for <code><a href="http://www.w3.org/TR/widgets/#zip-rel-path">zip-rel-path</a></code> as specified in <a href="#widgets-packaging">[Widgets Packaging]</a>.</p>
<h2 id="versions-namespaces-and-identifiers"><span class="secno">4 </span>Versions, namespaces, and identifiers</h2>
<p>This specification makes use of <a href="#xml-namespaces">[XML-Namespaces]</a>, and uses <a href="#uri">[URI]</a>s to identify resources, algorithms, and semantics.</p>
<p>The XML namespace for <a href="#xml">[XML]</a> elements used by this specification is <code>http://www.w3.org/ns/widgets-digsig</code></p>
<p>The <dfn id="profile-uri">profile URI</dfn> for this specification is <code>http://www.w3.org/ns/widgets-digsig#profile</code></p>
<p>No provision is made for an explicit version number in this
specification. If a future version of
this specification requires explicit versioning of the document
format, a different namespace will
be used.</p>
<h2 id="algorithms"><span class="secno">5 </span>Algorithms, key lengths, and certificate formats</h2>
<p>This specification relies on a user agent's conformance to <a href="#xmldsig11">[XMLDSIG11]</a> for support of signature algorithms, certificate formats, canonicalization algorithms, and digest methods. As this specification is a profile of <a href="#xmldsig11">[XMLDSIG11]</a>, it makes a number of recommendations as to what signature algorithms should be used when signing a widget package to achieve optimum interoperability. See <a href="http://www.w3.org/TR/xmldsig-core1/#sec-SignatureAlg">Signature Algorithms</a> of <a href="#xmldsig11">[XMLDSIG11]</a> for the list of required algorithms. </p>
<p>The <dfn id="recommended-signature-algorithm">recommended signature algorithm</dfn> is <a href="http://www.w3.org/TR/xmldsig-core1/#sec-PKCS1">RSA</a> using the RSAwithSHA256 signature identifier: <a href="http://www.ietf.org/rfc/rfc4051.txt">http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</a>.</p>
<p>The <dfn id="recommended-key-lengths">recommended key
lengths</dfn> are: </p>
<ul><li>4096 bits for <a href="http://www.w3.org/TR/xmldsig-core1/#sec-PKCS1">RSA</a>.</li>
</ul><p> The <dfn id="recommended-digest-method">recommended digest method</dfn> is <a href="http://www.w3.org/TR/xmldsig-core1/#sec-SHA-256">SHA-256</a>. </p>
<p>The <dfn id="recommended-canonicalization-algorithm">recommended canonicalization algorithm</dfn> is <cite> Canonical XML Version 1.1 (omits comments)</cite> as defined in <a href="#c14n11">[C14N11]</a>. The identifier for the algorithm is <a href="http://www.w3.org/2006/12/xml-c14n11">http://www.w3.org/2006/12/xml-c14n11</a>.</p>
<p>The <dfn id="recommended-certificate-format">recommended certificate format</dfn> is
X.509 version 3 as specified in <a href="#rfc5280">[RFC5280]</a>. </p>
<h3 id="x509note"><span class="secno">5.1 </span>Note about X.509 data</h3>
<p><em>This section is informative.</em></p>
<p> A <a href="#signature-file"> signature file</a> can have information contained
in a <code>ds:X509Data</code> element, as specified by the <a href="#xmldsig11">[XMLDSIG11]</a> specification. This can include X.509 certificates, and/or
<abbr title="Certificate Revocation List">CRL</abbr> and/or OCSP response information that, if included, are conveyed according
to the <a href="#xmldsig11">[XMLDSIG11]</a> specification. X.509 v3 certificates provide means to
express the basic constraints on a certificate. This allows <abbr title="Certificate Authority"><abbr title="certification authority">CA</abbr></abbr> certificates to be distinguished from end entity certificates,
enabling more robust trust verification. See also <a href="#rfc5280">[RFC5280]</a> for more information.</p>
<h2 id="author-signatures"><span class="secno">6 </span>Author signature</h2>
<p>An <dfn id="author-signature">author signature</dfn> is a <a href="#signature-file">signature file</a> whose <a href="#file-name"> file name</a> adheres to the <a href="#naming-convention-for-an-author-signature">naming convention for an author
