index.html 52.7 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html lang="en-US" xml:lang="en-US" xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html;charset=UTF-8" http-equiv="Content-Type" /><title>XML Digital Signatures for Widgets</title><style type="text/css">
dfn {
	font-weight: bold;
}
.figure {
	display: block;
	counter-increment: fig-num;
	text-align: center;
	margin: 1em 0em 1em 0em;
}
.figcaption {
	clear:both;
	display:block;
}
.figcaption:before {
	content: "Figure " counter(fig-num) ": ";
	font-weight:bold;
}
</style><link href="http://www.w3.org/StyleSheets/TR/W3C-PR" rel="stylesheet" type="text/css" /></head><body>
<div>
  <div class="head">
    <a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72" /></a>
    <h1 class="head">XML Digital Signatures for Widgets</h1>
    <h2 class="no-num no-toc" id="w3c-proposed-recommendation-11-august-2011">W3C Proposed Recommendation 11 August 2011
      <!--W3C Proposed Recommendation-->
    </h2>
    <dl><dt>This version:</dt>
      <dd><a href="http://www.w3.org/TR/2011/PR-widgets-digsig-20110811/">http://www.w3.org/TR/2011/PR-widgets-digsig-20110811/</a></dd>
      <dt>Latest version:</dt>
      <dd><a href="http://www.w3.org/TR/widgets-digsig/">http://www.w3.org/TR/widgets-digsig/</a></dd>
      <dt>Previous version:</dt>
      <dd><a href="http://www.w3.org/TR/2011/WD-widgets-digsig-20110607/">http://www.w3.org/TR/2011/WD-widgets-digsig-20110607/</a></dd>
      <dt>Editor's Draft:</dt>
      <dd><a href="http://dev.w3.org/2006/waf/widgets-digsig/">http://dev.w3.org/2006/waf/widgets-digsig/</a></dd>
      <dt>Differences document: </dt>
      <dd><a href="http://www.w3.org/2007/10/htmldiff?doc1=http%3A%2F%2Fwww.w3.org%2FTR%2Fwidgets-digsig%2F&amp;doc2=http%3A%2F%2Fdev.w3.org%2F2006%2Fwaf%2Fwidgets-digsig%2F">W3C HTML Diff Service</a></dd>
      <dt>Test Suite:</dt>
      <dd><a href="http://dev.w3.org/2006/waf/widgets-digsig/test-suite/">http://dev.w3.org/2006/waf/widgets-digsig/test-suite/</a></dd>
      <dt>Implementation Report: </dt>
      <dd><a href="http://dev.w3.org/2006/waf/widgets-digsig/imp-report/">http://dev.w3.org/2006/waf/widgets-digsig/imp-report/</a></dd>
      <dt>Editors:</dt>
      <dd><a href="http://datadriven.com.au/">Marcos Cáceres</a>, W3C Invited Expert</dd>
      <dd>Paddy Byers, Aplix Corporation</dd>
      <dd><a href="http://stuartk.co.uk/">Stuart Knightley</a>, Opera Software ASA</dd>
      <dd>Frederick Hirsch, Nokia</dd>
      <dd>Mark Priestley, Vodafone</dd>
    </dl><p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> © 2011 <a href="http://www.w3.org/"><abbr title="World Wide Web Consortium">W3C</abbr></a><sup>®</sup> (<a href="http://www.csail.mit.edu/"><abbr title="Massachusetts Institute of Technology">MIT</abbr></a>, <a href="http://www.ercim.eu/"><abbr title="European Research Consortium for Informatics and Mathematics">ERCIM</abbr></a>, <a href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. W3C <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply.</p>
  </div>
  <hr /><h2 class="no-num no-toc" id="abstract">Abstract</h2>
  <p class="no-num no-toc">This document defines a profile of the <cite><a href="http://www.w3.org/TR/xmldsig-core1/">XML
    Signature Syntax and Processing 1.1</a></cite> specification to allow a widget package to be digitally signed. Authors and distributors can digitally sign a widget as a mechanism to
    ensure continuity of authorship and distributorship. A user agent, or other validation system, can use a digital signature to verify the
    data integrity of the files within a widget package and to
    confirm the signing key(s). </p>
<h2 class="no-num no-toc" id="sotd">Status of this Document </h2>
     <p><em>This section describes the status of this document at the time of its
  publication. Other documents may supersede this document. A list of current W3C
  publications and the latest revision of this technical report can be found in the
  <a href="http://www.w3.org/TR/">W3C technical reports index</a> at
  http://www.w3.org/TR/.</em></p>

<p>Publication as a Proposed Recommendation does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.  </p>
<p>This is the 11 August 2011 Proposed Recommendation of this specification.  The
  Last Call period ended on 28 June 2011. Since two independent implementations already passed 100% of this specification's test suite after the end of the Last Call period, there was no Candidate Recommendation phase (see <a href="http://dev.w3.org/2006/waf/widgets-digsig/imp-report/">implementation report</a>). No
  substantive changes were made as a result of the Last Call review (see <a href='htmldiff.html'>diff</a>).</p>
  <p>The public is encouraged
    to send comments to the WebApps Working Group's public mailing list <a href="mailto:public-webapps@w3.org">public-webapps@w3.org</a> (<a href="http://lists.w3.org/Archives/Public/public-webapps/">archive</a>) by the <strong>15 September 2011</strong>. See <a href="http://www.w3.org/Mail/">W3C mailing list and archive usage guidelines</a>.   Advisory Committee Representatives should consult their <a href="http://www.w3.org/2002/09/wbs/33280/widgets-2001-part1/">questionnaires</a>. Please note that advance of this specification to Recommendation is blocked pending the outcome of the <a href="http://www.w3.org/2011/xmlsec-pag/Overview.html">XML Security PAG</a> for the <a href="http://www.w3.org/TR/xmldsig-core1/">XML Signature Syntax and Processing Version 1.1</a> specification (a normative dependency for this specification).</p>
<p>This document is produced by the <a href="http://www.w3.org/2008/webapps/">Web
    Applications WG</a>, part of the <a href="http://www.w3.org/2006/rwc/Activity">Rich Web
      Client Activity</a> in the W3C <a href="http://www.w3.org/Interaction/">Interaction
        Domain</a>. It is expected that this document will progress along the W3C's
  Recommendation track.</p>

  <p>This document was produced by a group operating under the <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 February 2004 W3C Patent
  Policy</a>. W3C maintains a <a href="http://www.w3.org/2004/01/pp-impl/42538/status" rel="disclosure">public list of any patent disclosures</a> made in connection with the
  deliverables of the group; that page also includes instructions for disclosing a
  patent. An individual who has actual knowledge of a patent which the individual
  believes contains <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential
  Claim(s)</a> must disclose the information in accordance with <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section 6 of the
  W3C Patent Policy</a>.</p>
  <h2 class="no-num no-toc" id="toc">Table of Contents</h2>
  
<!--begin-toc-->
<ol class="toc">
 <li><a href="#introduction"><span class="secno">1 </span>Introduction</a>
  <ol class="toc">
   <li><a href="#requirements"><span class="secno">1.1 </span>Design goals and requirements</a></li></ol></li>
 <li><a href="#conformance"><span class="secno">2 </span>Conformance</a></li>
 <li><a href="#definitions"><span class="secno">3 </span>Definitions</a></li>
 <li><a href="#versions-namespaces-and-identifiers"><span class="secno">4 </span>Versions, namespaces, and identifiers</a></li>
 <li><a href="#algorithms"><span class="secno">5 </span>Algorithms, key lengths, and certificate formats</a>
  <ol class="toc">
   <li><a href="#x509note"><span class="secno">5.1 </span>Note about X.509 data</a></li></ol></li>
 <li><a href="#author-signatures"><span class="secno">6 </span>Author signature</a>
  <ol class="toc">
   <li><a href="#naming-convention"><span class="secno">6.1 </span>Naming convention</a></li></ol></li>
 <li><a href="#distributor-signatures"><span class="secno">7 </span>Distributor signatures</a>
