Wookie adds support for signed widgets – thanks to Google Summer of Code

This year for the first time we had a Google Summer of Code project in Apache Wookie - Pushpalanka Jayawardhana took on the challenge of implementing the W3C XML Digital Signatures for Widgets specification, which describes how to sign and verify a W3C Widget.

Of course, actually implementing the specification in Wookie required a lot more than just the signing and verification routines, but a complete workflow, including how to sign a widget as an author, how to configure the verification options for the Wookie server application, and how to establish whether to trust a widget that contains a valid digital signature. So rather than just following a published specification, the project also involved a lot of design challenges.

The end result is a suite of components and enhancements for Wookie: Pushpalanka created a standalone application to help authors sign their widgets, added signature verification capabilities to the Wookie W3C Widget parser library, and implemented a configurable verification workflow in the server code itself. You can read a detailed description of the design and implementation over on Pushpalanka’s blog.

As a result, a Wookie server administrator can now choose whether to check whether widgets added to Wookie have digital signatures, whether to reject widgets that have invalid signatures or just log a warning, and whether to require widgets to be signed by a trusted party whose certificate is included in the server keystore.

Thanks Pushpalanka for adding this great set of features to Wookie, and thank you Google for sponsoring this effort through Google Summer of Code!

About these ads
This entry was posted in apps, google, widgets and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s