signature</a> and whose <a href="#signature-properties">[Signature Properties]</a> <code>Role</code> element's <code><a href="#uri">URI</a></code> attribute value is equal to the <a href="#author-role-uri">author role URI</a>. An <a href="#author-signature">author signature</a> is intended to be generated by the <dfn id="author">author</dfn> of the widget, which is the entity or entities whom claim authorship over the content of the <a href="#widget-package">widget package</a>.</p>
<p> A <a href="#widget-package">widget package</a> can contain zero or
one <a href="#author-signature" title="author signature">author signature</a>. </p>
<dl><dt><dfn id="author-role-uri">Author role URI</dfn>: </dt>
<dd> <code>http://www.w3.org/ns/widgets-digsig#role-author</code></dd>
</dl><h3 id="naming-convention"><span class="secno">6.1 </span>Naming convention</h3>
<p>The <code><a href="#author-sig-filename">author-sig-filename</a></code> <a href="#abnf">[ABNF]</a> rule defines the <dfn id="naming-convention-for-an-author-signature">naming convention for an
author signature</dfn>, as it applies to the <a href="#file-name"> file name</a> of the <a href="#author-signature">author signature</a>: </p>
<pre> <code><dfn id="author-sig-filename">author-sig-filename</dfn> = %x61.75.74.68.6f.72.2d.73.69.67.6e.61.74.75.72.65.2e.78.6d.6c</code></pre>
<p>The <code><a href="#author-sig-filename">author-sig-filename</a></code> rule defines the lower-case (case-sensitive) string "<code>author-signature.xml</code>".</p>
<h2 id="distributor-signatures"><span class="secno">7 </span>Distributor signatures</h2>
<p>A <dfn id="distributor-signature">distributor signature</dfn> is a <a href="#signature-file"> signature file</a> whose <a href="#file-name"> file name</a> adheres
to the <a href="#naming-convention-for-a-distributor-signature">naming convention for a distributor
signature</a> and whose <a href="#signature-properties">[Signature Properties]</a> <code>Role</code> element's <code><a href="#uri">URI</a></code> attribute value is equal to the <a href="#distributor-role-uri">distributor role URI</a>. A <a href="#distributor-signature">distributor signature</a> is intended to be generated by a <dfn id="distributor">distributor</dfn>, which is a third party that is distributing the widget on behalf of the author. </p>
<p> A <a href="#widget-package">widget package</a> can contain zero, one, or
more <a href="#distributor-signature" title="distributor signature">distributor signatures</a>. </p>
<dl><dt><dfn id="distributor-role-uri">Distributor role URI</dfn>:</dt>
<dd> <code>http://www.w3.org/ns/widgets-digsig#role-distributor</code> </dd>
</dl><h3 id="naming-convention-0"><span class="secno">7.1 </span>Naming convention</h3>
<p> Each <a href="#distributor-signature">distributor signature</a> has a <a href="#file-name">file name</a> consisting of the lower-case
string "<code>signature</code>" followed by a digit in the range
1-9 inclusive, followed by an optional
zero or more digits in the range 0-9 inclusive and then the lower-case
"<code title="">.xml</code>". </p>
<p>The <code><a href="#dist-sig-filename">dist-sig-filename</a></code> rule formally defines the <dfn id="naming-convention-for-a-distributor-signature">naming convention for a
distributor signature</dfn>, as it applies to the <a href="#file-name"> file name</a> of a <a href="#distributor-signature">distributor signature</a>: </p>
<pre><code><dfn id="dist-sig-filename">dist-sig-filename</dfn> = signature-string non-zero-digit
*DIGIT xml-suffix-string
signature-string = %x73.69.67.6e.61.74.75.72.65
non-zero-digit = %x31-39
xml-suffix-string = %x2e.78.6d.6c </code></pre>
<ul><li>
<p>The <code>signature-string</code> rule defines the lower-case string "<code>signature</code>".</p>
</li>
<li>
<p>The <code>non-zero-digit</code> rule defines a digit in the
range <code>1-9</code>, thus leading zeros are disallowed by this rule.</p>
</li>
<li>
<p><code>DIGIT</code> is defined as a
digit in the range <code>0-9</code>.</p>
</li>
<li>
<p> The <code>xml-suffix-string</code> rule defines the lower-case
(case-sensitive) string "<code title="">.xml</code>".</p>
</li>
</ul><p class="example">An example is <code>signature20.xml</code>.</p>
<h2 id="generating-a-digital-signature"><span class="secno">8 </span>Generating a digital signature </h2>