  <ol class="toc">
   <li><a href="#naming-convention-0"><span class="secno">7.1 </span>Naming convention</a></li></ol></li>
 <li><a href="#generating-a-digital-signature"><span class="secno">8 </span>Generating a digital signature </a>
  <ol class="toc">
   <li><a href="#example-of-a-generated-distributor-signature"><span class="secno">8.1 </span>Example of a generated distributor signature</a></li></ol></li>
 <li><a href="#signature-verification"><span class="secno">9 </span>Validating  digital signatures </a></li>
 <li><a href="#locating-signature-files-in-a-widget-package"><span class="secno">10 </span>Locating signature files in a widget package </a></li>
 <li><a href="#security-considerations"><span class="secno">11 </span>Security Considerations</a></li>
 <li><a class="no-num" href="#acknowledgements">Acknowledgements</a></li>
 <li><a class="no-num" href="#references">Normative References</a></li>
 <li><a class="no-num" href="#references2">Informative References</a></li></ol>
<!--end-toc-->
  <h2 id="introduction"><span class="secno">1 </span>Introduction</h2>
  <p> A <a href="#widget-package">widget package</a> can be digitally signed by an <a href="#author">author</a> to produce a <a href="#signature-file">signature file</a> that cryptographically covers all of the files of a widget package that are not <a href="#signature-file" title="signature file">signature files</a> (e.g., HTML files, CSS files, and JavaScript files). In this specification, this kind of signature is referred to as an <a href="#author-signature">author signature</a>. </p>
  <p>A user agent or other entity can use an <a href="#author-signature">author signature</a> to determine:</p>
  <ul><li> which entity alleges to have authored the widget, </li>
    <li>that the integrity of the
      widget is as the <a href="#author">author</a> intended,</li>
    <li>and  whether a set of 
      widgets came from the same <a href="#author">author</a>.</li>
  </ul><p>A <a href="#widget-package">widget package</a> can also be
    signed by one or more <a href="#distributor" title="distributor">distributors</a> to produce a <a href="#signature-file">signature file</a> that  cryptographically includes all  non-signature files as well as any <a href="#author-signature">author
    signature</a> (if one was included). In this specification, this kind of signature is referred to as a <a href="#distributor-signature">distributor signature</a>. To be clear,<a href="#distributor-signature" title="distributor signature">distributor signatures</a> countersign <a href="#author-signature" title="author signature">author signatures</a>, but do not countersign other <a href="#distributor-signature" title="distributor signature">distributor signatures</a>. Because of this, an author signature needs to  be included in a <a href="#widget-package">widget package</a> before a <a href="#distributor-signature" title="distributor signature">distributor signature</a> or the <a href="#algorithm-to-validate-digital-signatures" title="algorithm to validate digital signatures">validation process</a> defined in this specification will fail. </p>
  <p>A user agent or other entity can use a <a href="#distributor-signature" title="distributor signature">distributor signature</a> to determine:</p>
  <ul><li> that a particular
      distributor has distributed a widget package, </li>
    <li> that the integrity of the <a href="#widget-package">widget package</a> is as the distributor intended,</li>
    <li>and  whether a set of 
      widgets came from the same <a href="#distributor">distributor</a>. </li>
  </ul><p>The complete signing model is illustrated in <a href="#figure1">Figure 1</a>. </p>
  <div class="figure" id="figure1"> <img alt="signature chain" height="291" src="images/digsigchain.png" width="692" /><div class="figcaption">This figure shows which files are signed by each kind of signature, indicated by the dashed lines and arrows. <a href="#author-signature" title="author signature">Author signatures</a> sign all the non-signature files of the <a href="#widget-package">widget package</a> (e.g., images, sounds, HTML files, and CSS files). The <a href="#distributor-signature" title="distributor signature">distributor signatures</a> sign the <a href="#author-signature">author signature</a> and all other non-signature files in the package (but not other <a href="#distributor-signature" title="distributor signature">distributor signatures</a>). The model  allows <a href="#distributor-signature" title="distributor signature">distributor signatures</a> to be removed without affecting the integrity of the <a href="#widget-package">widget package</a> as the author intended it. This also facilitates redistribution of <a href="#widget-package" title="widget package">widget packages</a> by either complete removal of all <a href="#signature-file" title="signature file">signature files</a> or substitutions of  signatures. </div>
  </div>
  <h3 id="requirements"><span class="secno">1.1 </span>Design goals and requirements</h3>
  <p>This document addresses the
    following requirements from the <a href="#widgets-requirements">[Widgets
    Requirements]</a> document: </p>
  <ul><li>
      <p><a href="http://www.w3.org/TR/widgets-reqs/#digital-signatures">Digital Signatures</a>: this specification relies on <a href="#xmldsig11">[XMLDSIG11]</a> and <a href="#rfc5280">[RFC5280]</a> to address
        this requirement.</p>
    </li>
    <li>
      <p><a href="http://www.w3.org/TR/widgets-reqs/#support-for-multiple-signature-algorithm">Multiple Signatures and Certificate Chains</a>:  this
        specification relies on <a href="#xmldsig11">[XMLDSIG11]</a> and <a href="#rfc5280">[RFC5280]</a> to address this requirement. </p>
    </li>
    <li>
      <p><a href="http://www.w3.org/TR/widgets-reqs/#signature-document-format">Signature Document Format</a>: see <a href="#signature-file">signature file</a>. </p>
    </li>
    <li>
      <p><a href="http://www.w3.org/TR/widgets-reqs/#support-for-multiple-message-digest-algo">Support for Multiple Message Digest Algorithms</a>: this
        specification supports SHA-256, the <code>reference</code> element, and <code>ds:SignedInfo</code> element. </p>
    </li>
    <li>
      <p><a href="http://www.w3.org/TR/widgets-reqs/#support-for-multiple-signature-algorithm"> Support for Multiple Signature Algorithms</a>: this specification relies on the signature algorithms defined in <a href="#xmldsig11">[XMLDSIG11]</a>.</p>
    </li>
    <li>
      <p><a href="http://www.w3.org/TR/widgets-reqs/#key-lengths"> Key Lengths</a>: see the <a href="#recommended-key-lengths">recommended key lengths</a>.</p>
    </li>
    <li>
      <p><a href="http://www.w3.org/TR/widgets-reqs/#key-usage-extension">Key Usage Extension</a>: part of X.509v3.</p>
    </li>
    <li>
      <p><a href="http://www.w3.org/TR/widgets-reqs/#inclusion-of-revocation-information">Inclusion of Revocation Information</a>:  this specification
        relies on <a href="#xmldsig11">[XMLDSIG11]</a> and <a href="#rfc5280">[RFC5280]</a> to address this
        requirement. </p>
    </li>
  </ul><h2 id="conformance"><span class="secno">2 </span>Conformance</h2>
  <p>The key words <em class="ct">MUST</em>, <em class="ct">MUST
    NOT</em>, <em class="ct">REQUIRED</em>, <em class="ct">SHOULD</em>, <em class="ct">SHOULD NOT</em>, <em class="ct">RECOMMENDED</em>, <em class="ct">MAY</em> and <em class="ct">OPTIONAL</em> in this
    specification are to be interpreted as described in <a href="#rfc2119">[RFC2119]</a>. </p>
  <p> As well as sections marked as <em>non-normative</em>, the examples and notes,
    and security considerations in this specification are non-normative.
    Everything else in this specification is normative. </p>
  <p>There are two classes of product that can claim conformance to this specification, a <a href="#signer">signer</a> and a <a href="#validator">validator</a>: </p>
  <ul><li>
      <p>A <dfn id="signer">signer</dfn> is a user agent that implements <a href="#xmldsig11">[XMLDSIG11]</a> and digitally signs a <a href="#widget-package">widget package</a> in a manner  that conforms to the  requirements of this specification and in a manner that conforms to the applicable generation requirements of <a href="#signature-properties">[Signature Properties]</a>. </p>
    </li>
    <li>
      <p>A <dfn id="validator">validator</dfn> is a user agent that implements <a href="#xmldsig11">[XMLDSIG11]</a> and validates the <a href="#signature-file" title="signature file">signature files</a> of a <a href="#widget-package">widget package</a> in a manner  that conforms to the  requirements of this specification and in a manner that conforms to the applicable validation requirements of <a href="#signature-properties">[Signature Properties]</a>. </p>
    </li>
  </ul><p class="note">Note: User agents that implement this specification are encouraged to allow
    end-users to install digital certificates. This allows the verification of
    digital signatures within the widget package for when custom root certificates are not shipped with a runtime (e.g., for beta testing purposes).</p>
  <h2 id="definitions"><span class="secno">3 </span>Definitions</h2>
  <p>As the following terms are used throughout this specification, they are gathered here for the reader's convenience. The following list of terms is not exhaustive; other terms are defined throughout this specification. </p>
  <p>A <dfn id="file">file </dfn> is the uncompressed  representation of a physical file contained in a <a href="#widget-package">widget package</a> (e.g., <code>config.xml</code>).</p>
  <p>A <dfn id="file-name">file name</dfn> is the name of a <a href="#file">file</a> contained in
    a <a href="#widget-package">widget package</a> (excluding path information). </p>
  <p>The <dfn id="root-of-the-widget-package">root of the widget package</dfn> is the top-most file-path
    level of the <a href="#widget-package">widget package</a>, as defined in the <a href="#widgets-packaging">[Widgets Packaging]</a> specification.</p>
  <p>A <dfn id="signature-file">signature file</dfn> is a <a href="http://www.w3.org/TR/xmldsig-core1/#def-SignatureDetached">detached</a> <a href="#xmldsig11">[XMLDSIG11]</a> document, likely encoded in <a href="#utf-8">[UTF-8]</a>.  </p>
  <p>A <dfn id="widget-package">widget package</dfn> is a <a href="#zip">[ZIP]</a> archive that conforms  to the <a href="#widgets-packaging">[Widgets Packaging]</a> specification.</p>
  <p>A <dfn id="zip-relative-path">zip relative path</dfn> is a string that conforms to the <a href="#abnf">[ABNF]</a> for <code><a href="http://www.w3.org/TR/widgets/#zip-rel-path">zip-rel-path</a></code> as specified in <a href="#widgets-packaging">[Widgets Packaging]</a>.</p>
  <h2 id="versions-namespaces-and-identifiers"><span class="secno">4 </span>Versions, namespaces, and identifiers</h2>
  <p>This specification makes use of <a href="#xml-namespaces">[XML-Namespaces]</a>, and uses <a href="#uri">[URI]</a>s to identify resources, algorithms, and semantics.</p>
  <p>The  XML namespace for <a href="#xml">[XML]</a> elements used by this specification is <code>http://www.w3.org/ns/widgets-digsig</code></p>
  <p>The <dfn id="profile-uri">profile URI</dfn> for this specification is <code>http://www.w3.org/ns/widgets-digsig#profile</code></p>
  <p>No provision is made for an explicit version number in this
    specification.  If a future version of 
    this specification requires explicit versioning of the document
    format, a different namespace will 
    be used.</p>
  <h2 id="algorithms"><span class="secno">5 </span>Algorithms, key lengths, and certificate formats</h2>
  <p>This specification relies on a user agent's conformance to <a href="#xmldsig11">[XMLDSIG11]</a> for support of signature algorithms, certificate formats, canonicalization algorithms, and digest methods. As this specification is a profile of <a href="#xmldsig11">[XMLDSIG11]</a>, it makes a number of recommendations as to what signature algorithms should be used when signing a widget package to achieve optimum interoperability. See <a href="http://www.w3.org/TR/xmldsig-core1/#sec-SignatureAlg">Signature Algorithms</a> of <a href="#xmldsig11">[XMLDSIG11]</a> for the list of required algorithms. </p>
  <p>The <dfn id="recommended-signature-algorithm">recommended signature algorithm</dfn> is <a href="http://www.w3.org/TR/xmldsig-core1/#sec-PKCS1">RSA</a> using the RSAwithSHA256 signature identifier: <a href="http://www.ietf.org/rfc/rfc4051.txt">http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</a>.</p>
  <p>The <dfn id="recommended-key-lengths">recommended key
    lengths</dfn> are: </p>
  <ul><li>4096 bits for <a href="http://www.w3.org/TR/xmldsig-core1/#sec-PKCS1">RSA</a>.</li>
  </ul><p> The <dfn id="recommended-digest-method">recommended digest method</dfn> is <a href="http://www.w3.org/TR/xmldsig-core1/#sec-SHA-256">SHA-256</a>. </p>
  <p>The <dfn id="recommended-canonicalization-algorithm">recommended canonicalization algorithm</dfn> is <cite> Canonical XML Version 1.1 (omits comments)</cite> as defined in <a href="#c14n11">[C14N11]</a>. The identifier for the algorithm is <a href="http://www.w3.org/2006/12/xml-c14n11">http://www.w3.org/2006/12/xml-c14n11</a>.</p>
  <p>The <dfn id="recommended-certificate-format">recommended certificate format</dfn> is   
    X.509 version 3   as specified in <a href="#rfc5280">[RFC5280]</a>. </p>
  <h3 id="x509note"><span class="secno">5.1 </span>Note about X.509 data</h3>
  <p><em>This section is informative.</em></p>
  <p> A <a href="#signature-file"> signature file</a> can have   information contained
    in a <code>ds:X509Data</code> element, as specified by the <a href="#xmldsig11">[XMLDSIG11]</a> specification. This can include X.509 certificates, and/or
    <abbr title="Certificate Revocation List">CRL</abbr> and/or OCSP response information that, if included, are conveyed according
    to the <a href="#xmldsig11">[XMLDSIG11]</a> specification.  X.509 v3 certificates provide means to  
    express the basic constraints on a certificate. This allows <abbr title="Certificate Authority"><abbr title="certification authority">CA</abbr></abbr> certificates to be distinguished from end entity certificates,