<p id="ta-generate">To digitally sign the contents of a <a href="#widget-package">widget package</a> with an <a href="#author-signature">author signature</a> or with a <a href="#distributor-signature">distributor signature</a>, a <a class="product-signer" href="#signer">signer</a> <em class="ct">MUST</em> run the <a href="#algorithm-to-generate-a-digital-signature">algorithm to generate a digital signature</a>. </p>
<p>The algorithm below relies on the <a href="http://www.w3.org/TR/xmldsig-core1/#sec-CoreGeneration">signature generation rules</a> of <a href="#xmldsig11">[XMLDSIG11]</a> (Section 3.1) and the various generation rules defined in <a href="#signature-properties">[Signature Properties]</a> (links to the appropriate sections of those specifications are provided where needed for generation). When performing the algorithm below, it is <em class="ct">RECOMMENDED</em> that a <a class="product-signer" href="#signer">signer</a> use the <a href="#recommended-canonicalization-algorithm">recommended canonicalization algorithm</a>, the <a href="#recommended-signature-algorithm">recommended signature algorithm</a>, the <a href="#recommended-key-lengths">recommended key lengths</a> for the appropriate algorithm, and the <a href="#recommended-certificate-format">recommended certificate format</a>. </p>
<p>The <dfn id="algorithm-to-generate-a-digital-signature">algorithm to generate a digital signature</dfn> is as follows: </p>
<ol><li>
<p>Using the <a href="http://www.w3.org/TR/xmldsig-core1/#sec-Processing">Processing Rules</a> of <a href="#xmldsig11">[XMLDSIG11]</a>, perform <a href="http://www.w3.org/TR/xmldsig-core1/#sec-ReferenceGeneration">reference generation</a> for each <a href="#file">file</a> of the <a href="#widget-package">widget package</a> that is not a <a href="#signature-file">signature file</a>. Set the a <code><a href="#uri">URI</a></code> attribute of each <code>ds:Reference</code> to be the <a href="#zip-relative-path">zip
relative path</a> that identifies the <a href="#file">file</a> inside the <a href="#widget-package">widget
package</a>. </p>
</li>
<li>
<p>Optionally, include a <code>ds:KeyInfo</code> element in the manner described in <a href="#xmldsig11">[XMLDSIG11]</a> (see <a href="http://www.w3.org/TR/xmldsig-core1/#sec-KeyInfo">The <code>KeyInfo</code> Element</a> for how to do this). The element can include CRL and/or OCSP
information <a href="#rfc5280">[RFC5280]</a> (see <a href="#x509note">note about X.509 data</a> in this specification). </p>
</li>
<li>
<p>Generate the container elements for <a href="#signature-properties">[Signature Properties]</a> in accordance with the <a href="http://www.w3.org/TR/2010/WD-xmldsig-properties-20100204/#placement">Signature Properties Placement</a> section of <a href="#signature-properties">[Signature Properties]</a>. </p>
</li>
<li>
<p>If generating an <a href="#author-signature">author signature</a>, <a href="http://www.w3.org/TR/xmldsig-properties/#role-property-generation">generate a role property</a> and let its <code><a href="#uri">URI</a></code> attribute value be the <a href="#author-role-uri">author role URI</a>.</p>
</li>
<li>
<p>Otherwise, if generating a <a href="#distributor-signature">distributor signature</a>:</p>
<ol><li>
<p><a href="http://www.w3.org/TR/xmldsig-properties/#role-property-generation">Generate a role property</a> in the manner specified in <a href="#signature-properties">[Signature Properties]</a> and let its <code><a href="#uri">URI</a></code> attribute value be the <a href="#distributor-role-uri">distributor role URI</a>.</p>
</li>
<li>
<p>If the <a href="#widget-package">widget package</a> contains an <a href="#author-signature">author signature</a>, perform <a href="http://www.w3.org/TR/xmldsig-core1/#sec-ReferenceGeneration">reference generation</a> on the <a href="#author-signature">author signature</a> and set the resulting <code>ds:Reference</code> element's <code><a href="#uri">URI</a></code> attribute to be <code>author-signature.xml</code>. </p>
</li>
</ol></li>
<li>
<p><a href="http://www.w3.org/TR/xmldsig-properties/#identifier-property-generation">Generate an identifier property</a> in the manner specified in <a href="#signature-properties">[Signature Properties]</a>. </p>
</li>
<li>