    enabling more robust trust verification. See also <a href="#rfc5280">[RFC5280]</a> for more information.</p>
  <h2 id="author-signatures"><span class="secno">6 </span>Author signature</h2>
  <p>An <dfn id="author-signature">author signature</dfn> is a <a href="#signature-file">signature file</a> whose <a href="#file-name"> file name</a> adheres to the <a href="#naming-convention-for-an-author-signature">naming convention for an author  
    signature</a> and whose <a href="#signature-properties">[Signature Properties]</a> <code>Role</code> element's <code><a href="#uri">URI</a></code> attribute  value is equal to the <a href="#author-role-uri">author role URI</a>. An <a href="#author-signature">author signature</a> is intended to be generated by the <dfn id="author">author</dfn> of the widget, which is the entity or entities whom claim authorship over the content of the <a href="#widget-package">widget package</a>.</p>
  <p> A <a href="#widget-package">widget package</a> can contain zero or
    one <a href="#author-signature" title="author signature">author signature</a>. </p>
  <dl><dt><dfn id="author-role-uri">Author role URI</dfn>: </dt>
    <dd> <code>http://www.w3.org/ns/widgets-digsig#role-author</code></dd>
  </dl><h3 id="naming-convention"><span class="secno">6.1 </span>Naming convention</h3>
  <p>The <code><a href="#author-sig-filename">author-sig-filename</a></code> <a href="#abnf">[ABNF]</a> rule defines the <dfn id="naming-convention-for-an-author-signature">naming convention for an
    author signature</dfn>, as it applies to the <a href="#file-name"> file name</a> of the <a href="#author-signature">author signature</a>: </p>
  <pre> <code><dfn id="author-sig-filename">author-sig-filename</dfn> = %x61.75.74.68.6f.72.2d.73.69.67.6e.61.74.75.72.65.2e.78.6d.6c</code></pre>
  <p>The <code><a href="#author-sig-filename">author-sig-filename</a></code> rule  defines the lower-case (case-sensitive) string "<code>author-signature.xml</code>".</p>
  <h2 id="distributor-signatures"><span class="secno">7 </span>Distributor signatures</h2>
  <p>A <dfn id="distributor-signature">distributor signature</dfn> is a <a href="#signature-file"> signature file</a> whose <a href="#file-name"> file name</a> adheres
    to the <a href="#naming-convention-for-a-distributor-signature">naming convention for a distributor 
    signature</a> and whose <a href="#signature-properties">[Signature Properties]</a> <code>Role</code> element's <code><a href="#uri">URI</a></code> attribute  value is equal to the <a href="#distributor-role-uri">distributor role URI</a>. A <a href="#distributor-signature">distributor signature</a> is intended to be generated by a <dfn id="distributor">distributor</dfn>, which is a third party that is distributing the widget on behalf of the author. </p>
  <p> A <a href="#widget-package">widget package</a> can contain zero, one, or
    more <a href="#distributor-signature" title="distributor signature">distributor signatures</a>. </p>
  <dl><dt><dfn id="distributor-role-uri">Distributor role URI</dfn>:</dt>
    <dd> <code>http://www.w3.org/ns/widgets-digsig#role-distributor</code> </dd>
  </dl><h3 id="naming-convention-0"><span class="secno">7.1 </span>Naming convention</h3>
  <p> Each <a href="#distributor-signature">distributor signature</a> has a <a href="#file-name">file name</a> consisting of the  lower-case
    string "<code>signature</code>" followed by a digit in the range
    1-9 inclusive, followed by an optional
    zero or more digits in the range 0-9 inclusive and then the lower-case
    "<code title="">.xml</code>". </p>
  <p>The <code><a href="#dist-sig-filename">dist-sig-filename</a></code> rule formally defines the <dfn id="naming-convention-for-a-distributor-signature">naming convention for a
    distributor signature</dfn>, as it applies to the <a href="#file-name"> file name</a> of a <a href="#distributor-signature">distributor signature</a>: </p>
  <pre><code><dfn id="dist-sig-filename">dist-sig-filename</dfn> = signature-string non-zero-digit 
                    *DIGIT  xml-suffix-string
signature-string  = %x73.69.67.6e.61.74.75.72.65
non-zero-digit    = %x31-39                       
xml-suffix-string = %x2e.78.6d.6c                 </code></pre>
  <ul><li>
      <p>The <code>signature-string</code> rule defines the lower-case string "<code>signature</code>".</p>
    </li>
    <li>
      <p>The <code>non-zero-digit</code> rule defines a digit in the
        range <code>1-9</code>, thus leading zeros are disallowed by this rule.</p>
    </li>
    <li>
      <p><code>DIGIT</code> is defined as a
        digit in the range <code>0-9</code>.</p>
    </li>
    <li>
      <p> The <code>xml-suffix-string</code> rule defines the lower-case
        (case-sensitive) string "<code title="">.xml</code>".</p>
    </li>
  </ul><p class="example">An example is <code>signature20.xml</code>.</p>
  <h2 id="generating-a-digital-signature"><span class="secno">8 </span>Generating a digital signature </h2>
  <p id="ta-generate">To digitally sign the contents of a <a href="#widget-package">widget package</a> with an <a href="#author-signature">author signature</a> or  with a <a href="#distributor-signature">distributor signature</a>, a <a class="product-signer" href="#signer">signer</a> <em class="ct">MUST</em> run the <a href="#algorithm-to-generate-a-digital-signature">algorithm to generate a digital signature</a>.  </p>
  <p>The algorithm below relies on the <a href="http://www.w3.org/TR/xmldsig-core1/#sec-CoreGeneration">signature generation rules</a> of <a href="#xmldsig11">[XMLDSIG11]</a> (Section 3.1) and the various generation rules defined in <a href="#signature-properties">[Signature Properties]</a> (links to the appropriate sections of those specifications are provided where needed for generation). When performing the  algorithm below, it is <em class="ct">RECOMMENDED</em> that a <a class="product-signer" href="#signer">signer</a> use the <a href="#recommended-canonicalization-algorithm">recommended canonicalization algorithm</a>, the <a href="#recommended-signature-algorithm">recommended signature algorithm</a>, the <a href="#recommended-key-lengths">recommended key lengths</a> for the appropriate algorithm, and the <a href="#recommended-certificate-format">recommended certificate format</a>. </p>
  <p>The <dfn id="algorithm-to-generate-a-digital-signature">algorithm to generate a digital signature</dfn> is as follows: </p>
  <ol><li>
      <p>Using the <a href="http://www.w3.org/TR/xmldsig-core1/#sec-Processing">Processing Rules</a> of <a href="#xmldsig11">[XMLDSIG11]</a>, perform <a href="http://www.w3.org/TR/xmldsig-core1/#sec-ReferenceGeneration">reference generation</a> for each <a href="#file">file</a> of the <a href="#widget-package">widget package</a> that is not a <a href="#signature-file">signature file</a>. Set the a <code><a href="#uri">URI</a></code> attribute of each <code>ds:Reference</code> to be the <a href="#zip-relative-path">zip
        relative path</a> that identifies the <a href="#file">file</a> inside the <a href="#widget-package">widget
        package</a>. </p>
    </li>
    <li>
      <p>Optionally,  include a <code>ds:KeyInfo</code> element in the manner described in <a href="#xmldsig11">[XMLDSIG11]</a> (see <a href="http://www.w3.org/TR/xmldsig-core1/#sec-KeyInfo">The <code>KeyInfo</code> Element</a> for how to do this). The element can include  CRL and/or OCSP
        information <a href="#rfc5280">[RFC5280]</a> (see <a href="#x509note">note about X.509 data</a> in this specification). </p>
    </li>
    <li>
      <p>Generate the container elements for <a href="#signature-properties">[Signature Properties]</a> in accordance with the <a href="http://www.w3.org/TR/2010/WD-xmldsig-properties-20100204/#placement">Signature Properties Placement</a> section of <a href="#signature-properties">[Signature Properties]</a>. </p>
    </li>
    <li>
      <p>If generating an <a href="#author-signature">author signature</a>, <a href="http://www.w3.org/TR/xmldsig-properties/#role-property-generation">generate a role property</a> and let its <code><a href="#uri">URI</a></code> attribute value be the <a href="#author-role-uri">author  role URI</a>.</p>
    </li>
    <li>
      <p>Otherwise, if generating a <a href="#distributor-signature">distributor signature</a>:</p>
      <ol><li>
          <p><a href="http://www.w3.org/TR/xmldsig-properties/#role-property-generation">Generate a role property</a> in the manner specified in <a href="#signature-properties">[Signature Properties]</a> and let its <code><a href="#uri">URI</a></code> attribute value be the <a href="#distributor-role-uri">distributor  role URI</a>.</p>
        </li>
        <li>
          <p>If the <a href="#widget-package">widget package</a> contains an <a href="#author-signature">author signature</a>, perform <a href="http://www.w3.org/TR/xmldsig-core1/#sec-ReferenceGeneration">reference generation</a> on the <a href="#author-signature">author signature</a> and set the resulting <code>ds:Reference</code> element's <code><a href="#uri">URI</a></code> attribute to be <code>author-signature.xml</code>. </p>
        </li>
      </ol></li>
    <li>
      <p><a href="http://www.w3.org/TR/xmldsig-properties/#identifier-property-generation">Generate an identifier property</a> in the manner specified in <a href="#signature-properties">[Signature Properties]</a>. </p>
    </li>
    <li>
      <p><a href="http://www.w3.org/TR/xmldsig-properties/#profile-property-generation">Generate a profile property</a> in the manner specified in <a href="#signature-properties">[Signature Properties]</a> whose <code><a href="#uri">URI</a></code> attribute is the <a href="#profile-uri">profile URI</a>.</p>
    </li>
    <li>
      <p>Optionally, include any additional   <a href="#signature-properties">[Signature Properties]</a> (e.g., <a href="http://www.w3.org/TR/xmldsig-properties/#created-property">created</a>, <a href="http://www.w3.org/TR/xmldsig-properties/#expires-property">expires</a>, <a href="http://www.w3.org/TR/xmldsig-properties/#replay-nonce-property">replayProtect</a>) by following the appropriate generation rules specified in <a href="#signature-properties">[Signature Properties]</a>. </p>
    </li>
    <li>
      <p><a href="http://www.w3.org/TR/xmldsig-core1/#sec-ReferenceGeneration">Generate a reference</a> to the <code>ds:Object</code> that contains the signature properties created in the steps above. </p>
    </li>
    <li>
      <p>Perform <a href="http://www.w3.org/TR/xmldsig-core1/#sec-SignatureGeneration">signature generation</a> as defined in <a href="#xmldsig11">[XMLDSIG11]</a>. </p>
    </li>
    <li>
      <p>Serialize the signature 
        as a <a href="#utf-8">[UTF-8]</a> encoded <a href="#xml">[XML]</a> document using the appropriate naming convention depending on its role: using either the <a href="#naming-convention-for-a-distributor-signature">naming convention for a distributor
        signature</a> or the <a href="#naming-convention-for-an-author-signature">naming convention for an author
        signature</a>. </p>
      <p class="note">Note: It is not a requirement that the <a href="#file-name" title="file name">file names</a> of <a href="#distributor-signature" title="distributor signature">distributor signatures</a> are serially numbered <code>signatures1.xml</code>, <code>signature2.xml</code>, <code>signature3.xml</code>, and so on. A <a href="#signer" title="signer">signer</a> can to use whatever pattern they want, so long as the file name conforms to the <a href="#naming-convention-for-a-distributor-signature">naming convention for a distributor 
        signature</a>. The numeric part of the file name  affects the  order in which signature files are processed by a <a href="#validator">validator</a> (see the <a href="#algorithm-to-locate-signature-files-in-a-widget-package">algorithm to locate signature files in a widget package</a>). So, to ensure that a <a href="#distributor-signature">distributor signature</a> is processed before any other <a href="#distributor-signature" title="distributor signature">distributor signatures</a>, assign a number greater than that of all the other <a href="#distributor-signature" title="distributor signature">distributor signatures</a> for the numeric part of the <a href="#distributor-signature" title="distributor signature">distributor signature's</a> file name. </p>
    </li>
    <li>Place the generated <a href="#signature-file">signature file</a> at the <a href="#root-of-the-widget-package">root of the widget package</a>. </li>
  </ol><h3 id="example-of-a-generated-distributor-signature"><span class="secno">8.1 </span>Example of a generated distributor signature</h3>
  <p><em>This section is non-normative.</em></p>
  <p>The following is an example of a <a href="#distributor-signature">distributor signature</a> document, named <code>signature1.xml</code>. For legibility, the example omits the content of the various cryptographic digests and instead uses "…":</p>
  <pre><code>&lt;?xml version="1.0" encoding="UTF-8"?&gt;