<p><a href="http://www.w3.org/TR/xmldsig-properties/#profile-property-generation">Generate a profile property</a> in the manner specified in <a href="#signature-properties">[Signature Properties]</a> whose <code><a href="#uri">URI</a></code> attribute is the <a href="#profile-uri">profile URI</a>.</p>
</li>
<li>
<p>Optionally, include any additional <a href="#signature-properties">[Signature Properties]</a> (e.g., <a href="http://www.w3.org/TR/xmldsig-properties/#created-property">created</a>, <a href="http://www.w3.org/TR/xmldsig-properties/#expires-property">expires</a>, <a href="http://www.w3.org/TR/xmldsig-properties/#replay-nonce-property">replayProtect</a>) by following the appropriate generation rules specified in <a href="#signature-properties">[Signature Properties]</a>. </p>
</li>
<li>
<p><a href="http://www.w3.org/TR/xmldsig-core1/#sec-ReferenceGeneration">Generate a reference</a> to the <code>ds:Object</code> that contains the signature properties created in the steps above. </p>
</li>
<li>
<p>Perform <a href="http://www.w3.org/TR/xmldsig-core1/#sec-SignatureGeneration">signature generation</a> as defined in <a href="#xmldsig11">[XMLDSIG11]</a>. </p>
</li>
<li>
<p>Serialize the signature
as a <a href="#utf-8">[UTF-8]</a> encoded <a href="#xml">[XML]</a> document using the appropriate naming convention depending on its role: using either the <a href="#naming-convention-for-a-distributor-signature">naming convention for a distributor
signature</a> or the <a href="#naming-convention-for-an-author-signature">naming convention for an author
signature</a>. </p>
<p class="note">Note: It is not a requirement that the <a href="#file-name" title="file name">file names</a> of <a href="#distributor-signature" title="distributor signature">distributor signatures</a> are serially numbered <code>signatures1.xml</code>, <code>signature2.xml</code>, <code>signature3.xml</code>, and so on. A <a href="#signer" title="signer">signer</a> can to use whatever pattern they want, so long as the file name conforms to the <a href="#naming-convention-for-a-distributor-signature">naming convention for a distributor
signature</a>. The numeric part of the file name affects the order in which signature files are processed by a <a href="#validator">validator</a> (see the <a href="#algorithm-to-locate-signature-files-in-a-widget-package">algorithm to locate signature files in a widget package</a>). So, to ensure that a <a href="#distributor-signature">distributor signature</a> is processed before any other <a href="#distributor-signature" title="distributor signature">distributor signatures</a>, assign a number greater than that of all the other <a href="#distributor-signature" title="distributor signature">distributor signatures</a> for the numeric part of the <a href="#distributor-signature" title="distributor signature">distributor signature's</a> file name. </p>
</li>
<li>Place the generated <a href="#signature-file">signature file</a> at the <a href="#root-of-the-widget-package">root of the widget package</a>. </li>
</ol><h3 id="example-of-a-generated-distributor-signature"><span class="secno">8.1 </span>Example of a generated distributor signature</h3>
<p><em>This section is non-normative.</em></p>
<p>The following is an example of a <a href="#distributor-signature">distributor signature</a> document, named <code>signature1.xml</code>. For legibility, the example omits the content of the various cryptographic digests and instead uses "…":</p>
<pre><code>&lt;?xml version="1.0" encoding="UTF-8"?&gt;
&lt;Signature xmlns="http://www.w3.org/2000/09/xmldsig#"
Id="DistributorSignature"&gt;
&lt;SignedInfo&gt;
&lt;CanonicalizationMethod
Algorithm="http://www.w3.org/2006/12/xml-c14n11"/&gt;
&lt;SignatureMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/&gt;
&lt;Reference URI="config.xml"&gt;
&lt;DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/&gt;
&lt;DigestValue&gt;&lt;/DigestValue&gt;
&lt;/Reference&gt;
&lt;Reference URI="index.html"&gt;
&lt;DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/&gt;
&lt;DigestValue&gt;&lt;/DigestValue&gt;
&lt;/Reference&gt;
&lt;Reference URI="#prop"&gt;
&lt;Transforms&gt;
&lt;Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/&gt;
&lt;/Transforms&gt;
&lt;DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/&gt;