&lt;Signature xmlns="http://www.w3.org/2000/09/xmldsig#" 
  Id="DistributorSignature"&gt;
 &lt;SignedInfo&gt;
  &lt;CanonicalizationMethod 
   Algorithm="http://www.w3.org/2006/12/xml-c14n11"/&gt;
  &lt;SignatureMethod
   Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/&gt;
  &lt;Reference URI="config.xml"&gt;
   &lt;DigestMethod
    Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/&gt;
   &lt;DigestValue&gt;&lt;/DigestValue&gt;
  &lt;/Reference&gt;
  &lt;Reference URI="index.html"&gt;
    &lt;DigestMethod
     Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/&gt;
     &lt;DigestValue&gt;&lt;/DigestValue&gt;
  &lt;/Reference&gt;
  &lt;Reference URI="#prop"&gt;
   &lt;Transforms&gt;
    &lt;Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/&gt;
   &lt;/Transforms&gt;
   &lt;DigestMethod 
    Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/&gt;
   &lt;DigestValue&gt;&lt;/DigestValue&gt;
  &lt;/Reference&gt;
 &lt;/SignedInfo&gt;
 &lt;SignatureValue&gt;&lt;/SignatureValue&gt;
 &lt;KeyInfo&gt;
  &lt;X509Data&gt;
   &lt;X509Certificate&gt;&lt;/X509Certificate&gt;
  &lt;/X509Data&gt;
 &lt;/KeyInfo&gt;
 &lt;Object Id="prop"&gt; 
  &lt;SignatureProperties
   xmlns:dsp="http://www.w3.org/2009/xmldsig-properties"&gt;
   &lt;SignatureProperty Id="profile" Target="#DistributorSignature"&gt;
    &lt;dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"/&gt;
   &lt;/SignatureProperty&gt; 
   &lt;SignatureProperty Id="role" Target="#DistributorSignature"&gt;
    &lt;dsp:Role
      URI="http://www.w3.org/ns/widgets-digsig#role-distributor"/&gt;
   &lt;/SignatureProperty&gt; 
   &lt;SignatureProperty Id="identifier" Target="#DistributorSignature"&gt;
    &lt;dsp:Identifier&gt;&lt;/dsp:Identifier&gt;
   &lt;/SignatureProperty&gt; 
  &lt;/SignatureProperties&gt; 
 &lt;/Object&gt;  
&lt;/Signature&gt;</code>
</pre>
  <h2 id="signature-verification"><span class="secno">9 </span>Validating  digital signatures </h2>
  <p id="ta-validate">To validate the <a href="#signature-file" title="signature file">signature files</a> of a <a href="#widget-package">widget package</a>, a <a class="product-validator" href="#validator">validator</a> <em class="ct">MUST</em> run the <a href="#algorithm-to-validate-digital-signatures">algorithm to validate digital signatures</a>.  </p>
  <p>The algorithm below relies on the <a href="http://www.w3.org/TR/xmldsig-core1/#sec-CoreGeneration">Core Validation</a> of <a href="#xmldsig11">[XMLDSIG11]</a> (Section 3.2) and the various validation rules defined in <a href="#signature-properties">[Signature Properties]</a> (links to the appropriate sections of those specifications are provided where needed for validation).  This specification
    does not define the means or format of a failure notification: handling of  signatures that are <dfn id="in-error">in error</dfn> is left up to the implementation. The reason for validation failure can be returned by the implementation to an external
    entity, 
    including reasons   
    related to Reference validation, Signature validation, Signature  
    Property validation and/or certificate and CRL/OCSP verification.  The decision of which (if any) <a href="#distributor-signature" title="distributor signature">distributor signatures</a> are to 
    be validated and whether the <a href="#author-signature">author signature</a> is
    validated is out of scope of this specification. This <em class="ct">MAY</em> be
    determined by the security policy used by the <a class="product-validator" href="#validator">validator</a>. </p>
  <p>During <a href="#algorithm-to-validate-digital-signatures" title="algorithm to validate digital signatures">validation</a>, a user agent <em class="ct">MAY</em> treat a widget package as being <a href="#in-error">in error</a> if it deems that the key length for a signature algorithm to is not large enough to be secure (e.g., under 2048 bits for <a href="http://www.w3.org/TR/xmldsig-core1/#sec-PKCS1">RSA</a> and <a href="http://www.w3.org/TR/xmldsig-core1/#sec-DSA">DSA</a>, or 224 bit for <a href="http://www.w3.org/TR/xmldsig-core1/#sec-ECDSA">ECDSA</a>). </p>
  <p>The <dfn id="algorithm-to-validate-digital-signatures">algorithm to validate digital signatures</dfn> is as follows: </p>
  <ol><li>
      <p>Let <var>signatures list</var> be the result of applying the <a href="#algorithm-to-locate-signature-files-in-a-widget-package">algorithm to locate signature files in a widget package</a>. </p>
    </li>
    <li>
      <p>If the <var>signatures list </var> is  empty (meaning no <a href="#signature-file" title="signature file">signature files</a> were found in the widget package), terminate this algorithm
        and treat the widget package as an unsigned widget package:   It is left up to the user agent to decide how to treat unsigned widget packages.</p>
    </li>
    <li>
      <p>For each <var>signature</var> in <var>signatures list</var>:</p>
      <ol><li>
          <p>If <var>signature</var> is not a valid <a href="#xmldsig11">[XMLDSIG11]</a> document,  then <var>signature</var> is <a href="#in-error">in error</a>. </p>
        </li>
        <li>
          <p>Check that <var>signature</var> has a <code>ds:Reference</code> for every <a href="#file">file</a> that is not a <a href="#signature-file">signature file</a>. If any non-signature file is not listed, then <var>signature</var> is <a href="#in-error">in error</a>. </p>
        </li>
        <li>
          <p> Check that <var>signature</var> has a single same-document <code>ds:Reference</code> to a <code>ds:Object</code> container for <a href="#signature-properties">[Signature Properties]</a> in accordance with the Signature Properties Placement section of <a href="#signature-properties">[Signature Properties]</a>.</p></li>
        <li>
          <p>Optionally, if the ds:Signature's key length for a given signature algorithm (e.g., <a href="http://www.w3.org/TR/xmldsig-core1/#sec-PKCS1">RSA</a>) is less than a user agent predefined minimum key length, then <var>signature</var> is <a href="#in-error">in error</a>.</p>
        </li>
        <li>
          <p><a href="http://www.w3.org/TR/xmldsig-properties/#profile-property-generation">Validate the profile property</a> against the <a href="#profile-uri">profile URI</a> in the manner specified in <a href="#signature-properties">[Signature Properties]</a>. If the <a href="http://www.w3.org/TR/xmldsig-properties/#profile-property">profile property</a> is missing  or invalid,   then <var>signature</var> is <a href="#in-error">in error</a>. </p>
        </li>
        <li>
          <p><a href="http://www.w3.org/TR/xmldsig-properties/#identifier-property-generation">Validate the identifier property</a> in the manner specified in <a href="#signature-properties">[Signature Properties]</a>. If the <a href="http://www.w3.org/TR/xmldsig-properties/#identifier-property">identifier property</a> is missing or or invalid,   then <var>signature</var> is <a href="#in-error">in error</a>. </p>
        </li>
        <li>
          <p>If <var>signature</var>'s <a href="#file-name">file name</a> matches the <a href="#naming-convention-for-an-author-signature">naming convention for an author signature</a>, <a href="http://www.w3.org/TR/xmldsig-properties/#role-property-validation">validate the role property</a> against the <a href="#author-role-uri">author role URI</a>. If the <a href="http://www.w3.org/TR/xmldsig-properties/#role-property">role property</a> is missing or or invalid,   then <var>signature</var> is <a href="#in-error">in error</a>. </p>
</li>
        <li>
          <p>Otherwise, if <var>signature</var>'s <a href="#file-name">file name</a> matches the <a href="#naming-convention-for-a-distributor-signature">naming convention for a distributor signature</a>:</p>
          <ol><li>
              <p><a href="http://www.w3.org/TR/xmldsig-properties/#role-property-validation">Validate the role property</a> against the <a href="#distributor-role-uri">distributor role URI</a>. If the <a href="http://www.w3.org/TR/xmldsig-properties/#role-property">role property</a> is missing or or invalid,   then <var>signature</var> is <a href="#in-error">in error</a>.</p>
            </li>
            <li>
              <p>If an <a href="#author-signature">author signature</a> is present in the widget package, verify that <var>signature</var> has a <code>ds:Reference</code> for the <a href="#author-signature">author signature</a>. </p>
            </li>
          </ol></li>
        <li>
          <p>Optionally, validate any other <a href="#signature-properties">[Signature Properties]</a> supported by the user agent in  the manner specified in <a href="#signature-properties">[Signature Properties]</a>.</p>
        </li>
        <li>
          <p>Perform <a href="http://www.w3.org/TR/xmldsig-core1/#sec-ReferenceValidation">reference validation</a> and <a href="http://www.w3.org/TR/xmldsig-core1/#sec-SignatureValidation">signature validation</a> on <var>signature</var>. If validation fails, then <var>signature</var> is <a href="#in-error">in error</a>. </p>
        </li>
      </ol></li>
    <li>
      <p>If all <var>signatures</var> validate successfully, treat this as a  signed widget package.  It is left up to the user agent to decide how to treat singed widget packages.</p>
    </li>
  </ol><h2 id="locating-signature-files-in-a-widget-package"><span class="secno">10 </span>Locating signature files in a widget package </h2>
  <p>The <dfn id="algorithm-to-locate-signature-files-in-a-widget-package">algorithm to locate signature files in a widget package</dfn> is as follows. This algorithm makes use of the concept of <dfn id="numerical-order">numerical order</dfn>, which is the order based on the numeric portion of a <a href="#distributor-signature" title="distributor signature">distributor signature's</a> <a href="#file-name">file name</a>. 
    Thus in the case more than one <a href="#distributor-signature">distributor signature</a> is to be
    processed, the highest numbered distributor signature is 
    ordered first. </p>
  <ol><li>
      <p>Let <var>signatures</var> be an empty list. </p>
    </li>
    <li>
      <p>For each <a href="#file">file</a> at the <a href="#root-of-the-widget-package">root of the widget package</a>, if the <a href="#file-name">file name</a> case-sensitively matches the <a href="#naming-convention-for-a-distributor-signature">naming convention for a distributor
        signature</a> then append this <a href="#file">file</a> to the <code>signatures</code> list. </p>
    </li>
    <li>
      <p>If the <var>signatures</var> list is not empty,
        sort the list of <code>signatures</code> by the <a href="#file-name">file name</a> in ascending <a href="#numerical-order">numerical order</a>.</p>
      <p class="example">For example, <code>signature1.xml</code> followed by <code>signature2.xml</code> followed by <code>signature3.xml</code> and so on. As another  example, <code>signature9.xml</code> followed by <code>signature44.xml</code> followed by <code>signature122134.xml</code> and so on. </p>
    </li>
    <li>
      <p>Search the <a href="#root-of-the-widget-package">root of the widget package</a> for any <a href="#file-name">file name</a> that case-sensitively matches the <a href="#naming-convention-for-an-author-signature">naming convention for an author
        signature</a> and then append this <a href="#file">file</a> to the <code>signatures</code> list. </p>
    </li>
    <li>Return <var>signatures</var>.</li>
  </ol><h2 id="security-considerations"><span class="secno">11 </span>Security Considerations</h2>
  <p><em>This section is non-normative.</em> </p>
  <p>In addition to the security considerations described in this section, the <a href="http://www.w3.org/TR/xmldsig-core1/#sec-Security">Security Considerations</a> of <a href="#xmldsig11">[XMLDSIG11]</a> apply to this specification. In addition, the security considerations of [Widget Packaging] also apply to this specification. </p>
  <p>The signature scheme described in this document deals with the
    content present inside a potentially compressed <a href="#widget-package">widget package</a>. This implies that,
    in order to verify a <a href="#signature-file">signature file</a>, a user agent needs to
    decompress a data stream that can come from an arbitrary source.  </p>
  <p>Care needs to be taken to avoid resource exhaustion attacks through
    maliciously crafted widget packages during signature validation.  </p>
  <p> Because there is no single <a href="#signature-file">signature file</a> that includes all
    files of a widget package, 
    including all of the signature files, 
    
    this leaves a <a href="#widget-package">widget package</a> subject to an  
    attack where <a href="#distributor-signature" title="distributor signature">distributor signatures</a> can be removed or added. An <a href="#author-signature">author signature</a> could also be attacked by removing the signature
    and any <a href="#distributor-signature" title="distributor signature">distributor signatures</a>, if they are present.