&lt;DigestValue&gt;&lt;/DigestValue&gt;
&lt;/Reference&gt;
&lt;/SignedInfo&gt;
&lt;SignatureValue&gt;&lt;/SignatureValue&gt;
&lt;KeyInfo&gt;
&lt;X509Data&gt;
&lt;X509Certificate&gt;&lt;/X509Certificate&gt;
&lt;/X509Data&gt;
&lt;/KeyInfo&gt;
&lt;Object Id="prop"&gt;
&lt;SignatureProperties
xmlns:dsp="http://www.w3.org/2009/xmldsig-properties"&gt;
&lt;SignatureProperty Id="profile" Target="#DistributorSignature"&gt;
&lt;dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"/&gt;
&lt;/SignatureProperty&gt;
&lt;SignatureProperty Id="role" Target="#DistributorSignature"&gt;
&lt;dsp:Role
URI="http://www.w3.org/ns/widgets-digsig#role-distributor"/&gt;
&lt;/SignatureProperty&gt;
&lt;SignatureProperty Id="identifier" Target="#DistributorSignature"&gt;
&lt;dsp:Identifier&gt;&lt;/dsp:Identifier&gt;
&lt;/SignatureProperty&gt;
&lt;/SignatureProperties&gt;
&lt;/Object&gt;
&lt;/Signature&gt;</code>
</pre>
<h2 id="signature-verification"><span class="secno">9 </span>Validating digital signatures </h2>
<p id="ta-validate">To validate the <a href="#signature-file" title="signature file">signature files</a> of a <a href="#widget-package">widget package</a>, a <a class="product-validator" href="#validator">validator</a> <em class="ct">MUST</em> run the <a href="#algorithm-to-validate-digital-signatures">algorithm to validate digital signatures</a>. </p>
<p>The algorithm below relies on the <a href="http://www.w3.org/TR/xmldsig-core1/#sec-CoreGeneration">Core Validation</a> of <a href="#xmldsig11">[XMLDSIG11]</a> (Section 3.2) and the various validation rules defined in <a href="#signature-properties">[Signature Properties]</a> (links to the appropriate sections of those specifications are provided where needed for validation). This specification
does not define the means or format of a failure notification: handling of signatures that are <dfn id="in-error">in error</dfn> is left up to the implementation. The reason for validation failure can be returned by the implementation to an external
entity,
including reasons
related to Reference validation, Signature validation, Signature
Property validation and/or certificate and CRL/OCSP verification. The decision of which (if any) <a href="#distributor-signature" title="distributor signature">distributor signatures</a> are to
be validated and whether the <a href="#author-signature">author signature</a> is
validated is out of scope of this specification. This <em class="ct">MAY</em> be
determined by the security policy used by the <a class="product-validator" href="#validator">validator</a>. </p>
<p>During <a href="#algorithm-to-validate-digital-signatures" title="algorithm to validate digital signatures">validation</a>, a user agent <em class="ct">MAY</em> treat a widget package as being <a href="#in-error">in error</a> if it deems that the key length for a signature algorithm to is not large enough to be secure (e.g., under 2048 bits for <a href="http://www.w3.org/TR/xmldsig-core1/#sec-PKCS1">RSA</a> and <a href="http://www.w3.org/TR/xmldsig-core1/#sec-DSA">DSA</a>, or 224 bit for <a href="http://www.w3.org/TR/xmldsig-core1/#sec-ECDSA">ECDSA</a>). </p>
<p>The <dfn id="algorithm-to-validate-digital-signatures">algorithm to validate digital signatures</dfn> is as follows: </p>
<ol><li>
<p>Let <var>signatures list</var> be the result of applying the <a href="#algorithm-to-locate-signature-files-in-a-widget-package">algorithm to locate signature files in a widget package</a>. </p>
</li>
<li>
<p>If the <var>signatures list </var> is empty (meaning no <a href="#signature-file" title="signature file">signature files</a> were found in the widget package), terminate this algorithm
and treat the widget package as an unsigned widget package: It is left up to the user agent to decide how to treat unsigned widget packages.</p>
</li>
<li>
<p>For each <var>signature</var> in <var>signatures list</var>:</p>
<ol><li>
<p>If <var>signature</var> is not a valid <a href="#xmldsig11">[XMLDSIG11]</a> document, then <var>signature</var> is <a href="#in-error">in error</a>. </p>
</li>
<li>
<p>Check that <var>signature</var> has a <code>ds:Reference</code> for every <a href="#file">file</a> that is not a <a href="#signature-file">signature file</a>. If any non-signature file is not listed, then <var>signature</var> is <a href="#in-error">in error</a>. </p>