    A signature file can also be renamed, 
    which can affect the order in which
    distributor signatures are processed. </p>
  <p>  If the user agent supports installing a new root certificate, an end-user should be made aware of what they are doing, and   
    why. </p>
  <p>A user agent's security policy can affect how
    signature validation 
    impacts operation, and can<em class="ct"></em> have additional constraints on
    establishing trust, including additional requirements on certificate
    chain validation and certificate revocation processing using CRLs <a href="#rfc5280">[RFC5280]</a> or 
    OCSP <a href="#rfc2560">[RFC2560]</a>. Security policy can also require additional information to be conveyed in <code>ds:KeyInfo</code>. Security policy is out of scope of this specification
    but has important implications for signature file processing. </p>
  <h2 class="no-num" id="acknowledgements">Acknowledgements</h2>
  <p>The Web Applications working group would like to thank members of
    the <a href="http://www.w3.org/2008/xmlsec/">W3C XML Security Working Group</a> for their comments and suggestions,
    as well as all reviewers of  drafts of this document. </p>
  <h2 class="no-num" id="references">Normative References</h2>
  <dl class="bibliography"><dt><dfn id="abnf">[ABNF]</dfn></dt>
    <dd><a href="http://www.ietf.org/rfc/rfc5234.txt">RFC 5234. <cite>Augmented BNF 
      for Syntax Specifications: <abbr title="Augmented
                Backus-Naur Form">ABNF</abbr></cite></a>, D. Crocker
      and P. Overell.
      January 2008. </dd>
    <dt><dfn id="c14n11">[C14N11]</dfn></dt>
    <dd><a href="http://www.w3.org/TR/2008/REC-xml-c14n11-20080502/">Canonical XML
      Version 1.1</a>, J. Boyer, M. Marcy.  W3C Recommendation. 2 May, 2008.</dd>
    <dt><dfn id="rfc2119">[RFC2119]</dfn></dt>
    <dd><cite><a href="http://www.ietf.org/rfc/rfc2119">Key words for use in RFCs to Indicate
      Requirement Levels</a></cite>, S. Bradner. RFC2119. IETF, March 1997.</dd>
    <dt><dfn id="rfc5280">[RFC5280]</dfn></dt>
    <dd><cite><a href="http://www.ietf.org/rfc/rfc5280.txt"> Internet
      X.509 Public Key Infrastructure Certificate and Certificate Revocation
      List (CRL) Profile</a></cite>,
      D. Cooper,  S. Santesson, S. Farrell, S. Boeyen, R. Housley,
      W. Polk. RFC5280. IETF, May 2008.</dd>
    <dt><dfn id="utf-8">[UTF-8]</dfn></dt>
    <dd><cite><a href="http://www.ietf.org/rfc/rfc2279.txt">UTF-8, a transformation format of ISO 10646</a></cite>. F. Yergeau. RFC 2279. IETF, January 1998. </dd>
    <dt><dfn id="uri">[URI]</dfn></dt>
    <dd><cite><a href="http://www.ietf.org/rfc/rfc3986.txt">Uniform Resource Identifiers (URI): Generic
      Syntax</a></cite>, T. Berners-Lee, R. Fielding, L. Masinter. RFC3986. IETF, January 2005. </dd>
    <dt><dfn id="widgets-packaging">[Widgets Packaging]</dfn></dt>
    <dd><cite><a href="http://www.w3.org/TR/widgets/">Widget Packaging and Configuration</a></cite>, 
      M. Cáceres. W3C Proposed Recommendation (Work in progress). </dd>
    <dt><dfn id="xml">[XML]</dfn></dt>
    <dd><cite><a href="http://www.w3.org/TR/REC-xml/">Extensible Markup Language (XML) 1.0</a></cite>, T. Bray, J. Paoli, C. M. Sperberg-McQueen, E. Maler,
      F. Yergeau. W3C Recommendation.</dd>
    <dt><dfn id="xml-namespaces">[XML-Namespaces]</dfn></dt>
    <dd> <cite> <a href="http://www.w3.org/TR/xml-names/">Namespaces
      in XML 1.0</a></cite>, T. Bray, D. Hollander,
      A. Layman,  R. Tobin. 
      W3C Recommendation.</dd>
    <dt><dfn id="xmldsig11">[XMLDSIG11]</dfn></dt>
    <dd> <cite><a href="http://www.w3.org/TR/xmldsig-core1/">XML Signature Syntax and 
      Processing Version 1.1</a></cite>, D. Eastlake, J. Reagle,
      D. Solo, F. Hirsch, T. Roessler, K Yiu. W3C Candidate Recommendation (Work in progress).</dd>
    <dt><dfn id="signature-properties">[Signature Properties]</dfn></dt>
    <dd> <cite><a href="http://www.w3.org/TR/xmldsig-properties/">XML Signature Properties</a></cite>,
      F. Hirsch, W3C Candidate Recommendation (Work in progress).</dd>
    <dt><dfn id="zip">[ZIP]</dfn></dt>
    <dd><cite><a href="http://www.pkware.com/documents/casestudies/APPNOTE.TXT">.ZIP File
      Format Specification</a></cite>. PKWare Inc.</dd>
  </dl><h2 class="no-num" id="references2">Informative References</h2>
  <dl class="bibliography"><dt><dfn id="rfc2560">[RFC2560]</dfn></dt>
    <dd><cite><a href="http://www.ietf.org/rfc/rfc2560.txt">X.509 Public Key Infrastructure  Online Certificate Status Protocol - OCSP</a></cite>, M. Myers, R. Ankney, A. Malpani, S. Galperin, C. Adams. IETF, 
      June 1999.</dd>
    <dt><dfn id="widgets-requirements">[Widgets Requirements]</dfn></dt>
    <dd><cite><a href="http://www.w3.org/TR/widgets-reqs/">Widgets 
      Requirements</a></cite>, M. Cáceres and Mark Priestley. W3C Working Draft. </dd>
  </dl></div>
</body></html>