</li>
<li>
<p> Check that <var>signature</var> has a single same-document <code>ds:Reference</code> to a <code>ds:Object</code> container for <a href="#signature-properties">[Signature Properties]</a> in accordance with the Signature Properties Placement section of <a href="#signature-properties">[Signature Properties]</a>.</p></li>
<li>
<p>Optionally, if the ds:Signature's key length for a given signature algorithm (e.g., <a href="http://www.w3.org/TR/xmldsig-core1/#sec-PKCS1">RSA</a>) is less than a user agent predefined minimum key length, then <var>signature</var> is <a href="#in-error">in error</a>.</p>
</li>
<li>
<p><a href="http://www.w3.org/TR/xmldsig-properties/#profile-property-generation">Validate the profile property</a> against the <a href="#profile-uri">profile URI</a> in the manner specified in <a href="#signature-properties">[Signature Properties]</a>. If the <a href="http://www.w3.org/TR/xmldsig-properties/#profile-property">profile property</a> is missing or invalid, then <var>signature</var> is <a href="#in-error">in error</a>. </p>
</li>
<li>
<p><a href="http://www.w3.org/TR/xmldsig-properties/#identifier-property-generation">Validate the identifier property</a> in the manner specified in <a href="#signature-properties">[Signature Properties]</a>. If the <a href="http://www.w3.org/TR/xmldsig-properties/#identifier-property">identifier property</a> is missing or or invalid, then <var>signature</var> is <a href="#in-error">in error</a>. </p>
</li>
<li>
<p>If <var>signature</var>'s <a href="#file-name">file name</a> matches the <a href="#naming-convention-for-an-author-signature">naming convention for an author signature</a>, <a href="http://www.w3.org/TR/xmldsig-properties/#role-property-validation">validate the role property</a> against the <a href="#author-role-uri">author role URI</a>. If the <a href="http://www.w3.org/TR/xmldsig-properties/#role-property">role property</a> is missing or or invalid, then <var>signature</var> is <a href="#in-error">in error</a>. </p>
</li>
<li>
<p>Otherwise, if <var>signature</var>'s <a href="#file-name">file name</a> matches the <a href="#naming-convention-for-a-distributor-signature">naming convention for a distributor signature</a>:</p>
<ol><li>
<p><a href="http://www.w3.org/TR/xmldsig-properties/#role-property-validation">Validate the role property</a> against the <a href="#distributor-role-uri">distributor role URI</a>. If the <a href="http://www.w3.org/TR/xmldsig-properties/#role-property">role property</a> is missing or or invalid, then <var>signature</var> is <a href="#in-error">in error</a>.</p>
</li>
<li>
<p>If an <a href="#author-signature">author signature</a> is present in the widget package, verify that <var>signature</var> has a <code>ds:Reference</code> for the <a href="#author-signature">author signature</a>. </p>
</li>
</ol></li>
<li>
<p>Optionally, validate any other <a href="#signature-properties">[Signature Properties]</a> supported by the user agent in the manner specified in <a href="#signature-properties">[Signature Properties]</a>.</p>
</li>
<li>
<p>Perform <a href="http://www.w3.org/TR/xmldsig-core1/#sec-ReferenceValidation">reference validation</a> and <a href="http://www.w3.org/TR/xmldsig-core1/#sec-SignatureValidation">signature validation</a> on <var>signature</var>. If validation fails, then <var>signature</var> is <a href="#in-error">in error</a>. </p>
</li>
</ol></li>
<li>
<p>If all <var>signatures</var> validate successfully, treat this as a signed widget package. It is left up to the user agent to decide how to treat singed widget packages.</p>
</li>
</ol><h2 id="locating-signature-files-in-a-widget-package"><span class="secno">10 </span>Locating signature files in a widget package </h2>
<p>The <dfn id="algorithm-to-locate-signature-files-in-a-widget-package">algorithm to locate signature files in a widget package</dfn> is as follows. This algorithm makes use of the concept of <dfn id="numerical-order">numerical order</dfn>, which is the order based on the numeric portion of a <a href="#distributor-signature" title="distributor signature">distributor signature's</a> <a href="#file-name">file name</a>.
Thus in the case more than one <a href="#distributor-signature">distributor signature</a> is to be
processed, the highest numbered distributor signature is
ordered first. </p>
<ol><li>
<p>Let <var>signatures</var> be an empty list. </p>
</li>
<li>
<p>For each <a href="#file">file</a> at the <a href="#root-of-the-widget-package">root of the widget package</a>, if the <a href="#file-name">file name</a> case-sensitively matches the <a href="#naming-convention-for-a-distributor-signature">naming convention for a distributor
signature</a> then append this <a href="#file">file</a> to the <code>signatures</code> list. </p>
</li>
<li>
<p>If the <var>signatures</var> list is not empty,
sort the list of <code>signatures</code> by the <a href="#file-name">file name</a> in ascending <a href="#numerical-order">numerical order</a>.</p>
<p class="example">For example, <code>signature1.xml</code> followed by <code>signature2.xml</code> followed by <code>signature3.xml</code> and so on. As another example, <code>signature9.xml</code> followed by <code>signature44.xml</code> followed by <code>signature122134.xml</code> and so on. </p>
</li>
<li>
<p>Search the <a href="#root-of-the-widget-package">root of the widget package</a> for any <a href="#file-name">file name</a> that case-sensitively matches the <a href="#naming-convention-for-an-author-signature">naming convention for an author
signature</a> and then append this <a href="#file">file</a> to the <code>signatures</code> list. </p>
</li>
<li>Return <var>signatures</var>.</li>
</ol><h2 id="security-considerations"><span class="secno">11 </span>Security Considerations</h2>
<p><em>This section is non-normative.</em> </p>
<p>In addition to the security considerations described in this section, the <a href="http://www.w3.org/TR/xmldsig-core1/#sec-Security">Security Considerations</a> of <a href="#xmldsig11">[XMLDSIG11]</a> apply to this specification. In addition, the security considerations of [Widget Packaging] also apply to this specification. </p>
<p>The signature scheme described in this document deals with the
content present inside a potentially compressed <a href="#widget-package">widget package</a>. This implies that,
in order to verify a <a href="#signature-file">signature file</a>, a user agent needs to
decompress a data stream that can come from an arbitrary source. </p>
<p>Care needs to be taken to avoid resource exhaustion attacks through
maliciously crafted widget packages during signature validation. </p>
<p> Because there is no single <a href="#signature-file">signature file</a> that includes all
files of a widget package,
including all of the signature files,
this leaves a <a href="#widget-package">widget package</a> subject to an
attack where <a href="#distributor-signature" title="distributor signature">distributor signatures</a> can be removed or added. An <a href="#author-signature">author signature</a> could also be attacked by removing the signature
and any <a href="#distributor-signature" title="distributor signature">distributor signatures</a>, if they are present.
A signature file can also be renamed,
which can affect the order in which
distributor signatures are processed. </p>
<p> If the user agent supports installing a new root certificate, an end-user should be made aware of what they are doing, and
why. </p>
<p>A user agent's security policy can affect how
signature validation
impacts operation, and can<em class="ct"></em> have additional constraints on
establishing trust, including additional requirements on certificate
chain validation and certificate revocation processing using CRLs <a href="#rfc5280">[RFC5280]</a> or
OCSP <a href="#rfc2560">[RFC2560]</a>. Security policy can also require additional information to be conveyed in <code>ds:KeyInfo</code>. Security policy is out of scope of this specification
but has important implications for signature file processing. </p>
<h2 class="no-num" id="acknowledgements">Acknowledgements</h2>
<p>The Web Applications working group would like to thank members of
the <a href="http://www.w3.org/2008/xmlsec/">W3C XML Security Working Group</a> for their comments and suggestions,
as well as all reviewers of drafts of this document. </p>
<h2 class="no-num" id="references">Normative References</h2>
<dl class="bibliography"><dt><dfn id="abnf">[ABNF]</dfn></dt>
<dd><a href="http://www.ietf.org/rfc/rfc5234.txt">RFC 5234. <cite>Augmented BNF
for Syntax Specifications: <abbr title="Augmented
Backus-Naur Form">ABNF</abbr></cite></a>, D. Crocker
and P. Overell.
January 2008. </dd>
<dt><dfn id="c14n11">[C14N11]</dfn></dt>
<dd><a href="http://www.w3.org/TR/2008/REC-xml-c14n11-20080502/">Canonical XML
Version 1.1</a>, J. Boyer, M. Marcy. W3C Recommendation. 2 May, 2008.</dd>
<dt><dfn id="rfc2119">[RFC2119]</dfn></dt>
<dd><cite><a href="http://www.ietf.org/rfc/rfc2119">Key words for use in RFCs to Indicate
Requirement Levels</a></cite>, S. Bradner. RFC2119. IETF, March 1997.</dd>
<dt><dfn id="rfc5280">[RFC5280]</dfn></dt>
<dd><cite><a href="http://www.ietf.org/rfc/rfc5280.txt"> Internet
X.509 Public Key Infrastructure Certificate and Certificate Revocation
List (CRL) Profile</a></cite>,
D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley,
W. Polk. RFC5280. IETF, May 2008.</dd>
<dt><dfn id="utf-8">[UTF-8]</dfn></dt>
<dd><cite><a href="http://www.ietf.org/rfc/rfc2279.txt">UTF-8, a transformation format of ISO 10646</a></cite>. F. Yergeau. RFC 2279. IETF, January 1998. </dd>
<dt><dfn id="uri">[URI]</dfn></dt>
<dd><cite><a href="http://www.ietf.org/rfc/rfc3986.txt">Uniform Resource Identifiers (URI): Generic
Syntax</a></cite>, T. Berners-Lee, R. Fielding, L. Masinter. RFC3986. IETF, January 2005. </dd>
<dt><dfn id="widgets-packaging">[Widgets Packaging]</dfn></dt>
<dd><cite><a href="http://www.w3.org/TR/widgets/">Widget Packaging and Configuration</a></cite>,
M. Cáceres. W3C Proposed Recommendation (Work in progress). </dd>
<dt><dfn id="xml">[XML]</dfn></dt>
<dd><cite><a href="http://www.w3.org/TR/REC-xml/">Extensible Markup Language (XML) 1.0</a></cite>, T. Bray, J. Paoli, C. M. Sperberg-McQueen, E. Maler,
F. Yergeau. W3C Recommendation.</dd>
<dt><dfn id="xml-namespaces">[XML-Namespaces]</dfn></dt>
<dd> <cite> <a href="http://www.w3.org/TR/xml-names/">Namespaces
in XML 1.0</a></cite>, T. Bray, D. Hollander,
A. Layman, R. Tobin.
W3C Recommendation.</dd>
<dt><dfn id="xmldsig11">[XMLDSIG11]</dfn></dt>
<dd> <cite><a href="http://www.w3.org/TR/xmldsig-core1/">XML Signature Syntax and
Processing Version 1.1</a></cite>, D. Eastlake, J. Reagle,
D. Solo, F. Hirsch, T. Roessler, K Yiu. W3C Candidate Recommendation (Work in progress).</dd>
<dt><dfn id="signature-properties">[Signature Properties]</dfn></dt>
<dd> <cite><a href="http://www.w3.org/TR/xmldsig-properties/">XML Signature Properties</a></cite>,
F. Hirsch, W3C Candidate Recommendation (Work in progress).</dd>
<dt><dfn id="zip">[ZIP]</dfn></dt>
<dd><cite><a href="http://www.pkware.com/documents/casestudies/APPNOTE.TXT">.ZIP File
Format Specification</a></cite>. PKWare Inc.</dd>
</dl><h2 class="no-num" id="references2">Informative References</h2>
<dl class="bibliography"><dt><dfn id="rfc2560">[RFC2560]</dfn></dt>
<dd><cite><a href="http://www.ietf.org/rfc/rfc2560.txt">X.509 Public Key Infrastructure Online Certificate Status Protocol - OCSP</a></cite>, M. Myers, R. Ankney, A. Malpani, S. Galperin, C. Adams. IETF,
June 1999.</dd>
<dt><dfn id="widgets-requirements">[Widgets Requirements]</dfn></dt>
<dd><cite><a href="http://www.w3.org/TR/widgets-reqs/">Widgets
Requirements</a></cite>, M. Cáceres and Mark Priestley. W3C Working Draft. </dd>
</dl></div>
</body></html>